Copy
DCL Connecting talent
Celebrating 21 Years of Connecting Talent
LinkedIn Facebook Twitter
APSCo REC Think Act Report
Phone Search
HOME PRACTICES SERVICES JOB SEARCH ABOUT DCL CONTACT

Your Weekly IT Security Update

 
Welcome <<Full name>> to my weekly roundup of what's been going on in the IT Security market in the past 7 days.
This week’s edition brings you news on; EgoSecure’s UK Launch, Cisco, Bluecube, Dell and lots more.

According to Gartner; more than 25 percent of cyber attacks will involve the internet of things by 2020. The researchers however claim that the IoT would account for less the 10 percent of IT security budgets, the result being that security suppliers would have little incentive to provide usable IoT security features. 

Gartner forecasts that 6.4 billion connected things will be in use worldwide in 2016, a 30 percent increase from 2015.

We have lots of new vacancies across the DCL business, especially within security covering everything from sales, PM, presales, delivery, design and consultancy. If you are looking for a change of career or a step up get in contact with one of the DCL team.

All calls are kept in the strictest of confidence.

Also, why not head on over to our LinkedIn company page for more updates! Alternatively you can follow us on Twitter or like us on Facebook.

Email me chris.holt@dclsearch.com.

Our number is 0208 663 4030.

A list of our current immediate contractors can be found here...
This week's edition brings you articles on the following:
Kind Regards,
Chris Holt - Head of Practice - Information Security

EgoSecure launches in the UK 


EgoSecure is recognized across Europe as one of the leading data protection tools in the market and now it has launched in the UK; just in time to help UK businesses and organisations deal with the new General Data Protection legislation! 

Data protection is now a key issue for organisations of all sizes under these new regulations, not least because of the significantly higher fines, for breaches, of up to €20 million Pounds or 4% of total worldwide turnover of the previous year. 

One of the biggest issues organisations face in achieving the new levels of compliance is understanding where the problems lie and keeping security policies up to date. 

So how does EgoSecure answer this and all of the other issues now faced by organisations in light of this new legislation?
EgoSecure is a single solution approach.  The 19 core modules which, when used in combination, provide one of the most comprehensive data protection solutions in the market, all managed from a single management console.

Core functions include:
Analysis and auditing – helping organisations understand where threats lie and enabling real time reconfiguration.
Access control – by device, cloud services and connection types.
Filter – enabling content and data type analysis, application control and  anti-virus.
Encryption – including removable device, full disk, folder cloud/network, Android/iOS and mail encryption plus pre boot authentication.
Management – of mobile devices, inventory, secure erase functions and a power saving “Green IT” module.

EgoSecure was developed in Germany and is used by some Europe’s largest organisations  with a total of 1,400,000 endpoints currently protected across 2000 organisations.

The main attraction of the EgoSecure solution is its flexibility, ease of deployment and management and cost effectiveness. No other solution on the market offers a comprehensive solution in a single package.

The Insight module is offered as a free tool for 3 months to help organisations understand the challenges they face. Then by simply “switching on” the appropriate modules and configuring policies, data protection can be achieved.

“ I am delighted to have launched EgoSecure in the UK this year. The UK is a very important market for our global expansion plans and we will be focusing on development of our Reseller eco system and providing superior value to our customers" 
Sergej Schlotthauer (CEO)

Source: egosecure

Ransomware Poses a Rising Threat to Hospital Operations


When Hollywood Presbyterian Medical Center admitted in February to paying a $17,000 ransom to decrypt data scrambled by malware, the only surprise was that the hospital's ordeal had become public.

Health care organizations, such as HPMC, are under attack by cyber-criminals looking for easy money and nation-state actors seeking data. More than half of all midsize hospitals have signs of malware infections, according to data collected by the Health Information Trust Alliance (HITRUST). Much of the activity, however, has gone unreported.

Yet, those same organizations are finding it difficult to remain mum as criminals turn to ransomware, a far more disruptive tactic. Already, some 18 percent of midsize hospitals have been infected with crypto-ransomware, according to the HITRUST study. While many businesses can continue to operate if their data is effectively destroyed, hospitals' operations are far more sensitive to disrupted access to data.

