News

Application security and coding requirements

• December 07, 2011 07 Dec'11

  Secure coding techniques absent from eight in 10 Web applications

  Veracode’s latest State of Software Security Report showed secure coding techniques are absent from most Web applications. Android apps fared badly, too.

• December 05, 2011 05 Dec'11

  Concerned about tablet security issues? Some are, others not so much

  Users love their tablets, but security pros are concerned about tablet security issues. However, though tablets bring new threats, not everyone is ringing the alarm.

• December 02, 2011 02 Dec'11

  Swiss bank balances tablet security issues with performance, cost

  When a Swiss bank needed solve its tablet security issues, it found a way to secure its devices without sacrificing performance by using virtualisation.

• November 17, 2011 17 Nov'11

  Tougher data protection rules will push up cost of email marketing

  The EU will announce tougher rules for collecting information from consumers. Security pros can plan now for the new rules, expected in January 2012.

• November 11, 2011 11 Nov'11

  Car rental firm cruises past IE6 security issues

  IE6 is plagued with security flaws, yet upgrading can stymie some applications. Avis is piloting a product it believes resolves IE6 security issues.

• November 10, 2011 10 Nov'11

  SNW Europe 2011: Cloud location matters to secure cloud data storage

  Storing data in the cloud? Secure cloud data storage means knowing exactly where data is located, duplicated and backed up.

• November 07, 2011 07 Nov'11

  (ISC)2 promotes secure SDLC with 1000th CSSLP

  (ISC)2 wants its CSSLP certification, focusing on secure software development, to help augment enterprises' secure SDLC programs.

• October 20, 2011 20 Oct'11

  Private companies can expect more ICO fines, regulator warns

  A regulator warned private companies who do not adequately protect data will face ICO fines up to £500,000.

• September 02, 2011 02 Sep'11

  Security shakeup needed to stop theft of confidential information

  Infections are expensive and nearly constant, but studies from vendors Symantec and FireEye have found the prescription: A new approach to security.

• August 25, 2011 25 Aug'11

  RBS breach of email security policy exposes staff pay rates

  An email accidentally mailed to 800 RBS employees contained the pay rate details of nearly 3,000 RBS contract staff.

• August 19, 2011 19 Aug'11

  Botnet security alert: Malicious spam surge marks bot reconstruction

  The percentage of spam messages containing a malicious payload has spiked sharply recently, likely due to a resurgence of spam bots.

• August 04, 2011 04 Aug'11

  Missing USB drive, found in pub, contained unencrypted data

  The ICO says two housing groups must improve data security after a contractor’s missing USB drive, containing unencrypted data, was found in a pub.

• July 20, 2011 20 Jul'11

  Hackers target Adobe vulnerabilities, Java vulnerabilities

  A new report notes a significant rise in the number of attacks against Adobe and Java vulnerabilities in the last six months.

• July 20, 2011 20 Jul'11

  Law Firm to use smart technology to connect employees

  Minter Ellison, one of the largest full-service law firms in the Asia Pacific region, has embarked on a significant technology project to improve business video-based collaboration and knowledge sharing across its more than 290 partners and 1,000 ...

• July 11, 2011 11 Jul'11

  With UTM system, Blackpool Council trims network security costs

  Faced with a network ravaged by Conficker and a dwindling budget, the Blackpool Council implemented a UTM system to cut costs and bolster security.

• July 06, 2011 06 Jul'11

  Network security case study: College’s NAC virtual appliance makes grade

  Wellington College’s network security case study explains how a NAC virtualization appliance blocks malware and provides increased capacity on demand.

• June 30, 2011 30 Jun'11

  Infosecurity: Information security vendors lag threat vectors

  Products to secure smartphones and cloud computing are in short supply.

• June 14, 2011 14 Jun'11

  PCI virtualisation: With new guidelines, compliance may be harder

  New guidelines on virtualisation issued by the PCI SSC show PCI compliance is possible within a virtualised environment, but may not be feasible.

• May 25, 2011 25 May'11

  Virtual desktop benefits include tighter security, hot desking

  With the help of hot desking and other virtualisation technologies, the Basildon Borough Council was able to centralise its security administration and reduce its number of desks by more than 30%.

• May 18, 2011 18 May'11

  The security of cloud storage, Dropbox clarifies the language used in Help

  Recently a number of security analysts have queried how cloud storage providers such as Dropbox store data and who has access to that storage.

