Security News

Yes, Prime Minister, rewrite the Computer Misuse Act: Brit infosec outfits urge reform
2020-06-29 11:30

British infosec businesses are celebrating the 30th birthday of the Computer Misuse Act 1990 by writing to Prime Minister Boris Johnson urging reform of the elderly cybercrime law. The Computer Misuse Act received Royal Assent on 29 June 1990, before "The concept of cyber security and threat intelligence research," the CyberUp campaign group said in its letter [PDF].

With remote working on the rise, infosec strategies need to evolve
2020-06-26 04:30

Since many employees have moved outside of the network perimeter, whether by using mobile devices or working from a home or remote environment organizations have lost visibility into a large percentage of their business network traffic. With a fully remote workforce, many organizations have been forced to make choices between usability and security.

Carbon-based vuln hunters will always be better at infosec than AI, insist puny humans
2020-06-24 10:00

Puny humans still think they're superior to AI when it comes to infosec - and a significant number still don't venture into meatspace or get enough sunlight. So reckons a survey carried out on behalf of Bugcrowd, which also made the edifying finding that 64 per cent of independent infosec researchers are on median incomes below $25,000/year - with half being aged 24 or younger.

New infosec products of the week: June 12, 2020
2020-06-12 04:30

Qualys Remote Endpoint Protection gets malware detection, free for 60 days. Powered by the Qualys Platform and Cloud Agent, malware detection in Remote Endpoint Protection uses file reputation and threat classification to detect known malicious files on endpoints, servers, and cloud workloads.

Keepnet kerfuffle: Firing legal threats at bloggers did infosec biz more damage than its exposed database
2020-06-10 18:02

UK-based infosec outfit Keepnet Labs left an 867GB database of previously compromised website login details accessible to world+dog earlier this year - then sent lawyers' letters to bloggers in a bid to erase their reports of its blunder. As reported by news website Verdict, Keepnet was stung by Diachenko's initial post about the gaffe, which Keepnet interpreted as the blogger blaming the business for leaking its own customers' data - none of its own clients' data was exposed, but rather info from previous publicly known database exposures.

Researchers unmask Indian 'infosec' firm to reveal hacker-for-hire op that targeted pretty much anyone clients wanted
2020-06-09 17:49

Canada's Citizen Lab laboratory has uncovered a hacks-for-hire phishing operation targeting anyone from political activists and oligarchs to lawyers and CEOs that hit more than 10,000 email inboxes over seven years. The North American outfit claims to have traced the so-called Dark Basin campaign to an Indian firm called BellTroX InfoTech Services - which denies all wrongdoing.

British Army pulls up its SOC: New regiment to do infosec work even civvies will recognise
2020-06-05 19:37

The British Army has raised a new regiment that will take charge of its in-house security operations centre, a move calculated to make cyber defence a more mainstream part of all things armed and camouflaged. The Ministry of Defence stated that 13 Sigs will "Provide the basis of the new Army Cyber Information Security Operations Centre, focusing on the protection of Defence's cyber domain."

New infosec products of the week: June 5, 2020
2020-06-05 05:00

Checkmarx SCA: New SaaS-based software composition analysis solution. Zyxel launches USG FLEX series of mid-range firewalls for SMBs. Zyxel's new USG FLEX 100, USG FLEX 200 and USG FLEX 500 firewalls feature upgraded hardware and software power that level up SMB security with up to 125 percent of firewall performance and up to an additional 500 percent Unified Threat Management performance.

Sweet TCAS! We can make airliners go up-diddly-up whenever we want, say infosec researchers
2020-05-04 19:15

Not only can malicious people make airliners climb and dive without pilot input - they can also control where and when they do so, research from Pen Test Partners has found. TCAS spoofing, the practice of fooling collision detection systems aboard airliners, can be controlled to precisely determine whether an airliner fitted with TCAS climbs or descends - and even to produce climb rates of up to 3,000ft/min.

Week in review: API security basics, the future of infosec conferences, Sophos firewalls under attack
2020-05-03 07:00

Is the future of information security and tech conferences virtual?While RSA Conference USA - the largest information security conference in the world - managed to take place mere weeks before the World Health Organization declared COVID-19 a pandemic, European countries started closing borders and airlines started suspending routes and grounding planes, most infosec and tech events scheduled to take place after it were doomed. Understanding the basics of API securityThis is the first of a series of articles that introduces and explains application programming interfaces security threats, challenges, and solutions for participants in software development, operations, and protection.