IT security
-
News
25 Oct 2024
Dutch critical infrastructure at risk despite high leadership confidence
Stark paradox in Dutch cyber security landscape has business leaders expressing high confidence in their IT infrastructure as cyber attacks rise Continue Reading
-
News
11 Jul 2024
Dutch research firm TNO pictures the SOC of the future
In only a few years, security operations centres will have a different design and layout, and far fewer will remain Continue Reading
-
News
06 Oct 2011
UBS systems detected $2bn rogue trader fraud, admits CEO Sergio Ermotti
UBS interim CEO Sergio Ermotti has admitted systems in the banks IT infrastructure detected the unauthorised trading of the rogue trader who cost UBS over $2bn, but nothing was done about the warning signals. Continue Reading
-
Tip
04 Oct 2011
BackTrack 5 tutorial Part I: Information gathering and VA tools
Our BackTrack 5 tutorial covers information gathering and vulnerability assessment using BackTrack 5. Continue Reading
-
News
04 Oct 2011
Cisco patches IOS in major rollout, releases 10 security advisories
19 bugs and 10 security advisories released to address flaws in Cisco’s IOS network OS, Unified Communication Manager and Series 10000 routers. Continue Reading
-
News
04 Oct 2011
Universal Credit deadline forced DWP to use “unproven” agile development
Tight deadlines left the Department for Work and Pensions with little choice but to use "unproven" agile methods to develop its £2bn Universal Credit (UC) system, said the Cabinet Office Major Projects Authority (MPA) in a confidential report obtained by Computer Weekly. Continue Reading
-
News
04 Oct 2011
GPU cracks six-character password in four seconds
A £30 nVidia GeForce GT220 graphics card is capable of cracking strong passwords in a matter of hours. Continue Reading
-
News
03 Oct 2011
Identifying the business value of SAM best practice frameworks and standards
Businesses are cautious when it comes to taking up best practice frameworks and standards that could help them manage their software assets more effectively. Continue Reading
-
News
29 Sep 2011
IBM signs £525m DWP contract to provide Universal Credit systems
The Department for Work and Pensions (DWP) has signed a seven-year contract with IBM worth £75m per year to provide systems, which will include the delivery of its flagship Universal Credit programme. Continue Reading
-
News
27 Sep 2011
How BP made its supplier ecosystem work
Oil and gas giant BP spent 65% of its $3bn annual IT budget with 3,000 suppliers in 2008, but now it outsources to only seven and has reduced its annual IT budget by $800m as a result. Continue Reading
-
Feature
26 Sep 2011
Self-encrypting drives: SED the best-kept secret in hard drive encryption security
The SED solves many common data loss problems and is easy to use and manage with minimal impact on system performance – yet relatively few businesses and governments use SEDs. Continue Reading
-
News
23 Sep 2011
Police IT not fit for purpose, police-led ICT company needs a lot of work, says Home Office report
A Home Office report into policing has labelled police IT as not being fit for purpose and made recommendations to shake up a mess of different IT systems across 43 forces which is hindering police attempts to fight crime. Continue Reading
-
News
23 Sep 2011
Anti-piracy group FAST applauds government business guide to navigating UK IP law
The government has published a guide to UK intellectual property law for businesses, providing information on IP policies; procurement of goods and services; reporting IP crime; and auditing IP. The Federation Against Software Theft (FAST) said it welcomed the initiative. Continue Reading
-
News
22 Sep 2011
Government pulls plug on ailing £11bn NHS IT programme
The troubled £11bn NHS National Programme for IT is to be axed, the government is expected to announce later today. Continue Reading
-
News
22 Sep 2011
Researchers claim to have broken SSL/TLS encryption
Two security researchers claim to have found a way of breaking the SSL/TLS encryption that is widely used to guarantee the reliability and privacy of data exchanged between web browsers and servers. Continue Reading
-
News
22 Sep 2011
SQL injection attacks increasing in number, sophistication and potency, researchers find
The prevalence and intensity of SQL injection attacks are increasing, according to Imperva. Continue Reading
-
News
21 Sep 2011
Gartner: Best defence against social media threats is monitoring and education
Blocking social media in the enterprise encourages bad behaviour by employees but does not prevent access, warns Gartner. Continue Reading