"Most advanced malware and previous attacks [on hospitals] were intentionally conducted to not raise alarms—they focused on thievery," Daniel Nutkis, CEO of HITRUST, told eWEEK. "[C]rypto-ransomware—that creates a different dynamic; it wakes you up immediately."

Ransomware has evolved into a serious threat. Starting with early programs that locked Windows systems more than a decade ago, the increasing use of encryption-enabled malware shows how ransomware has become more sophisticated.

Because of the potential to disrupt their operations, hospitals are logical targets for attacks. If infected, they may have little choice but to pay the ransom—and quickly, said Matt Devost, CEO of security consultancy FusionX, which is now owned by Accenture.
"If I target a midtier, medium-sized business and encrypt their data, there is probably a period of time during which they can operate without access to their data," he told eWEEK. "With hospitals, that is not the case, and that makes them a ripe target."

The attacks have worried officials so much that in early April, the United States and Canada issued a joint advisory warning all businesses of the danger.

"Infections can be devastating to an individual or organization, and recovery can be a difficult process that may require the services of a reputable data recovery specialist," the U.S. Department of Homeland Security (DHS) and Canadian Cyber Incident Response Centre (CCIRC) said in the statement.

The HITRUST study, which placed network security equipment inside the networks of 30 hospitals to monitor for malware, found that 54 percent of the midsize hospitals had a malware infection. Almost 35 percent of those infected—18 percent of all hospitals in the study—had been infected with crypto-ransomware.

The HITRUST data should be considered conservative. Double the number of health care organizations that participated—more than 60—refused to have their data incorporated into the study after they received the results, according to HITRUST's Nutkis.

While many companies have agreed, in theory, that information sharing could help them deal with potential threats, most firms are reticent to discuss actual compromises. Despite requirements that health care organizations report certain types of breaches to the Department of Health and Human Services, a great number of compromises have gone unreported.

"No one is talking," Nutkis told eWEEK. "We have reached out to get more insights about what happened and what their plans were … but no one was willing to speak about it, publicly or privately."
Typically, only the loss of personal health information requires a health organization to report a breach.

Yet, recent attacks have targeted health care organizations. Cisco's Talos research group has seen hospitals infected with a variant of ransomware, called Samsam. The program is pushed to vulnerable application servers after they are exploited using known vulnerabilities that many companies have not patched.

"Attackers are finding that the fastest way to convert their access to money is going the ransomware route," Matt Olney, manager of threat intelligence analytics for Cisco's Talos, told eWEEK.

Hospitals, doctors' offices and health insurers often suffer from poor information security, according to experts. Many organizations do not have a chief information security officer or even an information security manager.

The result is that the health care sector has had historically low security ratings. In its 2014 ratings report, BitSight scored health care firms lower than finance, utilities and retailers.
"Those systems are not always patched," said Stephen Boyer, CTO of BitSight. "We see Conficker [a 7-year-old network worm] on hospital networks because they are running some old version of Windows that no one is monitoring, and when it stops working, it is going to be a problem."

Because most organizations may not have an option besides paying a ransom—even police departments have paid—the lucrative nature of the ransomware scheme is making it more popular.

"Right now, $17,000 may not seem that significant, but for someone who is engaged in electronic crime, they see that trend and conclude that hospitals are definitely a vulnerable attack vector and willing to pay money to make this problem go away, which makes it likely that they will be targeted," Fusion X's Devost said.

In a few years, ransomware will likely become more virulent, once inside a network and more capable of disrupting operations. With the increased sophistication will likely come high price tags to recover from an attack, Devost said.

"My expectation is the dollar threshold on these payments is going to go up over the next year to 18 months," he said.

Source: eweek

IoT to play a part in more than a quarter of cyber attacks by 2020, says Gartner


More than 25% of cyber attacks will involve the internet of things (IoT) by 2020, according to technology research firm Gartner.

And yet, researchers claimed IoT would account for less than 10% of IT security budgets and, as a result, security suppliers would have little incentive to provide usable IoT security features.

They also said the decentralised approach to early IoT implementations in organisations would result in too little focus on security.

Suppliers will focus too much on spotting vulnerabilities and exploits, rather than segmentation and other long-term means that better protect IoT, according to Gartner.

“The effort of securing IoT is expected to focus more and more on the management, analytics and provisioning of devices and their data,” said Gartner research director Ruggero Contu.

