News

As we prepare to close the book on 2015, no will argue that it’s not been eventful, particularly for IT practitioners. For a number of years, experts have been talking about how ‘smart’ technology will impact the way we live with the promise of spectacular functionality in the technology we utilise. With that in mind, experts at MWR InfoSecurity have offered the following insights to what 2016 may have in store for us. The devices...

Boards of Directors have an inescapable legal responsibility to protect their organisation’s assets and shareholder value against risks. Where does cybersecurity fit in the agenda? Many boards lack the knowledge, awareness and confidence to connect security to the business. In this webcast, moderator Paul Edon, Director of Customer Services at Tripwire, will provide a variety of perspectives from experienced professionals in the industry — including Amar Singh UK CISO for Elsevier, Ray Stanton EVP Professional...

By Eric Rand, consultant at Brown Hat Security and guest blogger at AlienVault.   Every few days on 'Infosec Twitter', I come across another example of a site that breaks password manager functionality by disabling the ability to paste into the password field. Generally, customer service representatives for those sites will vaguely explain that this is being done for "security reasons" - despite the fact that current best practices recommend the very password managers that this is...

Ultrasound is supposed to be our friend. However, the security world was made aware last week of a technology being used by an outfit named "SilverPush" that is utilizing a new and unusual method for tracking mobile phone users with ultrasound signals. The basic story is that the company is embedding a tracking beacon in advertisement audio using ultrasound frequencies that are outside of the range of human hearing. The microphone on a cell phone...

The use of third parties is unavoidable in today’s global economy. The growing use of third party suppliers and business partners, whilst bringing significant business advantages, also exposes organisations to substantial risk, such as financial loss, reputational damage, regulatory prosecution and fines from major breaches of security. In the last few years we’ve witnessed many of these risks being realised; examples have included major breaches of security and costs to recover escalating into millions of...

Duo Labs recently purchased 14 Dell Laptops as part of a larger research project. What they found made them oddly uncomfortable; 'eDellRoot' on the list of trusted certificates, not expiring til 2039! They've written up a report on their research and conclusions, which can be found here: https://www.duosecurity.com/static/pdf/Dude,_You_Got_Dell_d.pdf The Findings There are two certificates found on Dell machines, including a trusted eDellRoot root certificate In the wild, we identified that one of the systems using these certificates...

The White Hat Ball Committee are delighted to invite you to the eleventh annual White Hat Ball taking place on Friday 29 January 2016 at the Lancaster London Hotel. This well established highlight of the Information Risk and Security Industry calendar promises to be a special night for all. The 2015 Ball was a great success, raising over £144,000 for ChildLine. This year we aim to raise even more so ChildLine can continue to be...

Intel® Security today released its McAfee Labs Threats Predictions Report, which predicts key developments on the cyber threat landscape in 2016, and provides unique insights into the expected nature of that landscape through 2020, as well as the IT security industry’s likely response. Reflecting the informed opinions of 33 of Intel Security’s thought leaders, the report examines current trends in cybercrime and makes predictions about what the future may hold for organisations working to keep...

The Nigerian Government website has been compromised and then used to host a phishing scam, it has emerged today. The Financial reporting Council section of the site contains an embedded phishing scam. The organisation is in charge of accounting standards and overseeing corporate governance - thankfully not in charge of cybersecurity! The fisheries exploited the fact that the site was running an out-of-date version of the Joomla content management system, which allowed them to the...

By Dave Larson, Chief Technical Officer of Corero Network Security The World Wide Web is only 25 years old, but it has overseen countless advances in the way it is written and manipulated. Look at DDoS attacks – once simple volumetric attacks have now become deceptive and capable of carrying out several functions at once. Yet responses to this threat have not enjoyed the same rapid developments. This article examines what ISPs and carriers can...