-
News
20 Sep 2011
Gartner: Keep encryption simple and standardised to cut cost and complexity
Businesses should consider self-encrypting drives (SEDs) for new installations that hold significant volumes of sensitive data, says Gartner. Continue Reading
-
News
19 Sep 2011
Defense in depth a dying philosophy: Eddie Schwartz
The approach to information security needs to evolve, says Edward Schwartz, CISO at RSA. Agility, dynamism, and fresh security paradigms a need of the hour. Continue Reading
-
Tip
15 Sep 2011
Step-by-step aircrack tutorial for Wi-Fi penetration testing
Aircrack-ng is a simple tool for cracking WEP keys as part of pen tests. In this aircrack tutorial, we outline the steps involved in cracking WEP keys. Continue Reading
-
News
15 Sep 2011
Cyber attacks are becoming lethal, warns US cyber commander
Cyber attacks are escalating from large-scale theft and disruption of computer operations to more lethal attacks that destroy systems and physical equipment, according to the head of the US Cyber Command. Continue Reading
-
News
14 Sep 2011
IT development underpinning Universal Credits comes under fire from MPs and experts
The delivery of Universal Credits is coming under fire as observers are casting an increasingly critical eye on the IT systems underpinning the politically sensitive project. Continue Reading
-
News
14 Sep 2011
Security update: Light Microsoft Patch Tuesday with low application impact plus critical Adobe fixes
Microsoft's September Patch Tuesday security update is relatively light with only five security updates. Continue Reading
-
Tutorial
13 Sep 2011
Metasploit guide 4: Armitage cyber attack management GUI
In part four of our Metasploit guide we look at Armitage, the GUI-based cyber attack management tool. This completes the Metasploit guide series. Continue Reading
-
News
13 Sep 2011
GlobalSign web certificate authority back online after breach by hacker
Belgian web certificate authority (CA) GlobalSign is back online after investigating claims by the hacker who breached the Dutch DigiNotar CA that its systems had also been breached. Continue Reading
-
News
08 Sep 2011
Web security certificate breach widens
GlobalSign, the fifth largest digital certificate issuer, has suspended the issuing of authentication certificates for websites after the DigiNotar hacker claimed to have breached its systems Continue Reading
-
News
08 Sep 2011
University challenge: using IT to improve services and reduce costs
Universities face a balancing act as they become increasingly expected to improve the experiences of more demanding students while making budgets go further, and IT is a critical tool in finding this balance. Continue Reading
-
News
08 Sep 2011
Nike+ problems demonstrate the risk of social media success
The rewards for creating a customer-focused online community are huge. But success comes at a price, as recent issues encountered by Nike's Nike+ running site illustrate. Matt Scott investigates. Continue Reading
-
News
07 Sep 2011
DigiNotar certificate authority breach: Why it matters
There has been much speculation around the identity and motive of the hacker who was able to breach DigiNotar and issue fraudulent digital certificates for hundreds of websites, but putting such speculation aside, what is the broader significance of the incident? Continue Reading
-
News
02 Sep 2011
ICO slams Scottish Children’s Reporter Administration for data breaches
The Information Commissioner's Office has criticised the Scottish Children's Reporter Administration for twice leaking sensitive personal information about young children in breach of the Data Protection Act. Continue Reading
-
News
30 Aug 2011
Orange restores broadband customers' e-mail account access but loses data
A problem with Orange e-mail – which locked out broadband customers – has been partly fixed as access to the accounts is restored, but weeks of e-mails may be lost. Continue Reading
-
News
30 Aug 2011
Facebook pays security bug bounty hunters $40,000 in three weeks
Facebook has revealed its security bug bounty initiative has paid out more than $40,000 in just three weeks – but has not revealed how many security vulnerabilities have been reported or how many have been fixed. Continue Reading
-
News
26 Aug 2011
Lack of soft skills training is curbing IT career progression
Employers are failing to provide IT professionals with the business... Continue Reading
-
Tip
25 Aug 2011
Map your data classification policy to controls effectively: How-to