“IoT business scenarios will require a delivery mechanism that can also grow and keep pace with requirements in monitoring, detection, access control and other security needs,” he added.

According to Contu, the future of cloud-based security services is, in part, linked with the future of the IoT.

“The IoT’s fundamental strength in scale and presence will not be fully realised without cloud-based security services to deliver an acceptable level of operation for many organisations in a cost-effective manner,” he said.

Gartner predicted that by 2020, at least half of all IoT implementations would use some form of cloud-based security service.

Although overall spending will initially be moderate, Gartner predicted that IoT security market spending would increase at a faster rate after 2020, as improved skills, organisational change and more scalable service options improved execution.

Gartner predicted global spending on IoT security would reach $348m in 2016 – just 23.7% up compared with 2015 – $433.95m in 2017 and $547m in 2018.

“The market for IoT security products is currently small, but it is growing as both consumers and businesses start using connected devices in ever greater numbers,” said Contu.

“Gartner forecasts that 6.4 billion connected things will be in use worldwide in 2016, up by 30% from 2015, and will reach 11.4 billion units by 2018. However, considerable variation exists among different industry sectors as a result of different levels of prioritisation and security awareness,” he said.

Source: computerweekly

Cisco flags five product vulnerabilities that could trigger denial of service


Cisco published five security alerts on Wednesday, issuing software updates to patch a series of vulnerabilities in three products, any of which could potentially trigger a denial of service condition.

By exploiting any of these flaws, an attacker could essentially execute a low-grade, denial of service attack against a company using minimal bandwidth, without even needing an army of bots. “A broader internet-based distributed denial of service (DDoS) attack wouldn't even be needed if a DoS vulnerability was exploited within a particular application,” Terrence Gareau, chief scientist at network security firm Nexusguard, told SCMagazine.com.

Cisco has created patches for all of these vulnerabilities and advises customers of any affected products to download updates for their products immediately.

The most critical of the five listed flaws was a vulnerability in the HTTP URL redirect feature of multiple versions of Cisco's Wireless LAN Controller (WLC) Software. An attacker could remotely exploit this flaw by sending a crafted HTTP traffic request, creating a buffer overflow condition that causes an affected device to reload and generate a crash file.

Dave Larson, COO at Corero Network Security, told SCMagazine.com in an interview that with using these kinds of vulnerabilities, attackers can sometimes “get root access to the kernel. What that means is, it's not necessarily just a DoS outcome. That is an ‘owned' outcome,” whereby bad actors could seize control of or take down the entire network.

Gareau noted that a DoS exploit of this nature in a setting such as a healthcare facility “would be very devastating, especially since many hospitals use wireless networks”.

There were two other vulnerabilities associated with Cisco's WLC Software, both described as having a “high” potential impact. One involved improper traffic management by the software's Bonjour task manager, while the other consisted of a flaw in its web-based management interface, due to the presence of unsupported URLs.

Cisco also flagged a vulnerability in the encryption processing subsystem of its Secure Real-Time Transport Protocol library (libSRTP), affecting a litany of Cisco products that includes phones, web conferencing servers, routers and security devices.

Finally, Cisco reported a vulnerability in the DHCPv6 replay feature of Cisco's Adaptive Security Appliance software — a disconcerting disclosure, to be sure, as this could employ a DoS attack that effectively overwhelms Cisco network security products that run this software, such as its 5500-X Series Next-Generation firewalls. The vulnerability specifically affects the 9.4.1 release of the ASA software, when configured in routed firewall mode and in single or multiple context mode.

Larson said this flaw is the “one that alarms me,” noting that it presents “a significant problem because many organisations might tolerate shunting traffic around their firewall if it has a catastrophic failure”. And that might be exactly what an attacker wants so they can sneak malicious traffic into the network.

While exploiting this vulnerability remotely might be somewhat of a challenge, the flaw still poses a major threat from social engineers who steal log-in credentials from network insiders, or from more insidious threats. For instance, Larson suggested that such a threat could manifest itself as “an APT that is already inside the network, weaponised for this particular vulnerability”.

Asked for comment on the vulnerabilities, Cisco issued the following statement to SCMagazine.com: “Cisco puts the security of our customers first. When we have a vulnerability in our products, we issue a security advisory to make sure our customers know what it is and how to fix it.”

