-
Week of 17 Oct 2011 Preparing for latest security attacks means planning for failure (19 Oct 2011)
Any security defence may, at some point, fail. Experts at RSA Europe said security pros must be agile to dodge the latest security attacks.
-
Week of 10 Oct 2011 RSA Europe Conference 2011: Nation state groups behind RSA attack (13 Oct 2011)
RSA revealed a “nation state” was behind the SecurID attack in March. Twitter and Facebook are still banned at RSA.
Web inventor Tim Berners-Lee on vision for the future of IT security (14 Oct 2011)
Web inventor Tim Berners-Lee told RSA Europe attendees the future of IT security must include greater simplicity for users.
-
Week of 03 Oct 2011 UK banks bracing for new financial services regulations compliance (03 Oct 2011)
A research director for Gartner lists the top five financial services regulations that UK banks will have to deal with in the coming years.
UK security firm finds new Apache Web server security flaw (07 Oct 2011)
The new Apache Web server security issue could allow hackers access to internal or DMZ systems, says a London security firm.
-
Week of 26 Sep 2011 CESG certification scheme aims to boost public-sector consultants (26 Sep 2011)
New certifications from CESG, in partnership with CREST and IISP, plan to standardise the assessment of skills for public-sector security consultants.
E-discovery laws: Having an information governance framework matters (29 Sep 2011)
A recent increase in privacy litigation proves that UK companies, too, need e-discovery and data governance plans.
-
Week of 19 Sep 2011 CEOs want security plans for businesses, says Gartner Security Summit (22 Sep 2011)
Following notable breaches at the likes of RSA, Sony and Epsilon, security pros have the ears of business executives like never before.
UK IT spending by industry: Despite cuts, security spending likely stable (22 Sep 2011)
While industries slash IT budgets, information security spending will likely hold steady.
-
Week of 12 Sep 2011 Bank security on top in consumer information security trust survey (16 Sep 2011)
More than half of respondents indicated they trusted financial institutions with their personal data, with students being the most trusting overall.
Shylock, a new Internet banking Trojan, targets UK banks (12 Sep 2011)
The Shylock Internet banking Trojan pilfers online banking credentials and data, using innovative new techniques to avoid detection.
-
Week of 05 Sep 2011 Amid social networking security issues, companies block Web 2.0 apps (08 Sep 2011)
Many companies have clamped down on social networking in the face of security concerns, a new report reveals. Is this a long-term trend?
-
Week of 29 Aug 2011 Apache DDoS vulnerability requires immediate update to avoid threat (01 Sep 2011)
Apache has released an updated version of its Web server to address a DDoS vulnerability, for which exploit tools have been found in the wild.
Security shakeup needed to stop theft of confidential information (02 Sep 2011)
Infections are expensive and nearly constant, but studies from vendors Symantec and FireEye have found the prescription: A new approach to security.
-
Week of 22 Aug 2011 RBS breach of email security policy exposes staff pay rates (25 Aug 2011)
An email accidentally mailed to 800 RBS employees contained the pay rate details of nearly 3,000 RBS contract staff.
Scholarships aim to encourage women to pursue cybersecurity careers (23 Aug 2011)
To boost the percentage of women in IT security careers, (ISC)2 has instituted two new scholarships, each totalling up to $40,000 per year.
-
Week of 15 Aug 2011 Botnet security alert: Malicious spam surge marks bot reconstruction (19 Aug 2011)
The percentage of spam messages containing a malicious payload has spiked sharply recently, likely due to a resurgence of spam bots.
ICO approves policy changes after Google Street View privacy issues (20 Aug 2011)
The ICO has approved updates to Google's Street View policies following a data compromise last year, but asserts there's room for improvement.
-
Week of 08 Aug 2011 Gartner: Corporate privacy policy requirements demand urgent review (11 Aug 2011)
The research firm says corporate privacy policy requirements are outdated, due to new technology and legislation, and should be revisited now.
Ignored password security policy leads to school data breach (09 Aug 2011)
Password reuse made it easy for a student hacker to get into the Gosport's Bay House School database and expose the details of nearly 20,000 people.
PCI tokenisation best practices guidance offers flexibility (12 Aug 2011)
The newly released PCI tokenisation best practices guidance aims to make PCI DSS compliance easier, yet offers technical flexibility for enterprises.
