Security Management Strategies for the CIO-
26 Jul 2013 Feds catch hackers behind worldwide data breaches
Feds indict, unmask hackers behind largest known data breach conspiracy targeting worldwide financial institutes, payment processors and retailers.
-
24 Jul 2013 Podcast: Gartner VP details enterprise cyberthreats
Gartner VP Richard Hunter reviews the enterprise cyberthreat landscape and explains why automated attacks will only make a bad situation worse.
RSA warns about 'KINS' banking Trojan
RSA is warning that a new banking Trojan, 'KINS,' with architectural similarities to previous Trojans, may start hitting PCs soon.
-
22 Jul 2013 Malwarebytes: Maneuver around 'FBI ransomware' on Macs
Jerome Segura of Malwarebytes explains how to get around 'FBI ransomware' computer locking.
Turkish researcher claims responsibility for Apple dev site hack
Turkish researcher Ibrahim Balic says he found multiple vulnerabilities at Apple's developer website, but did not intend to bring the site down.
-
19 Jul 2013 Bit9 report blasts Java security vulnerabilities as 'severe'
A study by Bit9 explains just how bad the Java problem really is: The most popular version has 96 severe vulnerabilities.
-
16 Jul 2013 Opinion: Still work to do on the CISO role
Former CIGNA CISO Craig Shumard says the chief information security officer role within many organizations is now under attack.
-
15 Jul 2013 Podcast: Gartner VP assesses corporate IAM landscape (SearchSecurity)
Gartner VP Gregg Kreizman discusses how evolving corporate identity standards and mobility are affecting IT security.
-
12 Jul 2013 2013 Black Hat conference: Feds welcome!
Despite DefCon founder's blog telling Feds to stay home, Black Hat says they're 'welcome' at the show.
FortiGuard Labs: Advanced persistent threats are escalating
Advanced persistent threats are on the rise, according to a report by FortiGuard Labs.
-
09 Jul 2013 Aveksa acquisition expands RSA's intelligence-driven security strategy
Aveksa acquisition should help RSA compete in burgeoning identity management market.
Damballa: Security vendor partnerships of growing importance
Damballa executives say partnerships among security point product vendors are increasingly important, and will ultimately benefit enterprises.
July 2013 Patch Tuesday: Critical fixes, but in a lazy summer sort of way
July's Patch Tuesday found Microsoft rolling out seven patches, six of which are rated as critical.
Security researcher finds vulnerabilities in emergency alert system
Seattle-based application security company IOActive has uncovered significant vulnerabilities in Digital Alert Systems' DASDEC.
-
08 Jul 2013 California data breach report: 2.5M residents at risk of identity theft
In 2012, data breaches in California put 2.5 million residents at risk of identity theft.
-
19 Jun 2013 RSA Silver Tail improves online fraud detection, enterprise security
Fraud prevention for the Web: RSA Silver Tail sets stage for enterprise-level security with big data and brand new interface.
-
18 Jun 2013 Users may remain vulnerable despite Oracle Java patch release
Oracle has issued a new security patch for Java, but only 7% deployed the patch before it.
-
14 Jun 2013 Gartner: Negotiate cloud contracts with detailed security, control (SearchCloudSecurity.com)
When negotiating with cloud providers, enterprises must demand cloud contracts with specific security and control provisions, Gartner analysts say.
-
13 Jun 2013 Enterprise BYOD offers mixed bag for enterprise endpoint security
A Gartner analyst says enterprise BYOD -- specifically iOS and Android devices -- presents many pros and cons for enterprise endpoint security.
-
12 Jun 2013 CEO: Symantec strategy to emphasize endpoint security, partnerships
Symantec CEO Steve Bennett says future product strategy will align with the 'Symantec 4.0' blueprint, pushing core features and vendor partnerships.
