News & Commentary

Working with an auditor can be a harrowing experience -- or a good one. Here are some tips for making things go well

U.S. Critical Infrastructure Cyberattack Reports Jump Dramatically

News | 6/29/2012 |

A new report from ICS-CERT shows the number of reported incidents increased from 9 to 198 between 2009 and 2011

In-Q-Tel Partners With Looxcie On Next-Gen Videocam

News | 6/29/2012 |

CIA's venture investment firm wants to develop a wearable video camera for use by the DHS.

Banking Trojan Harvests Newspaper Readers' Credentials

News | 6/29/2012 |

Financial malware performs brute-force guesses of valid usernames and passwords, possibly for attacks against consumer bank accounts.

GPS Spoofer Hacks Civilian Drone Navigation System

News | 6/29/2012 |

University of Texas researchers built a $1,000 system able to forcibly reroute or crash a civilian drone.

Not Much To Learn From The Second Kick Of The Mule

Commentary | 6/29/2012 |

Repeating compliance and security failures shows a lack of progress

6 Ways Apple Is Polishing Mac Security

News | 6/29/2012 |

7 comments

Apple no longer markets Macs as malware-free, but rather "built for security," and refines protection in Mountain Lion.

9 Ways CSOs Can Avoid A LinkedIn-Type Breach Debacle

News | 6/29/2012 |

Top CSOs provide tips on locking down databases in the organization

The Apps Users Don't Patch

Quick Hits | 6/28/2012 |

Secunia data shows Shockwave, QuickTime, and Java JRE get updated the least by PC users

Black Hat: Developer Aims To Make Attack Recovery More Intelligent

News | 6/28/2012 |

One company uses threat information, virtualization and analysis to build a better way to disinfect compromised systems

4 Signs That Apple's Sharpening Its Security Game

News | 6/28/2012 |

3 comments

Apple is quietly making some subtle, incremental security moves in the face of new threats to its products

Breach At U.S. Regulatory Agency Puts Employee Data At Risk

Quick Hits | 6/27/2012 |

Phishing attack at Commodity Futures Trading Commission fools employee into giving up account data

FTC Takes On Wyndham For Security Lapses

News | 6/27/2012 |

Lawsuit alleges deceptive practice in privacy policy following three breaches in two years

Free App Encrypts, Destroys Mobile Messages

News | 6/27/2012 |

Startup Wickr launches today with iPhone, iPad, iTouch app that ‘leaves no trace’ of text, video, and picture messages

FTC Sues Wyndham Hotels Over Data Security Failures

News | 6/27/2012 |

Hotel chain slammed for poor information security practices, leading to attackers obtaining 600,000 credit card numbers and committing millions of dollars in fraud.

FTC Sets Consumer Data Collection Limits

Commentary | 6/27/2012 |

As Spokeo gets fined $800,000, FTC tries to enforce differences between consumer-reporting services and people-search services, which gather and sell large amounts of publicly accessible personal data.

Healthcare Patient Data Laws Outdated: Consumers Union

News | 6/27/2012 |

Laws covering privacy and security of health data haven't kept pace with changes in health IT, report from Consumers Union and Center for Democracy and Technology says.

Startup Arms CSOs With Heat Maps

Quick Hits | 6/26/2012 |

Technology aims to help CSOs and other security pros translate security issues and risk for upper management

'High Roller' Online Financial Fraud Ring Robs Big Money Bank Accounts

News | 6/26/2012 |

Attackers do their dirty work from their own cloud-based server infrastructure rather than on the victim's PC in order to camouflage the crime

RSA SecurID 800 Token Attack Detailed By Researchers

News | 6/26/2012 |

Cryptographic attack requires as little as 13 minutes to compromise a token's secret key, and works against at least eight types of cryptographic tokens. RSA dismissed the attack.

New Forensics Method May Nab Insider Thieves

News | 6/26/2012 |

Black Hat presentation features a new methodology that has already produced real-world results

LinkedIn Password Breach: 9 Facts Key To Lawsuit

News | 6/26/2012 |

LinkedIn's privacy policy promised users "industry standard protocols and technology," but a class action lawsuit claims LinkedIn failed to deliver. Take a closer look at the security issues.

Teen Hackers Plead Guilty To LulzSec Attacks

Quick Hits | 6/25/2012 |

Cleary, Davis admit to hacking CIA, Pentagon, and many other sensitive websites as members of hacktivist group

Researchers Beat Up Google's Bouncer

News | 6/25/2012 |

3 comments

The gatekeeper for the Android app store has major growing pains ahead, as security researchers find ways to bypass it

The Enterprise Strikes Back

News | 6/25/2012 |

Gathering intel on cyberespionage and cybercrimine attackers and baiting them with fake information are some of the ways victim organizations are going on the offensive

TSA Wants To Monitor Employee Computer Activities

News | 6/25/2012 |

Transportation Security Administration seeks software to monitor employee keystrokes, emails, attachments, screen captures, file transfers, chats, network activities, and website visits.

