News, Analysis and Opinion for Security - Page 20

May 15, 2015 15 May'15

Will Microsoft Edge security features make up for past sins?

News roundup: Microsoft released security details of its new Edge browser, but is enough to restore user confidence? Plus: Millennial security threats; new ransomware, GPU-based malware; black hat cybersecurity services.

May 13, 2015 13 May'15

Security ethics survey shows honesty is a tricky business

A security ethics survey conducted at the 2015 RSA Conference indicates that infosec professionals may be wary of media attention in breach and vulnerability reporting.

May 12, 2015 12 May'15

AlienVault updates SIEM platforms after vulnerabilities exposed

Security software maker AlienVault scrambled to patch two of its products after a security researcher exposed longstanding vulnerabilities in them.

May 12, 2015 12 May'15

May 2015 Patch Tuesday isn't all about critical patches, experts say

Microsoft's May 2015 Patch Tuesday has made 2015 this biggest year for patches through the first five months and is highlighted by two non-critical patches, according to experts.

May 11, 2015 11 May'15

Intel's Security Connected aims to be the glue for enterprise security

Intel Security wants to offer a full set of security products, but believes highest value may come from being a bridge. Security Connected aims to integrate non-Intel products and place Intel at the center, although experts worry about complexity.

May 08, 2015 08 May'15

How the WordPress XSS vulnerability was patched so quickly

WordPress was found to have two new zero-day XSS vulnerabilities that were being exploited, but a patch has already been issued to mitigate the issues.

May 08, 2015 08 May'15

Mobile malware statistics highlight unknown state of mobile threats

News roundup: Contradicting mobile malware statistics published this year prove the mobile malware debate is alive and well. Plus: SAP vulnerabilities; spam-sending Linux malware; criminal attacks leading healthcare threat.

May 07, 2015 07 May'15

Malware detection tool tackles medical device security

WattsUpDoc, an embedded system security tool used to detect malware in medical devices, is now in beta testing at two major U.S. hospitals.

May 07, 2015 07 May'15

Inside the WhiteHat Aviator Web browser controversy

Robert 'Rsnake' Hansen of WhiteHat Security discusses the Aviator Web browser, why Google lashed out against it, the challenges of browser security and lessons learned for developing secure software.

May 06, 2015 06 May'15

Experts debate the value and future of data loss prevention tools

Data loss prevention tools have been on the market for close to 10 years, but adoption and deployment are still inconsistent. Experts point to a shift in how enterprises will deploy DLP moving forward.

May 06, 2015 06 May'15

Microsoft debuts password-free Windows Hello, PatchTuesday changes

Microsoft Ignite 2015 showed that Microsoft may have rethought the Tuesday part of Patch Tuesday, but Windows Update is stronger than ever.

May 05, 2015 05 May'15

Local Administrator Password Solution aims to stop credential replay

Microsoft has released its Local Administrator Password Solution for a common admin login account across all domain-joined computers in hopes that it will decrease pass-the-hash attacks.

May 04, 2015 04 May'15

Anti-sandbox capabilities found in Dyre malware

Seculert research discovers that a new version of the financial malware Dyre is avoiding sandbox detection by counting the number of cores.

May 01, 2015 01 May'15

Subscription model for SSL certificates could be easier and cheaper

A Utah-based startup hopes to change the way enterprises buy SSL certificates to a subscription model, and one expert thinks it could work as long as enterprises can trust the security.

May 01, 2015 01 May'15

Government cybersecurity flounders as cybersecurity bills pass House

News roundup: Many believe the government should help avert cybersecurity woes, yet two House-approved cybersecurity bills are frowned upon. Plus: DDoS increase linked to IoT; Google password alert; 70% put networks at risk with undocumented changes.

April 30, 2015 30 Apr'15

How WestJet Airlines nixed network complexity, boosted security

At an RSA Conference session, attendees learned how WestJet Airlines' Security Architecture Made Simple with software-defined security and automation reduced network turbulence.

April 30, 2015 30 Apr'15

Government agencies struggling with security data analytics

Security data analytics are a must-have for government agencies to stay one step ahead of cyber attackers, according to a study conducted by MeriTalk.

April 29, 2015 29 Apr'15

Port monitoring critical to detecting, mitigating attacks using SSL

As SSL traffic increases, so inevitably will the number of attacks using it to hide. A session at RSA Conference 2015 explained why hackers love SSL, and how enterprises can defend against them.

April 29, 2015 29 Apr'15

Secunia: End-of-life software posing a big security risk

Secunia's quarterly Personal Software Inspector (PSI) report shows that while OS and application patching has remained steady, users may be ignoring end-of-life software and the risks associated with it.