Data classification policy plays an important role in control implementation and effectiveness. We take a look at the involved parameters. Continue Reading
-
News
23 Aug 2011
Scholarships aim to encourage women to pursue cybersecurity careers
To boost the percentage of women in IT security careers, (ISC)2 has instituted two new scholarships, each totalling up to $40,000 per year. Continue Reading
-
Tip
23 Aug 2011
OpenVAS how-to: Creating a vulnerability assessment report
In this OpenVAS how-to, learn how to use the free scanner to create a vulnerability assessment report and assess threat levels. Continue Reading
-
Tutorial
23 Aug 2011
A handy Nessus tutorial
A powerful vulnerability scanner, Nessus is a utility that infosec pros swear by. If you plan to adopt this tool, our Nessus tutorial has all the details. Continue Reading
-
Tip
23 Aug 2011
Metasploit tutorial 3 – Database configuration & post exploit affairs
Part three of our Metasploit tutorial covers database configuration in Metasploit and what needs to be done subsequent to exploitation using Metasploit. Continue Reading
-
News
23 Aug 2011
Why major IT projects are more likely to fail than any others
Major IT projects are 20 times more likely to fail than other business initiatives because project managers are ignoring unpredictable events, says a major research study by Oxford University. Continue Reading
-
News
22 Aug 2011
Failed IT projects demolish big businesses and executive careers, say researchers
IT projects spinning out of control in the public and private sector are ending the careers of senior executives and causing entire businesses to collapse. Continue Reading
-
Tutorial
19 Aug 2011
Social Engineer Toolkit (SET) tutorial for penetration testers
A social engineering toolkit helps address the human element aspect of penetration testing. Learn how to use Social Engineer Toolkit with this tutorial. Continue Reading
-
Feature
19 Aug 2011
IT and marketing: working together for business success
The IT department builds things that scale and last, while marketing wants the next big thing - and needed it yesterday. How can heads of technology work effectively with marketing? Cliff Saran investigates Continue Reading
-
News
19 Aug 2011
What does HP's Autonomy acquisition mean for the UK tech sector?
HP's bombshell announcement that it is to acquire Autonomy has left many questioning where this leaves the UK software industry. Computer Weekly asks the experts what the deal means for UK home-grown tech talent and what HP is likely to achieve with the latest addition to its portfolio. Continue Reading
-
News
19 Aug 2011
Customers may think twice about HP as PC business looks uncertain
As HP announces a major shake-up of its product range and services, analysts warn customers could think twice about HP contracts as a result of uncertainty surrounding its PC business. Continue Reading
-
News
18 Aug 2011
NHS trusts already planning a way out of National Programme contracts
NHS trusts in the National Programme for IT's beleaguered southern region have already begun drafting specifications for systems that may replace those supplied under the controversial project. Continue Reading
-
News
17 Aug 2011
UK business should educate internally to get the right IT security skills at lower cost
UK businesses should look to internal training to meet future IT security needs rather than paying high prices by competing to recruit scarce skills externally, warn experts. Continue Reading
-
Feature
16 Aug 2011
IPv6: The security risks to business
IT security professionals say the security holes that will open up in many business organisations as the world moves over to internet protocol version six (IPv6) constitute a substantial security concern Continue Reading
-
News
16 Aug 2011
Information Commissioner calls for more privacy improvements at Google
The Information Commissioner's Office says an audit at Google's London office shows the company has taken reasonable steps to improve its privacy policies, but could do more. Continue Reading
-
News
15 Aug 2011
Government must change the way it stores citizens' personal data, calls the EHRC
The government must bring in changes to better protect personal information, calls the Equality and Human Rights Commission. Continue Reading
-
News
10 Aug 2011
Adobe issues security updates for Flash, Shockwave, Photoshop and RoboHelp
Adobe has issued fixes for vulnerabilities in Flash, Shockwave, Photoshop, RoboHelp and Flash Media Server in the latest security update. Continue Reading
-
News
09 Aug 2011
Ten-year-old hacker exposes exploitable flaws in Apple and Android games
