-
Week of 18 Jun 2012 Review your security contingency plan during the Games (Security Bytes blog | 21 Jun 2012)
U.K. companies are preparing to manage their security during the Olympics. Would your security contingency plan hold up to such a disruptive event?
-
Week of 11 Jun 2012 Opinion: LinkedIn hacking incident betrays users’ trust (Security Bytes blog | 14 Jun 2012)
Users are told to create strong passwords, but the LinkedIn hacking showed strong passwords are no defense when the application provider is attacked.
-
Week of 04 Jun 2012 Information technology security jobs hiring outlook (Security Bytes blog | 07 Jun 2012)
The unemployment rate for IT security pros is 0%, says CompTIA, leaving some companies with key information technology security jobs unfilled.
-
Week of 28 May 2012 Why execs really need corporate security training (Security Bytes Blog | 31 May 2012)
Senior executives may be the most likely to disobey all your hard-won corporate security training. Here are five reasons why.
-
Week of 21 May 2012 A bold view on prioritizing computer security laws (Security Bytes blog | 24 May 2012)
The number of computer security laws in the U.S. can be daunting. One bold lawyer suggests a way to prioritize the laws and avoid most legal battles.
-
Week of 14 May 2012 Division of CISO responsibilities may prevent burnout (Security Bytes blog | 17 May 2012)
CISO responsibilities can be overwhelming, according to a new IBM survey. One solution may be to divide the role into two jobs.
MDM, security vendors scramble to address BYOD security issues (ComputerWeekly.com | 18 May 2012)
Organisations are looking beyond NAC and MDM to resolve BYOD security issues; MDM, security and hybrid vendors are responding with new products.
-
Week of 07 May 2012 Going after the middlemen in the fight against financial cybercrime (Security Bytes blog | 10 May 2012)
The FBI and SOCA successfully executed Operation hAVoC, going after the middlemen, or carders, in the fight against financial cybercrime.
ICO fines Welsh health board £70,000 for patient record loss (ComputerWeekly.com | 11 May 2012)
For the first time, the ICO fines an NHS organisation for sending patient data to the wrong person.
-
Week of 30 Apr 2012 Creativity in information security awareness training (Security Bytes Blog | 03 May 2012)
Information security awareness training programs must be creative and visually compelling to grab users’ attention and ensure they remember the security lessons.
SOCA takes its website offline in DDoS response (ComputerWeekly.com | 03 May 2012)
Just days after SOCA shut down carder sites, the agency was the victim of a DDoS attack, leading SOCA to takes its website offline.
-
Week of 23 Apr 2012 For data security, cloud customers need DIY approach (Security Bytes Blog | 26 Apr 2012)
To ensure data security, cloud computing customers must accept a do-it-yourself approach, rather than relying on providers for security.
Infosecurity 2012: ICO opposes mandatory data breach notification (ComputerWeekly.com | 26 Apr 2012)
Information Commissioner Christopher Graham calls mandatory breach disclosure for all companies unnecessary, saying voluntary disclosure is working.
Infosecurity 2012: Survey proves value of security awareness programme (ComputerWeekly.com | 27 Apr 2012)
According to the latest findings from PwC, better end-user security training can pay off in fewer breaches.
Investigation reveals serious cloud computing data security flaws (ComputerWeekly.com | 24 Apr 2012)
Context Information Security found that data stored by a cloud customer could be accessed by the next customer to spin up a VM on the same disk.
SOCA shuts down network of CVV sellers' carder sites (ComputerWeekly.com | 27 Apr 2012)
The Serious Organised Crime Agency shut down 36 CVV sellers who were selling stolen credit card and banking credentials to buyers around the world.
-
Week of 16 Apr 2012 Experts differ on European ‘cookie law’ advice (Security Bytes Blog | 19 Apr 2012)
U.S. firms with European customers are wondering about the new “cookie law.” Experts have different advice for European cookie law compliance.
ISBS 2012 report: Security slow to adapt to new technologies (ComputerWeekly.com | 20 Apr 2012)
PwC’s ISBS 2012 report, which will be presented at Infosecurity 2012, shows security teams react too slowly to threats from new technologies.
PCI assessor and CISO: Work together for the best PCI ROC (SearchSecurity.com | 19 Apr 2012)
In a session at the SOURCE Boston conference, a PCI assessor and a CISO explain that there are ways to arrive at a report on compliance they can both appreciate.
