News
News
- January 31, 2017
31 Jan'17
RSA Conference 2017 "not impacted" by Trump's executive order
RSA Conference 2017 hasn't been affected by President Trump's recent executive order, but the travel ban has still send shockwaves through the tech industry.
- January 31, 2017
31 Jan'17
RSAC 2017 Innovation Sandbox highlights top 10 cyber startups
RSAC 2017: Innovation Sandbox competition pits this year's top 10 cybersecurity startups against each other in a bid to win top honors as most innovative.
- January 31, 2017
31 Jan'17
Hacked CCTV cameras in DC before inauguration leave unanswered questions
The Washington, D.C., Police Department spotted hacked CCTV cameras before the inauguration and has remediated the ransomware, but questions still surround the attack.
-
- January 31, 2017
31 Jan'17
Q&A: Rapid7's Beardsley and Brown dish on Mirai botnet, pen testing
Rapid7's Beardsley and Brown offer insight on Mirai botnet attacks, while also sharing some of their craziest penetration testing and incident response experiences.
- January 30, 2017
30 Jan'17
RSA 2017: Special conference coverage
Follow breaking news from the SearchSecurity team at RSA 2017 in San Francisco to learn the latest developments in the information security industry.
-
Sponsored News
-
Server Security in the Era of ChatGPT
Sponsored by Dell Technologies and Intel - The importance of security and compliance to applications and data environments cannot be overstated. A GenAI platform deployment is different from a typical infrastructure as a service (IaaS) implementation in terms of who holds the keys and who can read the data. Research by TechTarget's Enterprise Strategy Group has found that even cloud-first organizations are deploying some workloads on premises, rather than the cloud, due to concerns related to data governance and sovereignty (cited by 42% of respondents) and security (cited by 34%). These organizations understand the real potential for data leakage associated with GenAI. See More
-
Dell Technologies GenAI-validated Designs and Dell Reference Designs
Sponsored by Dell Technologies and Intel - It's important to have the right infrastructure in place to support generative AI solutions. The intent should be to keep control of both proprietary data and associated GenAI-related business outcomes. See More
-
Sustainability, AI and Dell PowerEdge Servers
Sponsored by Dell Technologies and Intel - When it comes to energy efficiency and sustainability in IT, rightsizing is critical. Optimizing the infrastructure model and the right hardware needed to run it should be the goal. See More
-
A Generative AI Use Case Brought to Life with Solutions from Dell Technologies
Sponsored by Dell Technologies and Intel - Generative AI is not science fiction. It is real. Implementing and using generative AI is a goal within reach of any organization, not just large technology-centric ones. According to research by TechTarget's Enterprise Strategy Group, 92% of organizations will have generative AI in production within the next year. IT vendors such as Dell Technologies are currently working to bring AI to businesses, organizations and institutions in a manner customized to their unique needs. See More
-
- January 27, 2017
27 Jan'17
Symantec CA report offers more clarity on certificate transparency catch
One week after certificate transparency revealed a Symantec CA improperly issued over 100 digital certificates, Symantec offers more details on the incident.
- January 27, 2017
27 Jan'17
Google creates its own root certificate authority
Google is expanding its certificate authority capabilities by creating its own root certificate authority, but experts are unsure of Google's plans moving forward.
- January 27, 2017
27 Jan'17
How improper SSH key management is putting enterprises at risk
In part two of his interview with SearchSecurity, SSH creator Tatu Ylonen explains why proper SSH key management is crucial and how attackers can use lost or exposed keys.
- January 27, 2017
27 Jan'17
Americans split on federal government security, encryption attitudes
News roundup: Half of Americans don't trust federal government security. Plus, a Kaspersky Lab manager was arrested; an internal DOD network was found vulnerable; and more.
- January 26, 2017
26 Jan'17
More than 200 vulnerabilities found in Trend Micro security products
Researchers uncovered more than 200 vulnerabilities across Trend Micro products, but experts said the company brand won't take a hit.
