• #RSAC: Infosecurity ‘Solutions’ Are Becoming the Problem

    #RSAC: Infosecurity ‘Solutions’ Are Becoming the Problem
  • #RSAC: Panel Discussion on the Role of Machine Learning & AI in Cyber

    #RSAC: Panel Discussion on the Role of Machine Learning & AI in CyberA panel of industry experts gathered at RSA 2018 in San Francisco to explore the role that machine learning and artificial intelligence is playing in the current cyber landscape.Moderator: Ira Winkler, president, Secure MentemPanel:
    Oliver Friedrichs, founder and CEO, Phantom
    Dustin Hillard, CTO, Versive
    Dr Ramesh Sepehrrad, VP of technology and business resiliency risk, Freddie MacAfter opening the discussion by askin
  • Still No. 1: Survey Says Cybersecurity Remains Top Concern for Risk Managers

    Still No. 1: Survey Says Cybersecurity Remains Top Concern for Risk ManagersFor three years running, cybersecurity has remained the top threat to businesses across multiple categories, including infrastructure, geopolitical and emerging risks. That’s according to the 11th Annual Survey of Emerging Risks, conducted by the Casualty Actuarial Society, Canadian Institute of Actuaries, and the Society of Actuaries' Joint Risk Management Section.More than 200 risk managers, primarily b
  • #RSAC: Reschma Saujani: We Can End Cyber Gender Imparity in a Decade

    #RSAC: Reschma Saujani: We Can End Cyber Gender Imparity in a DecadeSpeaking at RSA 2018 in San Francisco Reshma Saujani, founder of Girls Who Code, said that she believes “the solution to the current tech talent deficit is women,” and that the industry has the potential to solve gender imparity in cyber within the next 10 years.However, that will not be achieved without challenges, and there are changes that need to be made in our culture and policies to do so.Saujani explained that
  • Advertisement

  • More Than 1.5 Billion Facebook Users Moved Beyond the Long Arm of GDPR

    More Than 1.5 Billion Facebook Users Moved Beyond the Long Arm of GDPRMore than 1.5 billion Facebook users will be beyond the long arm of the General Data Protection Regulations (GDPR), allowing Facebook to evade the soon-to-be-enforced data protection rules.Though the current terms of service for Facebook’s more than 2 billion users are governed under Irish law, Reuters reports that more than 70% of those users will soon be on a site that is instead under the authority of the data collect
  • New iOS Vulnerability Lets Attackers Hack iPhone, iPad

    New iOS Vulnerability Lets Attackers Hack iPhone, iPadSyncing iTunes across devices via Wi-Fi is popular and convenient, but newly discovered attack scenarios could put iOS devices at risk. Symantec researchers discovered a flaw that if exploited would allow attackers to compromise devices.Named “Trustjacking,” the flaw exploits the trust of victims. The attackers leverage the trust that users have in the security of their own devices in order to take control of the de
  • #RSAC: Culture of Online Humiliation & Bullying Has to Stop, Says Monica Lewinsky

    #RSAC: Culture of Online Humiliation & Bullying Has to Stop, Says Monica Lewinsky“A breach in data protection goes hand in hand with an invasion of privacy.”These were the words of social activist, writer and public speaker Monica Lewinsky, who spoke at RSA 2018 in San Francisco, reflecting on her own experiences of online public shaming and assessed the current online culture of humiliation.Lewinsky harked back to 1998, and said that “we had no way of knowing then where th
  • Oracle CPU Fixes 254 Flaws this Quarter

    Oracle CPU Fixes 254 Flaws this QuarterOracle has released its latest quarterly security update which this time fixes a significant 254 vulnerabilities, the most since July 2017.The April 2018 Critical Patch Update (CPU) will keep system administrators busy with 153 vulnerabilities in business-critical applications alone.Oracle Fusion Middleware is the most affected family with 39 vulnerabilities, followed by Financial Services Applications (36) and MySQL (33).According to analyst ERPScan, 30 of
  • Advertisement