Larson said that ultimately, security alerts like the ones Cisco just issued “highlights what I believe is something that IT security should be looking at more closely: Can you afford to have low-grade DDoS in your environment and ignore it?”

Source: scmagazineuk

Blue Cube Security's sales top £12m


Security VAR Blue Cube Security says a surge in business won through larger systems integrators helped propel it to a record revenue haul.

Blue Cube's turnover hit over £12m in the 12 months ending 31 December 2015, roughly double its previous record of £6m, CEO Gary Haycock-West told CRN.

The West Sussex-based outfit is increasingly being pulled in as an expert in its field to work on larger deals, Haycock-West said. "We have seen a noticeable increase in activities with some of the SIs," he explained.

"They may have a security practice, but when it comes to doing detailed work, they haven't got all the capabilities they need so engage with us to work on our behalf. It's a bit like going to the GP with the SI: when they have to get referred they are coming into our laps."

RSA Security has generated as much as 30 to 40 per cent of Blue Cube's business in years past but Haycock West said his firm found more success elsewhere last year.

"We have partnerships that are yielding good returns with people like Arbor, Tripwire and Fortinet," he said.

"A good old stalwart like RSA, which we've sold since day dot, seems to have lost its way a little bit and we've seen sales drop off with some newer technologies coming through. I've been in the IT business for 36 years and running my own business for a fair chunk of that, and you find you need agility in the market."

Haycock-West (pictured, right) said the recent acquisition of several niche security VARs, among them Accumuli, Sysec and NTS, had "left opportunity on the table" for Blue Cube.

"What seems to happen is they get swallowed up by a large business and then disappear, and from our perspective it seems to take out the competition," he said. "We are winning business because we are good at what we do and are accredited in what we do, but it is true to say there are fewer VARs of our size around."

Asked whether Blue Cube itself would consider selling up, Haycock-West – who is Blue Cube's majority shareholder – said it is a case of "never say never".

"We are in an acquisitive sector, and I'd be lying if I said people weren't knocking at our door," he said. "But it's all about why would you sell. Of course, there are the obvious financial gains, but we're a strong, vibrant, very profitable and growing business and we are at a point now where we are enjoying the growth and the notoriety in our sector. I wouldn't ever say never, but someone would have to turn our heads with a big cheque to make us look at that."

Blue Cube Security only files abbreviated accounts and Haycock-West would not break out detailed numbers. But according to the firm, sales were up 277 per cent last year, with gross profit up 167 per cent.

"We have expectations of being in a similar place or better for this year, thereby becoming a trend, not a spike," Haycock-West said.

Source: channelweb

How to Manage the Top Five Mobile Security Risks


Opinion: MobileIron's Sean Ginevan looks at how to tackle the rise in security threats specifically targeted at mobile.

Over the last five years, mobile devices have become the predominant platform that organisations use to do business. However, the rise of mobile has meant that organisations can no longer rely on security through obscurity. In fact, the industry has seen a rise in security threats specifically targeted at mobile.

Whether security threats are capitalised on by haphazard users, insider threats, or even cybercriminals, the fact is that enterprises are at risk if they provide mobile data access without a well considered security plan in place. Without a proper plan, business may be disrupted and, worse still, valuable data could be exposed.

Below are the top five risks that are posed to mobile devices and the ways to address them.

1. Device vulnerabilities
Most vulnerabilities found on mobile devices have tended to affect the Android operating system, but that balance is changing. For example, the National Vulnerability Database reported that in 2015 there were 375 Apple iOS vulnerabilities.

This may be due to patching not being up-to-date, as updates aren't always scheduled by enterprises for mobile devices as they are for desktop PCs.

Other vulnerabilities lie in the jailbreaking of devices and the use of custom ROMs on phones instead of the factory-supplied operating systems.

2. Malware and risky apps
While Android has traditionally been seen as the traditional harbingers of mobile malware, last year saw a rise in malware specifically targeting Apple devices. More worryingly, newer iOS malware no longer relies on the device being jailbroken.

For example, XcodeGhost exploited compromised versions of Apple's Xcode SDK, which is used by developers to create iOS apps, and circumvented Apple's App Store security review processes. This allowed users to unknowingly download malicious apps from Apple's curated App Store.

3. User data leakage
Mobile devices, like their desktop counterparts, make it easy for users to copy and paste sensitive information or even take screenshots of important and confidential data.