-
Week of 09 Apr 2012 Defining a full security threat (Security Bytes Blog | 12 Apr 2012)
How would you define a security threat? The correct answer could score the funding you need for your next security project.
Report: Corporate mobile device policy must align security, job roles (ComputerWeekly.com | 13 Apr 2012)
In the debate between BYOD and company-issued devices, a new report compares mobile platforms and recommends devices based on users’ job roles.
-
Week of 02 Apr 2012 Prepare now for more stringent U.S. data privacy laws (Security Bytes Blog | 05 Apr 2012)
U.S. data privacy laws will soon become more pervasive and more strictly enforced. Security teams should prepare their organizations for the new rules.
-
Week of 26 Mar 2012 Costs of a data breach falling, but cost per record rising (ComputerWeekly.com | 26 Mar 2012)
The cost of a data breach in the UK is falling, data from Ponemon Institute shows, but the news isn't all good.
For website owners, UK cookie law causing confusion, uncertainty (ComputerWeekly.com | 27 Mar 2012)
A survey of digital marketing professionals found some companies plan to take no action to comply with UK cookie law before the May 26 deadline.
Future of SIEM market hinges on past mistakes (Security Bytes Blog | 29 Mar 2012)
The SIEM market had a rocky start, but recent technology advancements have made SIEM products easier and more reliable.
SIEM deployment case study shows patience is required (ComputerWeekly.com | 30 Mar 2012)
Williams Lea’s SIEM is already helping reduce manual log reviews. But there’s still a lot of work to be done before the SIEM can be fully deployed.
-
Week of 19 Mar 2012 Study: Shnakule, four other malnets caused most 2011 attacks (ComputerWeekly.com | 19 Mar 2012)
Huge global malnets, such as Shnakule, were responsible for most attacks in 2011, and Blue Coat predicts they will trigger 66% of all attacks in 2012.
UK IT spending 2012: Security budgets show growth, CompTIA survey says (ComputerWeekly.com | 23 Mar 2012)
CompTIA found IT security budgets are growing for most UK organisations. However, UK IT managers report a shortage of skilled security professionals.
Verizon data breach report boasts new contributors (Security Bytes Blog | 22 Mar 2012)
Good news for the security industry: More countries contributed to the 2012 Verizon data breach report.
Verizon data breach report highlights continuing POS vulnerabilities (ComputerWeekly.com | 22 Mar 2012)
Improperly secured point-of-sale systems continue to offer an easy target to cybercriminals according to the 2012 data breach report from Verizon.
-
Week of 12 Mar 2012 Can a security association bring us all together? (Security Bytes Blog | 15 Mar 2012)
Vendors and government call for security pros from different organizations to work together, but will our competitive nature stand in our way?
Getting serious about tablet security risks and user training (ComputerWeekly.com | 14 Mar 2012)
With increasing tablet security risks, the time has come to get serious about user education. UK Bureau Chief Ron Condon prescribes a new mindset.
It's so easy to breach the Data Protection Act (The Security Viewpoint | 13 Mar 2012)
The latest case to appear on the website of the Information Commissioners Office (ICO) shows just how easy it can be to break the law.
Surveying the landscape of today’s mobile device security risks (ComputerWeekly.com | 14 Mar 2012)
The biggest mobile device security risks are not from malware -- at least not yet. Find out the primary concerns of IT pros managing mobile devices.
Taking control of smartphone proliferation while avoiding user anarchy (ComputerWeekly.com | 14 Mar 2012)
With smartphone proliferation raging through companies, IT teams are turning to MDMs to keep corporate data safe. Are current MDMs up to the task?
UK firms have trust in cloud service security, but reality disappoints (ComputerWeekly.com | 15 Mar 2012)
UK firms believe moving some IT projects to the cloud will improve their overall security, yet they end up feeling less secure after the move.
-
Week of 05 Mar 2012 New mobile security statistics show consumers fearful of mobile spam (ComputerWeekly.com | 09 Mar 2012)
A survey of UK consumers found trust in mobile device security is declining as more users fall prey to mobile spam.
