Journal Cover Computer Fraud & Security
  [SJR: 0.196]   [H-I: 13]   [362 followers]  Follow
    
   Full-text available via subscription Subscription journal
   ISSN (Print) 1361-3723
   Published by Elsevier Homepage  [3177 journals]
  • Editorial
    • Authors: Steve Mansfield-Devine
      First page: 2
      Abstract: Publication date: March 2018
      Source:Computer Fraud & Security, Volume 2018, Issue 3
      Author(s): Steve Mansfield-Devine
      The rise of the robots and technology veering out of the control of its creators have been popular tropes in science fiction at least since Mary Shelley's Victor Frankenstein messed with forces he didn't understand.

      PubDate: 2018-04-15T15:21:53Z
      DOI: 10.1016/s1361-3723(18)30019-8
       
  • Editorial
    • Authors: Steve Mansfield-Devine
      First page: 2
      Abstract: Publication date: February 2018
      Source:Computer Fraud & Security, Volume 2018, Issue 2
      Author(s): Steve Mansfield-Devine
      It's hard to imagine anyone involved in IT who hasn't heard of the EU's General Data Protection Regulation (GDPR) and who doesn't know that they need to be compliant by May of this year.

      PubDate: 2018-04-15T15:21:53Z
      DOI: 10.1016/s1361-3723(18)30019-8
       
  • Editorial
    • Authors: Steve Mansfield-Devine
      First page: 2
      Abstract: Publication date: January 2018
      Source:Computer Fraud & Security, Volume 2018, Issue 1
      Author(s): Steve Mansfield-Devine
      The true seriousness of the Meltdown and Spectre bugs (see main news story) will only become apparent over time. We don't yet know how exploitable these flaws are outside of the laboratory, or whether malicious actors will be able to take advantage of them.

      PubDate: 2018-04-15T15:21:53Z
      DOI: 10.1016/s1361-3723(18)30019-8
       
  • Compliance is not security
    • Authors: Jon Topper
      Pages: 5 - 8
      Abstract: Publication date: March 2018
      Source:Computer Fraud & Security, Volume 2018, Issue 3
      Author(s): Jon Topper
      Modern IT infrastructure practice is evolving at an incredible pace, with the ongoing proliferation of cloud computing, container orchestration platforms and, most recently, a trend that we're calling ‘serverless’. Is our security practice evolving along with it' IT infrastructure practice is evolving at an incredible pace, with the ongoing proliferation of cloud computing, container orchestration platforms and, most recently, the ‘serverless’ trend. But is our security practice evolving along with it' It's no longer sufficient, if indeed it ever was, to uncritically import a bunch of ‘best practices’ into your organisation once and then call that your security policy. Policies must evolve over time, with people at all levels of the business involved in their implementation, explains Jon Topper of The Scale Factory.

      PubDate: 2018-04-15T15:21:53Z
      DOI: 10.1016/s1361-3723(18)30022-8
       
  • A password to the future
    • Authors: Andrew Rogoyski
      Pages: 8 - 10
      Abstract: Publication date: March 2018
      Source:Computer Fraud & Security, Volume 2018, Issue 3
      Author(s): Andrew Rogoyski
      One question security professionals are often asked is: “How can I keep myself safe online'” This question is typically stimulated by the rising tide of news articles disclosing the latest cyber-security breach that has affected some company, some department or some individual – embarrassing, inconveniencing or impoverishing them. People are a little bit scared and perhaps they should be. A cyber-security measure that we all experience and which remains stubbornly difficult to manage is the password. Most digital interactions require you to, at some point, have invented, remembered and used a password – people routinely have dozens, sometimes hundreds. There's a wealth of advice on how to improve your passwords and Andrew Rogoyski of CGI UK sifts through what is currently regarded as best practice and argues that, within organisations, good password hygiene starts with senior executive leadership.