  • Security Pros Claim Biggest DDoS Threat is to Customer Trust

    Security Pros Claim Biggest DDoS Threat is to Customer TrustDDoS attacks cost businesses $50,000 per attack but lost revenue is not the most damaging impact, according to new research from Corero Network Security.The vendor polled over 320 cybersecurity professionals from a variety of sectors including financial services, cloud, government, and online gaming.The vast majority said a single attack could lead to $50,000 worth of lost business, plus the cost of mitigating the attack itself and lost
  • Security Pros Claim Biggest DDoS Threat is Customer Trust Loss

    Security Pros Claim Biggest DDoS Threat is Customer Trust LossDDoS attacks cost businesses $50,000 per attack but lost revenue is not the most damaging impact, according to new research from Corero Network Security.The vendor polled over 320 cybersecurity professionals from a variety of sectors including financial services, cloud, government, and online gaming.The vast majority said a single attack could lead to $50,000 worth of lost business, plus the cost of mitigating the attack itself and lo
  • UK Commits £15m to Commonwealth Cyber-Initiative

    UK Commits £15m to Commonwealth Cyber-InitiativeThe UK has agreed to spend up to £15m to boost cybersecurity in Commonwealth nations, as part of a wide-ranging inter-governmental commitment to fighting online threats.The 53-state Commonwealth is seen by many as a throwback to the days of the British Empire, but nonetheless represents almost a third of the world’s population.As such, the “Commonwealth Cyber Declaration” leaders were expected to sign at a Heads of Gov
  • #RSAC: The Five Most Dangerous New Attacks According to SANS

    #RSAC: The Five Most Dangerous New Attacks According to SANS At the RSA Conference in San Francisco on April 18 2018, three leading instructors and contributors from the SANS institute shared what they believe to be the five most dangerous new attack techniques in cybersecurity.Repositories and Cloud Storage Data LeakageEd Skoudis named repositories and cloud storage data leakage as one of the techniques. “Software today is built in a very different way than it was 10 or even 5 years ago,
  • Advertisement

  • #RSAC: Defenders Need to Work Together for Better Protection

    #RSAC: Defenders Need to Work Together for Better ProtectionAt RSA 2018 in San Francisco Johnnie Konstantas, senior director, Enterprise Cybersecurity Group, Microsoft, Rob Lefferts, director, Microsoft and Sam George, director, Azure IoT, discussed the latest trends in the threat landscape and explored how defenders can reach outside their organizations to leverage pooled resources for better protection.Konstantas said that easy marks are still under attack from adversaries, who continue to be
  • #RSAC: The Impact of Industrial IoT Exploits

    #RSAC: The Impact of Industrial IoT ExploitsSpeaking at RSA 2018 in San Francisco Ed Cabrera, chief cybersecurity officer at Trend Micro, examined the attack surface of smart factories and industrial robots.Cabrera explained that for smart factories increased automation, increased connectivity and increased complexity, combined with the increased attack sophistication of adversaries, comes increased risk.To outline the real-life threats that smart factories face as a result, he considered t
  • 48 Million Detailed Psychometric Records on Individuals Leaked

    48 Million Detailed Psychometric Records on Individuals Leaked About 48 million records of detailed personal information on tens of millions of individuals have been leaked, containing Cambridge Analytica–style information gathered and scraped from multiple sources.The culprit, as is the case all too often, is a misconfigured cloud storage repository, in this case belonging to a company called LocalBlox. LocalBlox bills itself as a personal and business data search service, but it’s
  • 70% of Energy IT Pros Fear 'Catastrophic Failure' from Cyber-Attacks

    70% of Energy IT Pros Fear 'Catastrophic Failure' from Cyber-AttacksAbout 70% of respondents in a recent survey are concerned that a successful cyber-attack could cause a catastrophic failure, such as an explosion.According to a Tripwire survey, in which respondents included 151 IT and operational technology (OT) security professionals at energy and oil and gas companies, almost all (97%) are concerned that attacks could cause operational shutdowns, and 96% believe they could impact the safety o
  • IT Managers Lack Visibility into Almost Half of Network Traffic

