News & Commentary

When does a botnet become valuable to government intelligence agencies?

Automation, Exercises Shorten Response Time To Advanced Attacks

News | 11/27/2013 |

Detecting threats remains a problem, but companies need to improve incident response -- automation can help significantly

NSA Surveillance Fallout Costs IT Industry Billions

News | 11/27/2013 |

20 comments

Analysts predict US tech companies may lose $180 billion by 2016 due to international concerns about intelligence agencies' spying.

Bitcoin Thefts Surge, DDoS Hackers Take Millions

News | 11/27/2013 |

23 comments

Cryptographic currency's massive rise in value leads to a corresponding increase in online heists by criminals seeking easy paydays.

Botnet Takedowns Spur Debate Over Effectiveness, Ethics

News | 11/26/2013 |

Attempts to shut down botnets have often failed to cripple the networks, but have led to improved legal strategies, greater public awareness, and stronger links between researchers and law enforcement

Survey: DDos Is Hot, Planning Is Not

Quick Hits | 11/26/2013 |

Most organizations don't have a game plan in the event of a distributed denial-of-service (DDoS) attack

Presidential Council Calls For Feds And ISPs To Step Up In Cybersecurity

News | 11/26/2013 |

New report to President Obama says feds 'rarely follow' security best practices

Microsoft Office 365 Encrypted Email On Tap

News | 11/26/2013 |

Microsoft Office 365 Message Encryption feature will encrypt all messages by default, though recipients will need an Office 365 or Microsoft Account ID to read the mail.

Dataium Settles Browser History Sniffing Charges

News | 11/26/2013 |

3 comments

The car buyer tracking firm was accused of using JavaScript to illegally identify websites visited by 181,000 named consumers, and selling harvested information.

NSA Surveillance: First Prism, Now Muscled Out Of Cloud

Commentary | 11/26/2013 |

2 comments

Companies can no longer discount the risk of losing control of confidential corporate data in the cloud. Government data mining is here to stay, in one invasive form or another.

What IT Can Teach Utilities About Cybersecurity & Smart Grids

Commentary | 11/26/2013 |

11 comments

Protecting smart grids from cyber attack is a popular conversation in information security circles. But the threats are far worse than generally believed.

Hack Of RacingPost.com Puts Users' Personal Information At Risk

Quick Hits | 11/26/2013 |

Database breach at RacingPost.com threatens names, addresses, and passwords of customers

Lessons Learned From 4 Major Data Breaches In 2013

News | 11/25/2013 |

Breach stats are declining, but data is still at risk from poorly protected databases, applications, and endpoints

Cartoon: You Might Be A Security Expert If...

Commentary | 11/25/2013 |

At AppSec USA, A Call For Continuous Monitoring

Quick Hits | 11/25/2013 |

Speakers, experts at AppSec conference say periodic scanning for application vulnerabilities is no longer enough

CryptoLocker Could Herald Rise Of More Sophisticated Ransomware

News | 11/22/2013 |

A smarter approach to encryption is what separates CryptoLocker from other ransomware -- but that might not last long

LG Admits Smart TVs Spied On Users

News | 11/22/2013 |

15 comments

LG admits it collected information on consumers' viewing habits, promises firmware update to honor opt-out requests.

Google Settles With State AGs On Privacy

News | 11/22/2013 |

7 comments

Google agrees to pay $17 million to 37 states to settle claims it circumvented cookie-blocking controls in Apple's Safari browser.

Spamhaus Shows What's Next For Block Listing

Commentary | 11/22/2013 |

12 comments

The broad, silent acceptance of a recent Spamhaus blocking action is a strong indicator that the rules have changed in the battle over spam and other kinds of email abuse.

Threat Intel To Deliver Some Benefits To Cyberinsurance

News | 11/22/2013 |

About a third of large companies have a cyberinsurance policy, but the industry still has issues measuring risks and gauging threats

Financial Services Industry Proposes Security Controls For Third-Party, Open-Source Software

News | 11/21/2013 |

FS-ISAC addresses potential dangers of insecure software components used by financial firms

Financial Institution Call Centers Targeted By Social Engineers

Quick Hits | 11/21/2013 |

One in every 2,500 calls to these sites is from a fraudster trying to steal money, new report says

Application Security: We Still Have A Long Way To Go

Commentary | 11/21/2013 |

13 comments

The past decade shows only trivial progress in improving web app security, according to new vulnerability guidelines in the OWASP Top Ten 2013.

'i2Ninja' Trojan Taps Anonymized Darknet

News | 11/21/2013 |

3 comments

New malware being sold via underground Russian cybercrime markets uses decentralized, anonymizing P2P system.

Who's The Boss Over Your JBoss Servers?