A 10-year-old Californian hacker has exposed a new type of security vulnerability in many mobile games at a hacker conference in Las Vegas. Continue Reading
-
News
09 Aug 2011
Blackberry to co-operate with police after youths used BBM to organise riots
Research in Motion has said that it will co-operate with the police after it was revealed that London rioters used Blackberry Messenger rather than Twitter to organise looting sprees across the capital, with violence later spreading to Birmingham, Liverpool, Nottingham and Bristol. Continue Reading
-
News
08 Aug 2011
Customer data privacy program poised to roll out at Airtel
Airtel’s customer data privacy program will roll out in phases. With the pilot almost completed, Airtel is confident of meeting data privacy regulations. Continue Reading
-
Tip
08 Aug 2011
Best practices for audit, log review for IT security investigations
Device logs can be one of the most helpful tools infosec pros have, or they can be a huge waste of space. Continue Reading
-
News
08 Aug 2011
US standards body issues warning to energy suppliers over cyber attacks
A US energy industry standards body has warned suppliers to improve their defences against cyber attacks. Continue Reading
-
News
08 Aug 2011
Toxic National Programme for IT contracts to be housed under one body
Billions of pounds of toxic IT contract exposures at the Department for Health could be housed under one central unit, according to reports. Continue Reading
-
News
05 Aug 2011
Microsoft slots 22 patches for August Patch Tuesday
Windows, IE, Visio, .Net, Visual Studio and Report Viewer to get security updates; updated version of Windows Malicious Software Removal Tool on charts. Continue Reading
-
Tip
05 Aug 2011
NIST SP 800-30 standard for technical risk assessment: An evaluation
Risk assessment with NIST SP 800-30 focuses on securing IT infrastructure. Find out NIST SP 800-30 strengths, and learn how it differs from other standards. Continue Reading
-
News
05 Aug 2011
Case Study: Data encryption at the Salvation Army
The Salvation Army in the UK supports flexible working from home using laptops owned by the charity, but says finding a good way of protecting data was a challenge. Continue Reading
-
News
04 Aug 2011
Missing USB drive, found in pub, contained unencrypted data
The ICO says two housing groups must improve data security after a contractor’s missing USB drive, containing unencrypted data, was found in a pub. Continue Reading
-
News
03 Aug 2011
Hotmail makes sign-in changes, can't please everyone
The Hotmail sign-in page is in the news this week, with subtle changes to browser auto-complete behaviour to provide wider browser compatibility. Continue Reading
-
News
02 Aug 2011
NHS trust forced to adopt National Programme patient records system or face £8.8m fine
An NHS trust was forced to buy care records software through the National Programme for IT or face the threat of an £8.8m fine - even though it had a longstanding supplier in place. Continue Reading
-
News
01 Aug 2011
Former government CIO John Suffolk joins Huawei as head of cybersecurity
Former government CIO John Suffolk has joined China-based IT company Huawei as global head of cybersecurity. Continue Reading
-
News
28 Jul 2011
Highlights from 'A recipe for rip-offs' - the Select Committee report on government IT
The Public Administration Select Committee has published a scathingly critical report on government's use of IT. We've chosen a selection of the highlights from the report. Continue Reading
-
Tip
27 Jul 2011
Website secure login: Alternatives to out-of-wallet questions
Learn about alternatives to static knowledge-based authentication and out-of-wallet questions for secure website logins in this tip. Continue Reading
-
News
27 Jul 2011
Metasploit Pro 4.0 adds support for cloud, SIEM systems
Rapid7 releases Metasploit Pro version 4 with improved automation features and new SIEM and cloud-based pen-testing support. Continue Reading
-
News
27 Jul 2011
Computer glitch halts Post Office card transactions
Customers have been unable to complete card transactions at the Post Office after a computer glitch across all branches... Continue Reading
-
Tip
26 Jul 2011
Metasploit tutorial part 2: Using meterpreter
Part two of our Metasploit tutorial covers usage details of the meterpreter post-exploitation tool in Metasploit to create exploits that evade detection. Continue Reading
-
News
25 Jul 2011
US House of Representatives committee approves cybersecurity standards bill
The US House of Representatives has passed a bill designed to increase education, research and development to counteract cyberthreats. Continue Reading
