News

News

• April 01, 2015 01 Apr'15

  Defending against the digital invasion

  As attackers move beyond “spray and pray” tactics to advanced persistent threats -- having better security than your competitors is no longer enough. Targeted attacks today are often for financial gain through extortion and threats to expose or ...

• March 25, 2015 25 Mar'15

  Secunia: Better vulnerability reporting doesn't mean more patches

  Secunia's 2015 Vulnerability Report shows that better vulnerability reporting and awareness of flaws doesn't necessarily mean vendors offer more patches or focus on the most critical issues.

• March 24, 2015 24 Mar'15

  BandarChor: New ransomware based on old malware family emerges

  Antivirus vendor F-Secure discovered BandarChor, a type of ransomware based on an existing malware family.

• March 23, 2015 23 Mar'15

  Cisco IP phones vulnerable to eavesdropping; no patch available yet

  Cisco says a vulnerability in some of its IP phones for SMBs could allow eavesdropping. A fix is not yet available, but Cisco has offered mitigation techniques.

• March 20, 2015 20 Mar'15

  At 2015 Pwn2Own competition, browser exploits in the spotlight

  News roundup: Researchers at the 2015 Pwn2Own exploited every major Web browser, casting doubt on browser security once again. Plus: high-severity OpenSSL update; IE being phased-out in Windows 10; Americans dodging online surveillance.

• Sponsored News

  • It’s Time to Modernize Your SOC

    Sponsored by Microsoft - With the shift to remote work caused by COVID-19, Security Operations Centers (SOCs) are under more pressure than ever, particularly with many SOC workers also working from home. Today’s reality is that SOCs have to embrace a new way of working in order to keep their analysts and admins effective and to ensure that morale doesn’t collapse under the weight of too much work and pressure. See More

  • 6 Factors to Consider in Building Resilience Now

    Sponsored by Microsoft - COVID-19 has been, and continues to be, a stark reminder of the importance of business resilience. Organizations of all types and sizes have had to adjust to rapidly changing and unpredictable circumstances: A shift to remote work, supply chain disruptions, new digitally driven business models and an environment where uncertainty is the rule, not the exception. See More

  • Why Zero Trust, Why Now

    Sponsored by Microsoft - The concept of a Zero Trust cybersecurity architecture has been around for more than a decade, but adoption didn’t really begin to take hold until the past couple of years. As with many technology innovations, it hasn’t always been clear just what Zero Trust is all about and, more important, how to implement it easily and cost effectively. See More

  • 5 Best Practices To Secure Remote Workers

    Sponsored by Microsoft - The impact of COVID-19 has changed the dynamics and landscape of remote work for at least the foreseeable future and, probably, forever. All of a sudden, organizations across all industries had to scale remote workers at unprecedented intensity and speed. See More

  View All Sponsored News
• March 17, 2015 17 Mar'15

  Yahoo’s attempt to kill off passwords raises security concerns

  Yahoo’s attempt to kill off passwords by introducing an on-demand one-time passcode option for its email services has raised security concerns

• March 17, 2015 17 Mar'15

  Microsoft warns of fake SSL certificate for Windows Live

  Microsoft has warned that a fake security certificate has been issued for the Windows Live domain that could be abused by attackers

• March 16, 2015 16 Mar'15

  Microsoft re-releases EMET 5.2 to fix IE bug

  Update: Microsoft has re-released Enhanced Mitigation Experience Toolkit version 5.2 to correct a bug involving IE 11.

• March 13, 2015 13 Mar'15

  Hillary Clinton email debate highlighted by security mistakes

  News roundup: Hillary Clinton's decision to use a private email domain and server has created a firestorm over her email security mistakes. Plus: OpenSSL audit, Blue Coat acquisition, more Equation details emerge.

• March 11, 2015 11 Mar'15

  HP enterprise security: Can acquisitions lead to cohesive strategy?

  Through acquisitions Hewlett-Packard has built a formidable lineup of enterprise security offerings, but experts question whether a strong brand can overcome legacy technology and a lacking endpoint strategy.

• March 10, 2015 10 Mar'15

  Venmo struggles put spotlight on mobile payment security

  The mobile payment app maker responds to criticism by stepping up security with better verifications and notifications for email and phone number changes.