-
Week of 01 Aug 2011 Missing USB drive, found in pub, contained unencrypted data (04 Aug 2011)
The ICO says two housing groups must improve data security after a contractor’s missing USB drive, containing unencrypted data, was found in a pub.
-
Week of 25 Jul 2011 Automation of SpyEye botnet raises the stakes for security (29 Jul 2011)
Sophisticated malware-automation techniques are cited as the probable cause for a dramatic increase in Web application attacks.
Citrix patches severe XenDesktop, XenApp security flaw (28 Jul 2011)
The virtualisation vendor says a severe XenDesktop and XenApp security flaw needs immediate patching, or else an attacker may execute arbitrary code.
-
Week of 18 Jul 2011 Hackers target Adobe vulnerabilities, Java vulnerabilities (20 Jul 2011)
A new report notes a significant rise in the number of attacks against Adobe and Java vulnerabilities in the last six months.
Smartphone malware: Infections will hit one in 20, study predicts (22 Jul 2011)
A recent study by security vendor Trusteer predicts there will be about 56,000 infections for every million smartphone users in the coming year.
-
Week of 11 Jul 2011 With UTM system, Blackpool Council trims network security costs (11 Jul 2011)
Faced with a network ravaged by Conficker and a dwindling budget, the Blackpool Council implemented a UTM system to cut costs and bolster security.
-
Week of 04 Jul 2011 ICO issues warning over NHS Data Protection Act breaches (05 Jul 2011)
Following five more NHS Data Protection Act violations, the Information Commissioner’s Office will redouble efforts to help NHS improve security.
Many private firms decline ICO audit, finds 2011 ICO annual report (07 Jul 2011)
The 2011 ICO annual report shows that of the private companies offered an ICO audit last year, only 19% accepted.
Network security case study: College’s NAC virtual appliance makes grade (06 Jul 2011)
Wellington College’s network security case study explains how a NAC virtualization appliance blocks malware and provides increased capacity on demand.
-
Week of 27 Jun 2011 Most recent quarter sees rise in information security salary figures (27 Jun 2011)
According to figures from Acumin, for the first time since the recession started, no sector of the infosec job market has seen a pay reduction.
Symantec smartphone security comparison offers mixed results (01 Jul 2011)
Big Yellow’s new smartphone security comparison paper says iOS and Android devices can be secured, but dual consumer-business use presents risks.
-
Week of 20 Jun 2011 Security awareness tips: Making programmes more effective (22 Jun 2011)
Several information security pros, via LinkedIn, share their best security awareness tips with SearchSecurity.co.UK.
-
Week of 13 Jun 2011 Lost NHS medical records: Laptops had unused encryption software (16 Jun 2011)
The NHS has suffered another breach, this one compromising 18 million records. Worse yet: The laptops could have been encrypted with already purchased software.
PCI virtualisation: With new guidelines, compliance may be harder (14 Jun 2011)
New guidelines on virtualisation issued by the PCI SSC show PCI compliance is possible within a virtualised environment, but may not be feasible.
World IPv6 Day a success, but IPv6 security problems only beginning (13 Jun 2011)
While World IPv6 Day caused no catastrophic Internet outages, some researchers predict that transition-related IPv6 security problems could threaten security.
-
Week of 06 Jun 2011 How West Midlands police collared identity and access management vendors (07 Jun 2011)
Streamlining access is extremely important for the 15,000-person unit, particularly when dealing with information as sensitive as that in police records.
Zeus Technology announces art of defence acquisition (09 Jun 2011)
Zeus says the art of defence acquisition will boost its effort to provide Web application security for cloud computing deployments.
-
Week of 30 May 2011 Extra negotiation helps firm answer cloud computing security questions (01 Jun 2011)
What happens when the CISO has cloud computing security questions, but the contract has already been signed? Find a way to renegotiate, says one consultant.
-
Week of 23 May 2011 Virtual desktop benefits include tighter security, hot desking (25 May 2011)
With the help of hot desking and other virtualisation technologies, the Basildon Borough Council was able to centralise its security administration and reduce its number of desks by more than 30%.
-
Week of 16 May 2011 European Commission Digital Agenda seeks input on EU cloud computing (19 May 2011)
The European Commission's Digital Agenda is inviting organisations to complete an online cloud questionnaire as it considers creating cloud standards.
