Editor's News

A whole lifecycle of threat intelligence, from planning and collection through to analysis and dissemination, is needed to meet and defeat threats.   According to Dr David Bailey, CTO for Cyber Security at BAE Systems Applied Intelligence, the importance of threat intelligence is apparent for all organisations, especially in the wake of some high profile cyber attacks.   Speaking at an event for the Telco community, Bailey said: “Threat intelligence is a vital component of...

Today’s Queen’s speech at the state opening of Parliament has seen a move to amend the Computer Misuse Act and issue harsher sentences.   Among the 15 bills for revision, the Serious Crime Bill will see an amendment for the Computer Misuse Act 1990 to ensure sentences for attacks on computer systems fully reflect the damage they cause.   Asked if this is a case of the Government taking action too late to try and...

Mobile ransomware which locks down Android devices has been detected.   According to research by ESET, the file encrypting malware has been named Simplocker and scans the SD card for certain file types, encrypts them and demands a ransom in order to decrypt the files. ESET explained that after it is downloaded and launched, it displays a message in Russian and encrypts files in a separate thread in the background.   It instructs the victim...

Small businesses could be left without any help or advice about the GOZeus takedown.   With reports that advice website Get Safe Online has been struggling to stay online under user requests, advice has been issued by the Business Centre Association (BCA) which urged “all computer users to act immediately”.   An email seen by IT Security Guru urged recipients to “take full advantage of this opportunity, both to protect your computer and your files,...

Businesses and users are now facing a two week race to fix their computers after yesterday's disruption of the botnet controlling GOZeuS.   The coordinated takedown saw the UK's National Crime Agency, the FBI, Europol and a number of security companies collaborate to disrupt the botnet which infected users with the banking malware, which also used the CryptoLocker ransomware on victims.   Jason Steer, director of technology strategy at FireEye, called the work “very exciting...

Attackers will move from attacking web applications to attacking security products directly.   Speaking to IT Security Guru, WhiteHat Security CEO and CTO Jeremiah Grossman predicted that attackers will shift to the security products themselves, and asked what more attractive target could there be than exploiting anti-virus? “It has kernel access to the system, and who is to say that anti-virus is any more secure? Just that the bad guys have chosen to ignore them for the...

Action by the National Crime Agency and other nations has disrupted Command & Control networks for the banking Trojan GOZeuS and the CryptoLocker ransomware.   According to the NCA, working with international law enforcement partners including the FBI and Europol, as well as partners from the banking, internet security and ISP sectors, it has given the British public a unique, two-week opportunity to rid and safeguard themselves from the two distinct forms of malware.  ...

Former Ministry of Defence and GCHQ security expert Les Anderson has joined BT as the new vice president of cyber.   With 27 years’ experience working as a technologist and programme manager in the UK’s intelligence, security and defence community, Anderson was instrumental in developing and delivering complex and pioneering IT security capabilities at GCHQ and spent ten years at the MoD where he developed IT security capabilities and managed large scale defence procurements.  ...

Only a third of applications offer SSL encryption, while many network administrators are unaware of what applications on their networks use unpatched versions of OpenSSL.   The report by Palo Alto Networks found that while only a third of applications (539 of 2,076 applications observed) communicated over SSL, 27 per cent of all applications it found within the assessments can use SSL to communicate in the dark, and this was most common in management, file sharing...

Websites would be able to better manage their incident response if they better controlled non-active users.   Speaking to IT Security Guru, Dr Guy Bunker, cyber security analyst at Clearswift, said that the eBay breach showed that it missed how many “active” users there are, as originally it said that there were 230 million people affected, and then it was 145 million active users.   He said: “They could have all had good reputations, but...