-
News
25 Jul 2011
Automated web application attacks are the top security threat, study reveals
Websites are attacked about 27 times an hour or once every two minutes on average, peaking at 25,000 attacks a minute or seven a second, according to research... Continue Reading
-
News
25 Jul 2011
UK confirms international cyber rules conference
UK foreign secretary William Hague has confirmed that the government is to host an international conference on cyberspace in London on 1 and 2 November 2011. Continue Reading
-
News
22 Jul 2011
British Computer Society – the case for change
A year on from the BCS extraordinary general meeting (EGM), Amit Bhagwat looks at how BCS has evolved, why the EGM came about and gave the results that it did, what has followed since and, how BCS might consider its future from here. Continue Reading
-
News
21 Jul 2011
Securitytube.net releases WLAN security megaprimer
The Hacker News (THN) has reported that the latest SecurityTube.net release includes a 4.2Gb DVD containing over 40+ HD quality videos of their WLAN Security Megaprimer. Continue Reading
-
News
21 Jul 2011
Trend Micro aims to secure consumer mobile devices for enterprises
Security firm Trend Micro has announced an enterprise mobile management product to help organisations integrate consumer devices into an enterprise environment in a secure way. Continue Reading
-
News
21 Jul 2011
Hacking group Anonymous claims to have hacked into NATO servers and stolen data
Hacking group Anonymous has claimed to have hacked into NATO servers, according to the Blottr.com news service. Continue Reading
-
News
20 Jul 2011
(ISC)² publishes official guide to CSSLP
Information security body (ISC)² has published the only official guide to the Certified Secure Software Lifecycle Professional (CSSLP) certification. Continue Reading
-
News
20 Jul 2011
Data breach at York University highlights urgency of security checks, says ICO
The University of York's accidental breach of thousands of students' personal data points to a need for improved security checks, according to the Information Commissioner's Office. Continue Reading
-
Tip
20 Jul 2011
Nmap tutorial: Nmap scan examples for vulnerability discovery
Learn how to use Nmap, the free network scanner tool, to identify various network devices and interpret network data to uncover possible vulnerabilities. Continue Reading
-
News
19 Jul 2011
Microsoft offers bounty in hunt for Rustock spambot operators
A $250,000 reward is being offered to anyone who provides new information that results in the identification, arrest and criminal conviction of the cybercriminals behind the Rustock botnet. Continue Reading
-
News
13 Jul 2011
Managing iPads in enterprise networks
These days users expect to be able to use their iPads inside the business and as thousands of software vendors release applications for the iOS platform which provide data mobility and usability benefits to employees, the prospect of the iPad as a business device is becoming a forced reality. Continue Reading
-
Tip
13 Jul 2011
OCTAVE risk assessment method examined up close
The OCTAVE risk assessment method is unique in that it follows a self-directed approach to risk assessment. Leverage its strengths with this expert tip. Continue Reading
-
News
13 Jul 2011
Central government staff lack skills in IT
A significant proportion of civil servants lack skills in areas such as IT, a National Audit Office report has found. Continue Reading
-
Tip
13 Jul 2011
SAP security tutorial: Top 10 SAP security implementation steps
Implementing SAP software securely isn't only the job of SAP specialists; the entire IT department has a role to play. Learn the top ten steps to a secure SAP implementation. Continue Reading
-
Tip
12 Jul 2011
Metasploit tutorial part 1: Inside the Metasploit framework
In part one of our Metasploit tutorial, learn the framework’s basics, to use it for vulnerability scans and create a simple exploit on a target system. Continue Reading
-
News
12 Jul 2011
Cyber terrorism set to increase after al-Qaeda calls for more cyber attacks, says government
Cyber terrorism will become an increasing problem as the tools and techniques needed for cyber attacks become more widely available, according to a report on the government's new counter-terrorism strategy. Continue Reading
-
News
11 Jul 2011
Microsoft packs a lot into July’s four Patch Tuesday security updates
Microsoft is to release only four security updates in this month's Patch Tuesday security update, but these will cover 22 vulnerabilities in Windows and Office. Continue Reading
-
News
08 Jul 2011
