If you cannot view this email please click here

BYOD

Passwords

 		Hacking CloudSecurity Compliance Reviews

Features

Security Directive Could Cost Organisations Billions

UK businesses could be hit hard in the pocket by a new EU Cyber Security Directive

 main headline
banner advert

Raising the standards

One organisation has been busy helping businesses to recover ICT assets to decrease the risk around data loss

 main headline

Academia's vital security role

With the right support, you can keep your systems and business safe in an increasingly insecure world

 main headline

Masterclass

Can cyber-risk insurance really keep you safe?

Cyber-risk insurance policies are growing in popularity, but may encourage complacency. Tim Ager offers his thoughts

 main headline

News

Tabernus to Showcase Advanced Data Erasure Solutions at Infosecurity Europe 2014

Certified Data Erasure specialists Tabernus will exhibit at InfoSec 2014 from 29 April- 1 May. The event is being held at Earls Court in London.

100 million-plus attacks blocked

FireHost has released its 2013 year in review Superfecta report

Be warned - Not being in cyber space is no protection

Some 6.7 million adults in the UK have never used the internet - yet they are still vulnerable

 main headline

UK falling behind in cyber-security awareness

BT research reveals that the UK trails in big business cyber-security awareness rankings

main headline

Sophos acquires Cyberoam

Sophos has scooped up Cyberoam Technologies, a provider of network security products

Virgin Media raises security level

Virgin Media Business has been accredited to provide safe and secure network services up to the government's published Business Impact Level 3 (IL3) criteria

 main headline

Move to raise awareness of online threats

BullGuard is partnering with Get Safe Online, the UK's national internet security awareness initiative

main headline

Akamai completes the deal

Akamai Technologies has completed its acquisition of Prolexic Technologies

Review

ManageEngine EventLog Analyzer

ManageEngine's EventLog Analyzer (MEA) offers an interesting alternative to the mainstream SIEM (security information and event management) solutions

 main headline

AWARDS

Computing Security Awards

The 2013 Computing Security Awards at the Hotel Russell in London were a huge success, as people from right across the industry gathered to hear who had triumphed - and carried off the much coveted winners' accolades. Here we profile some of last year's winners

Security - DLP Solution of the Year 2013

WINNER: Trend Micro - Integrated DLP

main headline

Security - Mobile Security Solution of the Year 2013

WINNER: Good Technology - Good Collaboration Suite

 main headline

White papers

Password Protected: A Survey On Two-Factor Authentication

The background to eliminating insecure passwords

Cloud-Based Services: Easing The I.T Burden While Taking Control

The potential benefits of employing cloud-based services, either in place of existing IT resources or alongside them, are undoubtedly significant, as this white paper from GFI Cloud makes clear.

Inside the criminal mind

Infoblox has launched a whitepaper that takes a sideways look at DNS security from the perspective of a cybercriminal

Welcome to the April 2014 Newsletter.

A vulnerability in a popular implementation of the Secure Socket Layer (SSL) technology, used to secure internet transactions, has been revealed that has sent the media and industry experts into something of a frenzy, dubbing it 'Heartbleed'. However, the reaction is not without cause, as this allows sophisticated attackers to read parts of a system's memory that may contain sensitive details.

Roland Dobbins, senior analyst at Arbor Networks' Security Engineering & Response Team (ASERT) - much as many other commentators have - describes the 'Heartbleed' security bug as extremely serious, which "highlights the manual nature of the tasks required to secure critical Internet services, such as basic encryption and privacy protection".

Most worryingly, there are no automated safeguards which can ameliorate these issues. "... what most people don't realise is that, if attackers captured packets in the past from vulnerable systems and retained those captured packets, they've the opportunity now to use analysis tools to replay those packets and decrypt the Internet traffic contained in those packets", Dobbins warns.

As ever, in the world of computing security, we are always one step away from the next potential crisis. But what should be done in response to this latest threat? Dan Miller, principal engineer, Adapt, has this advice: "The first step is to assess the risk. If an organisation suspects any of its servers is vulnerable, it should work quickly to patch or disable affected services. Working closely with a service provider or the Operating System vendor during this process is advised to mitigate risk and keep operations running smoothly."

One suspects that, for a number of organisations, Heartbleed and heartbreak may not be that far apart, if remedial action isn't taken quickly.

To make sure you get your copy of the Newsletter emailed to you personally, every time, click here to register.

Brian Wall, Editor
Computing Security

Follow us :

 

 

 

To unsubscribe click here

Published by: BTC 35 Station Square Petts Wood BR5 1LZ

Tel: +44 (0) 1689 616 000
Fax: +44 ( 0) 1689 826 622