      PubDate: 2018-04-15T15:21:53Z
      DOI: 10.1016/s1361-3723(18)30023-x
       
  • Why the security industry should stop relying on FUD
    • Authors: Sam Curry
      Pages: 10 - 12
      Abstract: Publication date: March 2018
      Source:Computer Fraud & Security, Volume 2018, Issue 3
      Author(s): Sam Curry
      The narrative around information security has always been much more negative than the rest of the technology sector. Discussions around cyber tend to focus on threats and consequences, rather than the optimistic emphasis on progress and opportunity found in areas such as the cloud or mobile technology. Discussions around cyber tend to focus on threats and consequences, rather than the optimistic emphasis on progress and opportunity found in areas such as the cloud or mobile technology. The security industry often gets carried away with the level of doom and gloom and all too often, we see the conversation veering into fear, uncertainty and doubt. The industry has a duty to use its knowledge and experience to guide organisations into making choices that will improve their confidentiality, integrity and availability when a security incident occurs, says Sam Curry of Cybereason.

      PubDate: 2018-04-15T15:21:53Z
      DOI: 10.1016/s1361-3723(18)30024-1
       
  • A novel key expansion technique using diffusion
    • Authors: Muhammed Al-Muhammed
      Pages: 12 - 20
      Abstract: Publication date: March 2018
      Source:Computer Fraud & Security, Volume 2018, Issue 3
      Author(s): Muhammed Al-Muhammed
      The security of encryption techniques depends a great deal on the proper manipulation of keys during the encryption process. Improper key handling and use may lead to malicious actors being able to predict the key and consequently endanger the security of the data.

      PubDate: 2018-04-15T15:21:53Z
      DOI: 10.1016/s1361-3723(18)30025-3
       
  • Designing flexible sandboxing solutions to adapt to new malware trends
    • Authors: Matteo Cafasso; Mathieu Tarral
      Pages: 5 - 9
      Abstract: Publication date: February 2018
      Source:Computer Fraud & Security, Volume 2018, Issue 2
      Author(s): Matteo Cafasso, Mathieu Tarral
      Every day, security organisations analyse thousands of new files and URLs, identifying the harmful ones to constantly improve their knowledge of computer threats. It is hard to guess whether a file or URL could be harmful or not without executing it, and executing unknown malicious software is dangerous. Every day, security organisations analyse thousands of new files and URLs, identifying the harmful ones to constantly improve their knowledge of threats. Matteo Cafasso and Mathieu Tarral of F-Secure explore design patterns and technologies for this kind of analysis, and look at an architectural design aiming to produce a flexible and maintainable sandboxing platform. They also discuss the introduction of a software development kit (SDK).

      PubDate: 2018-04-15T15:21:53Z
      DOI: 10.1016/s1361-3723(18)30013-7
       
  • Resistance, response and recovery
    • Authors: Nick Hawkins
      Pages: 10 - 13
      Abstract: Publication date: February 2018
      Source:Computer Fraud & Security, Volume 2018, Issue 2
      Author(s): Nick Hawkins
      In May 2017 the NHS was just one high-profile victim of the global ‘Wannacry’ ransomware attack. Patient data was exposed and compromised in the attack. In June of the same year, NotPetya, another crippling ransomware attack, targeted many of the EU's largest companies. In the face of threats like this, how can you mitigate risk, limit the impact of an attack and expedite recovery' It comes down to the three R's of cyber-security – resistance, response, recovery. Managing cyber-attacks is no longer just about how well you are equipped to resist the attack in the first place but how you respond and how quickly you recover to a normal state of business operation. Nick Hawkins of Everbridge examines the three R's of cyber-security – resistance, response and recovery. He argues that the time has come for organisations to put as much focus on their response and recovery as they do on investing in protection. Being prepared and having staff trained to limit the fallout and speed up the recovery are key to limiting the damage and cost of a cyber-attack.

      PubDate: 2018-04-15T15:21:53Z
      DOI: 10.1016/s1361-3723(18)30014-9
       
  • The threat on the end of the phone: the danger of contact centre agents
    • Authors: Tim Critchley
      Pages: 13 - 15
      Abstract: Publication date: February 2018
      Source:Computer Fraud & Security, Volume 2018, Issue 2
      Author(s): Tim Critchley
      The rise of the ‘insider’ data security threat has been well-documented. Cases such as Snapchat, where its CEO fell victim to a whaling attack, exposing sensitive employee information, and Sage, where a staff member actively stole banking and salary details for personal gain, have flagged up the variety of dangers. 1,2 No matter what the source, the result is a costly and reputation-damaging data breach that may well have a negative impact on the business for years to come. The rise of the ‘insider’ data security threat has been well-documented. But one, often overlooked, insider threat is that of the contact centre. The employees on the end of the line to customers can be one of the company's biggest assets. However, many have access to sensitive customer details, which means they can also represent a significant security vulnerability. Tim Critchley of Semafone explains how information security teams must ensure that their policies and technical solutions are up to the job of fending off internal threats.

