News roundup: Endpoint antimalware has been long considered ineffective, yet a recent IDC report projects endpoint security growth. What gives? Plus: AWS Zocalo, new gTLDs, QR code authentication and...
The new information supplement offers advice on how to address obstacles in maintaining year-round PCI compliance, even though PCI experts say the challenge is only getting harder.
Despite SIEM technology improvements, Gartner says many organizations still dive into SIEM deployments without adequate planning, often resulting in disaster.
In an advisory Friday, the U.S. government estimated that the Backoff point-of-sale malware campaign has struck over 1,000 businesses to date.
News roundup: Heartbleed vulnerabilities, point-of-sale malware and phishing scams are nothing new, yet numerous companies continue to fall victim to them. Shouldn't the lesson be learned by now?...
The difficulty of detecting Heartbleed exploits means that the Community Health breach is unlikely to be the last incident linked to the OpenSSL flaw.
A vendor report found that while mobile malware may receive more attention, unrestrained mobile app data collection actually poses a greater risk to consumers and data security.
An infosec consultancy has claimed that a Heartbleed exploit was used by attackers to gain access as part of the Community Health data breach.
The Community Health data breach exposed the personal data of 4.5 million patients of the healthcare entity, opening up potential regulatory issues.
Silverlight security issues will demand more attention as attackers increasingly target the plug-in, leaving users vulnerable to various exploits.
News roundup: Pro golfer Rory McIlroy inadvertently revealed his passcode on live TV, highlighting how easy it is to inadvertently reveal sensitive information. Plus: BlackBerry and Google issue...
If nothing else, this year's Black Hat showed that Internet of Things security issues are going to demand increased attention in the near future.
Crypto failures enable attackers to bypass mobile application management products, according to a researcher, leaving sensitive mobile data unprotected and casting doubts on MAM's value.
13 Aug 2014 Amazon Workspaces gets MFA security update (SearchCloudSecurity.com)
Amazon Web Services has added multifactor authentication to its WorkSpaces cloud desktop service, the first step in a larger effort to bolster AWS security.
Beyond the usual slew of IE security patches, Microsoft's August 2014 Patch Tuesday made a couple of moves to improve the security of its browser.
11 Aug 2014 Black Hat 2014 session debuts BadUSB
Do USB drives pose a major threat to enterprise security? Experts at a recent A Black Hat 2014 session have unveiled a new threat -- dubbed BadUSB -- that could infiltrate your network using common...
A new site gives remaining victims of the CryptoLocker ransomware the private keys needed to decrypt and recover locked files.
A Black Hat 2014 panel featuring computer crime legal specialists Marcia Hofmann and Kevin Bankston found much for researchers to fear regarding vague cybercrime laws.
News roundup: When a breach occurs, it's common practice to share the information with victims -- both the users and the companies involved. However, Hold Security's billion-password hack disclosure...
At Black Hat 2014, Yahoo CISO Alex Stamos decried enterprise security companies' inability to handle scale and system diversity, and called on vendors to seize the opportunity for innovation.
07 Aug 2014 Black Hat 2014: Researcher reveals Amazon cloud security weaknesses (SearchCloudSecurity.com)
At Black Hat 2014, a researcher showed how AWS cloud security flaws and misconfigurations can have devastating consequences for AWS customers that don't take security seriously.
At Black Hat, David Litchfield skewered Oracle and its approach to security while detailing several flaws in a new Oracle database security feature.
The PCI Security Standards Council's new information supplement helps enterprises implement a security assurance program to ensure their third-party service providers meet PCI DSS requirements.
EMET 5.0, the latest version of Microsoft's zero-day prevention tool, includes several new features, most notably improved ways to block plug-ins like Flash and Java.
Russian hackers steal over a billion usernames and passwords (ComputerWeekly.com)
A group of Russian cyber criminals have attacked 500 million email addresses and gained 1.2 billion usernames and passwords.
Russian hackers steal over a billion usernames and passwords (ComputerWeekly.com)
A group of Russian cyber criminals have attacked 500 million email addresses and gained 1.2 billion usernames and passwords
The file-less 'Poweliks' malware incorporates a unique combination of antivirus evasion techniques involving the Windows registry to remain undetected on victims' machines.