Jericho Forum commandments address the future of identity management (20 May 2011)
The Jericho Forum recently released new guidance on what it believes could be an effective way to centrally manage users' ever-multiplying identities.
-
Week of 09 May 2011 Industry experts: ICO guidelines on cookies get cautious welcome (13 May 2011)
New ICO guidelines give leeway for a more nuanced approach to compliance, but some say more clarity is needed.
New ICO guidance issued on EU cookie law (10 May 2011)
The Information Commissioner's Office has released practical guidance for companies to comply with the new EU cookie law.
-
Week of 25 Apr 2011 Store dealing with dishonest employees uses internal theft prevention software (29 Apr 2011)
A London-based sushi chain expects to save almost £1 million this year with the help of new fraud-detection software.
-
Week of 18 Apr 2011 Data shows many applications still contain OWASP Top 10 flaws (19 Apr 2011)
A recent study finds application security in a dismal state, with more than 80% of Web apps containing errors on the OWASP Top 10 list.
Infosecurity speakers advocate for mobile device security policy (22 Apr 2011)
Don't underestimate the importance of a mobile device security policy, agree several CISOs at the 2011 Infosecurity Europe conference.
PECR amendments feature tighter rules on cookies, security risk (21 Apr 2011)
Beginning May 25, organisations will have to request permission from website visitors before planting cookies on their machines.
Risk management key to security budgeting, smartphone security issues (19 Apr 2011)
Thoughtful risk management can aid efforts both toward increasing security budgets and locking down smartphones, panels at Infosecurity Europe concurred.
Verizon data breach report 2011: Hackers target more, smaller victims (20 Apr 2011)
Seen as weaker targets, smaller organisations were more frequently the victims of attack, according to the Verizon Data Breach Report 2011 edition.
VoIP security risks will be on display at Infosecurity Europe (19 Apr 2011)
Wick Hill plans to demonstrate CCTV and VoIP security risks that could compromise a network, including three types of attacks.
-
Week of 11 Apr 2011 Infosecurity Europe 2011 preview: APT, mobile security at fore (11 Apr 2011)
From mobile security to advanced persistent threats and infosec budgets, keynotes at this year's Infosecurity Europe conference will address some of the most pressing issues in IT security.
-
Week of 04 Apr 2011 After breach at RSA, two-factor authentication options abound (08 Apr 2011)
Companies specialising in two-factor authentication hope to boost business following the breach of RSA's SecurID, and many plan to capitalise with new products at Infosecurity Europe.
Massive Epsilon email breach could lead to email attacks, spam (05 Apr 2011)
At least 50 banks, retailers and other firms are affected by a major email breach at a Texas-based data management firm that provided marketing email services.
iPad management: Securing iPads in a regulated world (04 Apr 2011)
When the sales department started using iPads, the IT security manager was tasked with locking them down. Learn how one infosec pro took charge of iPad security.
-
Week of 28 Mar 2011 Cloud access control: Plug-in alters applications on a per-user basis (30 Mar 2011)
The new browser plug-in allows for per-user access controls with cloud application features, but at launch is limited only to Salesforce.com and Google Apps and browsers IE or Firefox.
Open Group launches guide to boost ISO 27005 efforts (29 Mar 2011)
A new guide from the Open Group is designed to help organisations meet ISO 27005 standards, but some risk management professionals feel it may not be so effective.
-
Week of 21 Mar 2011 Adobe fixes critical Flash Player, Reader, Acrobat X flaws (22 Mar 2011)
The serious vulnerabilities could cause a crash and potentially allow an attacker to take control of an affected system.
UK PCI compliance slow, but card fraud trends downward (22 Mar 2011)
Compliance with PCI DSS is still slow in the UK, but card fraud continues to fall, perhaps in part due to measures mandated or encouraged by the standard.
-
Week of 14 Mar 2011 Encrypted memory sticks could cure user carelessness (14 Mar 2011)
As the price of USB pen drives decreases, so does the inherent value employees attach to them. Two recent studies show that users have very little security awareness when it comes to memory sticks.
ISSA standard aims to improve small business IT security (18 Mar 2011)
ISSA is crafting a small-business standard to improve information security, but one group questions whether a single standard for all small companies makes sense.