-
- January 26, 2017
26 Jan'17
Microsoft defeats DOJ appeal in cloud data privacy case
Microsoft notches another win in its battle to protect cloud data privacy, as an appeals court quashes the DOJ appeal over a warrant for data stored in an Ireland data center.
- January 26, 2017
26 Jan'17
Heartbleed bug still found to affect 200,000 services on the web
Researchers found the infamous Heartbleed bug is still unpatched on as many as 200,000 services connected to the internet and experts don't expect that number to change.
- January 25, 2017
25 Jan'17
Risk & Repeat: Windows SMB warning raises questions, concerns
In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the Shadow Brokers' alleged exploit for Windows SMB and what it means for both enterprises and Microsoft.
- January 25, 2017
25 Jan'17
Project Zero finds Cisco WebEx vulnerability in browser extensions
A critical Cisco WebEx vulnerability in the service's browser extensions was discovered and patched, though some disagree the patch goes far enough to protect against attack.
- January 24, 2017
24 Jan'17
Certificate Transparency snags Symantec CA for improper certs
Symantec CA could be in for more trouble after a security researcher, using Certificate Transparency logs, discovered more than 100 improperly issued certificates.
- January 23, 2017
23 Jan'17
SEC to investigate the Yahoo breach disclosures
The SEC has requested more information for potential cases concerning whether the Yahoo breach disclosures could have come sooner.
- January 20, 2017
20 Jan'17
Tatu Ylonen: Bad SSH security practices are exposing enterprises
SSH creator Tatu Ylonen talks with SearchSecurity about how the cryptographic network protocol has grown over the years and why poor SSH security is jeopardizing enterprises today.
- January 20, 2017
20 Jan'17
Future of the federal CISO position in question as Touhill steps down
Retired Brig. Gen. Gregory Touhill stepped down as the federal CISO, leaving questions surrounding the future of the position and the work he has done.
- January 20, 2017
20 Jan'17
Carbanak gang using Google services for command and control
Researchers find the Carbanak gang has evolved its attacks on financial institutions to use Google services for command and control infrastructure in malware.
- January 20, 2017
20 Jan'17
Vulnerable Adobe extension downloads covertly to Chrome
News roundup: A flawed Adobe extension was secretly installed on 30 million Chrome browsers. Plus, the Mirai author has been identified; Google releases security details; and more.
- January 19, 2017
19 Jan'17
Windows 10 security tackles exploits, while Windows 7 gets a warning
As Microsoft touted its Windows 10 security features defeating unpatched zero-day vulnerabilities, it also warned customers about security issues with Windows 7.
- January 19, 2017
19 Jan'17
US-CERT reminds users that Windows SMB v1 needs to die
Experts say US-CERT is taking advantage of a potential -- but unverified -- vulnerability in Windows SMB v1 to remind enterprise users the outdated service should be disabled.
- January 17, 2017
17 Jan'17
Gmail phishing campaign uses real-time techniques to bypass 2FA
Researchers saw a Gmail phishing campaign in the wild using clever tricks to access accounts including a difficult 2FA bypass only possible in real time.
- January 13, 2017
13 Jan'17
Microsoft privacy tools give users control over data collection
New Microsoft privacy tools will give users control over the data collected on the web and within Windows. Experts hope the tools will offer data privacy transparency.
- January 13, 2017
13 Jan'17
St. Jude Medical finally patches vulnerable medical IoT devices
News roundup: St. Jude Medical patches vulnerable medical IoT devices after a five-month controversy. Plus, the Email Privacy Act is reintroduced; Juniper warns of a firewall flaw; and more.
- January 12, 2017
12 Jan'17
Google Cloud KMS simplifies the key management service, but lacks features
Experts are impressed with the simplicity of Google's Cloud KMS even if it doesn't separate itself from the key management service competition.
- January 12, 2017
12 Jan'17
Risk & Repeat: CES Cybersecurity Forum tackles passwords, IoT
In this episode of SearchSecurity's Risk & Repeat podcast, editors highlight the topics discussed at the CES Cybersecurity Forum, as well as new technologies showcased at the event.