      PubDate: 2018-04-15T15:21:53Z
      DOI: 10.1016/s1361-3723(18)30015-0
       
  • The malware arms race
    • Authors: Steve Mansfield-Devine
      Pages: 15 - 20
      Abstract: Publication date: February 2018
      Source:Computer Fraud & Security, Volume 2018, Issue 2
      Author(s): Steve Mansfield-Devine
      It seems that the battle with malware never ends. While our technologies and processes evolve rapidly to deal with it, so too do those of the attackers. Our defences are never perfectly implemented and human behaviour will always remain a weak spot. But as Brian Hussey, VP of cyber threat detection and response at Trustwave SpiderLabs, points out in this interview, the situation is being made more difficult through cyber-criminals adopting ever more cunning methods of sliding by anti-malware protections.

      PubDate: 2018-04-15T15:21:53Z
      DOI: 10.1016/s1361-3723(18)30016-2
       
  • Plugging the skills gap: the vital role that women should play in
           cyber-security
    • Authors: Michelle Johnson Cobb
      Pages: 5 - 8
      Abstract: Publication date: January 2018
      Source:Computer Fraud & Security, Volume 2018, Issue 1
      Author(s): Michelle Johnson Cobb
      The past year has been dominated by cyber-security incidents in the news, including three of the biggest ransomware attacks ever to hit companies globally. Last September's massive Equifax breach continues to throw a spotlight on cyber-security and highlight how important it is for organisations to have protective cyber-security measures in place. Prior to the Apache Struts exploit, many organisations – including critical infrastructure firms – fell victim to WannaCry and NotPetya, increasing cyber-security concerns for nation states as well as businesses. While headlines are full of high-profile breaches, organisations are struggling to find enough people with cyber-security skills. Yet women remain notable by their absence in the cyber-security world. This isn't due to lack of qualifications. There are plenty of women with backgrounds in computer science and other technical and scientific fields who could meet this need. So why isn't this happening' Michelle Johnson Cobb of Skybox Security examines the hurdles that women face and, importantly, how they represent an untapped resource that could address serious issues faced by organisations.

      PubDate: 2018-04-15T15:21:53Z
      DOI: 10.1016/s1361-3723(18)30004-6
       
  • Cloud first – tackling the security challenges
    • Authors: Dave Nicholson
      Pages: 8 - 11
      Abstract: Publication date: January 2018
      Source:Computer Fraud & Security, Volume 2018, Issue 1
      Author(s): Dave Nicholson
      Organisations of all shapes and sizes and in every sector of our economy are increasingly drawn to the idea of moving their data and applications to the cloud. When one looks at the huge array of practical benefits that can be achieved by doing so, this growing interest and escalating uptake is hardly surprising. After all, by migrating their resources to the cloud, organisations can achieve enhanced scalability, a significant reduction in operating costs, greater collaboration and document control and provide ubiquitous access to their applications. Organisations are increasingly drawn to the benefits of the cloud. And we are seeing many of them adopting a ‘cloud first’ strategy. This does not mean, however, that organisations no longer have security issues to confront or data management concerns to address. This new cloud-focused IT landscape brings with it threats from both external and internal sources, adding to the pressure placed on the organisation's security and networking teams, explains Dave Nicholson of Axial Systems.

      PubDate: 2018-04-15T15:21:53Z
      DOI: 10.1016/s1361-3723(18)30005-8
       
  • Using the service desk to secure the organisation
    • Authors: Kevin Smith
      Pages: 11 - 14
      Abstract: Publication date: January 2018
      Source:Computer Fraud & Security, Volume 2018, Issue 1
      Author(s): Kevin Smith
      Shadowy hackers and cyber-spies tend to dominate the public perception of online threats. Accompanied by clichéd stock images of grim-looking figures wearing face masks and oversized hoodies, they make for great headlines and an over-simplified metaphor to help the public understand the growing cyber-threat landscape. However, the more mundane reality is that – whether directly or indirectly – your everyday employees are the source of most threats to the organisation. The question is, what can we do to mitigate the risk of the insider threat Your employees are the source of most threats to the organisation. The question is, what can we do to mitigate the risk' The key is to bring together relevant IT and security teams united through the actions of an empowered service desk. You'll get better at detecting the early warning signs of a serious threat and proactively securing your endpoints. This kind of preventative approach could end up saving you millions in breach-related losses, argues Kevin Smith of Ivanti.