• May 12, 2011 12 May'11

  searchSecurity.com.au chats with TeamViewer

  In late April searchSecurity.com.au mentioned a number of remote control applications which allow the remote control of Windows environments over the Internet.

• May 04, 2011 04 May'11

  AWS adds Identity Management

  Amazon Web Services has added a new feature to the existing AWS Control Panel, AWS Identity and Access Management (IAM). Almost 9 months in development but offered for no extra cost, AWS Identity and Access Management (IAM) lets you manage users, ...

• April 27, 2011 27 Apr'11

  Sony PlayStation network down, hacked

  The PlayStation Network (PSN) remains down after hackers broke into the network stealing user data from up to 77 million accounts.

• April 27, 2011 27 Apr'11

  McAfee wants you to Like them, provides anti-virus

  Originally kicked off in January 2010 McAfee has extended the AntiVirus Plus Software offer for Facebook users who ‘Like’ McAfee.

• April 20, 2011 20 Apr'11

  Shutting down a botnet, US Government disables Coreflood

  Coreflood, a botnet almost ten years old, has been taken down by the FBI and US Department of Justice by obtaining permission to hijack the command and control servers and send a 'stop' command to infected PCs. Is this overstepping the privacy line?

• April 20, 2011 20 Apr'11

  Considering application white listing

  Application white listing is one of the oldest forms of end point security; vendors are working on improving application control implementations by adding trust models and reducing the management overhead.

• April 19, 2011 19 Apr'11

  Data shows many applications still contain OWASP Top 10 flaws

  A recent study finds application security in a dismal state, with more than 80% of Web apps containing errors on the OWASP Top 10 list.

• April 19, 2011 19 Apr'11

  VoIP security risks will be on display at Infosecurity Europe

  Wick Hill plans to demonstrate CCTV and VoIP security risks that could compromise a network, including three types of attacks.

• February 28, 2011 28 Feb'11

  Old business email policy promotes use of personal Gmail for business

  New findings suggest outdated email restrictions are forcing younger users to adopt unsafe practices that could expose organizations to data loss.

• January 17, 2011 17 Jan'11

  Atlassian advises of eight Confluence vulnerabilities

  Australian software developer Atlassian has announced eight vulnerabilities in its enterprise Wiki product, Confluence, and says a new version of the application corrects them all.

• January 10, 2011 10 Jan'11

  Phishing test highlights BlackBerry, iPhone insecurity

  According to new research, mobile users are three times more likely to fall for phishing scams than traditional desktop users.

• December 01, 2010 01 Dec'10

  VMware fixes ESX 4.1 hypervisor flaw

  A vulnerability in the ESX 4.1 hypervisor could enable a local attacker to gain additional privileges.

• November 30, 2010 30 Nov'10

  Think Money offers lessons in meeting financial compliance regulations

  Think Money Ltd, based in Salford Quays near Manchester, offers a range of financial services including insurance, mortgage advice and debt management. Founded in 1993, the company employs more than 800 employees and has been listed in the Sunday ...

• November 17, 2010 17 Nov'10

  Case study: Remote desktop connection security is virtualisation perk

  Trailfinders Ltd., a travel firm, has found that virtual desktops simplify its security management processes.

• November 11, 2010 11 Nov'10

  Survey: DBAs lack clout to apply database security best practices

  While many database admins are tasked with protecting sensitive data, few of them have the financial or business-support resources to do so, a recent study finds.

• November 04, 2010 04 Nov'10

  Email attachment viruses: Old tricks meet new sophisticated malware

  Recent research reveals that, while email attachment viruses may be using old techniques, the malware they contain is vastly more sophisticated.

• October 15, 2010 15 Oct'10

  Study puts a price on software code security assurance management

  A recent study by Fortify Software Inc. and Mainstay Partners LLC reveals that having secure code is cheaper than having insecure code, and the numbers prove it.

• October 07, 2010 07 Oct'10

  Spamhaus launches antispam whitelist to end spam false positives

  With the coming of IPv6 and the prospect of billions more IPs that could drown any hopes of spam blacklisting, the Spamhaus Project has launched a whitelist campaign for the most trusted organisations.

• September 24, 2010 24 Sep'10

  Study: IT often fails to meet secure software development requirements

  In a recent study conducted by Veracode Inc., more than half of the systems tested failed to meet secure software development standards propagated by bodies such as OWASP and SANS.

