News

News

• February 27, 2015 27 Feb'15

  Data breach consequences: Get breached, make money?

  News roundup: Data breaches aren't associated with soaring stock prices, but recent examples show breaches may boost stocks. Plus: Gemalto confirms possibility of GHCQ/NSA hack; Target breach costs company $162 million; Superfish swims on.

• February 26, 2015 26 Feb'15

  HP: Threat intelligence sources need vetting, regression testing

  According to HP Security Research, threat intelligence best practices can be difficult to implement, and even the most trustworthy sources must be tested for fidelity.

• February 25, 2015 25 Feb'15

  Google Project Zero changes fuel new vulnerability disclosures debate

  Google's Project Zero has added more leeway to its vulnerability disclosure policy, but industry observers are split on whether 90 days is enough time to fix software flaws, or not enough time to manage a sensitive, resource-intensive process.

• February 25, 2015 25 Feb'15

  3G and 4G phones not affected by NSA and GCHQ hack, says Gemalto

  The world’s largest maker of Sim cards, Gemalto, says it has “reasonable grounds” to believe it was hacked by UK and US spy agencies in 2010 and 2011

• February 24, 2015 24 Feb'15

  Macro viruses reemerge in Word, Excel files

  Macro viruses haven't been popular since the early 2000s, but recent malware discoveries indicate that macro-infected Word and Excel files are on the rise.

• Sponsored News

  • Part I: Keep the Cloud Your Safe Place

    Sponsored by Forcepoint - Organizations of all sizes have been called upon to swiftly support remote work in order to safeguard the health of their workforce and local communities. As businesses are called upon to scale up remote work procedures for the physical safety of employees, IT teams must accelerate the adoption of technology that ensures their people and data are secure—without hurting productivity or morale. See More

  • Part II: Safeguard Data Everywhere

    Sponsored by Forcepoint - As security teams are tasked with the duty of rapidly scaling up protections for remote workers, one of the key considerations they must keep in mind is how to safeguard data no matter where it resides or travels. This is hardly a new problem. However, the vastly broadened scope of remote work today requires security teams to revisit policies and technologies. Some solutions that may have been sufficient for isolated use cases don't adequately protect a completely distributed workforce. See More

  • Part III: Protect Your People

    Sponsored by Forcepoint - In response to the rapid rise in remote work, cybersecurity teams have increased their efforts to protect their dispersed team’s cyber hygiene. The rapid rise in remote work to protect the health of employees has required cybersecurity teams to scale their efforts to similarly protect the cyber hygiene of these workers as they operate in new conditions. One of the key directives for cybersecurity departments looking to safeguard the people and data within a distributed enterprise is the implementation of cyber defenses that can move with employees and protect them—regardless of their location or device. See More

  View All Sponsored News
• February 24, 2015 24 Feb'15

  Business disruption cyber attacks set to spur defence plans, says Gartner

  By 2018, 40% of organisations will have plans to address cyber-security business disruption attacks, up from 0% in 2015, says Gartner

• February 23, 2015 23 Feb'15

  Slow adoption of DMARC policy leaves email vulnerable, vendor says

  A new study finds that enterprises, especially healthcare companies, are slow to adopt the DMARC email authentication standard, making them vulnerable to malicious emailers.

• February 23, 2015 23 Feb'15

  Cisco touts OpenAppID for internal application traffic visibility

  Use of Cisco's OpenAppID application-layer traffic-detection tool is still modest compared to Snort, but the networking giant says it can help enterprises improve traffic visibility on internal applications.

• February 23, 2015 23 Feb'15

  Lenovo faces lawsuit for pre-installing Superfish adware

  A class action lawsuit has been filed against Lenovo after it was found to have pre-installed adware vulnerable to cyber attacks

• February 20, 2015 20 Feb'15

  Maintaining vendor trust proves tough for Lenovo, Microsoft

  News roundup: Amid hidden add-ons, discontinued services and walled gardens, vendor trust proves elusive for several high-profile tech firms. Plus: Evidence ties North Korea to Sony Pictures hack; card brands boost cybersecurity; and cookies that ...

• February 20, 2015 20 Feb'15

  Flaws in alternative Android browsers pose underestimated risk

  Exclusive: VerSprite research on 10 alternative Android browsers has found at least one major security vulnerability in all of them, posing a significant security risk for enterprise Android users.

