Security News

Hallowed Bugtraq infosec list killed then resurrected over the weekend: We heard your feedback, says Accenture
2021-01-18 07:05

Last week ended with news that the venerable infosec mailing list Bugtraq was being shutdown at the end of the month. From its first posts in November 1993, Bugtraq aimed to get details of vulnerabilities, as well as defence and exploitation techniques, onto netizens' radar, and discussed among admins and security researchers.

How good are you at scoring security vulnerabilities, really? Boffins seek infosec pros to take rating skill survey
2021-01-08 09:30

By running a survey on whether infosec bods think the Common Vulnerability Scoring System is a useful tool for assessing security flaws, Dr Zinaida Benenson of Friedrich-Alexander Universität Erlangen-Nürnberg's IT Security Infrastructure Lab in Germany hopes to further the infosec world's understanding of how reliable the system really is. While the survey hopes to gain up to 300 respondents, Benenson was coy about precisely what she's hoping to prove or disprove, but she did drop The Register a hint about the current state of CVSS scoring.

Think you’re hot stuff when it comes to infosec? Prove it
2021-01-05 07:00

When it comes to cybersec certifications, GIAC is the gold standard. The organisation takes pride in certifications that "Rather than skimming the surface of different skillsetsare a mile deep for specialised job-focused tasks." And GIAC exams with Cyberlive don't just test you on the theory, but show you've proven your skills in lab-based situations.

2021 will overburden already stressed infosec teams
2020-12-30 06:00

While in 2020 organizations were focused on adapting existing technology to borderless and disconnected environments, we will see a massive shift to cloud-native solutions in 2021. In addition to new attacks on container-based environments, 2021 will bring the heightened threat of ransomware and new solutions to combat disinformation.

Special minisode: “20 years of cyberthreats that shaped infosec” [Podcast]
2020-12-14 01:14

Naked Security's Paul Ducklin interviews Sophos expert John Shier about his recently published paper, "20 years of cyberthreats that shaped information security". Join John on a dizzying journey all the way from legendary viruses such as ILOVEYOU and Code Red, which flooded the internet in 2000, to present-day ransomware gangs like Ryuk and REvil, who are extorting millions of dollars in blackmail money per attack.

No Xmas office party? Missing infosec pals and colleagues? Want to listen to DJs who also happen to be cyber warriors?
2020-11-23 10:15

Locked up indoors with nothing to do as the evenings draw closer? If lighthearted chats about cyber security are your thing, followed up by some banging dance tunes, then we have just the event - all in the name of charity, of course. The Cyber House Party launched this summer with the inaugural shindig held on 3 June and the second on 29 October, pulling in a total of 750 attendees and raising £10,000 in donations.

Manchester United working with infosec experts to 'minimize ongoing IT disruption' caused by 'cyber attack'
2020-11-21 15:41

Manchester United is working with infosec pros to "Minimize the ongoing IT disruption" that it says was caused by an assault on its tech systems. "In a statement, the club said:"Manchester United Plc can confirm that the club has experienced a cyber attack on its systems.

New infosec products of the week: November 20, 2020
2020-11-20 06:00

AWS Network Firewall: Network protection across all AWS workloads. With AWS Network Firewall, customers can deploy granular network protections across their entire AWS environment, without the need to configure and manage additional security infrastructure.

Cyberup campaign: 80% of infosec pros fear they might fall foul of UK's outdated Computer Misuse Act
2020-11-19 14:49

A majority of British infosec professionals worry about accidentally breaking the UK's antiquated Computer Misuse Act, according to an industry campaign group that hopes to reform the law. The Cyberup campaign, which includes NCC Group, Orpheus Cyber, Context Information Security, Nettitude, F Secure and others, first wrote to UK Prime Minister Boris Johnson in July 2019 urging him to update the regulations.

International infosec rules delivered to make nations and non-state actors behave themselves online
2020-11-16 07:42

The Global Commission on the Stability of Cyberspace, a group that works to develop policy the world can follow to keep the internet stable and secure, late last week delivered a final report that outlines its vision for how the nations of the world should behave online. State and non-state actors should neither conduct nor knowingly allow activity that intentionally and substantially damages the general availability or integrity of the public core of the Internet, and therefore the stability of cyberspace.