News roundup: The 'Fake ID' flaw on Android devices allows malicious apps to impersonate trusted ones, putting confidential data at risk and reigniting BYOD security concerns.
Q&A: Risky app behaviors pose mobile security threats (SearchConsumerization.com)
Mobile security threats come from unlikely places. In this three-question Q&A, MobileIron's security expert offers simple ways IT admin can provide end users the freedom to work securely from their...
The U.S. government has divulged details on the 'Backoff' point-of-sale malware campaign, which purportedly targets remote access software for entry.
A vendor's Heartbleed scan shows that a majority of Global 2000 organizations may still be vulnerable despite patching the OpenSSL flaw.
Corporate boards have increased their awareness of security issues, but experts say they still lack information security principles.
Preview: At Black Hat USA, Point-of-Sale expert Nir Valtman will demonstrate new attacks designed to break point-of-sale security.
News roundup: The revelation of potential iOS backdoors -- and Apple's perceived acknowledgement of them -- has sparked debate over the definition of a backdoor and raised concerns over iOS security.
24 Jul 2014 Applying more military doctrine to network security: Terrain analysis (SearchNetworking.com)
Lancope security research director Tom Cross says network security teams have a lot more to learn from military doctrine beyond the kill chain concept. Find out more about terrain analysis and...
Preview: At Black Hat USA, experts will detail the steps taken by the security community and law enforcement to put down the infamous CryptoLocker ransomware.
Six cyber criminals charged in $1m Stubhub fraud (ComputerWeekly.com)
The US has charged six members of an international cyber crime gang that defrauded Stubhub of $1m
While BlackBerry's CEO touts the mobile platform's security features, experts question whether the advantage over iOS and Android still exists.
Hailed by card brands as the cure to payment card fraud, Chip and PIN security technology will take years to deploy and has already proven vulnerable.
18 Jul 2014 Apple expands 2FA feature to boost security (ComputerWeekly.com)
Apple has expanded two-factor authentication for all its services to 48 more countries, bringing the total to 59
CSA releases new Cloud Controls Matrix and CAIQ standards (SearchCloudSecurity.com)
The Cloud Security Alliance has updated its Cloud Controls Matrix (CCM) and Consensus Assessments Questionnaire (CAIQ) to help enterprises standardize cloud provider security assessments.
With another round of patches for several serious Java flaws, Oracle's quarterly CPU showed that Java security problems are not receding.
New Ponemon Institute data shows enterprise executives rarely if ever talk with their security teams, and that threat modeling may be underused.
16 Jul 2014 New data law a serious expansion of surveillance, say law experts (ComputerWeekly.com)
The emergency surveillance legislation being rushed through parliament could be in breach of European law, 15 technology law experts have warned
Total internet failure: are you prepared? (ComputerWeekly.com)
A total internet failure could stop any business in its tracks, yet few are preparing for this possibility, KPMG has warned
15 Jul 2014 Old AWS API key led to search provider's cloud security breach (SearchCloudSecurity.com)
Exclusive: The co-founder of One More Cloud explains how an old AWS API key was used to take down the company's services, and the hard lessons learned.
Despite what may be a dangerous new Active Directory "pass the hash" attack variant, Microsoft has downplayed the issue as a technical limitation.
Verizon unveils cloud-based WAF (SearchCloudSecurity.com)
Verizon bolstered its cloud security presence with a new web application firewall. The cloud-based WAF puts the telecom giant in the growing cloud firewall market with Akamai, Imperva and others.
14 Jul 2014 Cloud malware analysis a must-have for advanced threat protection (SearchCloudSecurity.com)
Cloud-based malware analysis is becoming a must-have feature for both established and upstart advanced threat protection vendors.
Info sharing key to cyber defence, says financial services firm (ComputerWeekly.com)
Threat information sharing is key to success in combating cyber attacks, says the Depository Trust and Clearing Corporation
Former CSO Paul Howell details the school's Heartbleed response and how he overcame challenges with assessment, patching and communication.