-
Week of 20 Feb 2012 Windows security case study: Controlling Windows 7 user privileges (ComputerWeekly.com | 24 Feb 2012)
After migrating from Windows XP to Windows 7, Oxford University Press used Avecto’s Privilege Guard to control Windows 7 user privileges.
-
Week of 06 Feb 2012 Study finds attacks slip past spotty patch management policies (ComputerWeekly.com | 10 Feb 2012)
A study finds attackers targeting firms with poor patch management policies, exploiting vulnerabilities that should have been patched years ago.
Survey: Types of DDoS attacks on the rise due to hacktivist groups (ComputerWeekly.com | 09 Feb 2012)
New DDoS statistics suggest hactivist groups are to blame for an increase in the number and types of DDoS attacks across the Internet.
Web application vulnerability statistics show security losing ground (ComputerWeekly.com | 08 Feb 2012)
New Web application vulnerability statistics show the number of vulnerabilities is rising, despite the use of Web application development frameworks.
-
Week of 30 Jan 2012 Microsoft spurs Browsium to rewrite tool for running IE6 on Windows 7 (ComputerWeekly.com | 03 Feb 2012)
Microsoft has spurred Browsium to rewrite its tool for running IE6 on Windows 7, limiting the security threat posed by continued use of IE6.
-
Week of 23 Jan 2012 European Commission data protection proposals draw hostile reaction (ComputerWeekly.com | 26 Jan 2012)
Reaction to the European Commission data protection proposals has been largely negative, as many believe the new rules are costly and misdirected.
Survey sheds light on SharePoint security concerns (ComputerWeekly.com | 24 Jan 2012)
Respondents' top SharePoint security concerns include frustrated users who inadvertently or deliberately circumvent security policies.
-
Week of 16 Jan 2012 Cloud maturity model to help SMBs judge security of cloud providers (ComputerWeekly.com | 20 Jan 2012)
CAMM, a new cloud maturity model, may be the key to helping organisations, and especially SMBs, evaluate the security of cloud providers.
UK IT security survey reveals changing priorities (ComputerWeekly.com | 16 Jan 2012)
TechTarget surveyed UK IT professionals regarding their 2012 security priorities. The findings show changing security priorities.
-
Week of 09 Jan 2012 Cattles' lost backup tapes highlight risk of unencrypted data storage (ComputerWeekly.com | 09 Jan 2012)
Cattles Group lost backup tapes containing 1.4 million unencrypted customer records. The incident highlights the risks of removable storage.
Despite recruiting uptick, 2011 IT security pay rates remain flat (ComputerWeekly.com | 12 Jan 2012)
New figures show little fluctuation in IT security pay rates heading into 2012. However, recruitment is rising, along with contract staff hires.
Jericho founder: Get involved in plan for protecting identity online (ComputerWeekly.com | 13 Jan 2012)
Respected identity expert Paul Simmonds says the NSTIC's identity project needs European involvement, or it may not meet Europe's needs.
-
Week of 02 Jan 2012 Comet hit with lawsuit for alleged Microsoft Windows piracy (ComputerWeekly.com | 04 Jan 2012)
Microsoft is suing Comet, alleging the electronics retailer sold counterfeit Windows backup discs, but Comet claims it was just good customer service.
The Cattles Group loses 1.4m customer records (ComputerWeekly.com | 06 Jan 2012)
The Cattles financial services group has admitted losing unencrypted computer backup tapes containing personal details of 1.4 million customers.
-
Week of 26 Dec 2011 Emerging 2012 security trends demand information security policy changes (ComputerWeekly.com | 29 Dec 2011)
2012 security trends involving cookies, fines, devices and threats will demand more skills -- and a little finesse -- from security professionals.
-
Week of 19 Dec 2011 ICO stands by unpopular UK cookie legislation with advice, warnings (ComputerWeekly.com | 21 Dec 2011)
Website owners have resisted compliance with cookie legislation so the ICO has issued more guidance and warnings to nudge them along.
Industry groups offer conflicting options for protecting identity online (ComputerWeekly.com | 21 Dec 2011)
The Jericho Forum is promoting its strategy for protecting identity online, claiming its approach is superior to the NSTIC or vendors.
-
Week of 05 Dec 2011 Concerned about tablet security issues? Some are, others not so much (ComputerWeekly.com | 05 Dec 2011)
Users love their tablets, but security pros are concerned about tablet security issues. However, though tablets bring new threats, not everyone is ringing the alarm.