• February 20, 2015 20 Feb'15

  Gemalto denies knowledge of GCHQ and NSA Sim card hack

  Gemalto says it cannot verify a report that it was hacked by the NSA and GCHQ to steal encryption keys

• February 18, 2015 18 Feb'15

  Password reuse and password sharing prevalent in enterprises

  The high percentage of password reuse and sharing by employees leaves enterprises vulnerable to breaches, according to a recent survey from SailPoint Technologies.

• February 18, 2015 18 Feb'15

  When is an ISAC not an ISAC?

  A lot of what went on at the White House Summit on Cybersecurity and Consumer Protection, held at  Stanford University last week was for show — a reaction in particular to the attacks allegedly ...

• February 17, 2015 17 Feb'15

  UTM vs. NGFW: Unique products or advertising semantics?

  In comparing UTM vs. NGFW, organizations find it difficult to see if there are differences between the two products or if it is just marketing semantics.

• February 17, 2015 17 Feb'15

  International spyware operation linked to NSA

  The US National Security Agency has reportedly hidden surveillance software in the hard drives of several top computer makers

• February 13, 2015 13 Feb'15

  Security information sharing: A double-edged sword

  News roundup: While data sharing can boost intelligence and improve security, recent events show the benefits don't always outweigh the pitfalls. Plus: Chip-enabled POS systems coming quickly; MongoDB databases exposed; sophisticated phishing scams.

• February 13, 2015 13 Feb'15

  Prevoty offers context-aware, automatic RASP

  Though I’ll admit to a bit of skepticism about Runtime Application Self Protection (RASP), I was nevertheless impressed with a recent look at Prevoty. The two-year-old company’s product, which ...

• February 12, 2015 12 Feb'15

  Report: Firewall policy management is a hot mess

  A new report from FireMon finds that firewalls are still a critical security component, but firewall policy management is a major pain point for admins.

• February 10, 2015 10 Feb'15

  February 2015 Patch Tuesday: Group Policy flaw tops three critical fixes

  Microsoft's February 2015 Patch Tuesday release offers three critical fixes, including one for a dangerous Group Policy vulnerability, but does not patch a recently revealed IE XSS zero-day flaw.

• February 10, 2015 10 Feb'15

  Will Chip and PIN technology boost payment card transaction security?

  Visa and MasterCard are putting pressure on merchants to implement Chip and PIN technology, and while it will improve transaction security, it won't make PCI compliance any easier.

• February 10, 2015 10 Feb'15

  Voltage Security acquisition to bolster HP's data protection offerings

  HP has agreed to acquire encryption vendor Voltage Security. Gartner says the move will bolster HP's data protection and cloud security products.

• February 09, 2015 09 Feb'15

  Security professionals warn against relying on cyber insurance

  Security professionals have warned businesses not to rely on cyber insurance in the face of increased cyber attacks.

• February 06, 2015 06 Feb'15

  Same-origin policy IE vulnerability may signal new attack trend

  A new IE vulnerability has led to a proof-of-concept same-origin policy exploit, and some experts say it highlights a technique that may soon become popular among attackers.

• February 06, 2015 06 Feb'15

  Budget, breach law highlight growing federal cybersecurity awareness

  News roundup: With the proposed 2016 federal budget and push for a national data breach law, Washington may finally care about cybersecurity. Plus: Coviello to retire; Flash patched again; Sony Pictures breached by Russians and loses its co-chair.

• February 06, 2015 06 Feb'15

  Report: Most enterprise security operations centers ineffective

  A new report by HP shows most enterprise security operations centers fail to meet recommended maturity levels needed to detect and manage cybersecurity threats.

• February 05, 2015 05 Feb'15

  Digitally signed malware risk on the rise, Kaspersky finds

  Kaspersky reports digitally signed malware -- malicious files using legitimate digital certificates -- is a growing threat to enterprises, increasing four-fold in the past six years.

• February 05, 2015 05 Feb'15

  US health insurer Anthem hacked, exposing up to 80 million records

  Hackers have broken into a database at US health insurer Anthem said to contain the personal data of up to 80 million people

• February 04, 2015 04 Feb'15

  Sony says cyber attack will cost $15m

  Sony expects the investigation and remediation costs of the November 2014 cyber attack on its movie subsidiary will amount to $15m

• February 02, 2015 02 Feb'15

  Adobe Flash patch promised this week for new zero-day bug

  Trend Micro discovered a new zero-day bug in Adobe Flash that is being actively exploited in the wild. Adobe promises a patch for the vulnerability this week.