News roundup: Facebook's manipulation of users' news feeds has reignited the data privacy debate regarding how enterprises should manage user data.
Microsoft's July 2014 Patch Tuesday release addressed two dozen flaws in Internet Explorer. Adobe also provided a critical update for Flash.
Following the collapse of an AWS-based cloud hosting provider, experts say enterprises should prioritize use of multifactor authentication.
07 Jul 2014 Most NSA spy data relates to innocent internet users, report shows (ComputerWeekly.com)
Study shows NSA's internet surveillance collects more data from ordinary internet users than legitimate targets
Though Oracle has confirmed that Windows XP users will not see Java 8 updates for now, security support for Java 7 is still possible.
03 Jul 2014 Physical location of data will become irrelevant by 2020, says Gartner (ComputerWeekly.com)
The physical location of data will be irrelevant by 2020, replaced by a combination of location criteria such as legal, political and logical concerns
Security at risk when execs, IT clash on IT purchasing decisions (SearchNetworking.com)
IT teams and business leaders must work toward making IT purchasing decisions together to avoid security vulnerabilities and higher costs.
02 Jul 2014 Microsoft under fire over disruptive anti-crime operation (ComputerWeekly.com)
Microsoft has come under fire after an operation aimed at taking down a criminal botnet disrupted traffic to millions of legitimate servers
Mobile security market moves away from FUD (SearchConsumerization.com)
Citrix's chief security strategist says the lock-everything-down mentality can hinder mobile productivity.
Netflix Security Monkey plugs AWS cloud security gaps (SearchAWS.com)
AWS shops say new open source software from Netflix will go a long way to help customers manage their part of the cloud security burden.
Heartbleed exposed a number of long-standing issues at OpenSSL, but the open source encryption project has laid out plans to improve the organization.
Symantec exposes hackers targeting power grids (ComputerWeekly.com)
More than 1,000 energy companies have been compromised by an Eastern European hacking collective, says Symantec
A new online archive is allowing researchers to anonymously submit and expose cross-site scripting vulnerabilities uncovered across the Web.
A Gartner analyst says SDN security issues abound because of lacking security controls, little interoperability and shaky management features.
27 Jun 2014 Google begins complying with European takedown requests (ComputerWeekly.com)
Google has begun removing search results in response to takedown requests from European citizens
A Gartner analyst offers some psychology tips to help security pros get inside users' heads and eliminate bad security behaviors.
Special report: The handling of an OWASP employee's disputed harassment claim has sparked a debate over the group's governance and its future.
25 Jun 2014 Cyber thieves tap over €500,000 from European bank (ComputerWeekly.com)
Cyber thieves drained more than €500,000 from customers at a European bank in one week, researchers have discovered
NTP amplification had led to several recent massive DDoS attacks. Despite the good news, researchers say many other DDoS techniques remain unfixed.
Retired Gen. Keith Alexander reaffirmed the importance of NSA bulk metadata collection and pushed for thin client cloud computing to improve security.
At its annual security confab, the research giant said enterprises buy too much threat prevention and not enough detection and response technology.
At its annual security event, Gartner talked up Internet of Things security and not being compliance-focused, but both clash with practical concerns.
20 Jun 2014 Android and Windows Phone to get kill switch (ComputerWeekly.com)
Google and Microsoft are to add a kill-switch to their mobile operating systems to help reduce smartphone theft
Researchers find critical Android security problem in Google Play (ComputerWeekly.com)
Researchers have discovered a critical security problem in Google Play, the official Android app store
Update: Following a hack that destroyed much of Code Spaces' AWS EC2 data, cloud app provider One More Cloud reported similar compromises.
BlackBerry BBM Protected secures IM, for a price (SearchConsumerization.com)
BlackBerry continues its enterprise focus with a more secure BBM platform, but whether IT will pay for secure mobile messaging remains to be seen.
Third-party vendors are enabling bug bounty programs for organizations of all sizes, experts say, by handling triage and payment duties.
The Target CISO's first week on the job comes as more retail breaches continue to pile up, highlighting the ongoing risk to such organizations.