April 29, 2015 29 Apr'15

IT security and compliance: Get leadership on board to find balance

At an RSA Conference 2015 session, finance information security officer Steve Winterfeld explained why having complementary IT security and compliance strategies requires leadership buy-in and cooperation.

April 29, 2015 29 Apr'15

RSA Conference 2015 recap: Record attendance, record stakes

This year's RSA Conference once again broke the previous year's attendance record. Is the show getting too big for San Francisco? Plus key takeaways and final words from our executive editor.

April 28, 2015 28 Apr'15

Comparing the top SSL VPN products

Expert Karen Scarfone examines the top SSL VPN products available today to help enterprises determine which option is the best fit for them.

April 28, 2015 28 Apr'15

Open source threat model aims to make enterprise safer with less work

An open source threat model is aiming to be a repository for risk assessment with the aim of allowing enterprise to focus on creating the right security controls for each business.

April 28, 2015 28 Apr'15

Despite benefits, skepticism surrounds bug bounty programs

Some people think bug bounty programs are the answers to vulnerability woes, yet others remain skeptical of the negative impacts they present. RSA Conference panelists discussed both sides of one of today's hottest and most controversial IT topics.

April 28, 2015 28 Apr'15

Insider threat programs need people, not technology

A panel discussion at RSA Conference 2015 outlined strategic methods enterprises can use to build and advocate for an insider threat program.

April 27, 2015 27 Apr'15

DevOps explained: Why experts call DevOps and security a perfect match

At RSA Conference 2015, a pair of DevOps proponents explained why the nascent movement to integrate development and IT operations staff pays security dividends.

April 27, 2015 27 Apr'15

New study shows enterprise security confidence high but defenses low

A new study from network security firm Fortinet shows that enterprise security confidence levels are high despite a lack of comprehensive security measures.

April 27, 2015 27 Apr'15

WordPress vulnerable to stored XSS bug, researchers find

A researcher has released a proof-of-concept exploit for a WordPress vulnerability leveraging stored XSS, which could lead to remote code execution on affected servers.

April 27, 2015 27 Apr'15

On healthcare data security, not all security pros see unique challenges

At an RSA Conference 2015 discussion on healthcare data security, experts with decades of experience perceive a unique challenge, while security pros see similarities with other verticals.

April 24, 2015 24 Apr'15

Long-duration advanced persistent threat attacks now the norm, say experts

Threat experts at RSA Conference 2015 say today's most dangerous attack techniques reflect a shift toward long-duration attacks that are often nearly impossible to detect.

April 24, 2015 24 Apr'15

Clarity needed to cultivate next-gen cybersecurity workforce

Millennials are hesitant to pursue a career in cybersecurity, mainly because they aren't sure exactly what the job entails -- and if they have the proper training for it.

April 24, 2015 24 Apr'15

NIST wants help building the one ID proofing system to rule them all

The U.S. government wants to solve the weaknesses in online ID proofing systems, but it needs the help of enterprise and security professionals in order to overcome privacy concerns and other issues.

April 24, 2015 24 Apr'15

Insecure SSL coding could lead to Android man-in-the-middle attacks

Researchers have found thousands of apps that feature insecure coding practices in implementing SSL protocols, which could lead to Android man-in-the-middle attacks.

April 23, 2015 23 Apr'15

Opportunity abounds for those with both business, security skills

Executives now listen to their security managers but experts speaking at the RSA Conference 2015 say infosec leaders must learn business security skills and think long term.

April 23, 2015 23 Apr'15

RSA attendees ponder how to trim bloated security portfolios

At a roundtable discussion at RSA Conference 2015, security admins pondered what to do about bloated security portfolios.

April 23, 2015 23 Apr'15

Effective data breach response plans hinge on human preparedness

Experts at a Verizon event at RSA Conference 2015 say no data breach response plan is complete until certain human factors are considered.

April 23, 2015 23 Apr'15

Pescatore on security success: Breach prevention is possible

At RSA Conference 2015, John Pescatore offered real-world case studies proving that information security technologies can help prevent data breaches.

April 22, 2015 22 Apr'15

Industry experts warn only cyberliability insurance covers breaches

Cyberliability insurance gains popularity as industry experts warn that, contrary to popular belief, general insurance won't protect against cyberattacks.

April 22, 2015 22 Apr'15

Can supply chain security assuage Huawei security concerns?

Huawei's U.S. CSO pitched the rigor of its supply chain security processes to RSA Conference 2015 attendees, but they remained skeptical at best on whether to trust the Chinese networking and security vendor.