    IT Managers Lack Visibility into Almost Half of Network TrafficIT managers lack visibility to about 45% of their organization’s network traffic, creating significant security challenges. In fact, nearly a quarter of them are blind to as much as 70% of their network traffic.Sophos’s global survey, The Dirty Secrets of Network Firewalls, polled more than 2,700 IT decision-makers from midsized businesses in 10 countries, including the US, Canada, Mexico, France, Germany, UK, Austra
  • The future of technology in warfare: From drone swarms to VR torture

    Geopolitical developments have raised fears of another world war. Technological advances mean it should at least be over quickly.
  • UK ID Fraud Hits an All-Time High

    UK ID Fraud Hits an All-Time HighUK identity fraud hit an all-time high last year, driven heavily by online attacks, according to the latest stats from Cifas.The fraud prevention service’s annual Fraudscape report compiles data from 306 participating organizations, so can be seen more as a snapshot of trends than a comprehensive tally of incidents.It claimed identity fraud stood at 174,523 cases in 2017, up 1% on previous years and driven mainly by online trends."It remains a predominantly
  • MPs Demand Faster NHS Response on Cyber, One Year After WannaCry

    MPs Demand Faster NHS Response on Cyber, One Year After WannaCryMPs have slammed the NHS for failing to agree on its plans to help prevent another WannaCry, nearly a year after the ransomware attack caused widespread disruption.The Public Accounts Committee (PAC) has set a June deadline for an update from the health service on estimated costs for the vital cybersecurity investment needed to protect its systems going forward.A National Audit Office report from October revealed that an estimated 1
  • TaskRabbit Takes Site Offline After Security Incident

    TaskRabbit Takes Site Offline After Security IncidentOdd-job marketplace TaskRabbit has taken its website offline and urged users to change any online passwords reused on the platform after a suspected breach.The IKEA-owned firm posted a brief statement on the holding page, claiming it is investigating a “cybersecurity incident.”“Our entire team is working around the clock with an outside cybersecurity firm and law enforcement to determine the specifics. The app and the website
  • Military grade firearms increasingly available to terrorists in Europe - report

    Reactivated and smuggled guns are being used as barriers to obtaining firearms in Europe break down, report warnsAn “arms race” between criminal groups in Europe risks making it easier for terrorists to obtain high-powered, military grade firearms, a report has warned.The survey says long-standing barriers to obtaining firearms have broken down in recent years owing to the emergence of the internet, cross-border smuggling of military-grade assault rifles into the EU, the conversion o
  • #RSAC: It’s Time to Kill the Pen Test

    #RSAC: It’s Time to Kill the Pen TestAt RSA 2018 in San Francisco today Adrian Sanabria, director of research at Savage Security, presented a session on why he believes it’s time to kill the pen test.Sanabria explained that whilst the concept of pen testing does and will continue to have value, there are problems in the design and execution of many current pen test methods that result in them failing to be effective.Sanabria said that pen testing made a lot of sense in the 90s, as ba
  • #RSAC: Diversity Essential in Building Cybersecurity Talent Pipeline

    #RSAC: Diversity Essential in Building Cybersecurity Talent Pipeline In their RSA Conference session titled ‘Building the cybersecurity innovation pipeline’ in San Francisco on April 17 2018, Grant Bourzikas, CISO & VP McAfee Labs and Chatelle Lynch, SVP and Chief Human Resources Officer, McAfee Labs, discussed the importance of diversity in building a high-performing security team.Bourzikas, who has three hundred security professionals in his team – and insists on bei
  • Cryptominers Replace Ransomware as No. 1 Threat

