Has Oracle’s Java 7 update patch finally removed the security vulnerabilities that have been exploited by hackers?

It’s been a torrid old time for Oracle over the last few months. Targeted by hackers, Oracle has rarely been out of the news. There were hopes that the recently-released Java 7 Update 11 would solve the problems once and for all, unfortunately the patch, which was meant to mitigate two zero-day vulnerabilities in Java that were being actively exploited by attackers, has not delivered according to cyber-security experts. They maintain that all that has happened is that the threat has been relocated, and therefore that Java is still vulnerable.

Read More

The hunt for ‘Red October’ is finally over according to malware researchers at Kaspersky Labs

The hunt for a major cyber-attack that could have been stealing confidential documents since 2007 is finally over after the Red October malware was discovered by researchers at Russia’s Kaspersky Labs. The malware had been targeting government institutions, embassies, oil and gas institutions and nuclear research centres. Red October, named after the Russian submarine featured in the Tom Clancy novel The Hunt For Red October, was designed to steal encrypted files, and was so sophisticated that it was even able to recover files that had been deleted. Experts are hailing the discovery as ‘very significant’.

Read More

Better Backups Webinar

You wouldn’t use videotape to watch a movie. So why use tape to backup your data? Find out how to back up your data using a cost effective, state-of-the-art digtal backup solution complete with secure, automated off site replication. You are invited to attend our FREE webinar on 31st Jan 11am, which will discuss and …

Read More

Don’t Let Data Loss Get You Down

An effective data backup and restore solution is the cornerstone of availability management in any Information Security Management System. New Year is traditionally a time to reflect on the past and look at ways to improve how you do things in the future. So, perhaps now is the time to look at how you carry out this most basic and important of functions to protect your business data.

Read More

Microsoft admits that millions of new computers could be infected with malware

If you ever wanted proof that website security is a major issue, or that hacking and cyber-attacks are a serious global problem, then you need look no further than the statement issued by Microsoft recently. Microsoft, the world’s largest software producer, has admitted that hackers have uploaded viruses and malware which can help them steal people’s personal data on to millions of new PCs and laptops. After an investigation the company revealed that it had found malware in counterfeit copies of Microsoft Windows which would allow hackers to remotely switch on and control devices like microphones and cameras on machines that were still factory-sealed.

Read More

Small firms face a greater cyber-security risk than their larger competitors

We often read headlines in newspapers declaring that UK businesses are suffering as many as 1,000 cyber-attacks an hour, but which businesses are most at risk from hackers? The majority of us would probably suspect that it is the largest organisations; after all they are more likely to have the most-valuable information that will prove to be attractive to hackers.

Read More

What exactly are the requirements of Payment Card Industry Data Security Standards (PCI DSS)?

Most businesses will be aware of the vital importance of spotting security vulnerabilities within their network and applications, and many will also be aware that they will need to carry out a network penetration test to help them comply with the Payment Card Industry Data Security Standard (PCIDSS) requirements. Understandably many SMBs will look to find the cheapest and quickest way to comply with the required standards. However, some businesses might be surprised to learn that the service they are paying for isn’t necessarily what they think it is. PCI DSS is explicit in its requirement that a penetration test has to be performed, but it is rather vague when it comes to explaining what methods need to be employed when performing testing.

Read More

Why is it important that Information Security Management Systems conform to ISO 27001?

ISO 271001

The majority of organisations will generally now have a number of information security controls in place. However, without a formal Information Security Management System (ISMS), these controls tend to be somewhat disorganized, haphazard and disjointed.

The reason for this is that the controls have often been implemented partly as specific solutions for specific situations, or simply introduced as a matter of convention. Unfortunately, the security controls in operation today typically only address certain aspects of IT or data security, leaving non-IT information assets like paperwork and proprietary knowledge less protected and vulnerable. Sometimes business continuity planning and physical security might be managed independently of IT or information security, whilst Human Resources practices may not recognise the need to define and assign information security roles and responsibilities throughout the organization. The ISO 27001 standard was introduced to address these issues.

Read More

Deception protection: innovative technology that detects, tracks, profiles and prevents hackers in real-time

Penetration Testing

The security of both the critical national infrastructure and business interests is increasingly being threatened by cyber criminals. Terrorists, fraudsters, rogue states and individual activists are among the criminals who have been targeting computer systems in the UK over the last two years.

Read More

Walking through walls – Manchester 19th Feb 2013

Krypsys Testimonials

Find out why your network firewall might not save you You are invited to attend a FREE Web Application Hacking Demonstration and discussion on Advanced Evasion Techniques (AETs) followed by lunch and a Security Q&A Session in:- Manchester on Tue 19th Feb 2013 11:00am Hacking and information theft are now big business. The major threat …

Read More

Deception Point 6th Feb 2013 – London

Krypsys Testimonials

Find out how professional hackers are deceiving your network defences You are invited to attend a FREE seminar on how traditional network defences are being routinely breached by attackers. The presentations will include a web application hacking demonstration, discussions on Advanced Evasion Techniques (AETs), the increasing threat from DDoS attacks and the latest Intrusion Deception …

Read More

Deception Point 5th Feb 2013 – Manchester

Krypsys Testimonials

Find out how professional hackers are deceiving your network defences You are invited to attend a FREE seminar on how traditional network defences are being routinely breached by attackers. The presentations will include a web application hacking demonstration, discussions on Advanced Evasion Techniques (AETs), the increasing threat from DDoS attacks and the latest Intrusion Deception …

Read More