April 22, 2015 22 Apr'15

Mobile malware is not a serious threat, Damballa shows

An Atlanta-based threat prevention company says the chances of acquiring mobile malware infection are as slim as the chance of being struck by lightning.

April 22, 2015 22 Apr'15

Government cybersecurity experts push for better information sharing

At RSA 2015, former federal officials called for better government cybersecurity cooperation between agencies and with the private sector.

April 22, 2015 22 Apr'15

Threat intelligence programs maturing despite staffing, tech obstacles

A Forrester analyst told RSA Conference 2015 attendees that enterprise threat intelligence programs are maturing, though obstacles like nascent technology and hard-to-find employees mean some firms may never reach full maturity.

April 21, 2015 21 Apr'15

Yoran: RSA, information security industry needs 'radical change'

New RSA President Amit Yoran says business as usual isn't stopping the evolving threat landscape, and hints at radical changes coming to the information security industry and within RSA itself.

April 21, 2015 21 Apr'15

Raytheon cybersecurity bolstered by Websense acquisition

Vista sells majority stake in security provider Websense to boost Raytheon cybersecurity defense amidst copious information breaches.

April 21, 2015 21 Apr'15

Waratek grabs RSA Innovation Sandbox honors

Runtime application self-protection startup Waratek wins coveted RSA Innovation award.

April 21, 2015 21 Apr'15

SIMDA botnet down: 770,000 infected computers rescued

INTERPOL collaborated with Trend Micro, Microsoft and Kaspersky to take down botnet affecting 770,000 users.

April 20, 2015 20 Apr'15

Successful women in security tout need for mentoring, encouragement

Female infosec pros say the industry needs to do more to not only encourage women to pursue infosec careers, but also help mentor them along the way.

April 20, 2015 20 Apr'15

Hiring millennials key to reducing security workforce shortage

At RSA Conference 2015, speakers at an (ISC)2 panel said attracting and hiring millennials is a huge key to alleviating the worsening information security workforce shortage.

April 17, 2015 17 Apr'15

Machine versus the bots: Does your website pass the Turing 2.0 test?

New Web security models use browser behavior and polymorphism to protect against data theft and fraud.

April 17, 2015 17 Apr'15

Patch Tuesday's Windows HTTP.sys flaw under attack

A critical vulnerability in Windows HTTP.sys was detailed as part of Microsoft's April Patch Tuesday, and the flaw is already being actively exploited in the wild.

April 17, 2015 17 Apr'15

Microsoft cybersecurity strategy: Time for another Bill Gates email

Opinion: Executive Editor Eric Parizo says Microsoft's security strategy may have once been the benchmark for other vendors to emulate, but in 2015 the software giant's priorities lie elsewhere.

April 16, 2015 16 Apr'15

Oracle Critical Patch Update features important Java SE updates

The latest Oracle Critical Patch Update includes fixes for close to 100 vulnerabilities, but one expert says there is a critical update for Java on the desktop that needs immediate attention.

April 15, 2015 15 Apr'15

PCI DSS 3.1 debuts, requires detailed new SSL security management plan

PCI DSS 3.1 grants merchants about 14 months to nix flawed SSL and TLS protocols, but demands they quickly provide detailed new documentation on how they plan to make the transition.

April 14, 2015 14 Apr'15

April 2015 Patch Tuesday addresses critical HTTP.sys flaw

Microsoft's April 2015 Patch Tuesday release is lighter than usual with 11 total bulletins, but experts say that system admins should immediately install a critical HTTP.sys patch for Windows Server.

April 14, 2015 14 Apr'15

'Redirect to SMB' vulnerability affects all versions of Windows

The new 'Redirect to SMB' vulnerability is an update to an 18-year-old flaw that can lead to man-in-the-middle attacks on all versions of Windows.

April 14, 2015 14 Apr'15

Sony Pictures hack used easily available malware, destroyed computers

A '60 Minutes' interview Sunday revealed that not only did Sony Pictures fall victim to well-known, off-the-shelf malware, but that the attackers also destroyed thousands of computers and servers after stealing the data.

April 14, 2015 14 Apr'15

Verizon DBIR 2015 tackles data breach cost predictions

In its 2015 Data Breach Investigations Report, Verizon debuts data breach cost estimates based on newly available data, and also advocates for better threat intelligence sharing among different industries facing common threats.

April 13, 2015 13 Apr'15

Cybersecurity risks masked by controversial vulnerability counts

Experts have split opinions regarding the correct methodology for counting vulnerabilities, but all agree that focusing on numbers can mask real cybersecurity risks.