• September 23, 2010 23 Sep'10

  How new are Guardium's 'new' database monitoring features?

  Guardium has introduced its updated database activity monitoring tool, Infosphere Guardium 8, but one expert questions whether the product offers anything new.

• August 23, 2010 23 Aug'10

  Prepare for bags of fun at VMworld

  Australian attendees at VMworld have the chance to use the trip to assist underprivileged kids.

• June 25, 2010 25 Jun'10

  Bloxx provides means of filtering personal emails

  A new email filtering appliance claims to be able to separate business email from personal email, quarantining personal messages until after working hours.

• June 03, 2010 03 Jun'10

  HPCL ensures security at database levels for e-tendering application

  Leading refinery HPCL protects sensitive bid information stored in its e-tendering application database with database security solutions.

• May 14, 2010 14 May'10

  Fake CV spam campaign marks return on malicious email attachments

  Websense says the spam blast, featuring 230 million messages, lasted just hours but if opened it could have given attackers free reign over victim machines.

• March 29, 2010 29 Mar'10

  Report: Spam attacks targeting high-profile enterprise roles

  A recent MessageLabs Intelligence Report has revealed an increase in targeted spam attacks, many of which originate in China and Romania.

• March 15, 2010 15 Mar'10

  Open source software security tops commercial apps, study finds

  New study results from Veracode Inc. show that open source software security tops the security offered in commercial applications.

• February 15, 2010 15 Feb'10

  Websense integrated security system aims to simplify security management

  Websense Inc. has announced its new integrated security system, dubbed Triton. The product combines Web content filtering, email security and data leakage prevention into one console.

• February 01, 2010 01 Feb'10

  Thin-client technologies surge thanks to easier security, says Deloitte

  Thin-client technologies are on the rise as a result of the simplified security procedures they provide, according to a Deloitte report. Find out what security aspects are made simpler by thin-client technologies.

• January 25, 2010 25 Jan'10

  Multifunction security device safeguards SOA, streamlines company's infrastructure

  An Edinburgh insurance and pensions company has used an appliance to improve its application security and to streamline its infrastructure. Learn what the application security tool has done to improve the company's overall security posture.

• December 23, 2009 23 Dec'09

  Safend expands data leakage prevention product to plug more gaps

  With the introduction of two new modules to its DLP suite, Safend Inc. says its product can now help identify sensitive data, and also inspect email and instant messages.

• October 26, 2009 26 Oct'09

  Report: Firms avoid encrypting backup tapes, databases

  According to a recent survey, cost and complexity have caused many companies to ignore database and tape encryption.

• October 12, 2009 12 Oct'09

  Prepare to fight Internet fraud surge, says expert

  New phishing scams demonstrate that companies will lose their online business if they do not protect their customers from fraud.

• October 12, 2009 12 Oct'09

  Sourcefire says applications the new security battleground, predicts "awesome attack on Web 2.0

  The Senior Director of Sourcefire’s Vulnerability Research Team says criminals are turning away from exploiting operating system vulnerabilities, and are now targeting ubiquitous productivity applications.

• September 28, 2009 28 Sep'09

  Complacent consumers allow cybercrime, phishing attacks to flourish

  One report says that complacent customers and the credit crunch are largely responsible for the U.K.'s sharp spike in most areas of cybercriminal activity.

• September 15, 2009 15 Sep'09

  Hosted office apps "the worst consumer IT threat" - Gartner

  Hosted productivity applications are more dangerous to the enterprise than smartphones, says Gartner's John Pescatore, who warns that social networks can be used to deduce important information about an organisation.

• September 13, 2009 13 Sep'09

  Recent breaches show data theft prevention basics lacking

  Two recent cases of data theft once again demonstrate the importance of basic security measures, including encryption and employee-awareness training.

• September 03, 2009 03 Sep'09

  The challenge of the patch management process

  Patch management is no longer a little administrative chore that you fit in around more important work; it has become one of the most pressing and difficult challenges facing security professionals, thanks to an increasing number of enterprise ...

• August 21, 2009 21 Aug'09

  NCC raises doubts about thin client security

  According to new research, there are a surprising number of weaknesses in thin clients that could lead to 'mass denial of service' attacks.

• August 19, 2009 19 Aug'09

  User security in the office of the future

  The days of the permanent office cubicle are almost over: users are exploding outwards into the world and taking their data with them. But how do you secure user access in a distributed world, one in which foreign governments are said to be hacking ...