    Cryptominers Replace Ransomware as No. 1 ThreatCryptominers surged to the top of detected malware incidents, displacing ransomware as the No. 1 threat.Comodo Cybersecurity Threat Research Labs’ first-quarter global malware report shows that the world is already a very different place from 2017. During Q1 2018, Comodo Cybersecurity detected 28.9 million cryptominer incidents out of a total of 300 million malware incidents, amounting to a 10% share. The number of unique cryptominer vari
  • ISACA: Gender Disparity in Cyber Persists

    ISACA: Gender Disparity in Cyber PersistsWhen it comes to the oft-discussed gender gap in cybersecurity, men tend to think women have equal career advancement, while women say that’s not the case.In fact, according to ISACA’s annual State of Cybersecurity 2018 report, a 31-point perception gap exists between male and female respondents, with 82% of male respondents saying men and women are offered the same opportunities for career advancement in cybersecurity, compared to just 51% of
  • Facebook, Microsoft and 32 Others Form Cyber Consortium

    Facebook, Microsoft and 32 Others Form Cyber ConsortiumA group of 34 tech companies, including Facebook and Microsoft, have formed a cybersecurity consortium, pledging to work together to “act responsibly, to protect and empower our users and customers, and thereby to improve the security, stability, and resilience of cyberspace.”The group, which also includes Arm, Cisco, HP, Nielsen, Nokia, Oracle, Telefónica and Trend Micro, has published a Cybersecurity Tech Accord tha
  • #RSAC: DHS Secretary Discusses Strategies for a New Age of Security

    #RSAC: DHS Secretary Discusses Strategies for a New Age of SecuritySpeaking in the opening keynote session of RSA 2018 in San Francisco today the Honorable Kirstjen Nielsen, secretary, United States Department of Homeland Security (DHS), discussed strategies the DHS is using to reach its cybersecurity goals to protect the country’s citizens and organizations from cyber-attacks, breaches and cybercrime.“Digital security is converging with personal and physical security, and the public
  • #RSAC: RSA President Urges Cybersecurity Industry to Concentrate on Security Not Threats

    #RSAC: RSA President Urges Cybersecurity Industry to Concentrate on Security Not ThreatsAfter an impressive performance by Kevin K.O. Olusola to open the RSA Conference keynotes in San Francisco on April 17 2018, Rohit Ghai, President of RSA Security, presented an optimistic view of the industry, explaining why he believes cybersecurity is getting better, not worse.“The headlines of last year are a reminder that unprecedented digital risk exists, and it casts a dark shadow over whether wha
  • #RSAC: McAfee CEO: What Cybersec Can Learn from Air Travel Security

    #RSAC: McAfee CEO: What Cybersec Can Learn from Air Travel SecurityChristopher D. Young, chief executive officer at McAfee, took to the stage in the opening keynote session of RSA 2018 in San Francisco on April 17, outlining how the cybersecurity industry can learn from the threat of air travel hijacking and the developments made in air traffic security as a result.Young said that as the threat of real-life skyjacking evolved over time, so did the balancing act of air traffic security to keep pe
  • #RSAC: McAfee CEO: Cybersec Can Learn from Air Travel Security

    #RSAC: McAfee CEO: Cybersec Can Learn from Air Travel SecurityChristopher D. Young, chief executive officer at McAfee, took to the stage in the opening keynote session of RSA 2018 in San Francisco on April 17, outlining how the cybersecurity industry can learn from the threat of air travel hijacking and the developments made in air traffic security as a result.Young said that as the threat of real-life skyjacking evolved over time, so did the balancing act of air traffic security to keep people
  • #RSAC: Microsoft President Calls for Governments to Form Digital Geneva Convention

    #RSAC: Microsoft President Calls for Governments to Form Digital Geneva Convention In his keynote presentation at RSA Conference in San Francisco on April 17 2018, Brad Smith, President at Microsoft, told the audience that it is the industry’s responsibility to push the governments of the world towards a new digital Geneva Convention.He outlined six commitments that would make up a Digital Geneva Convention: No targeting of tech companies, private sector or critical infrastructure Assist p
  • EU to force tech firms to hand over terror suspects' messages