Report on UK cybercrime statistics reveals culprits and responders (ComputerWeekly.com | 06 Dec 2011)
PwC’s cybercrime statistics reveal who is most likely to commit cybercrime, and who is the best choice to respond in any organisation.
Secure coding techniques absent from eight in 10 Web applications (ComputerWeekly.com | 07 Dec 2011)
Veracode’s latest State of Software Security Report showed secure coding techniques are absent from most Web applications. Android apps fared badly, too.
-
Week of 28 Nov 2011 Government publishes UK Cyber Security Strategy to protect public (ComputerWeekly.com | 28 Nov 2011)
The government’s UK cyberscurity strategy includes a new crime unit, more certifications, increased public education, and the creation of kitemarks.
Privacy group reports alarming data breach statistics in public sector (ComputerWeekly.com | 30 Nov 2011)
Big Brother Watch reported alarming data breach statistics at local councils, which may be just the tip of the iceberg.
Swiss bank balances tablet security issues with performance, cost (ComputerWeekly.com | 02 Dec 2011)
When a Swiss bank needed solve its tablet security issues, it found a way to secure its devices without sacrificing performance by using virtualisation.
-
Week of 14 Nov 2011 London firm offers fixed-price cloud DDoS protection (ComputerWeekly.com | 16 Nov 2011)
One company has launched a fixed-price cloud DDoS-protection service for mitigating the ever-present threat of DDoS attacks.
Tougher data protection rules will push up cost of email marketing (ComputerWeekly.com | 17 Nov 2011)
The EU will announce tougher rules for collecting information from consumers. Security pros can plan now for the new rules, expected in January 2012.
-
Week of 07 Nov 2011 Car rental firm cruises past IE6 security issues (ComputerWeekly.com | 11 Nov 2011)
IE6 is plagued with security flaws, yet upgrading can stymie some applications. Avis is piloting a product it believes resolves IE6 security issues.
-
Week of 24 Oct 2011 University IT security pros thwart content piracy with traffic shaping (ComputerWeekly.com | 27 Oct 2011)
A traffic-shaping system installed at the University of Exeter quickly yielded huge dividends by blocking illegal piracy of music and films.
-
Week of 17 Oct 2011 Preparing for latest security attacks means planning for failure (ComputerWeekly.com | 19 Oct 2011)
Any security defence may, at some point, fail. Experts at RSA Europe said security pros must be agile to dodge the latest security attacks.
-
Week of 10 Oct 2011 RSA Europe Conference 2011: Nation state groups behind RSA attack (ComputerWeekly.com | 13 Oct 2011)
RSA revealed a “nation state” was behind the SecurID attack in March. Twitter and Facebook are still banned at RSA.
Web inventor Tim Berners-Lee on vision for the future of IT security (ComputerWeekly.com | 14 Oct 2011)
Web inventor Tim Berners-Lee told RSA Europe attendees the future of IT security must include greater simplicity for users.
-
Week of 03 Oct 2011 UK banks bracing for new financial services regulations compliance (ComputerWeekly.com | 03 Oct 2011)
A research director for Gartner lists the top five financial services regulations that UK banks will have to deal with in the coming years.
UK security firm finds new Apache Web server security flaw (ComputerWeekly.com | 07 Oct 2011)
The new Apache Web server security issue could allow hackers access to internal or DMZ systems, says a London security firm.
-
Week of 26 Sep 2011 CESG certification scheme aims to boost public-sector consultants (ComputerWeekly.com | 26 Sep 2011)
New certifications from CESG, in partnership with CREST and IISP, plan to standardise the assessment of skills for public-sector security consultants.
E-discovery laws: Having an information governance framework matters (ComputerWeekly.com | 29 Sep 2011)
A recent increase in privacy litigation proves that UK companies, too, need e-discovery and data governance plans.
-
Week of 19 Sep 2011 CEOs want security plans for businesses, says Gartner Security Summit (ComputerWeekly.com | 22 Sep 2011)
Following notable breaches at the likes of RSA, Sony and Epsilon, security pros have the ears of business executives like never before.
UK IT spending by industry: Despite cuts, security spending likely stable (ComputerWeekly.com | 22 Sep 2011)
While industries slash IT budgets, information security spending will likely hold steady.