• January 30, 2015 30 Jan'15

  GHOST Linux bug update: WordPress, other PHP applications vulnerable

  PHP applications, including WordPress, are vulnerable to the GHOST Linux exploit, but overall the flaw may not be as dangerous as first thought.

• January 30, 2015 30 Jan'15

  Will YouTube HTML5 transition mean the end of Flash security issues?

  News roundup: YouTube announced it has stopped using Flash by default in favor of HTML5. Is this the long-awaited end for Flash? Plus: Java was the riskiest software in 2014; BEC scam cost $215 last year; NFL data interceptions.

• January 29, 2015 29 Jan'15

  The politics of DDoS response

  Reports of a 'hack back' DDoS attack by Sony stirred up acceptable use questions.

• January 27, 2015 27 Jan'15

  Qualys finds GHOST: Critical Linux remote code execution flaw

  A critical Linux vulnerability, called GHOST, has been found to affect glibc versions released since 2000, and could pose a remote exploit risk on many Linux systems.

• January 23, 2015 23 Jan'15

  Detection vs. prevention: Ponemon report points to controversial trend

  A Ponemon Institute report highlights the biggest risks to endpoint security, and what IT professionals plan to do to fight back, including one controversial tactic in malware protection.

• January 23, 2015 23 Jan'15

  Patchapalooza: In 2015, software patches, software security flaws surge

  News roundup: An of onslaught Adobe, Oracle, OpenSSL, Chrome and Firefox patches highlights the sad state of software security in 2015. Plus, security budgets increasing; HealthCare.gov security woes; false-positive alerts cost millions annually.

• January 23, 2015 23 Jan'15

  CryptoWall 3.0: Ransomware returns, adopts I2P

  Shortly after CryptoWall began using TOR to conduct transcations, a new version of the ransomware, dubbed CryptoWall 3.0, has begun using I2P.

• January 22, 2015 22 Jan'15

  Report: Popularity of biometric authentication set to spike

  Juniper Research claims that the popularity of biometric authentication will rise dramatically in the next five years, incorporating innovative technology beyond today's fingerprint sensors and voice authentication systems.

• January 21, 2015 21 Jan'15

  Report: More than 90% of 2014 data breaches could have been prevented

  The Online Trust Alliance finds that over 90% of data breaches resulting in data loss could have been prevented.

• January 21, 2015 21 Jan'15

  Wasted spending on security shelfware affects small businesses more

  Osterman Research and Trustwave report that organizations waste money on underutilized security software because IT often doesn't have enough time or resources to use it.

• January 20, 2015 20 Jan'15

  ISACA: Majority of enterprises report cybersecurity workforce shortage

  In its new 2015 Global Cybersecurity Status Report, ISACA finds that most organizations are aware of cyberattack risk, but few believe they have the capability to thwart a sophisticated attack.

• January 19, 2015 19 Jan'15

  Android vulnerability highlights Google's controversial patch policy

  WebView vulnerabilities in older versions of Android are putting the majority of Android devices at risk. Google will not provide patches, forcing enterprises to determine the risk posed by unpatched Android devices.

• January 19, 2015 19 Jan'15

  Google's Project Zero reveals another Windows zero-day vulnerability

  For the third time in one month, Microsoft couldn't meet Google's 90-day public disclosure deadline, leading to Project Zero's disclosure, though experts say this Windows zero-day vulnerability may have little value to attackers.

• January 16, 2015 16 Jan'15

  Hardware security issues prove tough to find, harder to fix

  News roundup: Recently discovered firmware flaws highlight the challenges posed by hardware security. Plus: Heartland's breach warranty; RSA's overhaul; and Download.com's app (in)security.

• January 16, 2015 16 Jan'15

  Preview of 2015 Verizon PCI report hints at firewall compliance issues

  In a sneak preview of its 2015 PCI Compliance Report, Verizon says improper firewall maintenance is among the leading causes of PCI DSS compliance failures.

• January 15, 2015 15 Jan'15

  Cybersecurity training needed to raise number of skilled workers

  A survey by ESG finds that IT has an ongoing problematic shortage of enterprise cybersecurity skills, and the problem is getting worse.

