News & Commentary

Third-party IT contractor breached Toyota's systems, compromised sensitive data, automaker says

Security Experts: Java Should Be Disabled Unless Necessary

News | 8/31/2012 |

Security researchers say Java's popularity as an attack vector means it should be disabled unless it is needed

FinFisher Mobile Spyware Tracking Political Activists

News | 8/31/2012 |

Developer of spyware that can take over iPhone and BlackBerry devices draws fire after researchers spot the spyware in use against activists in Bahrain.

Accused LulzSec Hackers Attended College Together

News | 8/31/2012 |

The two students accused of Sony Pictures hack participated in Cyber Defense Competition team exercises at the University of Advanced Technology in Arizona.

ABCs Of Factoring Risk Into Cloud Service Decisions

News | 8/31/2012 |

Taking an empirical, risk-based approach to deciding on third-party, shared-infrastructure services

Second Middle Eastern Utility Hit By Malware Attack

Quick Hits | 8/30/2012 |

Qatar gas company hack similar pattern as that of Saudi Arabian oil company -- shades of Shamoon?

Air Force Seeks Offensive Cyber Weapons

News | 8/30/2012 |

Agency solicits proposals on capabilities ranging from attack to mapping networks.

Oracle Issues Patch That Kills Latest Java Attack

News | 8/30/2012 |

New Java 7 Update 7 release fixes the two vulnerabilities used in tandem in recent wave of attacks -- plus other flaws

Laptop Fingerprint Readers Vulnerable To Password Hacks

News | 8/30/2012 |

Security software included with UPEK fingerprint scanners stores Windows passwords in plaintext, making them retrievable by an attacker.

Java Zero-Day Malware Attack: 6 Facts

News | 8/30/2012 |

5 comments

New details reveal Oracle knew about the Java exploit in April, but has yet to release a patch. Here's how to protect yourself against active attacks.

Hacktivists Continue To Own Systems Through SQL Injection

News | 8/30/2012 |

LulzSec indictment and GhostShell attacks bring the spotlight back onto black hats' favorite data theft technique

New 'Reliable' Java Attack Spreading Fast, Uses Two Zero-Day Bugs

News | 8/29/2012 |

Hundreds of domains serving up attack, tens of thousands of new victim machines since Java exploit was added to BlackHole toolkit

U.S. Intelligence Agencies Seek A Private Cloud OS

News | 8/29/2012 |

CIA's investment arm has partnered with Adaptive Computing to develop a cloud OS for agencies' use. OpenStack platform may be used.

Java Zero Day Attack: Second Bug Found

News | 8/29/2012 |

Were security researchers irresponsible to detail the zero-day vulnerabilities without first working with Oracle to craft a patch?

Keeping DNS Services Safe And Operational

Quick Hits | 8/28/2012 |

Domain Name System technology is critical to your Internet communications. Here are some tips for keeping your DNS services -- and your data -- secure

GhostShell Haunts Websites With SQL Injection

Quick Hits | 8/28/2012 |

Admin and user accounts from websites breached and posted online

Lessons In Campus Cybersecurity

News | 8/28/2012 |

What universities are doing -- and should be doing -- in response to increased cyberthreats, and how students can protect their suddenly very valuable IDs

The State Of Virtual Data Protection And Recovery

Commentary | 8/28/2012 |

Hybrid physical/virtual storage environments present their own challenges to data protection and backup. Start with a solid plan.

ID Don't Mean A Thing Unless It's Got That Integration Thing

Commentary | 8/28/2012 |

Architecture astronauts talk identity strategy, but pros talk identity integration logistics

Java Zero-Day Attack Could Hit Enterprises Hard

News | 8/28/2012 |

In-the-wild exploit targets unpatched Java 7 vulnerability affecting Windows, OS X, and Linux. Security experts advise disabling Java in browsers.

Cyberattacks Carried Out Against Forces In Afghanistan, U.S. General Says

Quick Hits | 8/27/2012 |

Marine Corps Lt. General Richard Mills says electronic warfare played an important role in Afghanistan campaigns

30,000 Machines Infected In Targeted Attack On Saudi Aramco

News | 8/27/2012 |

Oil company's revelation matches counts by hackers claiming responsibility and Shamoon connection

Saudi Aramco Restores Network After Shamoon Malware Attack

News | 8/27/2012 |

Hacktivist-launched virus takes out 75% of state-owned oil company's workstations, signals the growing power of attackers with social or political agendas.

Dropbox Two-Factor Authentication Has Kinks, Users Say

News | 8/27/2012 |

8 comments

Cloud storage provider upgrades security after attacker stole data from Dropbox employee's account. But users say the beta version needs tweaks.