-
Week of 12 Sep 2011 Bank security on top in consumer information security trust survey (ComputerWeekly.com | 16 Sep 2011)
More than half of respondents indicated they trusted financial institutions with their personal data, with students being the most trusting overall.
Shylock, a new Internet banking Trojan, targets UK banks (ComputerWeekly.com | 12 Sep 2011)
The Shylock Internet banking Trojan pilfers online banking credentials and data, using innovative new techniques to avoid detection.
-
Week of 05 Sep 2011 Amid social networking security issues, companies block Web 2.0 apps (ComputerWeekly.com | 08 Sep 2011)
Many companies have clamped down on social networking in the face of security concerns, a new report reveals. Is this a long-term trend?
-
Week of 29 Aug 2011 Apache DDoS vulnerability requires immediate update to avoid threat (01 Sep 2011)
Apache has released an updated version of its Web server to address a DDoS vulnerability, for which exploit tools have been found in the wild.
Security shakeup needed to stop theft of confidential information (ComputerWeekly.com | 02 Sep 2011)
Infections are expensive and nearly constant, but studies from vendors Symantec and FireEye have found the prescription: A new approach to security.
-
Week of 22 Aug 2011 RBS breach of email security policy exposes staff pay rates (ComputerWeekly.com | 25 Aug 2011)
An email accidentally mailed to 800 RBS employees contained the pay rate details of nearly 3,000 RBS contract staff.
Scholarships aim to encourage women to pursue cybersecurity careers (ComputerWeekly.com | 23 Aug 2011)
To boost the percentage of women in IT security careers, (ISC)2 has instituted two new scholarships, each totalling up to $40,000 per year.
-
Week of 15 Aug 2011 Botnet security alert: Malicious spam surge marks bot reconstruction (ComputerWeekly.com | 19 Aug 2011)
The percentage of spam messages containing a malicious payload has spiked sharply recently, likely due to a resurgence of spam bots.
ICO approves policy changes after Google Street View privacy issues (ComputerWeekly.com | 20 Aug 2011)
The ICO has approved updates to Google's Street View policies following a data compromise last year, but asserts there's room for improvement.
-
Week of 08 Aug 2011 Gartner: Corporate privacy policy requirements demand urgent review (ComputerWeekly.com | 11 Aug 2011)
The research firm says corporate privacy policy requirements are outdated, due to new technology and legislation, and should be revisited now.
Ignored password security policy leads to school data breach (ComputerWeekly.com | 09 Aug 2011)
Password reuse made it easy for a student hacker to get into the Gosport's Bay House School database and expose the details of nearly 20,000 people.
PCI tokenisation best practices guidance offers flexibility (ComputerWeekly.com | 12 Aug 2011)
The newly released PCI tokenisation best practices guidance aims to make PCI DSS compliance easier, yet offers technical flexibility for enterprises.
-
Week of 01 Aug 2011 Missing USB drive, found in pub, contained unencrypted data (ComputerWeekly.com | 04 Aug 2011)
The ICO says two housing groups must improve data security after a contractor’s missing USB drive, containing unencrypted data, was found in a pub.
-
Week of 25 Jul 2011 Automation of SpyEye botnet raises the stakes for security (ComputerWeekly.com | 29 Jul 2011)
Sophisticated malware-automation techniques are cited as the probable cause for a dramatic increase in Web application attacks.
Citrix patches severe XenDesktop, XenApp security flaw (28 Jul 2011)
The virtualisation vendor says a severe XenDesktop and XenApp security flaw needs immediate patching, or else an attacker may execute arbitrary code.
-
Week of 18 Jul 2011 Hackers target Adobe vulnerabilities, Java vulnerabilities (ComputerWeekly.com | 20 Jul 2011)
A new report notes a significant rise in the number of attacks against Adobe and Java vulnerabilities in the last six months.
Smartphone malware: Infections will hit one in 20, study predicts (ComputerWeekly.com | 22 Jul 2011)
A recent study by security vendor Trusteer predicts there will be about 56,000 infections for every million smartphone users in the coming year.
-
Week of 11 Jul 2011 With UTM system, Blackpool Council trims network security costs (ComputerWeekly.com | 11 Jul 2011)
Faced with a network ravaged by Conficker and a dwindling budget, the Blackpool Council implemented a UTM system to cut costs and bolster security.