With mobile, cloud and the Internet of Things driving massive API growth, experts say now is the time for API gateway technology to shine.
16 Jun 2014 Microsoft admits running out of IP addresses for Azure (ComputerWeekly.com)
Microsoft has assured US Azure customers data remains in the US, despite running out of US-registered IP addresses at times
12 Jun 2014 Pandemiya banking malware emerges as Zeus-level threat (SearchFinancialSecurity.com)
RSA researchers say the costly Pandemiya banking malware was written entirely from scratch, a dangerous oddity in the world of malware.
11 Jun 2014 Evernote hit by DDoS attack (ComputerWeekly.com)
US-based online note-taking and storage firm Evernote has restored services after being hit by a DDoS attack
HP cloud encryption gives IT pros data security control (SearchCloudComputing.com)
HP split-key cloud encryption technology could be just what IT shops concerned about cloud security need to feel comfortable to make the move.
10 Jun 2014 Continuous monitoring key to retail cyber security, says Ponemon (ComputerWeekly.com)
Retailers should look to continuous monitoring to tackle cyber attacks, according to a Ponemon Institute survey of IT security professionals
CryptoLocker's infrastructure may be down for now, but experts say the easy money that can be made from ransomware means it is here to stay.
June's patches fix an Internet Explorer 8 issue that Microsoft said was never exploited in the wild. Plus: Adobe issues a critical Flash Player patch.
The mishandled eBay breach response effort showed that even enterprises with mature information security programs can fumble the ball.
Microsoft retaliates to China’s Windows 8 spying claims (ComputerWeekly.com)
Microsoft has launched a social media campaign against China’s claims that Windows 8 is being used for US spying
05 Jun 2014 Another serious OpenSSL vulnerability patched
Patched soon after Heartbleed, a new widespread OpenSSL vulnerability could expose potential victims to man-in-the middle attacks.
Despite the popularity of SAML, the mobile and cloud benefits of OpenID Connect may spur adoption as an enterprise authentication platform.
The Security Standards Council is soliciting topics for next year's PCI DSS special interest groups, despite delays that have held back two 2013 PCI SIGs.
Despite a torrent of recent Internet Explorer zero-days, experts cautioned that the flaws aren't a true gauge of the browser's security.
The U.S. clamors for the right to be forgotten regulation (SearchContentManagement.com)
After a European court ruling upholding the right to be forgotten, U.S. citizens want similar efforts stateside, despite possible infringements on the First Amendment.
According to one researcher, most enterprise wireless networks are likely vulnerable to Cupid, a proof-of-concept based on the Heartbleed attack.
30 May 2014 On cloud security management, security teams must be trusted advisers (SearchCloudSecurity.com)
Security pros say infosec teams must be proactive on cloud security management to reduce risk related to rapid growth in enterprise cloud computing.
For enterprises, the sudden shuttering of the disk-encryption utility TrueCrypt highlights the risk of using open source security tools.
29 May 2014 As FedRAMP deadline nears, slow approvals leave CSPs in the queue (SearchCloudSecurity.com)
The consequences for cloud service providers missing the FedRAMP deadline remain unclear, though experts say those in the queue are in good shape.
CFOs peppered a panel of security experts on how to establish security in a software as a service (SaaS) world.
28 May 2014 Microsoft warns against hack that allows Windows XP updates (ComputerWeekly.com)
Microsoft has warned against using a hack that enables Windows XP to continue to receive security updates
Symantec channel chief Jones departs for cloud backup vendor (SearchITChannel.com)
Global channel chief Garrett Jones follows Symantec CEO Michael Bennett out the door. Jones takes a job as VP of sales at Spanning Cloud Apps.
27 May 2014 Android Outlook app has privacy issues, warn researchers (ComputerWeekly.com)
Microsoft’s Outlook.com app for Android is exposing users' data, warn security researchers
Carnegie Mellon's new certificate aims to arm managers with the necessary skills to develop an insider threat program from scratch.
When comparing NGFW appliances, experts say that enterprises should focus on products that meet specific needs, not just those with the most features.
eBay under fire over handling of data breach (ComputerWeekly.com)
eBay is coming under increasing criticism over its handling of the data breach that exposed millions of user records
Though notified of the IE zero day months ago, Microsoft failed to address the vulnerability before it was made public.
