Editor's News

The board needs to understand security in the way that it once did finance. Speaking at the Financial Services Information Security conference in London, CISO Paul Swarbrick said that despite the CISO often being the third best paid executive behind the CEO and finance director, it needs to be its own entity within the business. “It is not a subset of IT or corporate security, it is a thing of its own, and we cannot...

Run your security department like your own consultancy, and the company as your customer. Speaking at the Financial Services Information Security conference in London, information security and risk executive Jitender Arora said that the key to success is communicating effectively for a shared sense of purpose, listening to what is brought to the table and addressing failure as so often, we are scared of failing. He said: “As security people, we can be successful if...

More people are concerned about having information stolen online than being a victim of cyber crime.   According to a survey of 2,000 people in the USA and UK by Centrify, 79 per cent are concerned about identity theft, with one in four people having been a victim. Speaking to IT Security Guru, Tom Kemp, CEO of Centrify said that this is an area of high awareness for people as a quarter of people have...

Microsoft has announced that is to release an out-of-band patch tonight to address a vulnerability in Windows. In a very short statement, Tracey Pretorius, director of response communications at Microsoft, said: “We strongly encourage customers to apply this update as soon as possible, following the directions in the security bulletin.” The emergency bulletin,MS14-068, specifically patches an elevation of privilege issue in Windows. Affected operating systems include Windows Servers 2003, 2008 and 2012, Windows Server 2008 R2 and...

Speaking to IT Security Guru, Centrify CEO Tom Kemp said that in February of this year, it was able to spot and report a targeted attack within two hours of it arriving. Kemp said that at 9.30am, an email was sent to a member of the accounting team claiming to be from the CFO Timothy Steinkopf which was from the domain “Centrilfy”. The instruction was to send funds amounting to $357,000, which the accountant was...

Businesses in the United States are better off when it comes to cyber security budgets, as breach notifications are forcing the management hand. Speaking to IT Security Guru, Lance Spitzner, certified instructor at the SANS Institute, said that there has been a big change from ten years ago as, in the US, if an organisation gets hacked and records are compromised, they have to go public. “They don't want to, but have to and in...

Hacktivists Anonymous took control of two Twitter accounts and four websites associated to white supremacist group the Ku Klux Klan (KKK) last night. Linked to the situation in Ferguson, Missouri, where the KKK threatened "lethal force" on anyone protesting in the town where a teenager was shot by a police officer in August, leading to the tense situation in the town. The two groups traded taunts online following the KKK's announcement that it would step...

A new targeted attack is using this weekend’s G20 summit as a lure.   Spotted by ESET, it found that Tibetan non-Governmental Organisations (NGOs) are being targeted specifically, with malware that uses the Gh0stRAT remote access Trojan. In this case, a spotted sample had a very low number of detections, but both hits were in China.   “After a quick dynamic analysis, we saw that the magic word used in network communications by this sample is...

HSBC has admitted that it has suffered an attack that compromised customer card data, but is only limited to Turkey. In a statement, HSBC said that it identified the attack in the past week through its internal controls, and compromised information consisted of card and linked account numbers, card expiry dates and card holder names of our customers. While HSBC said that there is no evidence that any of our customers’ financial information or personal information...

An investigation by Big Brother Watch has revealed the Scottish health service recorded 634 breaches of data protection legislation in three years. According to Herald Scotland, cases included covert filming of staff, patient case files being left at a bus stop, a patient record being photographed with a mobile phone and a call-out being posted on Facebook. Emma Carr, director of Big Brother Watch, said: "It is clearly unacceptable that health staff in Scotland have thought...