      PubDate: 2018-04-15T15:21:53Z
      DOI: 10.1016/s1361-3723(18)30006-x
       
  • Phishing – challenges and solutions
    • Authors: Ike Vayansky; Sathish Kumar
      Pages: 15 - 20
      Abstract: Publication date: January 2018
      Source:Computer Fraud & Security, Volume 2018, Issue 1
      Author(s): Ike Vayansky, Sathish Kumar
      Phishing is a major threat to all Internet users and is difficult to trace or defend against since it does not present itself as obviously malicious in nature. In today's society, everything is put online and the safety of personal credentials is at risk. Phishing can be seen as one of the oldest and easiest ways of stealing information from people and it is used for obtaining a wide range of personal details. It also has a fairly simple approach – send an email, email sends victim to a site, site steals information.

      PubDate: 2018-04-15T15:21:53Z
      DOI: 10.1016/s1361-3723(18)30007-1
       
  • Multiple breaches leak millions of customer records
    • Abstract: Publication date: April 2018
      Source:Computer Fraud & Security, Volume 2018, Issue 4
      Breaches of computer systems belonging to some high-profile brands have resulted in leaks of millions of customer records. In one case the leaks involve payment card details and some of the incidents date back several months.

      PubDate: 2018-05-15T14:06:44Z
       
  • Editorial
    • Abstract: Publication date: April 2018
      Source:Computer Fraud & Security, Volume 2018, Issue 4
      Author(s): Steve Mansfield-Devine
      The plot thickens in the spat between Apple and the FBI. It now seems that elements within the FBI withheld information about the agency's ability to crack iPhones because it would have been useful to get a court judgment against Apple and set a legal precedent.

      PubDate: 2018-05-15T14:06:44Z
       
  • Grindr criticised for sharing data
    • Abstract: Publication date: April 2018
      Source:Computer Fraud & Security, Volume 2018, Issue 4
      As Facebook continues to reel from revelations about the way it has allowed third parties to exploit its users' data, gay dating app Grindr, which has 3.6 million daily active users, has joined the ranks of firms accused of over-sharing.

      PubDate: 2018-05-15T14:06:44Z
       
  • In brief
    • Abstract: Publication date: April 2018
      Source:Computer Fraud & Security, Volume 2018, Issue 4


      PubDate: 2018-05-15T14:06:44Z
       
  • GDPR puts vendor contracts in the security spotlight
    • Abstract: Publication date: April 2018
      Source:Computer Fraud & Security, Volume 2018, Issue 4
      Author(s): David Brook
      However, this needn't be an onerous task. In fact, as David Brook of Turnstone Services points out, successful contract reviews can bring broader benefits. Each contract term relating to data security can be clarified and strengthened as part of a tighter, more comprehensive IT security policy. The EU's General Data Protection Regulation (GDPR), which is about to come into force, requires the contracts between an IT department and its suppliers to be reviewed and updated. 1 However, successful contract reviews can bring broader benefits – and to IT security in particular.

      PubDate: 2018-05-15T14:06:44Z
       
  • Secret digital coin mining and trading is a threat to your business
    • Abstract: Publication date: April 2018
      Source:Computer Fraud & Security, Volume 2018, Issue 4
      Author(s): Jesse Sampson
      Digital coin software could be infecting your desktops and servers with malware, opening the doors to hackers. They could be after your customer lists, your passwords, your databases. Or they could be looking to turn your computers and devices into bots. Jesse Sampson of Ziften explains the nature of the threat and what to do about it. Bitcoin' Monero' Ethereum' It doesn't matter. Coin mining and trading activities by employees – or by hackers – is a huge security problem that every organisation needs to address.