-
Week of 04 Jul 2011 ICO issues warning over NHS Data Protection Act breaches (ComputerWeekly.com | 05 Jul 2011)
Following five more NHS Data Protection Act violations, the Information Commissioner’s Office will redouble efforts to help NHS improve security.
Many private firms decline ICO audit, finds 2011 ICO annual report (ComputerWeekly.com | 07 Jul 2011)
The 2011 ICO annual report shows that of the private companies offered an ICO audit last year, only 19% accepted.
Network security case study: College’s NAC virtual appliance makes grade (ComputerWeekly.com | 06 Jul 2011)
Wellington College’s network security case study explains how a NAC virtualization appliance blocks malware and provides increased capacity on demand.
-
Week of 27 Jun 2011 Most recent quarter sees rise in information security salary figures (ComputerWeekly.com | 27 Jun 2011)
According to figures from Acumin, for the first time since the recession started, no sector of the infosec job market has seen a pay reduction.
Symantec smartphone security comparison offers mixed results (ComputerWeekly.com | 01 Jul 2011)
Big Yellow’s new smartphone security comparison paper says iOS and Android devices can be secured, but dual consumer-business use presents risks.
-
Week of 20 Jun 2011 Security awareness tips: Making programmes more effective (ComputerWeekly.com | 22 Jun 2011)
Several information security pros, via LinkedIn, share their best security awareness tips with SearchSecurity.co.UK.
-
Week of 13 Jun 2011 Lost NHS medical records: Laptops had unused encryption software (ComputerWeekly.com | 16 Jun 2011)
The NHS has suffered another breach, this one compromising 18 million records. Worse yet: The laptops could have been encrypted with already purchased software.
PCI virtualisation: With new guidelines, compliance may be harder (ComputerWeekly.com | 14 Jun 2011)
New guidelines on virtualisation issued by the PCI SSC show PCI compliance is possible within a virtualised environment, but may not be feasible.
World IPv6 Day a success, but IPv6 security problems only beginning (ComputerWeekly.com | 13 Jun 2011)
While World IPv6 Day caused no catastrophic Internet outages, some researchers predict that transition-related IPv6 security problems could threaten security.
-
Week of 06 Jun 2011 How West Midlands police collared identity and access management vendors (ComputerWeekly.com | 07 Jun 2011)
Streamlining access is extremely important for the 15,000-person unit, particularly when dealing with information as sensitive as that in police records.
Zeus Technology announces art of defence acquisition (ComputerWeekly.com | 09 Jun 2011)
Zeus says the art of defence acquisition will boost its effort to provide Web application security for cloud computing deployments.
-
Week of 30 May 2011 Extra negotiation helps firm answer cloud computing security questions (ComputerWeekly.com | 01 Jun 2011)
What happens when the CISO has cloud computing security questions, but the contract has already been signed? Find a way to renegotiate, says one consultant.
-
Week of 23 May 2011 Virtual desktop benefits include tighter security, hot desking (ComputerWeekly.com | 25 May 2011)
With the help of hot desking and other virtualisation technologies, the Basildon Borough Council was able to centralise its security administration and reduce its number of desks by more than 30%.
-
Week of 16 May 2011 European Commission Digital Agenda seeks input on EU cloud computing (ComputerWeekly.com | 19 May 2011)
The European Commission's Digital Agenda is inviting organisations to complete an online cloud questionnaire as it considers creating cloud standards.
Jericho Forum commandments address the future of identity management (ComputerWeekly.com | 20 May 2011)
The Jericho Forum recently released new guidance on what it believes could be an effective way to centrally manage users' ever-multiplying identities.
-
Week of 09 May 2011 Industry experts: ICO guidelines on cookies get cautious welcome (ComputerWeekly.com | 13 May 2011)
New ICO guidelines give leeway for a more nuanced approach to compliance, but some say more clarity is needed.
New ICO guidance issued on EU cookie law (ComputerWeekly.com | 10 May 2011)
The Information Commissioner's Office has released practical guidance for companies to comply with the new EU cookie law.
-
Week of 25 Apr 2011 Store dealing with dishonest employees uses internal theft prevention software (ComputerWeekly.com | 29 Apr 2011)
A London-based sushi chain expects to save almost £1 million this year with the help of new fraud-detection software.