-
11 Jun 2013 Harsher penalties for HIPAA violations altering compliance efforts
More frequent audits and larger penalties for violating HIPAA are motivating enterprises to tame HIPAA compliance challenges, Gartner analysts say.
Mullen: Cybersecurity threats demand leadership from Capitol Hill
Adm. Mike Mullen criticized U.S. politicians for a lack of leadership on vital cybersecurity issues and called the NSA PRISM leak a 'huge breach.'
Office, 32-bit Windows fixes included in Patch Tuesday update (SearchWindowsServer.com)
Microsoft offered five bulletins in June's Patch Tuesday updates, with 19-vulnerability critical Internet Explorer patch and Windows Server 2008 fixes.
-
05 Jun 2013 Ponemon data breach study finds costs up, notification major driver
The latest Ponemon study on data breaches found that the cost per lost record in an average breach incident increased modestly, from $130 to $136.
-
31 May 2013 HIPAA Omnibus Rule, PPACA challenge enterprise compliance management
Compliance practitioners say new mandates like the HIPAA Omnibus Rule and Obamacare are making enterprise compliance management even harder.
Report finds security tools add software vulnerabilities of their own
A report by iViZ Security Inc. found that overall vulnerabilities in security products in 2012 rose sharply.
-
30 May 2013 Case Study: US supermarket chain solves security challenge virtually (ComputerWeekly.com)
A US supermarket chain has implemented an endpoint security system to secure legacy applications and to save additional development
-
24 May 2013 Case study: CDI launches aviation company DLP program on short runway
Technology services company CDI-Aerospace used a Verdasys DLP solution to manage third-party risk for a major aviation client.
-
21 May 2013 Sourcefire updates malware detection, malware analysis capabilities
New features for detecting and analyzing malware in Sourcefire's FireAMP and FirePOWER products supplement flagging signature-based antimalware.
-
15 May 2013 DDoS attack trends highlight increasing sophistication, larger size
Though the Spamhaus DDoS attack showed the potential devastation of increasing bandwidth, DDoS attack trends show DDoS type to be just as important.
May 2013 Patch Tuesday fixes IE8 zero day; Adobe tightens ColdFusion
The software giant's May 2013 Patch Tuesday update permanently fixes the IE8 zero-day flaw found in the Dept. of Labor website attack.
-
10 May 2013 Eight hackers charged with $45m cyber fraud (ComputerWeekly.com)
US federal authorities have charged eight hackers in connection with a $45m debit card fraud scheme
-
09 May 2013 Department of Labor website hack highlights advanced attack trends
The IE8 zero-day attack planted in the U.S. Labor Department's website highlights how few organizations can ward off never-before-seen attacks.
Microsoft offers 'fix' for latest Internet Explorer zero day
Microsoft released a temporary fix to mitigate attacks using the most recent Internet Explorer 8 zero day vulnerability.
-
06 May 2013 After lull, PLA 'Comment Crew' hasn't changed cyber-espionage tactics
The Chinese government's alleged cyber-espionage arm remains active after a quiet period, using the same tactics revealed in Mandiant's APT1 report.
McAfee in agreement to acquire next-gen firewall maker Stonesoft
McAfee has announced an agreement to acquire next-gen firewall maker Stonesoft for $389 million.
-
03 May 2013 BlackBerry 10 and Samsung Knox approved by US military (ComputerWeekly.com)
The US Department of Defense (DoD) has approved BlackBerry and Samsung mobile devices for use on its networks
-
02 May 2013 Website vulnerabilities down, but progress still needed, survey finds
A survey released by WhiteHat Security finds that website vulnerabilities have decreased steadily in recent years, though problems persist.
-
30 Apr 2013 Hackers open malware backdoor in Apache webservers (ComputerWeekly.com)
A new threat is targeting Apache webservers, which are among the most widely-used webservers in the world, according to security researchers
McAfee jumps into IAM with one-time password, cloud SSO products
McAfee introduces two new identity and access management (IAM) products.
