The OpenSSL Project team announced on Monday the 6th of July that OpenSSL versions 1.0.2d and 1.0.1p will be released shortly to address a serious security bug. According to the developers of the popular open-source toolkit for SSL/TLS, OpenSSL 1.0.2d and 1.0.1p will be released on Thursday, July 9, and they will fix a single high severity vulnerability. […]
Just four days after Adobe Systems patched a vulnerability in Flash Player, a malware researchers spotted a drive-by download attack that was exploiting it to install CryptoWall ransomware on the victim’s computer. Further research showed that the exploit was added to the commercial exploit kit called Magnitude and that this has clearly now been adopted by cybercriminals across the world for use in large-scale attacks. […]
SC Magazine yesterday reported that the Welsh Government have now made it mandatory for third-party suppliers with a ‘moderate’ or ‘high’ level of risk when dealing with sensitive information to be Cyber Essentials certified from 1 April this year. […]
Mandiant have recently published their 2015 M-Trends report which highlights the new attack trends they have identified through their role as security incident first responders over the last year. It is an interesting and informative report which is worth a read, and can be found here (registration is required, I’m afraid!). A couple of key points from the report caught my attention, most notably how attackers are exploiting remote access facilities such as VPNs. […]
Data breaches are proliferating, and the associated costs are exploding. According to the Ponemon Institutes’s “2014 Cost of Data Breach Study: United Kingdom” study, the average cost of a data breach has reached in the UK increased from £2.04 to £2.21 million.
Businesses’ general liability policies don’t cover those costly data breaches, which points to cyber insurance being a wise choice. In fact, AON PLC, the world’s largest reinsurance broker, claimed in October 2014 that the cyber insurance market was at the time growing at 38% annually.
However, as a case in the US a bit earlier this year has shown, cyber insurance should not be relied upon as your first line of cyber defence. […]
The National Institute of Standards and Technology (NIST) has released an updated version of its “Guide to Industrial Control Systems (ICS) Security.” The 247-page document provides ICS operators guidance on securing supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other control system configurations such as programmable logic controllers (PLC). […]
CS Risk Management have recently obtained the accreditation to provide the full suite of Cyber Essentials certification body services. Over and above Cyber Essentials Plus certification, this also now includes verification of Basic Cyber Essentials self-assessment submissions and issuing of Basic Cyber Essentials certificates to those customers who meet the requirements set out in the scheme. […]
UK newspaper, The Guardian, reports that the UK government is not going to renew support for their aging and now unsupported Windows XP desktop infrastructure. Microsoft withdrew its extended support programme for Windows XP, its 14-year-old operating system, in April 2014. Given the number of Windows XP PCs still being used in government and businesses Read more about UK Government chooses not to renew XP support[…]
Microsoft finally is planning to support SSH in Windows and the company’s engineers also will contribute to the OpenSSH project. While SSH has been a popular tool for remote login and command execution on many Unix and linux systems for years, Windows has not supported SSH by default, for a variety of reasons. Microsoft has Read more about Microsoft to support SSH in Windows #InfoSec # Crypto[…]