• January 14, 2015 14 Jan'15

  Cybersecurity awareness can reduce infection risk up to 70%

  A new study from Wombat Security and Aberdeen Group shows that boosting cybersecurity awareness and education among employees can reduce enterprise security risks and cost.

• January 13, 2015 13 Jan'15

  Light January 2015 Patch Tuesday delivers one critical Windows fix

  Microsoft's January 2015 Patch Tuesday updates include a critical Windows update for Telnet, and a fix for a controversial Windows 8.1 flaw disclosed two weeks ago. Plus: An expert says Adobe's critical Flash Player fix demands immediate attention.

• January 13, 2015 13 Jan'15

  Cisco releases multiple WebEx security patches

  The most important of the seven fixes for the WebEx Meeting Server platform remedies a flaw that could allow a cross-site request forgery attack.

• January 09, 2015 09 Jan'15

  Fake SSL certificates enable variety of security threats, say experts

  Experts say the security industry's 'blind trust' may result in a new wave of security threats caused by fake SSL certificates, including man-in-the-middle and DNS attacks.

• January 09, 2015 09 Jan'15

  Sony Pictures hack recap: Experts debate North Korea's role

  News roundup: The FBI maintains North Korea was behind the Sony Pictures hack, in spite of naysayers. Plus: Malware campaign attributed to Russia; new Mac OS X bootkit; cyberattack causes physical damage.

• January 09, 2015 09 Jan'15

  Expert: Mobile malware risk rising, but still largely Android malware

  Video: Mobile malware expert Chester Wisniewski of Sophos says most enterprises need not fear mobile malware today, but Android malware is a growing threat.

• January 08, 2015 08 Jan'15

  Password security issues show case for privileged identity management

  Video: Lieberman Software CEO Philip Lieberman explains how privileged identity management can shore up the many weaknesses of password-based authentication.

• January 06, 2015 06 Jan'15

  IBM: Retail cyberattacks become less frequent, but more effective

  Research from IBM indicates cyberattackers are going after retailers with surgical precision, using fewer attack attempts yet frequently compromising vulnerable databases.

• January 05, 2015 05 Jan'15

  Evolving mobile security management thwarts unified endpoint management

  Experts say unified endpoint management for mobile devices, laptops and desktops will take more time due to the complex, evolving demands of mobile security management.

• December 19, 2014 19 Dec'14

  Home router security vulnerability exposes 12 million devices

  Check Point has uncovered a widespread home router security vulnerability, dubbed Misfortune Cookie, that could allow attackers to gain control over millions of devices.

• December 12, 2014 12 Dec'14

  Sony Pictures hacking back: The ethics of obfuscation

  News roundup: Amid a devastating breach incident Sony Pictures is fighting back, raising legal and ethical questions. Plus: A big week in security acquisitions; Comcast sued over open Wi-Fi; and Yahoo announces vulnerability disclosure policy.

• December 09, 2014 09 Dec'14

  FIDO Alliance releases 1.0 specifications for passwordless authentication

  Amid growing fears of stolen credentials and data breaches, the FIDO Alliance released its long-awaited 1.0 specifications for passwordless and multifactor authentication systems.

• November 21, 2014 21 Nov'14

  Encryption everywhere: Debating the risks and rewards

  News roundup: As the industry responds to growing demand for end-to-end Internet encryption, some fear unintended consequences. Plus: Black hats wanted; Windows Phone survives Pwn2Own; webcam spying resurgence.

• November 17, 2014 17 Nov'14

  Microsoft's Schannel security patch affecting TLS connections

  Microsoft admitted that MS14-066, released last week to patch a serious Schannel security vulnerability, is causing some users to drop TLS connections.

• November 04, 2014 04 Nov'14

  Despite skeptics, security awareness training for employees is booming

  Employee security awareness training has been derided in the past, but new Gartner research suggests that a market of competitive, high-quality vendors are making security awareness a must-have.

• October 15, 2014 15 Oct'14

  Remembering Shon Harris: Logical Security founder passes away

  Shon Harris, founder and CEO of Logical Security and recognized security certification training expert, died Oct. 8, 2014, after a long illness. SearchSecurity pays tribute to her contributions to the information security field.

• October 10, 2014 10 Oct'14

  Are offensive hacking courses ethical? Debating the ethics of hacking

  News roundup: Colleges across the country are offering courses in offensive hacking, but are they ethical? Plus: Why the first 'online murder' may happen in 2014; Palo Alto and NSS Labs make up; numerous Android security issues surface.