      PubDate: 2018-05-15T14:06:44Z
       
  • Making information security easier
    • Abstract: Publication date: April 2018
      Source:Computer Fraud & Security, Volume 2018, Issue 4
      Author(s): Luke Briner
      There is a perception that information security is basically some paperwork and a few pieces of hardware, a bit like fitting a burglar alarm to your house. Alternatively, too many people think that security is too complex and they effectively give up. Luke Briner of PixelPin believes that the current information security environment is too ad hoc, with piecemeal solutions, poorly defined roles and a rat's nest of certification, regulation and law. He makes a plea for greater simplicity and a clearer view of goals and the paths to them. For too many people, information security makes their head hurt. At best we can keep a light grip on a small part of the risk base, but at worst it feels like trying to climb a greasy pole. For every strong movement upwards we end up feeling like we know less than we did before. How is that possible' Just like being a doctor, lawyer or tightrope walker, working in information security is hard. Very hard.

      PubDate: 2018-05-15T14:06:44Z
       
  • VPN: from an obscure network to a widespread solution
    • Abstract: Publication date: April 2018
      Source:Computer Fraud & Security, Volume 2018, Issue 4
      Author(s): James Longworth
      Looking at the evolution of virtual private networks (VPNs), one can see a clear shift in their usage in the past decade or so. While VPNs used to be reserved for big companies and government authorities – proving a mystery or unjustifiable expense to most – today we see VPNs being implemented and talked about on a much wider scale. From organisations of all sizes to individuals, more and more people are turning to VPNs to safeguard their data and ensure privacy.

      PubDate: 2018-05-15T14:06:44Z
       
  • Identity crisis: the disconnect between business and IT executives
    • Abstract: Publication date: April 2018
      Source:Computer Fraud & Security, Volume 2018, Issue 4
      Author(s): Steve Mansfield-Devine
      Perceptions about information security threats vary: what one person sees as a major menace another may view as little more than a nuisance. But while it might be normal for one company to regard the threat landscape differently from another, there can be problems when these mismatched perspectives exist within the same organisation. And as Barry Scott, CTO at Centrify EMEA, explains in this interview, if the C-suite is not getting the right picture, that can lead to dangerously skewed priorities and security strategies.

      PubDate: 2018-05-15T14:06:44Z
       
  • Events
    • Abstract: Publication date: April 2018
      Source:Computer Fraud & Security, Volume 2018, Issue 4


      PubDate: 2018-05-15T14:06:44Z
       
  • Charities and councils at high risk of cyber-attack
    • Abstract: Publication date: March 2018
      Source:Computer Fraud & Security, Volume 2018, Issue 3
      A Freedom of Information request by activist organisation Big Brother Watch has revealed that more than a quarter of UK councils have suffered security incidents in the past five years.

      PubDate: 2018-04-15T15:21:53Z
       
  • SEC issues new breach guidelines
    • Abstract: Publication date: March 2018
      Source:Computer Fraud & Security, Volume 2018, Issue 3
      The US Securities and Exchange Commission (SEC) has issued new guidelines on the public disclosure of cyber-security breaches.

      PubDate: 2018-04-15T15:21:53Z
       
  • In brief
    • Abstract: Publication date: March 2018
      Source:Computer Fraud & Security, Volume 2018, Issue 3


      PubDate: 2018-04-15T15:21:53Z
       
  • Events
    • Abstract: Publication date: March 2018
      Source:Computer Fraud & Security, Volume 2018, Issue 3


      PubDate: 2018-04-15T15:21:53Z
       
  • NCSC claims successes against cyber-attacks but warns of major assault on
           industry
    • Abstract: Publication date: February 2018
      Source:Computer Fraud & Security, Volume 2018, Issue 2
      While warning that the UK is likely to face a very significant cyber-attack against critical infrastructure within the next couple of years – and threatening to fine companies that don't shape up – the Government's National Cyber-security Centre (NCSC) has also claimed major successes in defending the country's businesses and Internet users.

      PubDate: 2018-04-15T15:21:53Z
       
  • Attacks up but cybercrime down … or is it'
    • Abstract: Publication date: February 2018
      Source:Computer Fraud & Security, Volume 2018, Issue 2
      The latest crime figures from the UK's Office for National Statistics (ONS) suggest that cyber-criminals may be starting to focus their efforts on businesses.

