Independent consortium the Open Group is trying to resolve what it sees as confusion about risk management in the industry by publishing a guide to choosing a risk management methodology.

The Ministry of Defence (MoD) has omitted information that the theft of hard drives in September 2008 with data on RAF personnel also included highly sensitive RAF vetting records.

Anti-malware efforts took a significant step forward this week with the announcement of an initiative to try and bring legitimate software businesses together and lock out malware writers.

SAI Global’s Benchmarking Survey 2008 finds that 95% of employees believe information security is important, but that there is a lack of knowledge and training surrounding how to identify and report incidents.

A succession of errors – at the programme code development level and human error when inputting the data – are reported to have resulted in a New Zealand couple being credited with NZ$10 million (£3.9 million) rather than a much smaller sum as the proc…

A modified attack that alters Google searches is taking the web by storm according to security researchers, who have identified more malware domains being used in the attack.

McAfee will acquire Solidcore Systems, a whitelisting specialist, in a US$33m deal which will allow McAfee to integrate Solidcore’s technology into its blacklisting malware detection and prevention products, as well as to bolster its high-end corporate…

Gateshead College in the UK has opened a digital forensics lab for the training of information security staff to combat cybercrime such as digital fraud.

Infections, Intrusions, Protections and Misdirections

Methodman, a so-called ‘grey hat’ hacker specialising in discovering cross-site scripting (XSS) flaws, claims to have uncovered a number of XSS security flaws in various Paypal registration pages.