Winning By Losing

Commentary | 8/26/2012 |

Employers and customers will take everything you have to give, and then ask for more. You can bitch about it, or you can say no -- the choice is yours

Application Detects Social Network Spam, Malware

News | 8/24/2012 |

Using the social context of posts, researchers from UC Riverside create prototype Facebook app that detects social malware with 97 percent accuracy

Some 'Operation Ghost Click' IP Addresses Back From The Dead

Quick Hits | 8/24/2012 |

In advance of court proceedings, RIPE reallocates some IP address blocks that had been used by crime gang in DNSChanger malware scheme

Safer Boots: Feds Urge Malware-Resistant BIOS

News | 8/24/2012 |

NIST advises PC and server makers strengthen the security of BIOS ROM chip flashware. Attacks against BIOS can be used to create persistent rootkits that survive reboots.

Create A Mac Zombie Army, Cheap: Hacker Emptor

News | 8/24/2012 |

NetWeird malware toolkit promises to convert Macs into zombies ready to do botnet bidding. But some security experts say this is a case of criminals trying to out-scam each other.

The Attacker's Trade-Off: Stealth Versus Resilience

News | 8/24/2012 |

Trade-offs are a fact of life for network defenders, but attackers have to abide them as well. Understanding attackers' problems can help companies better use them to their advantage

10 Tips For Protecting Mobile Users

News | 8/23/2012 |

Mobile employees, devices, and data need protecting. Here are 10 tips to make it happen.

Google 'Red Team' To Test Product Privacy

News | 8/23/2012 |

Taking privacy seriously translates into new hires for Google.

Gauss Researchers Collide

Quick Hits | 8/23/2012 |

Kaspersky Lab's sinkhole for the malware mistaken by FireEye researchers as live Gauss activity

Windows Password Clues Easy To Crack

News | 8/23/2012 |

4 comments

Metasploit penetration testing framework has been updated with an attack that retrieves all Windows 7 and 8 password clues.

The Case For A Cyber Arms Treaty

Commentary | 8/23/2012 |

5 comments

In the wake of Stuxnet, could an international 'cyber arms' agreement forestall U.S. cyber warfare with China and other countries?

DARPA Seeks 'Plan X' Cyber Warfare Tools

News | 8/23/2012 |

Defense Department looks for hardened operating systems and other new technologies for managing cyber warfare in real time on a large scale.

Top 5 Deadliest Mobile Malware Threats Of 2012

News | 8/22/2012 |

Security pros discuss the most prolific and complex mobile malware threats to appear so far in 2012

Shamoon, Saudi Aramco, And Targeted Destruction

News | 8/22/2012 |

Still no definitive connection between Shamoon and Saudi Aramco breach, but new clues emerge

LulzSec Leader Sabu, Still Working With Feds, Gets Temporary Sentencing Reprieve

Quick Hits | 8/22/2012 |

Hector Xavier Monsegur, a.k.a. Sabu, gets six more months before he's sentenced for 12 counts of computing hacking conspiracies and other crimes

iPhone Security Unbreakable? Security Gurus Disagree

News | 8/22/2012 |

Hardened PIN entry and full-disk encryption make Apple smartphones extremely tough to crack, says forensic expert, prompting much debate.

Shamoon Malware Might Be Flame Copycat

News | 8/22/2012 |

August attack on Saudi energy company likely work of "anti-tyranny" hacktivist group Cutting Sword of Justice, probably a Flame copycat, say security experts.

5 Systems You're Forgetting To Patch

News | 8/22/2012 |

Workstation patching is vital, but these systems need frequent updates, too

Most Paid Apple iOS, Google Android Apps Have Been Hacked

Quick Hits | 8/21/2012 |

New study finds that less than 5 percent of popular mobile apps use professional-grade defenses

Sexy Monitoring

Commentary | 8/21/2012 |

We examine security monitoring in the context of "sexy defense"

Crisis Financial Malware Spreads Via Virtual Machines

News | 8/21/2012 |

Malicious code, disguised as a VeriSign-approved Adobe Flash installer, affects Macs, Windows PCs, and Windows Mobile devices.

Managed Services Growth About Security, Not Compliance

News | 8/21/2012 |

Small businesses seek better security; large enterprises look to reduce costs and free up internal security teams

Security Snags Loom Over Social Login

News | 8/21/2012 |

Even with standards, social authenticators are hardly secure enough for enterprises

SpiderOak Encrypted Cloud Storage: Dropbox Alternative

News | 8/20/2012 |

Enterprise online storage can be secure and private, CEO Ethan Oberman insists. Defense Dept. is an early customer.

Don't Trust That Text Message: Tool Simplifies iOS SMS-Spoofing

Quick Hits | 8/20/2012 |

Known SMS flaw isn't in the phone itself, however

How To Protect Your Commercial Web Server

News | 8/20/2012 |