Compliance with requirements and regulations is an ongoing challenge for businesses. In the cyber security space, the threat environment is constantly changing, and organizations have to meet some 500-600 different regulations and laws, as Internet of Things (IoT) devices proliferate and new, massive Distributed Denial of Service (DDoS) attacks are seen on a near-daily basis. As technology continues to evolve with such innovations as cloud computing and Big Data, security professionals are on a never-ending quest to stay up to speed on security controls and best practices.

It’s no secret that cyber security issues have increased in prominence and seriousness over the past several years. Starting with the infamous Target data breach, organizations are becoming more and more aware of potential risks they face as well as becoming more quick to adapt to changing risks, regulations, laws and situations. As we’ve seen regulatory changes happen almost overnight, it has become essential for organizations to have a reliable process for ensuring their compliance management is up to speed, as well as a system of checks and balances to prove it. For companies, especially those operating in highly regulated industries such as finance and healthcare, the challenge to stay up to date is even more paramount.

Continue reading →

Security has never been a more pressing issue for businesses than it is now. Mobile working, the proliferation of increasingly sophisticated, connected devices, and the growing number of applications relied upon by the modern enterprise all represent potential risks that weren’t apparent in generations past.

There is a growing fear about the level of damage that cyberattacks could bring, so much so that the United Kingdom has launched a £1.9bn National Cyber Security Strategy to prevent such attacks.

Continue reading →

The Congressional Encryption Working Group (EWG) was set up in the wake of the Apple vs FBI case in which the FBI wanted to gain access to the encrypted contents of a shooter's iPhone. The group has just published its end-of-year report summarizing months of meetings, analysis and debate.

The report makes four key observations, starting off with: "Any measure that weakens encryption works against the national interest". This is certainly not a new argument against encryption backdoors for the likes of the FBI, but it is an important one. EWG goes on to urge congress not to do anything to weaken encryption.

Continue reading →

Hackers are having a moment. As high-profile breaches have become the norm over the last few years, more and more enterprise organizations have turned to bug bounty programs. As a result, the idea of hacking for good has finally begun to resonate with the general public. This rise in popularity has inspired many, from aspiring hackers to seasoned security professionals, to join the hunt and seek out bug bounty programs to "hack on".

As an information security professional by trade and a hacker by heart, I’ve had years of experience hacking for good. From my days as a penetration tester and security leadership roles at HP Fortify, Redspin and Citrix to hacking on bug bounty programs of all sizes, I have spent my life hacking for good -- much of this experience has been hacking on bug bounty programs.

Continue reading →

The web-enabled generation has become increasingly reliant on technology for everyday activities. Cloud services, social networks, web extensions, plug-ins and online games, are all growing in popularity and as such, are replacing desktop applications. This heightened use of mobile web-browsers has opened the back door to cybercriminals, who now have new channels to implement browser-based attacks, spread malware and maximize infection campaigns.

Traditional "man in the browser attacks" (MITB) have been given a new lease of life as a result of the latest types of malware, distribution models and special features. Cybercriminals are becoming ever more sophisticated, injecting JavaScript code into web pages to steal user credentials or hijack data, such as those used for online banking.

Continue reading →

According to the Crime Survey for England and Wales published this October by the UK's Office for National Statistics (ONS), the official crime rate all but doubled in the year ending June 2016 after the inclusion of online crime figures for the very first time. In fact, card fraud was cited as the most common crime in the UK. John Flatley, head of crime statistics and analysis at the ONS, stated that members of the public are now 20 times more likely to be a victim of fraud than of robbery.

The Numbers Are Soaring!

Continue reading →

On a day that we expect to see the repeal of North Carolina's controversial passage of House Bill 2, which cost the state millions of dollars in lost revenue thanks to performers cancelling concerts, businesses moving out and the NBA changing the venue for its All-Star game, we have one more state looking for a problem where one doesn't exist.

A representative in the state of South Carolina wishes to place a porn block on all new computers sold within its boundaries.

Continue reading →

When Apple announced that Mario was making his way to iOS, there was much rejoicing. But the excitement soon gave way to disappointment for several reasons. Firstly there was the price, with many feeling $9.99 was just too much to ask for what is, ultimately, a very basic, one button platformer.