• October 03, 2014 03 Oct'14

  Palo Alto NGFW fails NSS Labs report, war of words ensues

  News roundup: Palo Alto's next-generation firewall fared poorly in a recent NSS Labs report, leading to a testy back-and-forth about NGFW testing. Plus: Mitnick selling zero days; EMET bypassed, again; iThemes stored plaintext passwords.

• October 02, 2014 02 Oct'14

  PCI 3.0 changes: A PCI compliance requirements checklist for 2015

  In this presentation, compliance expert Nancy Rodriguez offers a line-by-line review of the key PCI DSS changes that become mandatory as of Jan. 1, 2015.

• September 19, 2014 19 Sep'14

  Rogue IMSI catchers heighten enterprise cell phone security risks

  News roundup: Rogue cell phone towers are popping up across the United States, heightening enterprise communication and data privacy concerns. Plus: Goodwill breach update; Adobe patches released; and security in 2025.

• September 19, 2014 19 Sep'14

  Home Depot data breach update: 56 million cards confirmed stolen

  Home Depot said late Thursday that its recent breach involving 56 million payment cards was the result of custom-built malware, and that the company has since rolled out new POS encryption technology.

• September 05, 2014 05 Sep'14

  Goodwill breach highlights need for service provider due diligence

  News roundup: The recent Goodwill security breach has been blamed on a third-party service provider, highlighting the need for due diligence. Plus: Mobile device theft; Android app vulnerabilities and a 12-year-long cyber-espionage network.

• September 03, 2014 03 Sep'14

  Apple two-factor authentication fail leaves iCloud users vulnerable

  Apple's decision to not extend its two-factor authentication security mechanism to all iCloud services may leave users more vulnerable to attacks

• September 02, 2014 02 Sep'14

  Apple and FBI launch iCloud hack investigation

  Apple and FBI investigate the breach of Apple’s iCloud causing fresh business concerns over cloud security

• August 28, 2014 28 Aug'14

  Plan ahead to avoid SIEM deployment pitfalls

  Despite SIEM technology improvements, Gartner says many organizations still dive into SIEM deployments without adequate planning, often resulting in disaster.

• August 07, 2014 07 Aug'14

  SSC issues PCI compliance checklist for third-party service providers

  The PCI Security Standards Council's new information supplement helps enterprises implement a security assurance program to ensure their third-party service providers meet PCI DSS requirements.

• August 07, 2014 07 Aug'14

  Black Hat 2014: Researcher reveals Amazon cloud security weaknesses

  At Black Hat 2014, a researcher showed how AWS cloud security flaws and misconfigurations can have devastating consequences for AWS customers that don't take security seriously.

• August 06, 2014 06 Aug'14

  Russian hackers steal over a billion usernames and passwords

  A group of Russian cyber criminals have attacked 500 million email addresses and gained 1.2 billion usernames and passwords.

• July 24, 2014 24 Jul'14

  How the CryptoLocker ransomware was defeated with its own DGA

  Preview: At Black Hat USA, experts will detail the steps taken by the security community and law enforcement to put down the infamous CryptoLocker ransomware.

• July 15, 2014 15 Jul'14

  Pass the hash? Severity of Active Directory security flaw questioned

  Despite what may be a dangerous new Active Directory "pass the hash" attack variant, Microsoft has downplayed the issue as a technical limitation.

• July 08, 2014 08 Jul'14

  Multifactor authentication key to cloud security success

  Following the collapse of an AWS-based cloud hosting provider, experts say enterprises should prioritize use of multifactor authentication.

• June 24, 2014 24 Jun'14

  On prevention vs. detection, Gartner says to rebalance purchasing

  At its annual security confab, the research giant said enterprises buy too much threat prevention and not enough detection and response technology.

• June 19, 2014 19 Jun'14

  Amazon EC2 control panel hack submarines hosting provider

  Update: Following a hack that destroyed much of Code Spaces' AWS EC2 data, cloud app provider One More Cloud reported similar compromises.

• June 17, 2014 17 Jun'14

  API gateways emerge to address growing security demands

  With mobile, cloud and the Internet of Things driving massive API growth, experts say now is the time for API gateway technology to shine.

• June 12, 2014 12 Jun'14

  Pandemiya banking malware emerges as Zeus-level threat

  RSA researchers say the costly Pandemiya banking malware was written entirely from scratch, a dangerous oddity in the world of malware.

