Editor's News

Yesterday at Black Hat USA, researchers from UK-based Context Information Security demonstrated how Windows Update can be abused for internal attacks on corporate networks by exploiting insecurely configured enterprise implementations of Windows Server Update Services (WSUS). WSUS allows admins to co-ordinate software updates to servers and desktops throughout their organisations, but the Microsoft default install for WSUS is to use HTTP and not SSL-encrypted HTTPS delivery. By exploiting this weakness, the Context researchers were able...

Yesterday, Imperva, Inc. (NYSE:IMPV) released its August Hacker Intelligence Initiative Report (HII Report) at Black Hat USA 2015: “Man in the Cloud Attacks.” This new report uncovers how a new type of attack, “Man in the Cloud” (MITC), can quietly coopt common file synchronisation services, such as Google Drive and Dropbox, to turn them into devastating attack tools not easily detected by common security measures. The report notes that this next-generation attack does not require compromising...

Tripwire, Inc., a leading global provider of advanced threat, security and compliance management solutions, today announced results of an extensive security assessment of three top-selling smart home automation hub products available on Amazon. The research uncovered zero-day flaws in each hub that could allow hackers to take control of smart home functionalities. Smart home hubs are used to control lighting, heating, locks and cameras in people’s homes. In order to understand the risks associated with smart...

We can see what is hot. But how long will it be hot for? Spotting growth sectors in security is easy. But long-term trends are always about underlying changes in the way technology is used Ignore the look of certainty and grandiose statements of purpose that emanate from big tech firms, nobody in the security industry is absolutely sure where the industry is going. But if in doubt when making a startup investment, one way...

Alert Logic, a leading provider of Security-as-a-Service for the cloud, today announced at the Black Hat Conference in Las Vegas, NV availability of Alert Logic Cloud Insight, a cloud-native vulnerability and configuration management solution designed for customers running on Amazon Web Services (AWS). Alert Logic Cloud Insight integrates with AWS native security features to provide an integrated view of potential host and application level vulnerabilities for customers deploying on the AWS Cloud. Once identified, Alert...

Four in five consumers aren’t confident that their financial information is secure when dealing with big brands who take card payments over the phone, according to a new survey by Elitetele.com. In addition to this, a third (33%) don’t believe their data is more safe today than it was five years ago. These concerns highlight the importance of companies being PCI Compliant ahead of some of the most significant changes to the EU data protection...

New offering integrates social sharing, big data analytics to power and scale crowd-sourced threat intelligence community   AlienVault™, the leading provider of Unified Security Management™ and crowd-sourced threat intelligence, today announced the general availability of an updated version of Open Threat Exchange (OTX), its open threat intelligence community that enables collaborative defense with actionable, community-powered threat data. The latest OTX offering, in beta since April 2015, is modeled on social sharing technologies, enabling security practitioners...

  Renowned ‘whistleblower’ to present his views LIVE via satellite to Andrew Neil, on the state and future of national cyber security   Renowned former NSA employee Edward Snowden will deliver a keynote speech this year at Europe’s number one IT event, IP EXPO Europe 2015, taking place at London’s ExCel. Joining the event live via satellite on Wednesday 7th October, Snowden will share his views on the implications of national cyber security today. Famous...

BlackBerry Limited (NASDAQ: BBRY; TSX: BB), a global leader in secure mobile communications, today announced that it has entered into a definitive agreement to acquire AtHoc. Terms of the transaction were not disclosed. AtHoc is a leading provider of secure, networked crisis communications. Its software platform enables people, devices and organizations to exchange critical information in real time during business continuity and life safety operations. The AtHoc platform will integrate with BlackBerry’s enterprise portfolio and...

Through a post on its corporate blog, OpenDNS, a leading provider of cloud-delivered security, today announced that it has released a new version of OpenDNS Investigate, its global threat intelligence product. OpenDNS Investigate provides query-based and API-driven access to a massive database of domains, IP addresses and autonomous system numbers (ASNs) that the company collects, categorizes and enriches in real-time. Investigate gives security professionals a single source of Internet-wide visibility into global threats that helps...