      PubDate: 2018-04-15T15:21:53Z
       
  • In brief
    • Abstract: Publication date: February 2018
      Source:Computer Fraud & Security, Volume 2018, Issue 2


      PubDate: 2018-04-15T15:21:53Z
       
  • Events
    • Abstract: Publication date: February 2018
      Source:Computer Fraud & Security, Volume 2018, Issue 2


      PubDate: 2018-04-15T15:21:53Z
       
  • Spectre and Meltdown processor flaws threaten billions of computers and
           mobile devices
    • Abstract: Publication date: January 2018
      Source:Computer Fraud & Security, Volume 2018, Issue 1
      Flaws in the way that a number of processor types execute instructions could make billions of devices – including cloud servers, PCs and mobile platforms – vulnerable to hacking.

      PubDate: 2018-04-15T15:21:53Z
       
  • In brief
    • Abstract: Publication date: January 2018
      Source:Computer Fraud & Security, Volume 2018, Issue 1


      PubDate: 2018-04-15T15:21:53Z
       
  • Events
    • Abstract: Publication date: January 2018
      Source:Computer Fraud & Security, Volume 2018, Issue 1


      PubDate: 2018-04-15T15:21:53Z
       
  • Editorial
    • Authors: Steve Mansfield-Devine
      First page: 2
      Abstract: Publication date: December 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 12
      Author(s): Steve Mansfield-Devine
      It might seem to some that having laws forcing organisations to disclose data breaches is a tad Draconian. But recent events have shown that they can't necessarily be trusted to do the right thing.

      PubDate: 2017-12-26T18:11:11Z
      DOI: 10.1016/s1361-3723(17)30095-7
       
  • Editorial
    • Authors: Steve Mansfield-Devine
      First page: 2
      Abstract: Publication date: November 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 11
      Author(s): Steve Mansfield-Devine
      Attacks on European Union countries are to be treated as acts of war, according to a new diplomatic statement that is currently in draft form. This is not an original stance to take, but the move does reflect the growing concern about the impact of hacking on economies and political processes.

      PubDate: 2017-12-26T18:11:11Z
      DOI: 10.1016/s1361-3723(17)30095-7
       
  • From super-yachts to web isolation
    • Authors: Jay Kelley
      Pages: 5 - 7
      Abstract: Publication date: December 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 12
      Author(s): Jay Kelley
      Even the super-luxurious boats owned by the jet-setting rich and famous are being taken hostage. 1 A white-hat hacker at a recent super-yacht investor conference (who knew there even were such events') demonstrated, in less than 30 minutes, how he took control of a super-yacht's satellite communications system, meaning that the cyber-pirates had control over the ship's wifi, telephone system and even the navigation system. 2 He could read emails, gather banking information and even steer the boat totally off-course without the ship's crew being any the wiser. It seems that nothing is safe anymore. Researchers have shown that even super yachts, which would appear immune as a result of their isolation, are vulnerable to hacking. Jay Kelley of Menlo Security explains how attackers can exploit everything from connected homes and businesses through to cars, hotels and even boats. The solution to the problem, he argues, is web isolation, handling web activity in virtual, disposable containers to keep malware well away from your critical systems so that you can explore the Internet in safety.

      PubDate: 2017-12-26T18:11:11Z
      DOI: 10.1016/s1361-3723(17)30106-9
       
  • Resisting the persistent threat of cyber-attacks
    • Authors: Gavin Russell
      Pages: 7 - 11
      Abstract: Publication date: December 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 12
      Author(s): Gavin Russell
      If there's one issue that businesses across all sectors should be concerned about in 2017, it's the threat of cyber-attacks. Cyber-security-related stories have rarely made it out of the news this year, and this has resulted in increased public awareness surrounding the topic. Stories about data breaches and other cyber-security issues have barely left the headlines this year and public awareness of the issue is growing. Gavin Russell of Wavex examines some of the most serious risks that face businesses – including malware, ransomware and DDoS attacks – and their potential impacts. Organisations of all kinds need to be proactive about keeping themselves safe using a combination of technology tools employed alongside appropriate business processes and data governance, he argues.

