The DigiNotar hacking and subsequent trust revoke by major browsers has led to spam being detected relating to the incident. Research by Barracuda Labs said that consumer confusion over DigiNotar certificate forgeries has resulted in spam emails being pitched directly to business customers of banks to convince them that their SSL certificate has expired. Security researchers Dave Michmerhuizen and Luis Chapetti said that while the spam is very standard in its appearance, the message is much more dangerous. They said: [...]

The personal details of 1.6 million individuals were lost after they were placed on a CD that accidentally got sent to landfill. According to the Information Commissioner’s Office (ICO), Eastern and Coastal Kent Primary Care Trust sent a filing cabinet to landfill that contained a CD which had the address, date of birth, NHS number and GP practice code of approximately 1.6 million individuals. The ICO said that when planning the office move, the security of the CD was considered [...]

All organizations, regardless of size or industry, utilize encryption keys and digital certificates for electronic communications and authentication. SSL certificates and the accompanying encryption keys, for instance, are broadly used to secure systems and data for a wide variety of mission critical applications, including protecting credit card transactions, online banking, healthcare information access, and many others. Encryption has become ubiquitous. Though encryption technologies have a proven track record, organization are hesitant to deploy more of it for fear they’ll be [...]

Almost 90 per cent of businesses have suffered some form of data loss in the past year. A survey of 1,987 European businesses by CA Technologies found that respondents had struggled to deal with IT systems failure, attacks and human error. A total of 88 per cent of respondents suffered application and data loss incidents in the past year, while 63 per cent had experienced an IT systems failure, such as a network, storage or software failure. In the survey, [...]

The Linux community has been hit by more security woes after a breach forced the temporary closure of the web sites of the Linux Foundation and others. At the time of writing, LinuxFoundation.org, Linux.com and all sub domains were offline and replaced with a message informing visitors that a security breach occurred on 8 September, most likely as a result of an intrusion on Kernel.org at the end of August. “We are in the process of restoring services in a [...]

Belgian security firm GlobalSign is to resume issuing website authentication certificates, after a hacker claimed to have breached its systems. The company is still investigating whether bogus certificates were created in its name. Had that happened, cyber criminals would have been able to spy on users accessing supposedly secure sites. An earlier attack on Dutch company DigiNotar resulted in several hundred false certificates being issued. GlobalSign said it would start bringing its systems back online on Monday, but did not [...]

A missing dot in an email address might mean messages end up in the hands of cyber thieves, researchers have found. By creating web domains that contained commonly mistyped names, the investigators received emails that would otherwise not be delivered. Over six months they grabbed 20GB of data made up of 120,000 wrongly sent messages. Some of the intercepted correspondence contained user names, passwords, and details of corporate networks. About 30% of the top 500 companies in the US were [...]

Security firm Symantec has put the cost of cyber crime to the world’s economy at $388bn annually, a figure that is $100bn greater than the combined global market for marijuana, cocaine and heroin. The Norton Cybercrime Report 2011 said that the figures are based on information and estimates from 12,000 victims of cyber crime in 24 countries, split between $114bn in lost finances and $274bn in the time victims take to deal with the after effects of being targeted by [...]

Venafi developed the Director 6 platform and applied for the patent after recognizing that organizations have little insight into the security assets in their inventories, where they are deployed, by whom they are accessed or how they are managed. Without leveraging best practices and automated management processes across multiple CAs, companies and government agencies cannot gain control of their spiraling key and certificate inventories. Thus they expose themselves to significant, unquantified and unmanaged security, compliance and operational risks, which invariably [...]

University Hospital of South Manchester NHS Foundation Trust lost the personal information of 87 patients when a medical student mislaid an unencrypted memory stick. According to the Information Commissioner’s Office (ICO), the trust breached the Data Protection Act when the personal details of patients, and sensitive information relating to their treatment, were lost last December. The mistake happened when a medical student, who had been on a placement at the hospital’s Burns and Plastics Department, copied data onto a personal, [...]