- January 11, 2017
11 Jan'17
Insecure MongoDB configuration leads to boom in ransom attacks
Poor authentication in MongoDB configurations has led to a sharp increase in ransom attacks, and experts say tens of thousands of databases could be at risk.
- January 10, 2017
10 Jan'17
January Patch Tuesday sparse before Windows security updates change
Microsoft offers up a meager January 2017 Patch Tuesday release before bigger changes planned for Windows security update announcements, which are set to take effect in February.
- January 10, 2017
10 Jan'17
What are the potential pros and cons of a Cyber National Guard?
A congressman proposed adding a Cyber National Guard to the military to protect the U.S. from cyber adversaries. Expert Mike O. Villegas examines the potential drawbacks of this branch.
- January 09, 2017
09 Jan'17
Git repos hide secret keys, rooted out by Truffle Hog
Truffle Hog utility roots out and detects text blobs with enough entropy to be secret keys -- even those buried deep in old Git repositories -- to prevent exploits.
- January 09, 2017
09 Jan'17
In a post-Mirai world, the FTC wants more secure routers from D-Link
The Federal Trade Commission filed a lawsuit against D-Link, and experts said the move was likely to push more secure routers in the wake of the Mirai botnet attacks.
- January 06, 2017
06 Jan'17
FTC launches competition to improve IoT device security
News roundup: FTC starts a contest to create a better IoT device security tool. Plus, ransomware is now illegal in California; Google patches 29 critical Android flaws; and more.
- January 06, 2017
06 Jan'17
Doxware: New ransomware threat, or just extortionware rebranded?
The threat of ransomware continues to evolve, with a new spin on extortionware, called doxware, that's designed to target and potentially expose sensitive data of ransomware victims.
- January 04, 2017
04 Jan'17
SSL certificate validation flaw discovered in Kaspersky AV software
Google Project Zero discovers more antivirus vulnerabilities. This time, the issues are with how Kaspersky Lab handles SSL certificate validation and CA root certificates.
- January 03, 2017
03 Jan'17
Decades-old bug in the libpng open source graphics library patched
A low-severity vulnerability dating back to 1995 in libpng, the official reference library implementation for PNG, may have enabled remote DoS attacks.
- December 16, 2016
16 Dec'16
Vulnerable websites make up half of the internet's top sites
News roundup: A report finds nearly half the internet is filled with vulnerable websites. Plus, SWIFT confirms more hacks, Amit Yoran steps down from RSA and more.
- November 29, 2016
29 Nov'16
SF Municipal Railway restores systems after ransomware attack
The San Francisco Municipal Transportation Authority restored systems without paying following a ransomware attack that allowed free rides for travelers over the weekend.
- November 17, 2016
17 Nov'16
Chinese company caught preinstalling Android spyware on budget devices
A Chinese company was found to be preinstalling Android spyware on budget smartphones and collecting phone call and messaging data without consent.
- August 29, 2016
29 Aug'16
Pegasus iOS exploit uses three zero days to attack high-value targets
A new remote iOS exploit called Pegasus leverages three zero days in what appear to be state-sponsored targeted attack campaigns against political dissidents.
- June 27, 2016
27 Jun'16
Intel reportedly considering selling its security business
New reports suggest Intel may be looking into selling off its security business, and experts are unclear whether it means Intel's McAfee acquisition has gone sour.
- June 17, 2016
17 Jun'16
FBI facial recognition systems draw criticism over privacy, accuracy
GAO report blasts FBI facial recognition programs over privacy and accuracy concerns; FBI systems offer access to over 411 million photos from federal and state sources.
- June 15, 2016
15 Jun'16
Ransomware worm raises concerns for enterprise security
In this Risk & Repeat podcast, SearchSecurity editors break down the discovery of the ZCryptor ransomware worm and what it means for future ransomware threats.
- June 13, 2016
13 Jun'16
Symantec acquisition of Blue Coat shakes up security industry
Symantec agreed to acquire Blue Coat Systems for $4.65 billion, with Blue Coat CEO Greg Clark taking over as new CEO of the combined company.