-
Week of 18 Apr 2011 Data shows many applications still contain OWASP Top 10 flaws (ComputerWeekly.com | 19 Apr 2011)
A recent study finds application security in a dismal state, with more than 80% of Web apps containing errors on the OWASP Top 10 list.
Infosecurity speakers advocate for mobile device security policy (ComputerWeekly.com | 22 Apr 2011)
Don't underestimate the importance of a mobile device security policy, agree several CISOs at the 2011 Infosecurity Europe conference.
PECR amendments feature tighter rules on cookies, security risk (ComputerWeekly.com | 21 Apr 2011)
Beginning May 25, organisations will have to request permission from website visitors before planting cookies on their machines.
Risk management key to security budgeting, smartphone security issues (ComputerWeekly.com | 19 Apr 2011)
Thoughtful risk management can aid efforts both toward increasing security budgets and locking down smartphones, panels at Infosecurity Europe concurred.
Verizon data breach report 2011: Hackers target more, smaller victims (ComputerWeekly.com | 20 Apr 2011)
Seen as weaker targets, smaller organisations were more frequently the victims of attack, according to the Verizon Data Breach Report 2011 edition.
VoIP security risks will be on display at Infosecurity Europe (ComputerWeekly.com | 19 Apr 2011)
Wick Hill plans to demonstrate CCTV and VoIP security risks that could compromise a network, including three types of attacks.
-
Week of 11 Apr 2011 Infosecurity Europe 2011 preview: APT, mobile security at fore (ComputerWeekly.com | 11 Apr 2011)
From mobile security to advanced persistent threats and infosec budgets, keynotes at this year's Infosecurity Europe conference will address some of the most pressing issues in IT security.
-
Week of 04 Apr 2011 After breach at RSA, two-factor authentication options abound (ComputerWeekly.com | 08 Apr 2011)
Companies specialising in two-factor authentication hope to boost business following the breach of RSA's SecurID, and many plan to capitalise with new products at Infosecurity Europe.
Massive Epsilon email breach could lead to email attacks, spam (05 Apr 2011)
At least 50 banks, retailers and other firms are affected by a major email breach at a Texas-based data management firm that provided marketing email services.
iPad management: Securing iPads in a regulated world (ComputerWeekly.com | 04 Apr 2011)
When the sales department started using iPads, the IT security manager was tasked with locking them down. Learn how one infosec pro took charge of iPad security.
-
Week of 28 Mar 2011 Cloud access control: Plug-in alters applications on a per-user basis (ComputerWeekly.com | 30 Mar 2011)
The new browser plug-in allows for per-user access controls with cloud application features, but at launch is limited only to Salesforce.com and Google Apps and browsers IE or Firefox.
Open Group launches guide to boost ISO 27005 efforts (ComputerWeekly.com | 29 Mar 2011)
A new guide from the Open Group is designed to help organisations meet ISO 27005 standards, but some risk management professionals feel it may not be so effective.
-
Week of 21 Mar 2011 Adobe fixes critical Flash Player, Reader, Acrobat X flaws (ComputerWeekly.com | 22 Mar 2011)
The serious vulnerabilities could cause a crash and potentially allow an attacker to take control of an affected system.
UK PCI compliance slow, but card fraud trends downward (ComputerWeekly.com | 22 Mar 2011)
Compliance with PCI DSS is still slow in the UK, but card fraud continues to fall, perhaps in part due to measures mandated or encouraged by the standard.
-
Week of 14 Mar 2011 Encrypted memory sticks could cure user carelessness (ComputerWeekly.com | 14 Mar 2011)
As the price of USB pen drives decreases, so does the inherent value employees attach to them. Two recent studies show that users have very little security awareness when it comes to memory sticks.
ISSA standard aims to improve small business IT security (ComputerWeekly.com | 18 Mar 2011)
ISSA is crafting a small-business standard to improve information security, but one group questions whether a single standard for all small companies makes sense.
Security salary survey: Technical skill in growing demand (ComputerWeekly.com | 16 Mar 2011)
The latest security salary survey data shows demand for technical skills has risen, but pay rates have slipped for new M.Sc. graduates.
-
Week of 14 Feb 2011 IPS virtual patching undermined by new threats, Stonesoft says (ComputerWeekly.com | 17 Feb 2011)
IPS virtual patching is undermined by more than 120 new advanced evasion techniques (ATEs) that are being used by hackers.