There is also the problem of data leakage when the developer of an app unintentionally places sensitive information in a location on the mobile device that is easily accessible by other apps on that device. These types of problems stem from the mobile device's operating system. A hacker can write a small piece of code to access the information stored in these areas.

4. Unauthorised applications on the cloud
While an enterprise may authorise a cloud service such as Salesforce or Box for their employees, there are many applications that leverage these cloud services that enterprise IT may not approve.

The challenge is that the behaviour of these applications is unknown - in some cases apps accessing a cloud platform can potentially synchronise thousands of records to a mobile device without IT's approval.

Without the proper compensating controls, corporate data provided to these mobile apps can be at significant risk to accidental loss or explicit theft.

5. Unprotected networks
Networks outside of the enterprise's control can pose threats to data-in-motion when users travel and connect to open Wi-Fi networks.

Open Wi-Fi networks leave data to travel in the clear. A hacker may well be able to eavesdrop on data going to and from your mobile device if you don't use encryption. Also, there is a lack of verification that a hotspot is genuine.

Rogue access points are one of the most common mobile Wi-Fi threats and used to commit data theft. These can either be set up by employee or an intruder, either way the access point is not sanctioned by an administrator.

Either can lead to a Man-in-the-Middle attack, where hackers insert themselves into a communication between two parties, impersonating both in order to gain access to information.

Managing and securing mobile devices
We have outlined the five big risks posed by mobile device use, but how should enterprises protect themselves against these issues? With enterprise mobility management (EMM) in place, enterprises should be able to deal with these issues with these recommendations:

Enforce compliance - organisations should enforce security policies and quarantine devices that fall out-of-compliance as a minimum.

Don't blacklist cloud services - Users can gain significant productivity from data access. IT needs to ensure that only managed applications from managed devices, where data is within IT's control, can access enterprise data - whether on premises or in the cloud.

Integrate App Reputation or Mobile Threat Prevention - These allow organisations to detect malware, app risks, network attacks, and more, while quarantining devices.

Enforce patching - An enterprise should implement a minimum operating system version. While this is easy for iOS devices, Android is more fragmented. But with the right tools, enterprises can identify Android device risks by correlating known vulnerabilities against the Android operating system. Once the vulnerable device is identified it can then be quarantined.

Source: cbronline

Hackers jailed over SpyEye virus that robbed bank accounts worldwide


The Russian creator of a computer program that enabled cybercriminals to infect millions of computers and drain bank accounts in multiple countries has been sentenced to serve nine and half years in a US federal prison.

Aleksandr Andreevich Panin, 27, the inventor of SpyEye who went by aliases “Gribodemon” and “Harderman” online, pleaded guilty to a count of conspiracy to commit bank and wire fraud in January 2014 after reaching a deal with prosecutors.

Prosecutor Steven Grimberg said SpyEye a pre-eminent piece of malware from 2010 to 2012 and was used to infect more than 50m computers, causing nearly $1bn in damage to individuals and financial institutions around the world.

A second man, Hamza Bendelladj, a 27-year-old Algerian known online as “Bx1,” was sentenced to 15 years. Prosecutors said he sold versions of SpyEye online and used the malware to steal financial information.

SpyEye was a type of Trojan virus that secretly implanted itself on victims’ computers to steal sensitive information, including bank account credentials, credit card information, passwords and PINs. Once it took over a computer, it allowed hackers to trick victims into surrendering personal information — including data-grabbing and fake bank account pages. The information was relayed to a command and control server to be used to access victim accounts.

Panin conspired with others to advertise SpyEye in online cybercrime forums and sold versions of the software for prices ranging from $500 to $10,000, FBI Special Agent Mark Ray testified.

SpyEye was more user-friendly than its predecessors, functioning like “a Swiss army knife of hacking” and allowing users to customize it to choose specific methods of gathering personal information, Ray said. Panin is believed to have sold it to at least 150 clients.

Jon Clay with IT security firm Trend Micro, which helped the FBI investigate SpyEye, said the program wasn’t the most sophisticated but had good code and was reasonably priced.

“He had definitely created some capabilities that were not available in some of the other banking Trojans at the time,” Clay said. “That’s why he was pretty popular among the cybercriminal underground.”