April 10, 2015 10 Apr'15

Ways to secure Web apps: WAFs, RASP and more

Protecting a Web application increasingly means tuning your protections to the individual characteristics of your applications. There’s more than one way to go about this, though. In this three-part guide we review best practices for taking your Web...

April 10, 2015 10 Apr'15

Chrome security under fire from third-party extension

Security researchers say Webpage Screenshot, a popular third-party extension for Google Chrome, was secretly collecting end-user browsing data. Its true purpose and how Google missed it remain up for debate.

April 10, 2015 10 Apr'15

Tech, security M&A activity booms thanks to mobile, cloud

News roundup: Technology and security acquisitions have seen some healthy activity in 2015, driven by two key trends. Plus: 75% of users aren't vulnerable to Heartbleed?; White House hack tied to phishing; first state digital ID law.

April 09, 2015 09 Apr'15

SANS: Enterprises overconfident in ability to detect insider threats

Enterprises may be increasingly aware of insider threats and believe they can find and stop them, but a new SANS Institute survey suggests they may be overconfident and lack the necessary insider threat-detection technology.

April 08, 2015 08 Apr'15

Experts disagree on growth, complexity of cybersecurity threats

The Websense 2015 Threat Report claims that cybersecurity threats are getting more complex, but one expert says the trends aren't anything new.

April 08, 2015 08 Apr'15

Dyre malware returns to rob banks of millions

Financial malware Dyre, in tandem with social engineering, was used in a new campaign to steal millions from financial institutions, according to IBM researchers.

April 06, 2015 06 Apr'15

In first Android Security Report, Google cites drop in Android malware

Google's first Android Security Report claims that malware on the platform was found on fewer than 1% of devices in 2014, but experts question if the ecosystem is really as safe as it has ever been.

April 05, 2015 05 Apr'15

Amid SSL security issues, enterprises face many problems, few answers

Experts say even enterprises that carefully secure TLS may still be at the mercy of the numerous security issues affecting the SSL ecosystem.

April 03, 2015 03 Apr'15

The transaction that lasts forever

Whether or not you think Bitcoin has a future, it has a couple of very interesting technological elements that will probably have a life of their own. The aspect that everyone talks about is that ...

April 03, 2015 03 Apr'15

U.S. cyberattacker sanctions program causes stir on social media

News roundup: President Obama's executive order allowing sanctions on cyberattackers has been met with mixed reaction. Plus: Threat intelligence perception versus reality; healthcare breach consequences; Verizon tosses supercookie.

April 02, 2015 02 Apr'15

Massive GitHub DDoS attack tied to Chinese government

Security experts say the largest DDoS attack in GitHub history, which lasted five days, was the work of the Chinese government.

April 02, 2015 02 Apr'15

Obama threatens foreign cyber attackers with sanctions

US president Barack Obama has signed an executive order establishing a framework for the US to impose sanctions on foreign cyber attackers

April 01, 2015 01 Apr'15

NSA’s big data security analytics reaches the enterprise with Sqrrl

Competition for Hadoop-based analytics may put tools and services within reach for large and midsize organizations, says Robert Richardson.

April 01, 2015 01 Apr'15

Information security jobs unfilled as labor pains grow

Why cybersecurity hiring is the real cyberwar.

April 01, 2015 01 Apr'15

Defending against the digital invasion

As attackers move beyond “spray and pray” tactics to advanced persistent threats -- having better security than your competitors is no longer enough. Targeted attacks today are often for financial gain through extortion and threats to expose or ...

March 31, 2015 31 Mar'15

Amid growing SSL concerns, Qualys expands free public SSL tester

Qualys has added a free, public API to its SSL testing services, which will enable an enterprise to test any website or server for SSL vulnerabilities.

March 31, 2015 31 Mar'15

New PCI SSC penetration testing guidelines aim to be more prescriptive

The PCI SSC has issued prescriptive new supplemental guidance on penetration testing in an effort to reverse current trends and improve merchant compliance.

March 30, 2015 30 Mar'15

PCI DSS 3.1 set for April 2015 release, will cover SSL vulnerabilities

The PCI Security Standards Council has confirmed that PCI DSS 3.1 will be released in just a few weeks. According to a Gartner analyst, the surprise new release could cause major problems for merchants.

March 27, 2015 27 Mar'15

Is the RSA 2015 'booth babe' ban a win for women in security?

News roundup: The ban of "booth babes" at RSA Conference 2015 has been met with praise; does it equal an increase of women in infosec? Plus: Cyberthreat data-sharing bill advances; Flash flaw exploited days after patching; new twist on Google Play ...

March 27, 2015 27 Mar'15