Security salary survey: Technical skill in growing demand (16 Mar 2011)
The latest security salary survey data shows demand for technical skills has risen, but pay rates have slipped for new M.Sc. graduates.
-
Week of 14 Feb 2011 IPS virtual patching undermined by new threats, Stonesoft says (17 Feb 2011)
IPS virtual patching is undermined by more than 120 new advanced evasion techniques (ATEs) that are being used by hackers.
New SMB vulnerability identified in Windows XP and Server 2003 (17 Feb 2011)
A new SMB vulnerability discovered in Windows could open systems to DoS attacks and remote access. The vulnerability, tagged as CVE-2011-0654, has been rated "critical" and confirmed on Windows...
-
Week of 07 Feb 2011 Mobile phone security threats, blended attacks increasing (11 Feb 2011)
Not only is the amount of mobile malware increasing, the level of sophistication of that malware and accompanying attacks is rising, too, discloses a new report.
PCI SSC: Europeans sought to shape credit card security policy (07 Feb 2011)
Nominations recently opened for organisations to join the PCI SSC's advisory board, and PCI European Director Jeremy King is keen to see more UK companies elected.
-
Week of 31 Jan 2011 Insider threat statistics uncover hidden dangers (31 Jan 2011)
More than half of UK employees queried confessed to taking corporate data without permission, but most only do so to enable their productivity, finds a new study commissioned by Symantec Corp.
Microsoft to address 22 flaws in Patch Tuesday updates (03 Feb 2011)
In its advance notification, Microsoft said it would issue 12 bulletins, three critical, addressing holes in Windows, Internet Explorer, Office, Visual Studio and IIS.
PCI PTS aims to stop retail IT security breaches, but progress is slow (02 Feb 2011)
The new PCI PTS requirements are intended to help stores shore up insecure point-of-sale systems and other common retail IT security weaknesses.
-
Week of 24 Jan 2011 CHECK penetration testing consultants still hard to find, says report (27 Jan 2011)
The dearth of government qualified pen testers is likely due to the difficulty of acquiring CHECK certification and infosec pros' view of pen testing as a stepping stone career move, speculates a new...
Mozilla proposes Firefox Do Not Track feature to boost browser privacy (24 Jan 2011)
The proposal, which transmits a special HTTP header to websites, may be supported in future versions of Firefox, but in order for it to work, websites must support the feature.
Selling carbon credits: Stronger authentication could've foiled theft (24 Jan 2011)
Two-factor authentication at a Prague-based energy-trading platform could have prevented the theft of millions of dollars worth of carbon credits.
-
Week of 17 Jan 2011 Cisco says attackers will take aim at Apple, Android mobile devices (20 Jan 2011)
The popularity of Apple and Google Android mobile devices could put them at risk of falling in the crosshairs of cybercriminals.
-
Week of 10 Jan 2011 Adobe to overhaul Flash Player interface to improve security, privacy (14 Jan 2011)
Engineers at Adobe Systems Inc. are working on a redesign of the Flash Player Settings Manager to incorporate features requested by users and privacy advocates.
PCI survey finds more compliance spending planned to meet guidelines (12 Jan 2011)
A survey of 500 security professionals found that, although the compliance initiatives are burdensome, they are improving security at most organisations.
Phishing test highlights BlackBerry, iPhone insecurity (10 Jan 2011)
According to new research, mobile users are three times more likely to fall for phishing scams than traditional desktop users.
-
Week of 03 Jan 2011 Microsoft to patch critical Windows flaw to block ongoing attacks (06 Jan 2011)
Microsoft will issue two security bulletins, addressing a critical vulnerability affecting all versions of Windows.
Researcher breaks Adobe Flash sandbox security feature (06 Jan 2011)
Adobe is responding to a new method that breaks a security feature and prevents Flash files from passing data to remote systems; it is classified as "moderate" security threat.
-
Week of 27 Dec 2010 ISF, (ISC)2 and ISACA team up on IT security principles guidelines (27 Dec 2010)
ISF, (ISC)2 and ISACA have worked together to create 12 principles intended to help business and security teams understand and aid each other.
-
Week of 20 Dec 2010 Mobile device malware growing, but smartphone threats still small (22 Dec 2010)
For several years running, security researchers have predicted that mobile malware will be the next big thing, but how concerned should organisations really be?