Editor's News

Raytheon is to acquire 80 per cent of Websense from its parent Vista Equity Partners to form a new company combining Websense TRITON with Raytheon's advanced cyber security technologies. With an initial investment of $1.57 billion in net cash for majority ownership of the new company, which Vista will also invest into too, the new company will provide broad set of defense-grade solutions. Following successful completion of the transaction, the new company will be a...

Better voluntary coordinated collaboration will be achieved if “smart people can coordinate their actions”. Speaking at BSides San Francisco, Allan Friedman said that as individuals cannot make decisions and expect a free hand to fix it and role of Government is to understand market failures, paricularly in this space, there are a lot of questions at to where the market and Government are. “There are decisions people fail to make,” he said. He said that...

Northrop Grumman and the Cyber Security Challenge UK will today hold the National Finals Competition of CyberCenturion, UK’s first national cyber security competition for 12-18-year-olds.   With eight teams of teenagers descending upon the National Museum of Computing at Bletchley Park, their task will be to protect sensitive customer data and valuable intellectual property for a fictitious video games company under attack by rival businesses trying to steal valuable industry information.   Candidates got to...

Open source projects would benefit from a funding system that would secure funds for future development.   Chris Wysopal, CTO of Veracode, said that the model which Wikipedia uses to ask for cash donations could work for open source projects to ensure that a developer could be paid to fix future escalating flaws.   He said: “I wonder if when you downloaded OpenSSL, it said ‘donate $1 to make sure that there is a security...

Two weeks remain for wannabe hackers to enter this year’s exclusive HackFu event and learn new skills.   Described as “a massive test of endurance as well as skill”, this year’s event is the eight organised by MWR Infosecurity and it aims to test and improve existing cyber security and team work skills through a series of tasks and challenges. The challenges that the teams will face include, but are not limited to: network infrastructure, web...

Two-thirds of (ISC)² members have said that they have too few information security professionals, despite budgets allowing for more personnel.   According to its bi-annual Global Information Security Workforce Study (GISWS), spending on security is increasing across the board for technology, personnel and training, however complexity due to threats evolving faster than vendors can advance their products led two-thirds of respondents to suggest that a new phenomenon known as “technology sprawl” is undermining effectiveness.  ...

HSBC has confirmed that a recent data breach only relates to mortgage customers HSBC Finance Corp in the USA.   In a notification, HSBC said that the notice was sent by HSBC Finance Corporation on behalf of its subsidiaries regarding a breach that it learned about on March 27th.   “At that time, we became aware of an incident where certain personal information about customer mortgage accounts was inadvertently made accessible via the internet which...

SANS Institute has launched the SANS Cyber Academy, which will condense two years of training and experience into eight weeks.   Created in response to pressing demand from business and Government for a way to quickly equip recent graduates with the specific skills needed to deal with today’s cyber threat, those who complete the course will be equipped with the skills to walk straight into a cyber security role and offer considerable and immediate impact....

Microsoft released 11 security bulletins last night, patching four critical vulnerabilities in Windows, Office and Internet Explorer.   As well as disabling SSL 3.0 in Internet Explorer 11, the four critical patches all fixed remote code execution flaws. The remaining seven patches fixed vulnerabilities rated as “important”.   Russ Ernst, director of product management at HEAT Software, said that patching will want to begin with MS15-033 that addresses five CVEs in Microsoft Office, including a...

The Internet Bug Bounty project has been expanded to include a bounty for tools and techniques that aid in vulnerability discovery and determining exploitability. According to research by HackerOne, MIT and Harvard, creating incentives for tools and techniques that support vulnerability discovery is a more efficient way for defenders to drain the offense stockpile of zero-day vulnerabilities, and bug bounties are still effective to help find vulnerabilities faster, especially for less mature software. Katie Moussouris,...