    Plan to gather evidence of crime and terrorism ‘quickly and efficiently across borders’The European commission is seeking to force technology companies wherever they are based in the EU to hand over emails, text messages and app communications of terror suspects within hours of a court order.Under the plans, judges in one member state will be able to seize electronic evidence held on a service provider in another European country through a transnational European production order. Con
  • Global Enterprises Suffer 30 Security Breaches Per Year

    Global Enterprises Suffer 30 Security Breaches Per YearOrganizations are getting much better at stopping cyber-attacks, but still suffered on average 30 security breaches last year, causing damage or data loss, according to Accenture.The global consultancy polled 4600 cybersecurity practitioners in companies with revenues over $1bn across 15 countries, to compile its 2018 State of Cyber Resilience Executive Summary.It found that 87% are now preventing "focused" attacks, up from 70% last year, bu
  • Facebook Fail as 100+ Cybercrime Groups are Found on Site

    Facebook Fail as 100+ Cybercrime Groups are Found on SiteFacebook has deleted over 100 private discussion groups revealed to have been facilitating identity fraud and cybercrime for years on the platform.Journalist Brian Krebs claimed to have found the groups after searching for just a couple of hours last week. He said they covered a broad range of illicit activity including DDoS-for-hire, carding, 419 scams and botnet creation tools — with over 300,000 members signed up.Most were easily
  • NCSC: Chinese Telecoms Firm ZTE is National Security Risk

    NCSC: Chinese Telecoms Firm ZTE is National Security RiskThe UK’s National Cyber Security Centre (NCSC) has warned that one of China’s biggest telecoms infrastructure and smartphone firms is a national security risk.The GCHQ body released a short statement on Monday penned by technical director, Ian Levy, and relating to the use of ZTE “equipment and services” in UK telecoms infrastructure.“It is entirely appropriate and part of NCSC’s duty to highlight potent
  • #RSAC: Security Considerations Around Digital Business Transformation

    #RSAC: Security Considerations Around Digital Business Transformation At the CIO/CISO Interchange event in San Francisco on April 16 2018, Forrester VP Principal Analyst Julie A. Ask considered the key trends in digital business transformation and the impact they are having on security.She summarized the key trends in customer digital experiences: Mobile will persist as the most important digital platform and will become an orchestrator of experiences. The role of the smartphone will continue to
  • #BSidesSF: Managing Secrets in Your Cloud Environment

    #BSidesSF: Managing Secrets in Your Cloud EnvironmentSpeaking at BSides San Francisco today Evan Johnson, security engineer at Segment, and Maya Kaczorowski, product manager, Security & Privacy at Google, explored the topic of cloud ‘secrets’, highlighting common mistakes in secret management and solutions to the problem.A cloud secret is “anything an application needs at build or run time,” said Kaczorowski, citing examples such as credentials, API keys, usernames an
  • #BSidesSF: How to Solve Infosec Problems with Creative Solutions

    #BSidesSF: How to Solve Infosec Problems with Creative SolutionsSpeaking at BSides San Francisco today Katie Ledoux, manager of trust and security governance at Rapid7, presented a session exploring some creative solutions to infosec problems.Ledoux said that when fixing problems “managing little fires without losing sight of long-term goals is an issue that anyone who has a job needs to deal with” but in infosec it is particularly challenging as “much of our work is reactive a
  • A Pair of Mobile Apps in Google Play Target Mideast Victims

    A Pair of Mobile Apps in Google Play Target Mideast VictimsTwo separate incidents of surveillance-ware were found in the Google Play Store, targeting Middle East organizations.Google has removed the offending apps, ViperRAT 2.0 and Desert Scorpion, but they both represent a rare instance of a malicious mobile APT (mAPT) in an official app marketplace.According to Lookout Security, ViperRAT 2.0 represented the resurgence of a mAPT that originally targeted individuals in the Israeli Defense Force
  • Most Web Apps Contain High-Severity Vulnerabilities

