Opinions & Analysis

he first major zero-day of 2015 has been discovered, it is actively exploiting Adobe Flash and already bundled into an exploit kit.   The flaw was discovered by researcher Kafeine, and he said that he spotted an instance of the Angler exploit kit which is sending three different “bullets” targeting Flash Player, although it is not being used in all Angler instances. What is safe is Windows 8.1 and Google Chrome, however other Windows OS...

Following our look at the common prediction trends for 2015, and identifying both major flaws and expanding ransomware as trends worth looking at, the next timely trend looks at the boardroom.   Today, research of the FTSE 350 by PwC found that 88 per cent say that cyber security is on the board’s agenda, yet only 29 per cent of companies thought cyber was a “top risk”. So perhaps strides are being made forward in...

The news from either side of the atlantic today sees the start of cyber battles between the USA and UK.   Rather than diplomatic relations taking a major downturn for the first time since the death of Thatcher the cat in 2009, this will see the national intelligence agencies GCHQ and NSA, aided by MI5 and the FBI, in stress-testing each other’s capabilities.   The development of cyber cells will see agents try out methods...

Yesterday saw a key presentation from US President Barack Obama who used what could become a well-used term, “If we're going to be connected, then we need to be protected." As part of a series of movements around the annual State of the Union address, Obama announced plans to introduce a new Consumer Privacy Bill of Rights, better protection of children's personal information and privacy online and  free access to credit scores. Perhaps most notably,...

Twenty-fourteen was marked the “year of the breach”, due to the number of high profile data breaches that affected so many organisations worldwide.   Attackers were found to be siphoning data over days, months and in many cases years, adding to the fear of social engineering being a prime method of introducing malware into an organisation and presenting the challenge of how organisations should best deal with targeted attacks.   The increase seen in 2014...

In a presentation today, Prime Minister David Cameron promised a “comprehensive piece of legislation” which will close the "safe spaces" used by suspected terrorists to communicate online with each other.   According to BBC News, Cameron said he would increase the authorities' power to access both the details of communications and their content. He also said he recognised such powers were "very intrusive" but he believed that they were justified to counter the growing threat...

Once upon a time, life as a Linux or UNIX admin was pretty sweet, without nearly as many extended shifts or panicked phone calls in the middle of the night as poor Windows admins had to deal with.   Sadly, nothing lasts forever. With these systems coming to play such a widespread role in server management, it was inevitable that eventually somebody would find a vulnerability and exploit it. Nevertheless, the scale of the Bashbug...

Following on from our overall look at the common predictions sent to me for 2015 and a lively webcast on the subject from this week, I have decided that the second prediction trend I will look at more thoroughly is a continuing major topic from 2014.   Could anyone have predicted the impact that the likes of Heartbleed, Shellshock and Poodle would have upon security? With national global news coverage and enough scare stories to...

In the last blog I wrote for 2014, I looked at some of the common prediction trends that the various vendors and analysts had sent to me.   In that article, I identified 15 trends for information security, ranging from identity management changes to connected devices to better collaboration between the dark and light sides of the industry.   On Tuesday 6th January, analyst Richard Stiennon and researcher Tom Cross will join me in an...

Over the past couple of months, my inbox has filled up with predictions from vendors, analysts and security thinkers on what they think will create havoc or solve our problems in 2015.   Before I get on to that, I think it is important to understand what was predicted for 2014. Some were correct – we saw a lot more activity around Internet of Things/Everything, the arrival of version 1.0 of the FIDO Alliance standard...