• July 22, 2009 22 Jul'09

  Office 2010 security : More of the same

  Microsoft has detailed its security plans for Office 2010, but some of the plans it mentions seem to represent a revamp of existing security features rather than new initiatives.

• July 10, 2009 10 Jul'09

  Infosec pros wake up to Excel spreadsheet security risks

  CISOs are beginning to turn their attention to an often ignored data security threat: the poorly managed Excel spreadsheet.

• July 08, 2009 08 Jul'09

  Wake up to virtualisation security risks, experts say

  According to many experts, organizations that are rushing to cut costs with server virtualisation are not using basic protections like two-factor authentication.

• July 03, 2009 03 Jul'09

  Sourcefire to ignite new offerings for virtualisation security

  The firm behind the popular Snort IDS will foray into virtualisation security later this year in its Sourcefire 3D system with traffic inspection between virtual machines.

• June 03, 2009 03 Jun'09

  3ami allows employers to track use of USB storage devices

  The latest product from Manchester-based 3ami Ltd. allows employers to control access to USB storage devices, while keeping a complete audit trail of user's keystrokes.

• May 21, 2009 21 May'09

  Simple information security mistakes can cause data loss, says expert

  It doesn't take the latest technology to stop a data breach. Many times, your threat profile can be reduced by following these often neglected basic security practices.

• May 14, 2009 14 May'09

  NHS imposes USB stick security

  In response to embarrassing losses of USB memory devices, the National Health Service has mandated an encryption tool that will also withstand the rigours of medical work.

• May 12, 2009 12 May'09

  IAS 6 aims to lock down data from government departments, suppliers

  Government departments are under pressure to prove by mid-June that they -- and their suppliers -- have the right processes in place to manage personal and sensitive data.

• May 08, 2009 08 May'09

  Secure hard drive data destruction – sledgehammer to crack a nut?

  A number of experts explain how to ensure all confidential data is removed from redundant machines.

• May 06, 2009 06 May'09

  How to apply government data classification standards to your company

  Michael Cobb explains how the Security Policy Framework (SPF), which contains security guidance for HM Government Departments, can be a useful data classification guide for other enterprises.

• March 22, 2009 22 Mar'09

  Experts urge use of Conficker removal tools before April

  Organisations need to act fast to avoid more damage from the Conficker worm.

• March 11, 2009 11 Mar'09

  How to take the risk out of spreadsheets

  Spreadsheets carry unusual security risks when the data they contain is false, too broad or too easily accessed. Here's how to reduce the risks!

• March 04, 2009 04 Mar'09

  U.K. government data handling practices stir privacy fears

  Researcher Tom Ilube says that a failure to implement controls has put the accuracy and integrity of U.K. government databases into question.

• February 16, 2009 16 Feb'09

  System management appliance improves school's software deployment

  A network manager looking to refresh 200 desktop computers sought out a product that combined patch management, asset management and software deployment in one box.

• February 12, 2009 12 Feb'09

  FAST Compliance Manager tool helps control software licensing

  The FAST Compliance Manager has been launched to help organisations stop paying for software they don't use, and to stop using software they haven't paid for.

• February 06, 2009 06 Feb'09

  Data breach costs: £60 per record, says Ponemon

  As the costs of a data breach increase, consumers have begun to shy away from insecure companies.

• February 05, 2009 05 Feb'09

  Government offers £6m to fund complex network security infrastructure

  A new government-sponsored competition seeks solutions to potentially catastrophic system failures.

• February 04, 2009 04 Feb'09

  NHS trust updates email, laptop security to aid patient confidentiality

  To better protect patient information, one Lancashire NST trust has stepped up its email encryption and mobile data defenses.

• January 08, 2009 08 Jan'09

  Hacker gadgets, tools make data leakage prevention more difficult

  Bob Lewis helped to convict some of the world's most serious cybercriminals, but he admits new gadgets and technologies are making it too easy for anyone to steal information.

• December 31, 2008 31 Dec'08

  Cybercrime reports: Security not broken, but breaking at the seams

  Despite the growing threat of botnets and advanced malware, the biggest dangers are still coming from within the organisation.

• December 01, 2008 01 Dec'08

  Local council finds better way to track lost laptops

  Bracknell Forest Borough Council has adopted a new service to monitor user activities and wipe systems if they are lost or stolen.