- May 26, 2016
26 May'16
Retiring obsolete SHA-1 and RC4 cryptographic algorithms, SSLv3 protocol
Microsoft speeds deprecation of SHA-1, Google dropping support for RC4, SSLv3, as web software publishers approach end of life for obsolete cryptographic algorithms and protocols.
- May 06, 2016
06 May'16
Commercial code riddled with open source vulnerabilities
Roundup: Customers, vendors both unaware of unpatched open source vulnerabilities in commercial software. Plus OpenSSL patches, warrantless wiretaps and more.
- March 18, 2016
18 Mar'16
Apple court filing challenges iPhone backdoor as rhetoric heats up
The rhetoric about the iPhone backdoor from Apple and the FBI has gotten more intense as Apple challenged the FBI in court by calling its motion unconstitutional.
- March 02, 2016
02 Mar'16
Bruce Schneier on IBM grabbing him up with Resilient Systems
Bruce Schneier chats with SearchSecurity during lunch at RSAC about IBM's plans to acquire Resilient Systems to complete their security offering.
- January 29, 2016
29 Jan'16
OpenSSL patch fixes encryption flaw and strengthens Logjam defense
A new OpenSSL patch fixes a severe encryption flaw and strengthens the protocol against the Logjam vulnerability.
- January 28, 2016
28 Jan'16
Oracle closing an attack vector by deprecating the Java browser plug-in
Oracle announced plans to deprecate the Java browser plug-in, a noted attack vector, though the choice was not entirely its own.
- December 15, 2015
15 Dec'15
Old Microsoft Kerberos vulnerability gets new spotlight
A new blog post detailed authentication vulnerabilities in Microsoft Kerberos that cannot be patched and could lead to attackers having free rein over systems.
- December 01, 2015
01 Dec'15
Amex credit card hack predicts replacement card number
Samy Kamkar found a weakness in the algorithm American Express uses to generate replacement card information and created a credit card hack as a proof-of-concept.
- November 20, 2015
20 Nov'15
Safe Harbor framework update in danger of capsizing
News roundup: Rights groups join critics of Safe Harbor framework update, OPM breach testimony pushback, FBI hiring part of cybersecurity issue for Justice Department. Plus: recycled malware, Microsoft's security push.
- July 16, 2015
16 Jul'15
Flash Player security failures turn up the hate
There have been calls for the death of the Adobe Flash Player for years either due to performance issues or the threat of exploit. But with a recent rash of zero-day vulnerabilities, those calls are getting louder.
- July 10, 2015
10 Jul'15
Homeland Security chief calls for federal breach reporting law
The Homeland Security head wants federal laws requiring data breach reporting and information sharing, but one expert warns that government officials need better understanding of infosec technology before creating such laws.
- June 11, 2015
11 Jun'15
Duqu malware makes a comeback and infiltrates Kaspersky systems
The first strain of Duqu malware was found in late 2011. Now three and a half years later, Duqu 2.0 has emerged and is exploiting as many as three zero-day vulnerabilities in a new attack campaign.
- May 22, 2015
22 May'15
Government backdoor security concerns prompt letter to president
As privacy and security concerns rise, President Obama is urged to dismiss the call for government backdoors.
- May 20, 2015
20 May'15
Google changes Chrome extension policy amid security concerns
Google's new Chrome extension policy mandates that all users and developers must install web browser extensions from the Chrome Web Store.
- May 07, 2015
07 May'15
Malware detection tool tackles medical device security
WattsUpDoc, an embedded system security tool used to detect malware in medical devices, is now in beta testing at two major U.S. hospitals.
- April 29, 2015
29 Apr'15
RSA Conference 2015 recap: Record attendance, record stakes
This year's RSA Conference once again broke the previous year's attendance record. Is the show getting too big for San Francisco? Plus key takeaways and final words from our executive editor.
- April 28, 2015
28 Apr'15
Comparing the top SSL VPN products
Expert Karen Scarfone examines the top SSL VPN products available today to help enterprises determine which option is the best fit for them.