FBI agents in February 2011 searched and seized a SpyEye server they said Bendelladj operated in the Atlanta area. That server controlled more than 200 infected computers and contained information from many financial institutions, authorities said.

In June and July 2011, covert FBI sources communicated directly with Panin, who used his online nicknames, and bought a version of SpyEye. Panin, whose real name wasn’t known at the time, and Bendelladj were indicted in December 2011.

Bendelladj was travelling from Malaysia to Egypt when he was arrested on 5 January 2013 during a stopover at Bangkok’s airport. Police seized laptops and external hard drives.

Panin was arrested the following July, when he flew through Atlanta’s airport. Ray’s testimony offered a glimpse into the world of online marketplaces where cybercriminals advertise, buy and sell malicious software, using aliases to avoid arrest.

Panin advertised SpyEye as early as June 2010 on Darkode.com, a cybercrime forum dismantled by the FBI last July. Before it was taken down, Darkode.com was the most sophisticated of the cybercrime forums, frequented by the cybercrime elite with access limited to those with a trusted connection, Ray said.

With the cover of anonymity and payments made through online currency servers, reputation is extremely important on cybercrime forums, Ray said. After Panin’s June 2010 posting as Gribodemon, Bendelladj — posting as Bx1 — wrote a comment saying he’d worked with him before and vouched for him.

The use of aliases can be frustrating to those who track them, said Willis McDonald, a senior threat researcher at security firm Damballa. Frequently, a cybercriminal “will disappear into the background and come up with a new alias and a new piece of malware so that trail you’ve been trying to follow to track them down vanishes and they pop up under a new name and you have to start all over again trying to figure out who they are,” he said.

That’s why disabling the infrastructure for a cybercrime network isn’t nearly as effective for stopping the spread of a particular malware as catching the creator, McDonald and Clay said. Both said SpyEye infections had dwindled to negligible numbers within about a year after Panin’s arrest.

Source: theguardian

Dell’s cybersecurity firm SecureWorks prices IPO below estimates


SecureWorks, a subsidiary of Dell, has sold 8m shares at a price of $14 per share. This has made investors doubt the prospects of the company, as the initial pricing was between of $15.50 to $17.50 for 9m shares.

SecureWorks has also offered a 30-day option to purchase up to an additional 1,200,000 shares of Class A common stock for underwriters. These underwriters include Bank of America Corp, Morgan Stanley, Goldman Sachs and JPMorgan Chase.

SecureWorks originally marketed to sell nine million shares within a price range of $15.5 to $17.5 each. The shares will be traded, starting Friday, 22 April 2016, at Nasdaq Stock Market under the symbol SCWX.

SecureWorks has only been able to raise $112m in its IPO, a number far below that of other technology companies that went public last year. Experts indicate that uncertain market conditions coupled with scepticism from investors has led to slowest first quarter for US listed companies since 2009.

SecureWorks, in its prospectus, had already put losses for the 2016 fiscal year at $72.4m, compared to $38.5m in 2015. This statement might have had an influence on investors' confidence in the company. This year, until now, cybersecurity stocks have not performed well and have been falling since the second half of last year.

SecureWorks is planning to invest the money for its own growth initiatives and to not support Dell for its own business. SecureWorks provides intelligence-driven information security solutions to protect organisations from cyber attacks.

Founded in 1999, it helps companies to strengthen their cyber defences, prevent security breaches, detect malicious activity in real time. SecureWorks was bought by Dell in 2011 which is waiting for approval for its deal to acquire EMC.

Source: cbronline

It looks like Spotify was hacked – change your password ASAP, if you still can


If you’re one of the millions of people around the world who count themselves as Spotify users, we have some troubling news: it looks like Spotify recently suffered a security breach. A list containing hundreds of sets of account credentials was published late last week to popular anonymous text file sharing site Pastebin, and several of the accounts have been confirmed to be real. What’s more, users named in the leak are already reporting that their accounts were indeed breached.

In other words, change your Spotify password immediately.

The news comes from TechCrunch, which says it has directly confirmed that a number of accounts mentioned in the leaked document were indeed breached. The tech site contacted several email addresses contained within the leaked file, and it confirmed that a number of people who replied had indeed had their accounts compromised.