• December 01, 2008 01 Dec'08

  Stopping spam brings additional security benefits for cable company

  Earlier this year, the IT staff at Hellerman Tyton Ltd was struggling with its antispam system. See which appliance helped the cable company reduce its unwanted messages.

• November 20, 2008 20 Nov'08

  SharePoint services: Will the rise of SharePoint sites lead to increased data loss?

  According to a new survey, SharePoint sites can proliferate out of control and expose confidential information to the wrong people.

• November 14, 2008 14 Nov'08

  Finjan offers free audits for crimeware sufferers

  Security company Finjan Inc. says your Web security defences are probably not up to scratch and is prepared to prove it -- for free.

• November 13, 2008 13 Nov'08

  Marshal and 8e6 combine to control Web and mail communications

  UK-based security firm Marshal Ltd has joined forces with 8e6 Technologies to unite their Web filtering, email security and instant messaging offerings.

• November 06, 2008 06 Nov'08

  Scottish NHS trust ensures no repeat of USB data loss

  After an embarrassing breach that occurred last July, NHS Lothian has implemented encrypted USB pen drives that must be used to carry personal data.

• October 29, 2008 29 Oct'08

  Finance sector poor at achieving outsourcing success

  As if the banks didn't have enough to contend with at the moment, they now stand accused of being the least effective when it comes to outsourcing IT projects.

• October 16, 2008 16 Oct'08

  The 'military digital complex'

  This week's edition of our Risky Business security podcast looks at the military's role in fostering securty technology.

• October 08, 2008 08 Oct'08

  Mobile technology may limit harm of laptop data loss

  New products are being introduced that protect stolen laptop data and possibly even catch thieves in the act.

• September 24, 2008 24 Sep'08

  (ISC)2 targets software developers with secure accreditation

  The International Information Systems Security Certification Consortium will launch a certification program that aims to make security a higher priority among software developers.

• September 11, 2008 11 Sep'08

  Secerno puts database security under ArcSight umbrella

  Database security specialist Secerno Ltd. says its recent deal with ArcSight Inc. will improve how companies monitor sensitive data.

• September 10, 2008 10 Sep'08

  PGP and IBM kickstart Bletchley Park rescue

  Although more funds are needed to restore the site of Britain's World War II code-breaking operation, Bletchley Park received a welcome donation from PGP Corp. and IBM.

• September 05, 2008 05 Sep'08

  Outbound email monitoring, filtering to prevent data leakage, breaches

  Using a variety of email security management products and content filtering, companies have recently begun monitoring outbound messages in effort to reduce breaches, data loss and leakage.

• August 20, 2008 20 Aug'08

  Malicious spam soars to new level

  According to a new survey, almost 30 percent of all spam now comes loaded with some kind of link to malware, marking a dramatic increase in the last few months.

• August 12, 2008 12 Aug'08

  NHS trust fires manager for losing laptop

  The Colchester Hospital University NHS Foundation Trust in Essex has fired one of its senior managers who lost a laptop containing patient information.

• August 08, 2008 08 Aug'08

  Sophos adds browser and virtualisation blocking features

  With Sophos' new endpoint security technology, it's now possible to block unwanted Internet browsers and virtualisation platforms to control user access. Application signatures and benefits of limiting users to Internet Explorer are also touched on.

• July 30, 2008 30 Jul'08

  Virtualisation success requires security preparation

  A database vendor that is building virtualisation into its product line says consolidating IT assets can pay dividends, but securing virtualised environments is a complicated new challenge.

• June 24, 2008 24 Jun'08

  How can app developers solve a problem like insecure code?

  The Cyber Security Knowledge Transfer Network urges greater security awareness among application developers, and it has some bold ideas for achieving it.

• June 20, 2008 20 Jun'08

  Stockbroking firm fined for weak data security

  Merchant Securities Group Ltd is the latest firm to be fined for failing to protect its customer data.

• May 19, 2008 19 May'08

  Coders need to forget 'groovy' features, remember security

  Cyber Security Knowledge Transfer Network (KTN) to help develop best practices for secure coding standard.

• May 16, 2008 16 May'08

  Brits lose their fear of encryption – slowly

  A survey of nearly 650 UK-based IT and business managers, analysts and executives, found that the use of encryption to comply with regulations had gone up from 17% in 2007 to 58%.