- April 24, 2015
24 Apr'15
NIST wants help building the one ID proofing system to rule them all
The U.S. government wants to solve the weaknesses in online ID proofing systems, but it needs the help of enterprise and security professionals in order to overcome privacy concerns and other issues.
- April 02, 2015
02 Apr'15
Obama threatens foreign cyber attackers with sanctions
US president Barack Obama has signed an executive order establishing a framework for the US to impose sanctions on foreign cyber attackers
- March 17, 2015
17 Mar'15
Yahoo’s attempt to kill off passwords raises security concerns
Yahoo’s attempt to kill off passwords by introducing an on-demand one-time passcode option for its email services has raised security concerns
- March 17, 2015
17 Mar'15
Microsoft warns of fake SSL certificate for Windows Live
Microsoft has warned that a fake security certificate has been issued for the Windows Live domain that could be abused by attackers
- March 09, 2015
09 Mar'15
Group claiming links to Isis hacks small business websites
The FBI is investigating the hacking of a number of SME websites in the US and Europe by people claiming affiliation with Islamic State
- March 05, 2015
05 Mar'15
China and US cross swords over software backdoors
Barack Obama criticises Chinese plans to force tech firms trading in China to share encryption keys and put backdoors in software
- March 03, 2015
03 Mar'15
Amid Apple Pay fraud, banks scramble to fix Yellow Path process
Banks are rushing to fix sloppy authentication processes at the heart of rising Apple Pay fraud. Experts also worry about potential fraud with other mobile payment systems.
- March 02, 2015
02 Mar'15
Q&A: Marcus Ranum chats with AT&T's CSO Ed Amoroso
There's no shortage of new security technology, but enterprise integration is still a major hang-up, says AT&T's chief of security.
- March 02, 2015
02 Mar'15
US retailer Natural Grocers investigates data breach
Natural Grocers is the latest US retailer to announce it is investigating a possible data breach involving customer payment cards
- February 25, 2015
25 Feb'15
3G and 4G phones not affected by NSA and GCHQ hack, says Gemalto
The world’s largest maker of Sim cards, Gemalto, says it has “reasonable grounds” to believe it was hacked by UK and US spy agencies in 2010 and 2011
- February 24, 2015
24 Feb'15
Business disruption cyber attacks set to spur defence plans, says Gartner
By 2018, 40% of organisations will have plans to address cyber-security business disruption attacks, up from 0% in 2015, says Gartner
- February 23, 2015
23 Feb'15
Lenovo faces lawsuit for pre-installing Superfish adware
A class action lawsuit has been filed against Lenovo after it was found to have pre-installed adware vulnerable to cyber attacks
- February 20, 2015
20 Feb'15
Gemalto denies knowledge of GCHQ and NSA Sim card hack
Gemalto says it cannot verify a report that it was hacked by the NSA and GCHQ to steal encryption keys
- February 17, 2015
17 Feb'15
International spyware operation linked to NSA
The US National Security Agency has reportedly hidden surveillance software in the hard drives of several top computer makers
- February 09, 2015
09 Feb'15
Security professionals warn against relying on cyber insurance
Security professionals have warned businesses not to rely on cyber insurance in the face of increased cyber attacks.
- February 04, 2015
04 Feb'15
Sony says cyber attack will cost $15m
Sony expects the investigation and remediation costs of the November 2014 cyber attack on its movie subsidiary will amount to $15m
- January 22, 2015
22 Jan'15
Report: Popularity of biometric authentication set to spike
Juniper Research claims that the popularity of biometric authentication will rise dramatically in the next five years, incorporating innovative technology beyond today's fingerprint sensors and voice authentication systems.
- September 02, 2014
02 Sep'14
Apple and FBI launch iCloud hack investigation
Apple and FBI investigate the breach of Apple’s iCloud causing fresh business concerns over cloud security
- August 07, 2014
07 Aug'14
Black Hat 2014: Researcher reveals Amazon cloud security weaknesses
At Black Hat 2014, a researcher showed how AWS cloud security flaws and misconfigurations can have devastating consequences for AWS customers that don't take security seriously.
