Editor's News

Target has announced that it is to hire a new CISO following the major breach and loss of the CIO and CEO.   According to Security Week, the company announced that it has hired Brad Maiorino as senior vice president and CISO. Maiorino will join the retailer on June 16th and will be responsible for the company's information security and technology risk strategy and report to CIO Bob DeRodes who was hired by the company in April....

Microsoft released seven bulletins last night, patching two critical flaws and addressing 66 Common Vulnerabilities and Exposures for Windows, Internet Explorer and Office.   Wolfgang Kandek, CTO of Qualys, said that this brings the half-year total to 36, ten behind last year’s pace which was 46. “We have become accustomed to see around 100 security bulletins for Microsoft products a year, but it looks as if we are in for fewer this year,” he said....

More than 50 cloud service providers (CSPs) have joined the CloudTrust Program to be rated as “enterprise-ready” by SkyHigh Networks.   Delivered by the the cloud visibility and enablement company, the Skyhigh CloudTrust Program evaluates thousands of cloud services and grants the Skyhigh Enterprise-Ready seal to only those CSPs that fully satisfy the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection.   A free and objective program available...

The Government has launched the CBEST framework for sharing detailed threat intelligence and delivering cyber security tests and benchmarking for UK financial services providers.   Developed with the Bank of England (BoE), Her Majesty’s Treasury and the Financial Conduct Authority, as well as CREST, this is the first of initiative of its type to be led by any of the world’s central banks.   This news follows the launch of the Cyber Essentials scheme last...

Neiman Marcus, who suffered a breach of data that may have affected around 1.1 million credit cards, are on the lookout for its first chief information security officer (CISO).   According to the Wall Street Journal, the job was posted in late May to the Neiman Marcus careers website. Job responsibilities include creating security and risk management programs, giving security guidance for all IT projects and bulking up the company’s disaster recovery policies.   However a...

The eye is often so firmly on advanced and targeted threats, that basic malware is missed and therefore often succeeds.   Manoj Apte, SVP at Zscaler, told IT Security Guru that companies may say that they have every kind of security feature available, but ifae security operations centre (SOC) team is doing things that they shouldn’t be bothered about and are inundated with other things, then the business will consequently suffer.   “They say: we...

Matthew S. Loeb has been named as the new CEO of ISACA, replacing acting CEO Ron Hale.   He will assume his role on the 1st September having led the Institute of Electrical and Electronics Engineers (IEEE) as executive director most recently.   He said: “As enterprises continue to invest in information systems to build personal relationships with their customers and gain business efficiencies, challenges of compliance, risk, big data, privacy and cyber security are...

Around two months after the OpenSSL flaw “Heartbleed” shook the internet’s privacy foundations, new vulnerabilities have been discovered in the protocol.   According to an advisory, an attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server.   While still serious, the...

Microsoft will release seven patches next week to cover updates for Word, Office and Internet Explorer.   Included is a critical update for Internet Explorer addresses , which has not been used in any active attacks according to Microsoft, while the other critical patch addresses a remote code execution issue in Windows, Office and Lync.   The other five patches are rated as critical; one is for a remote code execution vulnerability, two for information disclosure...

Today sees the UK Government launch a scheme to help businesses become more secure.   Developed by Government and industry to provide a clear statement of the basic controls all organisations should implement to mitigate the risk from common internet based threats, and to offers a mechanism for organisations to demonstrate to customers, investors, insurers and others that they have taken these essential precautions, the Cyber Essentials scheme offers ten steps to security.   According...