Information Security News

For more information about the site, see the Site Index

Patch Tuesday September 2013: Critical bulletins for Office, SharePoint, IE
Damballa adds HTTP request profiling to its ATP platform
NYT cyberattack neatly sidestepped by big data
CounterTack to defend endpoints in South Korea
VMware unveils next-gen NSX, teams up with security players
Electronic identity cards join the fight against phishing attacks
IBM acquires Trusteer, forms cybersecurity software lab in Israel
PCI DSS 3.0 preview highlights passwords, providers, payment data flow
Microsoft August 2013 Patch Tuesday offers three critical updates
Is it time for cyber liability insurance?
Lavabit, Silent Circle close secure email rather than spill the goods
Neohapsis: IPv4 plus IPv6 enables man-in-the-middle attacks
FortiGuard Labs sees fast rise of mobile malware in 2013
Radware's Ron Meyran discusses DoS attack tools, planning, execution
Black Hat 2013: Experts urge elliptical curve cryptography adoption
Black Hat 2013 attendance nears 7,500, tops 2012
Black Hat 2013 keynote: Alexander details NSA surveillance programs
Black Hat 2013 opens with testy keynote, smart device hacks
Feds catch hackers behind worldwide data breaches
RSA warns about 'KINS' banking Trojan
Cisco spends cool $2.7 billion in Sourcefire acquisition
Turkish researcher claims responsibility for Apple dev site hack
Malwarebytes: Maneuver around 'FBI ransomware' on Macs
Bit9 report blasts Java security vulnerabilities as 'severe'
2013 Black Hat conference: Feds welcome!
FortiGuard Labs: Advanced persistent threats are escalating
Aveksa acquisition expands RSA's intelligence-driven security strategy
July 2013 Patch Tuesday: Critical fixes, but in a lazy summer sort of way
Damballa: Security vendor partnerships of growing importance
Security researcher finds vulnerabilities in emergency alert system
California data breach report: 2.5M residents at risk of identity theft
RSA Silver Tail improves online fraud detection, enterprise security
Users may remain vulnerable despite Oracle Java patch release
Enterprise BYOD offers mixed bag for enterprise endpoint security
CEO: Symantec strategy to emphasize endpoint security, partnerships
Mullen: Cybersecurity threats demand leadership from Capitol Hill
Harsher penalties for HIPAA violations altering compliance efforts
Ponemon data breach study finds costs up, notification major driver
HIPAA Omnibus Rule, PPACA challenge enterprise compliance management
Report finds security tools add software vulnerabilities of their own
Case study: CDI launches aviation company DLP program on short runway
Sourcefire updates malware detection, malware analysis capabilities
DDoS attack trends highlight increasing sophistication, larger size
May 2013 Patch Tuesday fixes IE8 zero day; Adobe tightens ColdFusion
Temporary fix out for Department of Labor website IE8 zero-day
Department of Labor website hack highlights advanced attack trends
Microsoft offers 'fix' for latest Internet Explorer zero day
McAfee in agreement to acquire next-gen firewall maker Stonesoft
After lull, PLA 'Comment Crew' hasn't changed cyber-espionage tactics
Website vulnerabilities down, but progress still needed, survey finds
McAfee jumps into IAM with one-time password, cloud SSO products
Over 100k serial devices online and unsecured, says HD Moore
Trusteer warns of new man-in-the-browser Twitter attack
2013 Verizon DBIR: Authentication attacks affect all organizations
Verizon DBIR 2013: Damage caused by simple attacks, slow detection
Verizon data breach report 2013: Data shows need for risk awareness
Symantec 2013 Threat Report highlights rise in SMB attacks
Emerging antiphishing tools use testing, training to educate users
SSH keys audited automatically by free tool
April Patch Tuesday security update could cause system errors
With Windows XP security updates ending, enterprises must plan ahead
Veracode report highlights key problems in mobile app security
For CISOs, California Right to Know Act would raise privacy emphasis
Two 'critical' bulletins planned for April 2013 Patch Tuesday
Panel: Cyber-intelligence alone can't stop enterprise security threats
'Internet underground' fight demands better cybersecurity intelligence
Huawei security issues are result of 'rumors,' says Huawei executive
Research highlights speed, frequency of ICS security attacks
Certain Cisco IOS, IOS XE devices susceptible to brute-force attacks
Secunia: More focus needed on third-party application security
DoD security panel calls for new cyber-defense, offense
RSA 2013: FBI offers lessons learned on insider threat detection
RSA 2013: Experts struggle to define offensive security, hacking back
Emerging threats include kinetic attack, offensive forensics: RSA 2013
RSA 2013 crowd awed by live 'sinkholing' in P2P botnet takeover
RSA 2013: More from Coviello on big data analytics in the security industry
Spear phishing, manpower drive Chinese APTs, says researcher at RSA 2013
Vendors showcase MAM products that ease BYOD challenges at RSA 2013
RSA 2013: Charney optimistic about the future of information security
Big data 2.0: CISOs push need to identify attack campaigns
Coviello pitches 'transformational' information security strategy
Security B-Sides presenter questions value of penetration testing
B-Sides: Akamai's Corman calls for new information security focus
Kaminsky: Fostering improved security culture demands societal change
DHS cybersecurity boss pushes 'cyber 911', new voluntary standards
Enterprise app security tops list for enterprise mobile deployments
Obama's cybersecurity executive order issued for critical infrastructure
TLS security: Background on the 'Lucky Thirteen' attack
The body count is new, but UPnP security issues are embarrassingly old
Oracle issues out-of-band patch to repair 50 Java vulnerabilities
Critical infrastructure security: Electric industry shows the path
Lacking privacy laws aid growing CISO role in data privacy management
Offensive security involves proactive deception tactics
Red October malware attacks highlight attribution problems
Java vulnerabilities continue to crop up with Java 7, Update 11 release
Brief: Microsoft out-of-band patch addresses IE zero-day
Dell SecureWorks adds vulnerability management services for cloud
Will TurkTrust incident raise certificate use to Chrome standard?
Project Mayhem hack details enterprise accounting system flaws
Stolen credentials, basic security lapses at core of 2012 breaches