-
26 Apr 2013 (ISC)2, CSA partner on new cloud security certification (SearchCloudSecurity.com)
The yet-unnamed certification will seek to validate skills of cloud security pros, but it's unclear how it may complement or overlap with existing certs.
-
25 Apr 2013 Over 100k serial devices online and unsecured, says HD Moore
Security researcher HD Moore says 114,000 serial devices exposed to the Internet are highly hackable.
-
24 Apr 2013 Opinion: DBIR, other reports paint tricky picture
Verizon's annual breach report highlights a spate of new security research reports. However, overall conclusions from these are hard to come by.
Trusteer warns of new man-in-the-browser Twitter attack
The attack seeks to compromise a Twitter webpage via a man-in-the-browser attack. Trusteer warns it could be a harbinger of broader future attacks.
-
23 Apr 2013 2013 Verizon DBIR: Authentication attacks affect all organizations
The 2013 Verizon data breach report details how authentication attacks affect organizations of all sizes, blaming single-factor passwords.
-
22 Apr 2013 Verizon DBIR 2013: Damage caused by simple attacks, slow detection
Verizon's 2013 breach report shows most breaches are caused by a select few attack types, and the majority of breaches aren't detected for months.
Verizon data breach report 2013: Data shows need for risk awareness
Verizon's annual breach report indicates outsiders still cause most breaches, and despite no one-size-fits-all defense, better risk awareness can help.
-
18 Apr 2013 Symantec 2013 Threat Report highlights rise in SMB attacks
Big Yellow's annual report indicates a threefold rise in targeted attacks against SMBs as attackers search beyond big firms for susceptible targets.
-
17 Apr 2013 Gartner forecasts rising interest in cloud-based security services (SearchCloudSecurity.com)
Gartner forecasts that security services in the cloud will soon account for 10% of the enterprise IT security market, largely driven by compliance.
-
16 Apr 2013 Emerging antiphishing tools use testing, training to educate users
Emerging enterprise antiphishing tools use testing, training to help users recognize bogus messages, addressing a long-standing defensive pain point.
SSH keys audited automatically by free tool
SSH Communications Security will offer a free tool for auditing SSH key use within large organizations at next week's Infosecurity Europe conference.
-
12 Apr 2013 April Patch Tuesday security update could cause system errors
Microsoft has pulled a faulty security update in MS13-036, part of its April 2013 Patch Tuesday release. Those who had installed it should remove it.
-
11 Apr 2013 With Windows XP security updates ending, enterprises must plan ahead
With Windows XP security updates ending in 2014, organizations still running the venerable Microsoft OS should start making transition plans.
-
10 Apr 2013 Veracode report highlights key problems in mobile app security
Security testing vendor Veracode has released a report showing that mobile apps aren't getting their cryptography right.
-
09 Apr 2013 For CISOs, California Right to Know Act would raise privacy emphasis
The proposed California Right to Know Act may compel CISOs to develop additional privacy policies or create new privacy officer roles.
-
04 Apr 2013 Malware hits businesses 20 to 60 times an hour, say researchers (ComputerWeekly.com)
Advanced cyber attacks hit businesses 20 times an hour on average, say researchers at security firm FireEye
Two 'critical' bulletins planned for April 2013 Patch Tuesday
Microsoft plans to issue nine bulletins for its April 2013 Patch Tuesday release, including two "critical" fixes for Internet Explorer and Windows iterations.
-
02 Apr 2013 Cyberbunker’s Sven Kamphuis denies unleashing DDoS attacks on Spamhaus (ComputerWeekly.com)
The internet activist accused of being behind one of the biggest distributed denial-of-service (DDoS) attacks to date claims he is the victim of an establishment conspiracy.