New SMB vulnerability identified in Windows XP and Server 2003 (ComputerWeekly.com | 17 Feb 2011)
A new SMB vulnerability discovered in Windows could open systems to DoS attacks and remote access. The vulnerability, tagged as CVE-2011-0654, has been rated "critical" and confirmed on Windows...
-
Week of 07 Feb 2011 Mobile phone security threats, blended attacks increasing (ComputerWeekly.com | 11 Feb 2011)
Not only is the amount of mobile malware increasing, the level of sophistication of that malware and accompanying attacks is rising, too, discloses a new report.
PCI SSC: Europeans sought to shape credit card security policy (ComputerWeekly.com | 07 Feb 2011)
Nominations recently opened for organisations to join the PCI SSC's advisory board, and PCI European Director Jeremy King is keen to see more UK companies elected.
-
Week of 31 Jan 2011 Insider threat statistics uncover hidden dangers (ComputerWeekly.com | 31 Jan 2011)
More than half of UK employees queried confessed to taking corporate data without permission, but most only do so to enable their productivity, finds a new study commissioned by Symantec Corp.
Microsoft to address 22 flaws in Patch Tuesday updates (03 Feb 2011)
In its advance notification, Microsoft said it would issue 12 bulletins, three critical, addressing holes in Windows, Internet Explorer, Office, Visual Studio and IIS.
PCI PTS aims to stop retail IT security breaches, but progress is slow (ComputerWeekly.com | 02 Feb 2011)
The new PCI PTS requirements are intended to help stores shore up insecure point-of-sale systems and other common retail IT security weaknesses.
-
Week of 24 Jan 2011 CHECK penetration testing consultants still hard to find, says report (ComputerWeekly.com | 27 Jan 2011)
The dearth of government qualified pen testers is likely due to the difficulty of acquiring CHECK certification and infosec pros' view of pen testing as a stepping stone career move, speculates a new...
Mozilla proposes Firefox Do Not Track feature to boost browser privacy (24 Jan 2011)
The proposal, which transmits a special HTTP header to websites, may be supported in future versions of Firefox, but in order for it to work, websites must support the feature.
Selling carbon credits: Stronger authentication could've foiled theft (ComputerWeekly.com | 24 Jan 2011)
Two-factor authentication at a Prague-based energy-trading platform could have prevented the theft of millions of dollars worth of carbon credits.
-
Week of 17 Jan 2011 Cisco says attackers will take aim at Apple, Android mobile devices (20 Jan 2011)
The popularity of Apple and Google Android mobile devices could put them at risk of falling in the crosshairs of cybercriminals.
-
Week of 10 Jan 2011 Adobe to overhaul Flash Player interface to improve security, privacy (14 Jan 2011)
Engineers at Adobe Systems Inc. are working on a redesign of the Flash Player Settings Manager to incorporate features requested by users and privacy advocates.
PCI survey finds more compliance spending planned to meet guidelines (12 Jan 2011)
A survey of 500 security professionals found that, although the compliance initiatives are burdensome, they are improving security at most organisations.
Phishing test highlights BlackBerry, iPhone insecurity (ComputerWeekly.com | 10 Jan 2011)
According to new research, mobile users are three times more likely to fall for phishing scams than traditional desktop users.
-
Week of 03 Jan 2011 Microsoft to patch critical Windows flaw to block ongoing attacks (06 Jan 2011)
Microsoft will issue two security bulletins, addressing a critical vulnerability affecting all versions of Windows.
Researcher breaks Adobe Flash sandbox security feature (06 Jan 2011)
Adobe is responding to a new method that breaks a security feature and prevents Flash files from passing data to remote systems; it is classified as "moderate" security threat.
-
Week of 27 Dec 2010 ISF, (ISC)2 and ISACA team up on IT security principles guidelines (ComputerWeekly.com | 27 Dec 2010)
ISF, (ISC)2 and ISACA have worked together to create 12 principles intended to help business and security teams understand and aid each other.
-
Week of 20 Dec 2010 Mobile device malware growing, but smartphone threats still small (ComputerWeekly.com | 22 Dec 2010)
For several years running, security researchers have predicted that mobile malware will be the next big thing, but how concerned should organisations really be?