As attackers increasingly target e-commerce websites, vulnerable applications and third-party plug-ins represent an easy avenue of exploitation.
A new survey finds that, despite the huge looming threat of malicious insiders, many enterprises fail to implement proper privileged user controls.
US charges Chinese military officers with cyber espionage (ComputerWeekly.com)
The US has charged five Chinese military officers with hacking into US companies to steal trade secrets
US cyber criminal jailed for 20 years (ComputerWeekly.com)
US authorities have jailed a cyber criminal for 20 years, for trading in stolen credit cards and identities
19 May 2014 Cisco to Obama: get NSA out of our hardware (ComputerWeekly.com)
After allegations that the NSA routinely intercepted Cisco hardware to insert bugging equipment, Cisco CEO John Chambers has written to US President Barack Obama to demand action
Respondents to a SANS survey say security certifications lead to career success, but a top infosec career consultant says their value is limited.
Uneven response efforts have left hundreds of thousands of servers and other devices vulnerable to the Heartbleed OpenSSL vulnerability.
15 May 2014 Business needs to shift budget to relevant security, says Verizon (ComputerWeekly.com)
Businesses need to invest in blocking the real threats most likely to hit them, says Verizon's Eddie Schwartz
Google hit with take-down requests after European privacy ruling (ComputerWeekly.com)
Google is receiving requests to remove links after the European Court of Justice supported the right to be forgotten in a landmark ruling
A vendor report shows enterprises are flooded with security events on a daily basis, and infosec teams need greater automation to pick up the slack.
Microsoft's May 2014 Patch Tuesday features two critical security updates, including another fix for its beleaguered Internet Explorer browser.
Security flaws in protocols such as NTLM are so easy to exploit that in many cases attackers no longer need the latest and greatest malware.
During National Small Business Week, the PCI SSC will offer a free webcast Thursday to draw attention to the risk of small business data breaches.
Phishing attacks target Google accounts, warns Bitdefender (ComputerWeekly.com)
Hackers are stealing Google account passwords using a phishing attack that bypasses heuristic detection, warns Bitdefender
Windows Vista trumps XP in fourth quarter malware infections, report reveals (ComputerWeekly.com)
The last quarter of 2013 saw a dramatic rise in malware infections of computers running Microsoft Windows, a report shows
12 May 2014 Bitly urges users to secure accounts after security breach (ComputerWeekly.com)
Bitly is urging users to secure their accounts after breaching data through an employee's compromised account
ISACA has launched a new program to create an entry-level information security certification path that may rival offerings from (ISC)2 and CompTIA.
Twitter announces security improvements (ComputerWeekly.com)
Twitter has introduced enhanced user identification processes as part of efforts to boost security
Experts say the battle to mitigate Internet of Things security issues may be slipping away from the infosec industry before it even begins.
Two New York hospitals agreed to pay a $4.8 million settlement for a potential HIPAA violation dating back to 2010.
07 May 2014 Cloud security policy exceptions thwart rogue usage controls (SearchCloudSecurity.com)
A Netskope report shows a flood of cloud security policy exceptions commonly thwart rogue cloud app security controls.
Experts say the resignation of Target CEO Gregg Steinhafel shows that executives at other companies must now take security seriously -- or else.
SANS Institute's John Pescatore says infosec leaders must guide organizations into information security trends like the Internet of Things and cloud.
At a SANS event, former NSA cybersecurity boss Tony Sager said effective information security leadership requires a holistic, disciplined approach.
Infosec 2014: Act now, but no new EU data protection law before 2017, says ICO (ComputerWeekly.com)
Expect new European Union data protection law to be enacted in 2017 at the earliest, the deputy information commissioner David Smith has said
Microsoft's out-of-band patch for the 'use-after-free' IE zero day offered a fix for Windows XP, which is now being actively targeted.
30 Apr 2014 Heartbleed security bug: What should enterprises do now? (SearchNetworking.com)
While the Heartbleed security bug prompts viability questions about OpenSSL, enterprises should be working with vendors to implement patches.