-
28 Mar 2013 Activists unleash biggest DDoS cyber attack to date (ComputerWeekly.com)
Activists unleash a distributed denial-of-service (DDoS) attack in support of a web hosting firm, Cyberbunker, blacklisted by an anti-spam website
-
27 Mar 2013 Panel: Cyber-intelligence alone can't stop enterprise security threats
Panelists at the SANS Cyber Threat Intelligence Summit lament the challenges of using cyber-intelligence to thwart enterprise security threats.
-
22 Mar 2013 'Internet underground' fight demands better cybersecurity intelligence
Former U.S. national security advisor Greg Rattray believes better cybersecurity intelligence is needed to combat a growing "Internet underground."
-
21 Mar 2013 Huawei security issues are result of 'rumors,' says Huawei executive
Huawei security issues threating national security are 'rumors' lacking supporting evidence, a Huawei France executive tells LeMagIT.
-
20 Mar 2013 Certain Cisco IOS, IOS XE devices susceptible to brute-force attacks
Cisco has issued a security advisory after Hashcat researchers disclosed a password flaw in IOS and IOS XE devices that enable brute-force attacks.
Research highlights speed, frequency of ICS security attacks
A new Trend Micro study using honeypots for research highlights an alarming number and variety of attempted ICS security breaches.
-
19 Mar 2013 McGraw: Don't 'hack back'; instead, build security in
Hacking back isn't the way to win the cyberwar. Gary McGraw says building software and systems with fewer vulnerabilities is stronger protection.
Opinion: CERT in Yemeni would be pathway to opportunity
Providing order and security for the Internet in Yemen, where half of the population is under 18, could provide opportunity in a faltering nation.
-
14 Mar 2013 DoD security panel calls for new cyber-defense, offense
A Pentagon advisory panel suggests both beefed-up U.S. cyber-defenses and a proactive plan for offense.
Secunia: More focus needed on third-party application security
Secunia highlights the growing need for better third-party application security, plus Microsoft's security improvements, and the growing cost of zero-days.
-
13 Mar 2013 March 2013 Patch Tuesday brings Internet Explorer 8, 'evil maid' fixes (SearchWindowsServer.com)
March's Patch Tuesday updates contain fixes for Internet Explorer 8 and a USB drive exploit. Plus, the company released non-security updates.
-
05 Mar 2013 RSA 2013: Experts struggle to define offensive security, hacking back
Is offensive security or 'hacking back' a viable cyberdefense tactic? RSA Conference 2013 experts struggled to define the terms, never mind the role they play.
RSA 2013: FBI offers lessons learned on insider threat detection
At RSA Conference 2013, experts from the FBI said insider threat detection hinges not on technology, but on a multifaceted 'people-centric' approach.
-
04 Mar 2013 Emerging threats include kinetic attack, offensive forensics: RSA 2013
At RSA 2013, experts Ed Skoudis and Johannes Ullrich explained how the SANS CyberCity supports offensive forensics and helps prevent kinetic attacks.
RSA 2013 crowd awed by live 'sinkholing' in P2P botnet takeover
Tillmann Werner of CrowdStrike wowed onlookers with a live 'sinkholing' demonstration, taking down the Kelihos P2P botnet.
-
28 Feb 2013 RSA 2013: China not the only cyber espionage country, says Mandiant (ComputerWeekly.com)
China is not the only country carrying out large-scale cyber espionage, says US cyber security firm Mandiant.
RSA 2013: More from Coviello on big data analytics in the security industry
RSA's Art Coviello explains why the shortcomings of current mainstream security products are part of what's driving enterprise interest in big data.
-
27 Feb 2013 Big data 2.0: CISOs push need to identify attack campaigns
CISOs at RSA Conference 2013 say identifying attack campaigns means taking security big data to the next level. The hard part? Finding data analysts.
RSA 2013: Charney optimistic about the future of information security
In his RSA Conference 2013 keynote, Microsoft's Scott Charney struck an optimistic note when talking about the future of information security.