News | 11/21/2013 |

If you haven't patched a 2011 vulnerability found in more than 21,000 servers connected online, then the answer could be the person who installed a crimeware webshell

Study: Most Application Developers Don't Know Security, But Can Learn

Quick Hits | 11/21/2013 |

Solid training of app developers can reduce vulnerabilities, Denim Group study says

Healthcare.gov Security Hiccups

Commentary | 11/20/2013 |

Take two aspirin and call me in the morning

Close HealthCare.gov For Security Reasons, Experts Say

News | 11/20/2013 |

6 comments

Testifying before the House technology committee, four security experts advise would-be HealthCare.gov users to steer clear of the site, pending security improvements.

Cupid Concedes January Hack, 42 Million Passwords Stolen

News | 11/20/2013 |

Separately, Github forces some users to reset weak passwords following a rapid attack launched via 40,000 IP addresses.

Mobile App Security: 5 Frequent Woes Persist

News | 11/20/2013 |

HP Fortify study finds five frequent problems that make mobile apps vulnerable, recommends simple-to-implement information security fixes.

Stuxnet's Earlier Version Much More Powerful And Dangerous, New Analysis Finds

News | 11/20/2013 |

ICS/SCADA expert Ralph Langner analyzes how Stuxnet shifted from super-stealthy to simpler, and dispels common misconceptions about the infamous Stuxnet attack on Iran's nuclear facility -- including the belief that only a nation-state could pull off a similar attack in the future

The New Security Architecture

Commentary | 11/20/2013 |

14 comments

Recent high profile attacks reflect a new reality in which perimeter-based security models are increasingly less effective in protecting key corporate assets and information.

5 Considerations For Post-Breach Security Analytics

News | 11/19/2013 |

Preparing collection mechanisms ahead of time, preserving chain of custody on forensics data, and performing focused analysis all key in inspecting security data after a compromise

SMBs Unsure And At Risk, Survey Finds

Quick Hits | 11/19/2013 |

New study highlights uncertainty among small to midsize businesses on cyberattacks, threats

iPhone Photo Leads To Cybercrime Arrest

News | 11/19/2013 |

7 comments

The FBI uses an iPhone photo to nab six members of a cybercrime ring accused of stealing $45 million via ATMs.

Glut In Stolen Identities Forces Price Cut In Cyberunderground

News | 11/19/2013 |

New report unearths what cybercriminals are charging for stolen identities and hacking services, such as DDoS and doxing

Understanding IT Risk Management In 4 Steps X 3

Commentary | 11/19/2013 |

10 comments

A risk management matrix combines the probability of harm and the severity of harm. In IT terms that means authentication, context, and process.

Anonymous Conducting Breach Campaign On Government Systems, FBI Report Says

Quick Hits | 11/19/2013 |

Hacktivist group Anonymous has stolen sensitive data in a year-long campaign against government computers, FBI says

Enterprises Should Practice For Cloud Security Breaches

News | 11/18/2013 |

With cloud services collecting more data from businesses, firms should prepare for potential breaches that involve their providers

iOS Mobile Point-of-Sale Fail

News | 11/18/2013 |

Trendy 'i' mobile payment systems often rolled out with major security flaws, researcher says

Doomsday Prepping Your Business

Commentary | 11/18/2013 |

Security and compliance are your guides to survival

vBulletin.com Hacked, Customer Data Stolen

News | 11/18/2013 |

8 comments

"Inj3ct0r Team" hackers claim they employed vBulletin zero-day bug to take down both vBulletin.com and MacRumors, offer to sell related exploit.

FBI Blames Federal Hacks On Anonymous Campaign

News | 11/18/2013 |

9 comments

A British suspect is accused of attacking numerous government agencies, including the U.S. Army and NASA.

Authentication + Mobile Phone = Password Killer

Commentary | 11/18/2013 |

11 comments

Can the smartphone free us from the drudgery of the much-despised password? There's good reason to hope.

BYOD: 'We Have Met the Enemy & He Is Us'

Commentary | 11/18/2013 |

6 comments

As smartphone adoption continues at an unrelenting pace, the issues surrounding BYOD will become an even more challenging mobile security management issue.

Startup Firm Attacks Mobile Security Problem With Network-Based Offering

Quick Hits | 11/18/2013 |

Startup vendor Mojave Networks tackles mobile security via networks, rather than devices

Kelihos Botnet Thrives, Despite Takedowns

News | 11/17/2013 |

Fast flux infrastructure and Windows XP infections continue to keep the botnet alive.

Facebook Forces Some Users To Reset Passwords

News | 11/17/2013 |

16 comments

Facebook is asking users whose passwords might have been exposed on other sites to change their passwords to access the social network.

Modeling Users And Monitoring Credentials Prevents Breaches

News | 11/15/2013 |