• June 05, 2014 05 Jun'14

  OpenID Connect: Poised for greatness in enterprise authentication?

  Despite the popularity of SAML, the mobile and cloud benefits of OpenID Connect may spur adoption as an enterprise authentication platform.

• May 23, 2014 23 May'14

  Next-generation firewall comparisons show no product is perfect

  When comparing NGFW appliances, experts say that enterprises should focus on products that meet specific needs, not just those with the most features.

• May 16, 2014 16 May'14

  For infosec career success, do security certifications trump all?

  Respondents to a SANS survey say security certifications lead to career success, but a top infosec career consultant says their value is limited.

• April 10, 2014 10 Apr'14

  'Heartbleed' OpenSSL vulnerability: A slow-motion train wreck

  Analysis: The 'Heartbleed' OpenSSL vulnerability is one of the worst bugs a SANS expert has seen, and that's before the fallout is fully understood.

• April 10, 2014 10 Apr'14

  NSA TAO: What Tailored Access Operations unit means for enterprises

  The NSA's top-secret Tailored Access Operations offensive hacking unit offers enterprise defense strategy lessons. Expert Nick Lewis discusses.

• April 03, 2014 03 Apr'14

  NTP-based DDoS attacks on the rise, but SYN floods still more perilous

  NTP-based DDoS attacks are increasing, but a report warns that SYN floods are still more likely to cause enterprises damage.

• April 01, 2014 01 Apr'14

  Data encryption, notification and the NIST Cybersecurity Framework

  Awkward? The NIST Cybersecurity Framework arrives as the U.S. government struggles to counter negative reports on its data privacy and encryption standards.

• March 12, 2014 12 Mar'14

  For merchants, Windows XP POS systems put PCI compliance at risk

  PCI compliance may be nearly impossible after the April 2014 Windows XP end-of-life date if merchants don't address vulnerable XP-based POS systems.

• March 03, 2014 03 Mar'14

  Ranum Q&A with Aaron Turner: Whitelisting is on enterprise blacklist

  An early proponent of Microsoft SRP, Aaron Turner says application whitelisting has finally taken hold in consumer app stores.

• February 24, 2014 24 Feb'14

  Richard Clarke: NSA revelations show potential for police state

  At the 2014 CSA Summit, presidential cybersecurity advisor Richard Clarke said NSA monitoring efforts are negatively affecting U.S. cloud providers.

• February 17, 2014 17 Feb'14

  Final version of NIST cybersecurity framework draws mixed reviews

  Experts differed over whether the NIST cybersecurity framework provides critical infrastructure firms with the tools to defend themselves.

• February 05, 2014 05 Feb'14

  Amid Microsoft MD5 deprecation, experts warn against SHA-1 algorithm

  With Microsoft's MD5 deprecation set for next week, experts say companies must be careful to avoid other weak protocols, like SHA-1.

• February 03, 2014 03 Feb'14

  Mobile security report: Data on devices

  New survey shows the battle between corporate-issued devices versus personally owned smartphones and tablets is too close to call.

• January 28, 2014 28 Jan'14

  McGraw: Software [in]security and scaling automated code review

  Gary McGraw and Jim Routh talk through the pitfalls of scaling static source code review and offer some potential process improvements.

• January 28, 2014 28 Jan'14

  On Data Privacy Day, OTA highlights need for data protection policy

  The Online Trust Alliance marks Data Privacy Day with events to help enterprises plan for inevitable data protection and privacy incidents.

• January 24, 2014 24 Jan'14

  Spear phishing still popular, but more watering hole attacks coming

  A report from CrowdStrike shows spear phishing remains popular in targeted attacks, but that watering hole attacks are gaining favor.

• January 10, 2014 10 Jan'14

  Target breach update: Information on up to 70 million customers stolen

  Updated details on the Target breach show a much greater scope than originally announced, and reveal its Q4 finances were hurt by related charges.

• January 03, 2014 03 Jan'14

  FireEye buys Mandiant in $1 billion deal

  In acquiring the incident response firm, FireEye will combine Mandiant's endpoint defense product with its network-based detection technology.

• December 24, 2013 24 Dec'13

  McGraw: Software [in]security and scaling architecture risk analysis

  Software architecture risk analysis doesn't have to be hard. Gary McGraw and Jim DelGrosso discuss an easier, more scalable process.