“I suspected my account had been hacked last week as I saw ‘recently played’ songs that I’d never listened to, so I changed my password and logged out of all devices,” one victim said. Another said he had found tracks added to his saved songs that he hadn’t saved himself.

Unfortunately, it looks like some users have already been locked out of Spotify when unknown users changed the usernames and passwords tied to their accounts.

Curiously, Spotify flat-out denied the possibility that it has been hacked in a statement to TechCrunch. “Spotify has not been hacked and our user records are secure,” a company spokesperson said. “We monitor Pastebin and other sites regularly. When we find Spotify credentials, we first verify that they are authentic, and if they are, we immediately notify affected users to change their passwords.”

Want our advice? Change your Spotify password as soon as possible, just in case. It certainly appears as though this breach is the real deal and it’s unclear if additional account credentials will be released in the future.

Source: bgr
Contractors Currently on the DCL Books

If you are looking for immediate contract resource to help fill a urgent project requirement then please get in contact and I will do whatever I can to help you.

All details will remain in the strictest of confidence.

Best regards
Chris Holt

+44 20 8663 4030
+44 7884 666 351
chris.holt@dclsearch.com
uk.linkedin.com/in/chrisholt1/en


Infrastructure Architect 

  • Large scale implementations and designs, predominantly in the financial sector.
  • Routing/switching Cisco, Checkpoint firewalls, Disaster recovery, Virtualisation, Storage
  • Based Greater London
  • £650 per day

Ref 56147


Network Security Engineer 

  • Experienced in working within service provider, data center and enterprise networking environments.
  • Highly experienced using Cisco, Microsoft, UNIX, Linux, Check Point and Juniper products.
  • Based London
  • £450 per day

Ref 69764
 

Info governance Security Manager 

  • A leader in business continuity planning, disaster recovery, security governance, policies & PCI-DSS
  • Certified in CISSP, ISO27001, Certified Ethical Hacker, CCSA, CCSE
  • Based Suffolk
  • £600 per day

Ref 92547


Senior Information Security Analyst  

  • A specialist in leading vulnerability management programs and consultancy in the financial/banking sectors.
  • Splunk certified, Blue Coat BCCPA, Cyber-Ark, CEH
  • Based London
  • £750 per day

Ref 109837


Network Infrastructure and Security Engineer 

  • Engineer capable of implementing IT/security solutions such as firewalls,  intrusion prevention/detection appliances, SIEM, Wireless.
  • Hands on experience with; Juniper, Cisco, Checkpoint and Fortigate, Websense, Splunk, Snort, McAfee, Aerohive, Symantec.
  • Based Greater London
  • £500 per day

Ref 175657
 

Implementation Engineer

  • 5+ years experience implementing and designing
  • IP Telephony, Avaya, Unified Communications
  • Based Greater London
  • £375per day

Ref 133813


IT Operations Manager

  • IT & Business Leader
  • B2B, Local Government, SME
  • Prince2, ITIL
  • Based Hertfordshire
  • £550 per day

Ref 134890
 

Senior Network Engineer

  • CCNA, ACS, ACE
  • TCP/IP, MPLS, VPLS
  • Based Greater London
  • £500 per day

Ref 183575
 

IPT Engineer

  • Cisco, Microsoft, Avaya, Nortel
  • CCIE, CCNA, CCNP, CCDP, MCSE, ACA
  • Based Hertfordshire
  • £550 per day

Ref 32949


Infrastructure Architect

  • 15+ years within the IT Sector
  • ITIL, LAN, SQL
  • Based London
  • £675 per day

Ref 56147
 

Project Manager

  • MPLS, Unix, Ethernet
  • Languages spoken: English, French, Greek
  • Based Greater London
  • £650 per day

Ref 98494


Global PMO

  • Prince2 Practitioner and ITIL qualified
  • TCP/IP, VOIP
  • Based Greater London
  • £400 per day

Ref 83846


Director – Customer Operations

  • Showcased entrepreneurial skills throughout the subsequent sale of a £40m turn-over
  • NLP Practitioner
  • Based London
  • £950 per day

Ref 97320
 

Senior Voice Network Engineer

  • 20+ years within the Telecoms industry
  • TCP/IP, Unix, CCNA, ACE, Cisco, VPN, SQL
  • Based Berkshire
  • £550 per day

Ref 120617


Network Engineer

  • 20+ years experience in the Telecoms sector
  • Cisco CCNA, TCP/IP, SIP
  • Based London
  • £250 per day

Ref 159463

Back to the top
Work for Us.
Click here.