- August 06, 2014
06 Aug'14
Russian hackers steal over a billion usernames and passwords
A group of Russian cyber criminals have attacked 500 million email addresses and gained 1.2 billion usernames and passwords.
- April 10, 2014
10 Apr'14
NSA TAO: What Tailored Access Operations unit means for enterprises
The NSA's top-secret Tailored Access Operations offensive hacking unit offers enterprise defense strategy lessons. Expert Nick Lewis discusses.
- February 05, 2014
05 Feb'14
Amid Microsoft MD5 deprecation, experts warn against SHA-1 algorithm
With Microsoft's MD5 deprecation set for next week, experts say companies must be careful to avoid other weak protocols, like SHA-1.
- January 03, 2014
03 Jan'14
FireEye buys Mandiant in $1 billion deal
In acquiring the incident response firm, FireEye will combine Mandiant's endpoint defense product with its network-based detection technology.
- December 02, 2013
02 Dec'13
Return on security investment: The risky business of probability
You are better off with real numbers when it comes to measuring probability and the elements of security risk, even if they are wrong.
- September 20, 2013
20 Sep'13
HP introduces 'self-healing' BIOS protection with SureStart
HP's new SureStart feature detects and 'heals' corrupted BIOS code.
- June 19, 2013
19 Jun'13
RSA Silver Tail improves online fraud detection, enterprise security
Fraud prevention for the Web: RSA Silver Tail sets stage for enterprise-level security with big data and brand new interface.
- January 17, 2013
17 Jan'13
Thirteen principles to ensure enterprise system security
Designing sound enterprise system security is possible by following Gary McGraw's 13 principles, many of which have held true for decades.
- December 07, 2012
07 Dec'12
Twelve common software security activities to lift your program
Software security expert Gary McGraw explains the processes commonly found in highly successful software security programs.
- November 01, 2012
01 Nov'12
Protecting Intellectual Property: Best Practices
Organizations need to implement best practices to protect their trade secrets from both internal and external threats.
- September 04, 2012
04 Sep'12
Data supports need for security awareness training despite naysayers
Claims that security awareness training doesn't work are unsubstantiated, explain software security experts Gary McGraw and Sammy Migues.
- July 11, 2012
11 Jul'12
AWS outage doesn't discourage Netflix
Netflix says it remains bullish on the cloud despite major Amazon outage.
- June 28, 2012
28 Jun'12
Operation High Roller: Online bank fraud
McAfee and Guardian Analytics released the findings of an investigation into a global online bank fraud ring that takes the old techniques up a notch.
- June 28, 2012
28 Jun'12
Putting the mobile botnet threat in perspective
While lucrative mobile botnets do exist, Industry experts provide a perspective on seems to be a relatively small mobile botnet threat.
- June 21, 2012
21 Jun'12
Review your security contingency plan during the Games
U.K. companies are preparing to manage their security during the Olympics. Would your security contingency plan hold up to such a disruptive event?
- June 01, 2012
01 Jun'12
Stuxnet details should prompt call to action, not words
Security experts have warned of potential problems with military cyberstrikes. Cyberwarfare is difficult to plan and could put civilians at risk.
- May 24, 2012
24 May'12
Technology raises visibility of partner networks
Lookingglass shines a light on the security posture of an enterprise’s partners, clients and third-party providers.
- May 24, 2012
24 May'12
A bold view on prioritizing computer security laws
The number of computer security laws in the U.S. can be daunting. One bold lawyer suggests a way to prioritize the laws and avoid most legal battles.
- May 17, 2012
17 May'12
Maybe security is recession proof; VCs investing again
Venture capital firms are funding security technologies after a quiet period. The investments are a silver lining in a still bleak overall outlook.
- April 27, 2012
27 Apr'12
CISPA threat intelligence bill passes House
The Cyber Intelligence Sharing and Protection Act (CISPA), clears security vendors of any liability for sharing customer attack data with federal officials.