    Most Web Apps Contain High-Severity VulnerabilitiesAn analysis of web applications shows that 94% of applications tested had at least one high-severity vulnerability.According to Positive Technologies’ Web Application Vulnerabilities in 2017 report, collated through the security firm’s automated source code analysis through the PT Application Inspector, most detected vulnerabilities (65%) overall were of medium severity, with much of the remainder (27%) consisting of high-severity vu
  • University of Virginia Nabs Top Honors in Collegiate Cyber Contest

    University of Virginia Nabs Top Honors in Collegiate Cyber ContestThe University of Virginia (UVA) took home top honors in this year’s National Collegiate Cyber Defense Competition (NCCDC), which took place April 13–15.Ten cyber-defense teams faced off in Orlando, competing as white-hat hackers to protect a fictional biotech company called Volitech, which specializes in vaccine research, materials research, pharmaceuticals, and biomechanical organ development. The students were
  • US and UK blame Russia for 'malicious' cyber-offensive

    Security officials issue alert directly blaming Kremlin for attack as US warns Moscow it is ‘pushing back hard’The cyberwar between the west and Russia has escalated after the UK and the US issued a joint alert accusing Moscow of mounting a “malicious” internet offensive that appeared to be aimed at espionage, stealing intellectual property and laying the foundation for an attack on infrastructure. Senior security officials in the US and UK held a rare joint conference ca
  • US and UK Cyber Agencies Issue Russian Attacking Warning

    US and UK Cyber Agencies Issue Russian Attacking WarningState-sponsored Russian attackers have conducted a sustained campaign targeting routers and network infrastructure devices.According to a joint investigation and technical alert by the US Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI) and the UK’s National Cyber Security Centre (NCSC), global network infrastructure devices such as routers, switches, firewalls and network intrusion detection systems h
  • US and UK Cyber Agencies Issue Russian Attack Warning

    US and UK Cyber Agencies Issue Russian Attack WarningState-sponsored Russian attackers have conducted a sustained campaign targeting routers and network infrastructure devices.According to a joint investigation and technical alert by the US Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI) and the UK’s National Cyber Security Centre (NCSC), global network infrastructure devices such as routers, switches, firewalls and network intrusion detection systems have
  • Developers Outnumber Security Pros 100:1 as Breaches Grow

    Developers Outnumber Security Pros 100:1 as Breaches GrowBreaches related to open source components have soared by 50% since 2017, according to a new study from Sonatype urging developers to adopt DevSecOps practices.The security vendor polled over 2000 IT professionals to compile its 2018 DevSecOps Community Survey.The findings chime with a Sonatype study in March which found that one in eight open source components downloaded in the UK last year contained known security vulnerabilities —
  • Telegram App Banned in Russia

    Telegram App Banned in Russia As expected, messaging app Telegram has been formally blocked in Russia after its owner refused to hand the authorities encryption keys to help with investigations.The popular app is used by many around the world to communicate without the fear of being monitored by repressive governments.A recent demand by Russian security agency the FSB to help Telegram decrypt messages linked to six phone numbers went unanswered by the firm.As a result, a Russian court has n
  • Lords: UK Could be World Leader in "Ethical" AI

    Lords: UK Could be World Leader in "Ethical" AIThe UK could be a world-leader in artificial intelligence (AI) if it puts ethics first, according to a new House of Lords report — with experts claiming the technology could also help combat cybersecurity challenges.The Lords select committee’s report, AI in the UK: ready, willing and able?, argued that by taking a proactive role in the development of the new technology, the UK could boost its economy and help to mitigate any associated
  • Army researchers conduct first-ever combustion experiment with X-rays

    The U.S. Army Research Laboratory’s Center for Unmanned Aircraft Systems Propulsion made an historic first with its experiment in a gas turbine combustor using X-rays. The data will help...
  • North Korea’s Kim greets Chinese official, calls for stronger ties

    North Korean leader Kim Jong Un personally greeted a top Chinese official in Pyongyang and called for stronger ties with Beijing, state media from both countries said Sunday, as the traditional...

Follow @Security_UKnws on Twitter!