Avoid Net Shutdown Related To DNSChanger: SMB Tips

News | 6/25/2012 |

FBI will shut down servers associated with the DNSChanger malware on July 9, knocking 300,000-plus computers still affected offline. Here's what SMBs need to know.

Senators Float National Data Breach Law, Take Four

News | 6/25/2012 |

Data Security Bill is fourth attempt to craft a national law to supersede legislation now on the books in more than 40 states. But it's weaker than some state laws.

Patching Goes Up In Flames

Commentary | 6/24/2012 |

The Flame malware throws the integrity of patching into question, which creates quite a quandary for those trained to patch early and often. This represents a significant inflection point for security -- or does it?

Flame: Reading Between The Ones And Zeros

Commentary | 6/23/2012 |

As more information about Flame is revealed, let's consider what we might infer from Flame's composition

Radiant Logic Releases Federated Identity Service

News | 6/22/2012 |

RadiantOne VDS 6 enables authentication and authorization across multiple identity sources and authentication protocols

Broader Digital Landscape Means More Places To Hide

News | 6/22/2012 |

With IPv6, a deluge of new top-level domains, and DNSSEC all coming, the Internet will become a much bigger place. Defenses that worked in the past won't work in the future

FTC Charges Two Companies With Exposing Data Via P2P Downloads

Quick Hits | 6/22/2012 |

Firms did not use reasonable security methods to prevent installation of vulnerable software, FTC alleges

Firefox Promises Privacy Patch Against Tab Spying

News | 6/22/2012 |

3 comments

Shared PC warning: Firefox 13 browser records and stores a user's most-visited pages, including sensitive content otherwise protected by HTTPS.

Hackers Cite 'Idiot Tax,' Release Loan Records

News | 6/22/2012 |

Rex Mundi hacker group publishes thousands of records containing personal loan application data after payday lender AmeriCash Advance refuses $20,000 hush money request.

Twitter Crash: Hack Or Hardware Fail?

News | 6/21/2012 |

5 comments

Twitter blames a cascading bug, but hacking group UGNazi claims responsibility.

The Intersection Between Cyberespionage And Cybercrime

News | 6/21/2012 |

Chinese cyberspies and traditional cybercriminals are relying on some of the same malware tools -- and some cyberspies even appear to be moonlighting

AutoCAD Worm Targets Design Documents In Possible Espionage Campaign

News | 6/21/2012 |

A worm is stealing AutoCAD documents and sending them to email accounts opened at two Chinese Internet providers

GlobalSign, DigiCert, Comodo, And NGINX, Inc. Improve Online Trust Through Enhanced Certificate Revocation Checking

News | 6/21/2012 |

New version of NGINX Web server to support OCSP-stapling

Feds Bust Hacker For Selling Government Supercomputer Access

News | 6/21/2012 |

Pennsylvania man allegedly offered to sell login access to two Department of Energy supercomputers, as well as remote administration capabilities, for $50,000.

Facebook Settles Lawsuit Over Sponsored Stories

News | 6/21/2012 |

Proposes paying $10 million to settle class action lawsuit over using Facebook users' names and images in advertising without their permission.

6 Biggest Breaches Of 2012

News | 6/21/2012 |

Take stock and learn from the security mistakes of others.

Microsoft Names Finalists In Contest For New Security Defenses

Quick Hits | 6/21/2012 |

Three BlueHat Prize contestants invented ways to mitigate attacks exploiting memory-safety vulnerabilities

Google Adds New Security Features

Quick Hits | 6/21/2012 |

Two-step verification, integration with Active Directory will help protect Google Apps, search engine giant says

Startup Wraps User Tasks In Virtual Containers

News | 6/20/2012 |

Bromium announces micro-VM technology that protects the OS, network, from users' security missteps

Hackers Offer Free Porn To Beat Security Checks

News | 6/20/2012 |

Spammers are enticing consumers with free porn or games in exchange for help cracking CAPTCHAs on targeted websites, security researchers say.

Secret Spy Satellite Takes Off: Stunning Images

Slideshows | 6/20/2012 |

The National Reconnaissance Office provides satellite imagery for intelligence operations and national defense. Here's a look at the agency's most recent rocket launches.

Apple Gets Patent For Polluting Electronic Profiles

News | 6/20/2012 |

Apple patent describes how privacy can be protected by disseminating fake data.

6 Biggest Breaches Of 2012 So Far

News | 6/20/2012 |