29 Apr 2014 Cyber criminals continue to target Android smartphones (ComputerWeekly.com)
Nearly all new mobile threats in the first quarter of this year targeted Android users, latest research shows
A new report indicated malicious actors are hiding behind DDoS attacks, successfully installing malware and stealing sensitive data undetected.
Infosec 2014: Firms moving to cloud despite security fears, study shows (ComputerWeekly.com)
Businesses are moving sensitive or confidential data into public cloud services, despite security fears, a study shows
The IE zero-day, first spotted by FireEye, is being actively exploited in the wild. US-CERT recommends avoiding IE until a fix is released.
Microsoft warns of new zero-day Internet Explorer flaw (ComputerWeekly.com)
Microsoft has issued a security warning about a zero-day vulnerability in all versions of its Internet Explorer browser
25 Apr 2014 Cyber threat detection paramount, says SANS fellow (ComputerWeekly.com)
Cyber threat prevention is ideal, but detection is a must, says Eric Cole, SANS Institute fellow
Report: Gap between on-premises and cloud attacks closing (SearchCloudSecurity.com)
A new report shows the volume of cloud attacks is rising, as attack types traditionally associated with on-premises environments migrate with users.
The security practices in place at healthcare organizations is not up to par with those of other, more mature industries, according to an FBI notice.
A number of tech giants have pledged financial help to OpenSSL and other open source projects after the Heartbleed bug exposed numerous issues.
The Verizon DBIR 2014 shows that organizations should build a security strategy around industry-specific threats and incident patterns.
The 2014 Verizon data breach report shows a big rise in Web application attacks, with CMS frameworks and user credentials the most likely targets.
Sophisticated malware was behind the Michaels breach that resulted in three million compromised payment cards, according to the crafts retailer.
In the wake of the Heartbleed OpenSSL vulnerability, the massive deluge of revoked certificates could cause palpitations across the Internet.
When it comes to app risk management, who is ultimately responsible: business leaders or security professionals? A new report weighs in.
16 Apr 2014 Heartbleed repairs threaten to cripple the internet (ComputerWeekly.com)
The internet could slow to a crawl as companies scramble to fix the Heartbleed bug, security experts warn
Though millions of Android devices could contain the Heartbleed OpenSSL vulnerability, experts say the risk to Android users may not be that great.
Proving the Heartbleed OpenSSL vulnerability can be exploited in the wild, two organizations say attackers have used it to glean sensitive data.
14 Apr 2014 Heartbleed denial reveals loophole for NSA spying (ComputerWeekly.com)
The NSA has denied it exploited the Heartbleed security flaw, but US officials have revealed a loophole that would allow such actions
FireEye and Palo Alto Networks take issue with the new NSS Labs report on breach-detection systems, calling the review process into question.
Analysis: The 'Heartbleed' OpenSSL vulnerability is one of the worst bugs a SANS expert has seen, and that's before the fallout is fully understood.
TCG releases TPM 2 specification for improved security (ComputerWeekly.com)
The Trusted Computing Group has published an updated specification for the Trusted Platform Module
09 Apr 2014 EFF calls for rapid mitigation of Heartbleed internet bug (ComputerWeekly.com)
All websites should use perfect forward secrecy to protect against Heartbleed internet security flaw, says EFF
The April 2014 Patch Tuesday release features the final Office 2003 and XP security updates, as well as a fix for a recent Word zero-day.
The researchers that discovered the 'Heartbleed' OpenSSL vulnerability say it could have exposed encrypted Internet traffic for millions of systems.
Windows XP's end-of-life date is here, and while experts said dangerous new attacks won't arrive right away, they will soon enough.
OpenDNS CTO Dan Hubbard says big data techniques like machine learning and data mining can be used to spot and mitigate unknown Internet threats.
03 Apr 2014 Get rid of Windows XP quick, says Gartner (ComputerWeekly.com)
Gartner is advising businesses to ditch Windows XP as soon as possible because of the security risks
NTP-based DDoS attacks are increasing, but a report warns that SYN floods are still more likely to cause enterprises damage.