Candidates of the Week
Security Infrastructure Specialist
  • Part of the global infrastructure, service delivery and security operations teams. Is responsible for the technical delivery of designs and implementation for PCI-DSS compliance, firewall infrastructure and Intrusion prevention systems. 
  • Certified: CISSP, CNSE, JNCIA, CCSE, CCSA, CCNP, MCSE
  • Based: Surrey 
  • Package: £75,000
REF 157171
Security Consultant
  • Experienced in implementing security policies and procedures in accordance to ISO27001 standards as well as implementing business continuity and disaster recovery plans predominantly within the banking/finance sector.  
  • Certifications: CIIP, CBCI 
  • Based: Greater London
  • Package: £60,000
REF 189091
 
Security Jobs
Security Sales New Business

Location: London
Salary: £50,000 – £60,000 per annum + double OTE + Benefits

View Job Description










Security Major Accounts Manager

Location: London
Salary: £50,000 – £60,000 per annum double OTE + Benefits

View Job Description










Security Endpoint Technical Consultant

Location: London/Reading
Salary: £60,000

View Job Description










Information Technology Security Risk Manager (Financial Services)

Location: London
Salary: £75,000 + Benefits

View Job Description










Check Point Professional Services Engineer

Location: London
Salary: £60,000 + Benefits

View Job Description










Technical Security Project Manager (Client Facing)

Location: London
Salary: £60,000

View Job Description










Senior Virtualisation/Data Centre Technical Consultant

Location: London
Salary: £60,000 – £70,000

View Job Description










Cyber Security Analyst

Location: Gloucestershire
Salary: £25,000 – £45,000

View Job Description










Security Controls Assurance Analyst (Financial Services)

Location: London
Salary: £70,000 + Benefits

View Job Description










Senior Cyber Security Analyst

Location: Gloucestershire
Salary: Up to £60,000 + Benefits

View Job Description










Cyber Security Pre-Sales Consultant

Location: London
Salary: Up to £70,000 + Benefits

View Job Description










Security Controls Assurance Analyst (Financial Services)

Location: London
Salary: £70,000 + Benefits

View Job Description










Security Risk Management Analyst (Financial Services)

Location: London
Salary: £70,000+ Benefits

View Job Description










Forensic Support Engineer

Location: London 
Salary: Up to £30,000 + Quarterly Bonuses

View Job Description










Cyber Security Consultant (Financial Service)

Location: London
Salary: £50,000

View Job Description











Cloud Security Presales Consultant

Location: London
Salary: Up to £70,000 + Bonus/Benefits

View Job Description











Cyber Security Manager

Location: West Yorkshire
Salary: £65,000

View Job Description











Cyber Security Product Manager

Location: Kent
Salary: Up to £70,000 + Benefits

View Job Description











Security SOC Lead Analyst

Location: Surrey
Salary: £45,000

View Job Description











Cyber Security Consultant

Location: South East England
Salary: Up to £50k + Bonus + Car Allowance

View Job Description











Business Development Manager (Cyber Security)

Location: UK
Salary: Up to £65k basic with uncapped OTE 

View Job Description










Security Sales New Business (Uncapped Earnings)

Location: London
Salary: £50,000 – £60,000 per annum OTE + Benefits

View Job Description










Data Analyst (Financial Services / Splunk / Java)

Location: London
Salary: To attract the best

View Job Description









Vulnerability Management Contractor

Location: Greater London
Salary: £400 – £500

View Job Description










Security Pre-sales Consultant – Trend Micro

Location: Surrey
Salary: Up to £60,000 + Bonus + Benefits

View Job Description










Security Escalation Support Engineer (CheckPoint/ Juniper/ Websense)

Location: Kent
Salary: Up to £45,000 + Benefits

View Job Description










Enterprise Security Cloud New Business Sales

Location: London
Salary: £110,000 + OTE + Benefits

View Job Description











Enterprise Security Presales Architect (Vendor Cloud/SIEM/IDS/Vul Management)

Location: London
Salary: £70,000 Package + Benefits

View Job Description



 
 
 
Sitemap Terms and Conditions Privacy policy ©DCL Search and Selection