Next there's the complaint that Super Mario run requires constant access to the internet -- many users have also grumbled that the game has eaten through large chunks of their monthly data allowance. Nintendo may have made a pretty penny from sales of the title in the first few days, but the company's share price has tumbled. On top of this, just as it happened with Pokémon Go, the initial success of the game is being used to push malware at users.

Continue reading →

Christmas is a time of goodwill and it seems that the people behind the CryptXXX ransomware aren't immune as they're offering a seasonal discount for victims who intend to pay up.

Researchers at data security company Forcepoint have discovered that where previously, victims infected with CryptXXX, also known as UltraCrypter were asked for a payment of 1.2 Bitcoin, in keeping with the season of goodwill, the cyber criminals are now offering decryption at a Christmas discount.

Continue reading →

With the end of the year approaching, many people are looking back over 2016 and picking out the highlights. Others, however, are looking back to see what can be learned for 2017; this is exactly what digital rights group Electronic Frontier Foundation is doing.

EFF has drawn up a wishlist for 2017, outlining some of the things it hopes technology companies like Google, Twitter, Apple and Facebook will take action on. There are lots of familiar names on the list, and while some of the requests might seem a little hopeful, there is certainly scope for some of the changes to be implemented.

Continue reading →

We found out last week that one billion Yahoo accounts were hacked in 2013, only a couple months after we learned about a separate hack, that took place in 2014, which compromised an additional 500 million accounts. Combine that with the 360 million compromised MySpace passwords, 117 million from LinkedIn, 65 million from Tumblr, and 32 million from Twitter, and you can almost guarantee that you or someone you know was affected by the mega-breaches announced in recent months.

Being as most people use the same password over and over, these breaches give hackers access to multiple accounts. In a proactive security screen this fall, Netflix found a number of users whose Netflix passwords were compromised as part of another company’s breach. These instances do not simply let attackers tweet on your behalf; they can affect all of your accounts. How many people use the same password for LinkedIn or Yahoo as they do for their corporate email? An unsettling number.

Continue reading →

Less than a third (31 percent) of consumers in the UK perform firmware updates on their devices as soon as they become available, a new report by Ubuntu Core, a Canonical company working on connected devices, says. Four in ten (40 percent) have never updated the firmware on their devices, ever.

This leaves them extremely vulnerable to attacks, as firmware updates are also designed to patch security holes. What’s also interesting is that a significant number of consumers don’t even think it’s their responsibility to keep their devices up-to-date and protected.

Continue reading →

HP has just announced a new security solution, called the Sure Start Gen3, and a new laptop series, the EliteBook 800 G4 series. These new notebooks will be shipped with the security solution, which is why HP is calling them the "world's most secure and manageable PC".

The solution handles the computer's BIOS, and makes sure no tampering can occur on that microlevel, whatsoever. "HP Sure Start Gen3 will help prevent such attacks by automatically detecting tampering attempts with the BIOS (both in pre-boot and run-time), notifying the user of a problem and restoring the BIOS to its original pristine condition from a copy stored on a dedicated computer chip. In that sense, it’s self-healing", Hp promises. HP also says this solution works great with Windows 10, as it also protects the data governing BIOS configuration and policy.

Continue reading →

The past year has been a pretty turbulent one for IT security with high profile data breaches, Apple and the FBI wrangling over encryption, persistent threats from ransomware and more.

So as industry experts begin to roll out their predictions for 2017, what can we look forward to, or what do we need to beware of, in the security field?

Continue reading →

The Freedom of the Press Foundation has published the results of research into the security of top news websites. Topping the list is the Intercept which managed to earn itself an A+ rating, while the Guardian was a close second with A-.

Both sites scored highly for their support for HTTPS, and the fact that they defaulted to a secure connection to keep visitors safe. Both also feature HSTS, but the Intercept was awarded extra points for using HSTS pre-loading. While the top of the chart makes for thought-provoking reading, it's also interesting to look further down the rankings where there are some surprisingly big names.

Continue reading →