The Safari security update addresses a number of remotely exploitable vulnerabilities and includes a fix for a hack from the Pwn2Own competition.
It remains unclear whether Trustwave could be held liable for Target's massive 2013 data breach in future litigation.
Cloud attacks sneak past gap between enterprises and providers (SearchCloudSecurity.com)
Emerging cloud attacks threaten cloud data security by exploiting the gap between enterprise controls and provider transparency.
Gary McGraw discusses why the software security segment of the IT security industry is growing at a faster rate than the category as a whole.
IT pros who have successfully completed large-scale Windows XP migrations advise focusing on application compatibility and up-front planning.
The bundle of IOS security patches addresses a total of six denial-of-service vulnerabilities in Cisco's enterprise networking products.
Security vendors had money to spend in March as acquisition activity featured Trustwave scooping up Cenzic and Palo Alto's purchase of Cyvera.
27 Mar 2014 Russian ministers ditch iPads over security concerns (ComputerWeekly.com)
Russian ministers have ditched their Apple iPads in favour of Samsung tablets because of security concerns
The Affordable Care Act introduced a number of infosec issues, but an expert at SecureWorld Boston 2014 said the right mitigations can ease concerns.
The lawsuit cites Target for negligence in its massive data breach, and accuses Trustwave of not spotting the incident in a timely manner.
Innovative threat detection products like FireEye and Damballa aren't being deployed inline and that lack of trust poses incident response challenges.
A new zero-day attack affecting versions of Word and Outlook uses remote code execution to gain user-level rights with a malicious RTF file.
24 Mar 2014 NSA infiltrated Huawei, claim Snowden leak documents (ComputerWeekly.com)
The National Security Agency (NSA) created “back doors” in the networks of Chinese telecoms firm Huawei, claim documents leaked by Edward Snowden
Experts say firing Steve Bennett overshadows the larger problems with the Symantec strategy, namely the company's lack of focus on security.
20 Mar 2014 Bennett out as Symantec CEO
Symantec Thursday fired its CEO, Steve Bennett, amid ongoing struggles to adjust to a changing infosec product market.
Spotting unusual network traffic, like large amounts of encrypted data headed to suspicious domains, is key to better banking botnet detection.
Security vendor Imperva says thousands of enterprise Web servers are exposed to an easy-to-exploit PHP flaw despite a patch long being available.
Vendors may hype the Android malware threat, but data indicates the Android security ecosystem has kept Android malware at bay.
Researchers at the 2014 Pwn2Own contest bypassed application sandboxing repeatedly, proving even the most secure applications can be vulnerable.
A pair of Adobe security updates this week patches three flaws involving Flash Player and Shockwave. The Flash patch should be applied quickly.
Nearly three out of four say companies don't value data privacy and security, but experts say to see change, consumers must vote with their wallets.
Veteran CISOs say Target's move to create and fill its CISO role is a good one, but that can't be the end of the Target security program overhaul.
PCI compliance may be nearly impossible after the April 2014 Windows XP end-of-life date if merchants don't address vulnerable XP-based POS systems.
Microsoft moved to address a lingering Internet Explorer zero-day vulnerability that was originally discovered by security vendor FireEye in February.
Does DevOps sacrifice security to speed software deployments? Experts say DevOps and security can coexist with help from automated security tools.
Cisco Systems has provided a security patch for an authentication vulnerability found in its Wireless N-VPN family of routers and firewall.
Speakers at RSA Conference 2014 said information security incident response teams must identify and prep key participants well before incidents occur.
Target’s CIO resigns after massive data breach (ComputerWeekly.com)
Target’s chief information officer has resigned two-and-a-half months after a data breach impacting about 40 million credit and data debit cards
Expert Kevin Beaver shares his highlights of RSA Conference 2014 and offers advice on how to apply the knowledge learned at this year's event.
Attorney Marcia Hofmann says without new data privacy laws, the FBI can strong-arm providers into handing over customers' sensitive data.
US holds hearing on data security (ComputerWeekly.com)
The US House of Representatives subcommittee on Financial Institutions and Consumer Credit is to hold a hearing on data security