Information Security News, Articles and Updates

Fancy Bear targets defence contractors email to steal tech secrets

Russian hacking group Fancy Bear, have exploited weakspots in the email systems of defence contract workers to access top secret information on US defence technology, including drones.

Microsoft bug CVE-2017-11882 exploited to deliver Loki information stealer

Attackers continue to exploit a recently patched remote code execution vulnerability in the Microsoft Equation Editor component of Microsoft Office, using the bug to deliver a modified version of Loki information-stealing malware.

Local authorities say data breaches are 'accidents waiting to happen'

Local authorities hold sensitive and private information about all of us that we wouldn't want getting into the hands of the wrong people.

Unsecure network file folders are 'biggest vulnerability'

In the past year, 38 percent of organisations have experienced one or more information security breaches.

75% of UK consumers won't do biz with a company that has been hacked

Three quarters of UK consumers would stop doing business or cancel memberships with an organisation if it was hacked.

IBM warns of 'masterful' new Shifu banking Trojan

IBM researchers have found the 'Shifu' Trojan attacking Japanese banks, as well as new information-stealing malware called CoreBot - both with Russian origins.

Data breach alert: the rising threat of contractors

With the increasing number of contractors being employed by organisations, it's vital that their access rights are regularly reviewed, says Paul Trulove.

'Burnt-out' security pros hide breaches, demand bigger budgets

A new report into the ethics of security professionals reveals some eye-opening findings on hidden data breaches, and how incidents are being used to push for bigger budgets.

UK trials driverless cars amid security concerns

The UK government is spending £19 million on trialling driverless cars across four major cities, but the news has been met with some caution by experts warning of liability and security issues.

Infosec teams unprepared for new EU data protection laws

More than a third of IT security teams are unprepared for the EU's two incoming data protection laws, according to a new study from FireEye.

CISOs: Out of step with their own security teams?

CISOs are increasingly taking on greater management responsibilities - but are they as a result being divorced from their firm's true security maturity and the tools needed to avoid being breached?

RIP Steve Gold: 1956-2015

Steve Gold, one of the UK's most respected information security journalists, who helped found SC Magazine and was renowned for helping his family, friends and colleagues, has died.

GCHQ hiring InfoSec pros for new Manchester office

GCHQ has opened a new site in Manchester and is already looking to hire software developers, engineers and information security professionals to fill the space.

Information security: 'Not my problem'

Information security is always someone else's problem, according to senior non-IT executives in a survey commissioned by NTT Com Security.

US banks set to splash the cash on cyber-security

New research from PricewaterhouseCoopers (PwC) suggests that US financial service companies will spend an additional £1.3 billion (US$ 2 billion) on cyber-security by 2017.

ICYMI: Drupal flaw, Android Lollipop and security shortcomings

This week's In Case You Missed Column looks at websites at risk from Drupal's SQL injection flaw, security features on Android and information security shortcomings in business.

Information security budgets on the decline?

A new report which claims information security budgets have fallen has been called into question, but carries better news for security companies and security awareness training.

Microsoft closes Trustworthy Computing as part of layoff strategy

In a surprise move, Microsoft has effectively closed its Trustworthy Computing (TwC) Group as part of the loss of 2,100 jobs in a restructuring plan announced late last week.

Superman and General Zod - Q and A with Stewart Room

Q and A with SC Congress London speaker, Stewart Room.

Young people do care about cyber security

The prevailing view that young people are careless of information security has been challenged by a new UK survey that reveals two-thirds believe security is the number one priority when buying a new internet-connected device.

Never Forget the 80-20 Rule - Q and A with Derrick Bates

Q & A with SC Congress London speaker, Derrick Bates

Hightened security pressures in most businesses

IT Pros are being pressured to roll out new services before their security issues have been resolved

App security 'severely hampered' by skills shortage

Organisations are being "severely hampered" in the key area of applications security because of skills shortages, according to new research from the independent SANS Institute.

Lancope CTO sees 'clear disconnect' between board and security

"There is a clear disconnect between the people who have to deal with an attack, and the rest of the staff" says the Lancope CTO.

Cyber security 'failure' could result in next major terrorism attack

Compliance, standards, a shortage in IT security skills and budgets are reasons behind the 'failure' of cyber security, experts conclude at French information security conference

Coping with chaos

It may be a time of great change for the infosec industry, but advice on achieving the budgets needed to keep up with new threats remains remarkably consistent, reports Thomas Brewster.