Cyber security news roundup February 2016

A round up of recent cyber security news and developments, as reported in the IT press:

UK cyber security policy:

• The Government announced a new programme to support cyber security startups. The £250,000 ‘Early Stage Accelerator Programme’ programme will be run by in partnership by Cyber London and the Centre for Secure Information Technologies (CSIT) at Queen’s University Belfast.

Password issues & risks:

• BBC News reported on a British firm that claims to have come up with a solution to the issue of bulk password theft. Silicon Safe has developed a hardware which stores passwords separate to the network and has announced £1m in funding to launch it.
• Computing reported that Lenovo released an urgent software update after it was revealed that it had set a hard-coded password to '12345678' by default in its ShareIT function, while Network World reported on CloudCracker, which aggregates cloud computing to conduct massive dictionary attacks on samples of traffic to reveal passwords for just $17.

Cloud computing issues and risks:

• Network World reported that cloud computing has become the new “rogue IT” or “shadow IT”, with organisations now struggling to keep track of the unauthorised use of cloud computing services across the enterprise. Previously these terms were used to describe the unauthorised addition of new hardware or software to a network, such as access points or servers. Cisco has launched a new service, Cloud Consumption as a Service, to help organisations address this problem.

Cyber security research:

• Imperial College London announced two new projects on testing the resilience of the UK's infrastructure from cyber-attacks and sharing data safely. These three-year long projects will help to ensure that cyber security develops in step with changes in technology and with emerging threats.
• TechRepublic reported on the long running DETER (cyber DEfense Technology Experimental Research) project which provides cybersecurity researchers with a proving ground without impacting on the wider internet.
• A Scientific American article explored the complexities involved in identifying the culprits behind high profile cyber attacks.
• EurekaAlert! reported that Ben-Gurion University of the Negev cyber security researchers have discovered and traced approximately six botnets by analyzing data collected from past cyber attacks.
• Crossword Cybersecurity has announced that former Chief Scientific Adviser for National Security Professor Nick Jennings CB FREng has been appointed as a senior adviser to the cyber security technology transfer company. Professor Jennings has also been appointed as Vice Provost (Research) at Imperial College, a post that he will take up in April.

Recent attacks, vulnerabilities & threats:

• Computing and BBC News reported on a serious cyber attack on Lincolnshire County Council involving a ransomware demand. Originally reported as being a demand for £1m it transpired later that the demand was for $500 (£350).
• ZDnet, Ars Technica and Network World reported on new patches for OpenSSL.
• Network World reported that Oracle is to deprecate the Java browser plug-in over the next year.
• The University of Central Florida has admitted that they experienced a breach last month in which the personally identifiable information of 63,000 current and former UCF students, staff and faculty members was unlawfully accessed.