      PubDate: 2017-12-26T18:11:11Z
      DOI: 10.1016/s1361-3723(17)30107-0
       
  • Strengthening the network security supply chain
    • Authors: Steven Kenny
      Pages: 11 - 14
      Abstract: Publication date: December 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 12
      Author(s): Steven Kenny
      You can't say that we weren't warned. Just a few days before the largest distributed denial of service (DDoS) attack the world had ever seen was launched in September last year, researchers from IoT Village published a list of 47 vulnerabilities in 23 Internet-connected devices that they'd been examining. Everything from smart thermostats, connected door locks and remote-controlled wheelchairs proved vulnerable to password sniffing, replay attacks and other design flaws that let the researchers take them over. 1 There have been plenty of warnings about vulnerabilities in devices such as CCTV cameras and digital recorders, most of which went ignored – until Mirai used them to launch attacks. High street stores, B2B resellers and integrators all carry responsibility for the ability of criminals to use tools such as Mirai. And vulnerabilities in products continue to emerge. Steven Kenny of Axis Communications argues that it's time to look at all stages of the production and selling of Internet-connected devices, with everyone involved shouldering some of the responsibility for making sure we stay safe.

      PubDate: 2017-12-26T18:11:11Z
      DOI: 10.1016/s1361-3723(17)30108-2
       
  • Blasted from the past: why you can't ignore old vulnerabilities
    • Authors: Marina Kidron
      Pages: 14 - 16
      Abstract: Publication date: December 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 12
      Author(s): Marina Kidron
      How many cyber-security articles begin with ‘The threat landscape changes constantly’' While the concept is true, one aspect of the threat landscape likes to stay the same as long as it can – exploited vulnerabilities. According to data from the latest Fortinet Global Threat Landscape Report, 90% of enterprises are still recording exploits for vulnerabilities that are more than three years old, and 60% for vulnerabilities more than a decade old. 1

      PubDate: 2017-12-26T18:11:11Z
      DOI: 10.1016/s1361-3723(17)30109-4
       
  • Coming of age: how organisations achieve security maturity
    • Authors: Steve Mansfield-Devine
      Pages: 16 - 20
      Abstract: Publication date: December 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 12
      Author(s): Steve Mansfield-Devine
      When it comes to security, organisations have had a lot of growing up to do. Facing up to the volume and complexity of today's cyber-threats requires a level of maturity that is achievable only when you understand not just the world around you but yourself. As Kevin Down, chairman of the CNS Group, explains in this interview, organisations have a lot to gain from determining their degree of maturity when it comes to information security, with benefits for everyone from those working at the operational level right up to the board.

      PubDate: 2017-12-26T18:11:11Z
      DOI: 10.1016/s1361-3723(17)30110-0
       
  • UK fraud hits new high
    • Abstract: Publication date: December 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 12
      The ‘Annual Fraud Indicator 2017’, published by Crowe Clark Whitehill, Experian and the Centre for Counter Fraud Studies, shows that private sector fraud cost the UK economy £140bn while fraud in the public sector cost the country £40.3bn in 2017.

      PubDate: 2017-12-26T18:11:11Z
       
  • In brief
    • Abstract: Publication date: December 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 12


      PubDate: 2017-12-26T18:11:11Z
       
  • Events
    • Abstract: Publication date: December 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 12


      PubDate: 2017-12-26T18:11:11Z
       
  • Over half of fraud incidents in England and Wales are now cyber-related
    • Abstract: Publication date: November 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 11
      The latest figures from the UK's Office of National Statistics (ONS) would seem to show a slight overall drop in cybercrime. However, fraud figures are up and it may be too soon to celebrate as the statistics remain ‘experimental’.

      PubDate: 2017-12-26T18:11:11Z
       
  • Critical infrastructure comes under attack
    • Abstract: Publication date: November 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 11
      The US Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have issued a joint Technical Alert (TA17 – 293A) via US-CERT about advanced persistent threats targeting the country's energy companies and other critical infrastructure.

      PubDate: 2017-12-26T18:11:11Z
       
  • In brief
    • Abstract: Publication date: November 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 11


      PubDate: 2017-12-26T18:11:11Z
       
 
 
JournalTOCs
School of Mathematical and Computer Sciences
Heriot-Watt University
Edinburgh, EH14 4AS, UK
Email: journaltocs@hw.ac.uk
Tel: +00 44 (0)131 4513762
Fax: +00 44 (0)131 4513327
 
Home (Search)
Subjects A-Z
Publishers A-Z
Customise
APIs
Your IP address: 54.224.108.85
 
About JournalTOCs
API
Help
News (blog, publications)
JournalTOCs on Twitter   JournalTOCs on Facebook

JournalTOCs © 2009-