Spear phishing, manpower drive Chinese APTs, says researcher at RSA 2013
Chinese cyberattacks rely on spear phishing and overwhelming numbers, not sophisticated attack methods, says a researcher at RSA Conference 2013.
Vendors showcase MAM products that ease BYOD challenges at RSA 2013
RSA exhibitors offered a range of mobile application management solutions, intended to ease the challenges of monitoring BYOD environments.
-
26 Feb 2013 B-Sides: Akamai's Corman calls for new information security focus
At Security B-Sides 2013, Joshua Corman railed against PCI DSS and vendor profit measures, calling for a renewed information security focus on what really matters.
Coviello pitches 'transformational' information security strategy
In a talk critical of cyberattack finger-pointing, Art Coviello stressed the need for infosec strategy to emphasize big data, interconnectivity.
Security B-Sides presenter questions value of penetration testing
At Security B-Sides San Francisco, Brett Hardin asked why organizations hire penetration testers and assessed the value of penetration testing.
-
25 Feb 2013 DHS cybersecurity boss pushes 'cyber 911', new voluntary standards
At the CSA Summit 2013, Mark Weatherford said the DHS 'cyber 911' service will better support the private sector, and new voluntary standards are in the works.
Kaminsky: Fostering improved security culture demands societal change
At B-Sides San Francisco, Dan Kaminsky discussed how society inhibits its own security culture, and the need to look beyond status-quo technology.
-
18 Feb 2013 Enterprise app security tops list for enterprise mobile deployments
Enterprises have yet to roll out mobile versions of most of their applications, a recent survey says. One key factor moving forward is security.
-
13 Feb 2013 Microsoft patches vulnerabilities in Internet Explorer, Exchange (SearchWindowsServer.com)
In a busy February Patch Tuesday, Microsoft fixed another critical Oracle vulnerability in Exchange. Plus, Internet Explorer received fixes.
Obama's cybersecurity executive order issued for critical infrastructure
President Obama issued an executive order aimed at fostering public-private information sharing among critical infrastructure sectors.
-
08 Feb 2013 TLS security: Background on the 'Lucky Thirteen' attack
Professor Kenneth Paterson and graduate student Nadhem AlFardan have discovered a TLS attack that tracks the timing of error messages to reveal plaintext.
-
06 Feb 2013 The body count is new, but UPnP security issues are embarrassingly old
HD Moore unveiled research showing wide-scale UPnP security issues last week, but some of the problems have been known for years.
-
04 Feb 2013 Oracle issues out-of-band patch to repair 50 Java vulnerabilities
Oracle has issued an update to Java two weeks ahead of the normal schedule.
-
30 Jan 2013 Critical infrastructure security: Electric industry shows the path
Expert Brian Zimmet believes the electric industry is the one to watch for a look at the future of critical infrastructure security regulations.
-
29 Jan 2013 Lacking privacy laws aid growing CISO role in data privacy management
More CISOs may be taking on data privacy management. Fortunately, old, outdated privacy laws may lend them a helping hand.
-
News
-
Latest Headlines
-
Featured
-
Information Security Magazine
The information security pro’s resource for keeping corporate data, applications and devices secure
Download Now!
-
-
-
Premium
Editorial-
E-Books
-
E-Zines
-
E-Handbooks
-
- Multimedia
-
Security
Topics-
Topics
- Enterprise Data Protection
- Application and Platform Security
- Enterprise Identity and Access Management
- Government IT Security Management
- Information Security Threats
- Information Security Careers, Training and Certifications
- Security Audit, Compliance and Standards
- Security for the Channel
- Enterprise Network Security
- Information Security Management
-
Hot Topics
-
-
Tutorials
-
Advice & Tutorials
-
Technology Dictionary
-
-
Expert
Advice-
Tips
-
Answers
-
Ask a Question
-
-
White
Papers-
Research Library
-
Product Demos
-
Resource Centers
-
- Blogs
-
Certification
Central