Businesses understand social media risks but fail to take precautions, says survey
Businesses are using social media without taking adequate measures to monitor staff activity, which could open them up to security attacks and create compliance risks. Continue Reading
-
News
07 Jul 2011
FireControl project failed because of inadequate EADS contract, MPs told
The failure of the canned £469m FireControl project was due to an inadequate IT contract, MPs were told at a Public Accounts Committee (PAC). Continue Reading
-
News
07 Jul 2011
ICO calls on UK businesses to open their doors to audits and reduce data breaches
Private enterprises make up a third of data security breach claims, but despite this, many continue to resist the offer of an audit by the Information Commissioner's Office (ICO), according to the privacy watchdog's latest annual report. Continue Reading
-
News
06 Jul 2011
Network security case study: College’s NAC virtual appliance makes grade
Wellington College’s network security case study explains how a NAC virtualization appliance blocks malware and provides increased capacity on demand. Continue Reading
-
News
05 Jul 2011
ICO issues warning over NHS Data Protection Act breaches
Following five more NHS Data Protection Act violations, the Information Commissioner’s Office will redouble efforts to help NHS improve security. Continue Reading
-
News
04 Jul 2011
Hulu withdraws Facebook Connect feature after software glitch leaked users' data
US online video service Hulu has withdrawn its Facebook Connect integration because of security problems discovered soon after launch. Continue Reading
-
News
04 Jul 2011
Hacker group Anonymous steals user names and passwords in cyber attack on Apple
Hacker group Anonymous claims to have stolen 25 internal user names and passwords from Apple in the latest of a series of attacks on government and corporate websites around the world. Continue Reading
-
News
01 Jul 2011
Cyber criminals deploy TDL-4 virus to create indestructible botnet of 4.5m computers
Over 4.5 million computers around the world have been infected by the TDL-4 virus, creating an indestructible botnet. Continue Reading
-
News
30 Jun 2011
Apple fixes 39 bugs in Snow Leopard, preps for Lion release
Releases final non-security update - v10.6.8- for Snow Leopard OS, which fixes 39 flaws. More details inside. Continue Reading
-
News
30 Jun 2011
Japan earthquake and tsunami provides first real test of high-tech disaster recovery, says Microsoft
Japan's earthquake and tsunami that killed at least 15,000 people and left 11,000 missing in March 2011 was the first real test of disaster recovery and business continuity plans on a large scale in a high-tech country, according to Microsoft. Continue Reading
-
News
29 Jun 2011
Update software to reduce risk of cyber attack, top suppliers tell business
Businesses are unnecessarily exposing themselves to cyber attack simply by failing to update to the latest versions of the software they are running, according to Microsoft and Adobe. Continue Reading
-
News
27 Jun 2011
Lulz Security announces it is to disband following 50-day hacking spree 'cruise'
Lulz Security – a group of hackers claiming responsibility for hacking Sony and Nintendo and taking down the websites of the Serious Organised Crime Agency and the US Senate – has announced it is to disband. Continue Reading
-
News
23 Jun 2011
Cisco introduces AnyConnect to mobile devices
The benefits of enabling your workforce with mobile access to enterprise applications, regardless of whether those applications are in the cloud or in the corporate data centre, are clearly recognised. The ease of providing secure remote access to employees, and the ability to maintain corporate data security policies is, however, not simple. Continue Reading
-
News
23 Jun 2011
Tesco Bank customers remain locked out of accounts following migration glitch
Tesco Bank customers are still unable to log into accounts following a migration glitch. Continue Reading
-
News
22 Jun 2011
McAfee releases Android end point security solution
McAfee have announced McAfee Mobile Security software, available for both smartphones and tablets, which according to a recent press release provides a comprehensive mobile security solution by combining three leading McAfee mobile security products: WaveSecure, VirusScan Mobile and SiteAdvisor® for Android. Continue Reading
-
News
22 Jun 2011
European Commission gives green light to CSC acquisition of beleaguered iSoft
The European Commission (EC) has approved CSC's acquisition of healthcare software maker iSoft. Continue Reading