• March 09, 2015 09 Mar'15

  Group claiming links to Isis hacks small business websites

  The FBI is investigating the hacking of a number of SME websites in the US and Europe by people claiming affiliation with Islamic State

• March 05, 2015 05 Mar'15

  Microsoft confirms Windows vulnerable to FREAK attack

  The serious HTTPS FREAK exploit was thought to only affect Android, iOS, and MacOS, but Microsoft has confirmed that it also affects all supported versions of Windows.

• March 05, 2015 05 Mar'15

  Emerging cyberthreats exploit battle between compliance and security

  While regulatory compliance is valuable and necessary for enterprises, cyberthreat experts say a compliance-centric security strategy may leave organizations with few resources to ward off emerging cyberthreats.

• March 05, 2015 05 Mar'15

  China and US cross swords over software backdoors

  Barack Obama criticises Chinese plans to force tech firms trading in China to share encryption keys and put backdoors in software

• March 04, 2015 04 Mar'15

  Big data security analytics: Can it revolutionize information security?

  Demetrios Lazarikos describes the security big data system he implemented at retail giant Sears, as well as how it helped thwart retail fraud activity and how he convinced executives to support the implementation.

• March 04, 2015 04 Mar'15

  Why Hillary can't mail

  Reporting by The New York Times notwithstanding, it appears to this non-lawyer that Hillary Clinton probably didn't break any laws by using a personal email account to conduct state business. But ...

• March 03, 2015 03 Mar'15

  Amid Apple Pay fraud, banks scramble to fix Yellow Path process

  Banks are rushing to fix sloppy authentication processes at the heart of rising Apple Pay fraud. Experts also worry about potential fraud with other mobile payment systems.

• March 02, 2015 02 Mar'15

  Q&A: Marcus Ranum chats with AT&T's CSO Ed Amoroso

  There's no shortage of new security technology, but enterprise integration is still a major hang-up, says AT&T's chief of security.

• March 02, 2015 02 Mar'15

  US retailer Natural Grocers investigates data breach

  Natural Grocers is the latest US retailer to announce it is investigating a possible data breach involving customer payment cards

• February 26, 2015 26 Feb'15

  HP: Threat intelligence sources need vetting, regression testing

  According to HP Security Research, threat intelligence best practices can be difficult to implement, and even the most trustworthy sources must be tested for fidelity.

• February 25, 2015 25 Feb'15

  3G and 4G phones not affected by NSA and GCHQ hack, says Gemalto

  The world’s largest maker of Sim cards, Gemalto, says it has “reasonable grounds” to believe it was hacked by UK and US spy agencies in 2010 and 2011

• February 24, 2015 24 Feb'15

  Business disruption cyber attacks set to spur defence plans, says Gartner

  By 2018, 40% of organisations will have plans to address cyber-security business disruption attacks, up from 0% in 2015, says Gartner

• February 23, 2015 23 Feb'15

  Slow adoption of DMARC policy leaves email vulnerable, vendor says

  A new study finds that enterprises, especially healthcare companies, are slow to adopt the DMARC email authentication standard, making them vulnerable to malicious emailers.

• February 23, 2015 23 Feb'15

  Lenovo faces lawsuit for pre-installing Superfish adware

  A class action lawsuit has been filed against Lenovo after it was found to have pre-installed adware vulnerable to cyber attacks

• February 20, 2015 20 Feb'15

  Gemalto denies knowledge of GCHQ and NSA Sim card hack

  Gemalto says it cannot verify a report that it was hacked by the NSA and GCHQ to steal encryption keys

• February 17, 2015 17 Feb'15

  International spyware operation linked to NSA

  The US National Security Agency has reportedly hidden surveillance software in the hard drives of several top computer makers

• February 10, 2015 10 Feb'15

  February 2015 Patch Tuesday: Group Policy flaw tops three critical fixes

  Microsoft's February 2015 Patch Tuesday release offers three critical fixes, including one for a dangerous Group Policy vulnerability, but does not patch a recently revealed IE XSS zero-day flaw.

• February 09, 2015 09 Feb'15

  Security professionals warn against relying on cyber insurance

  Security professionals have warned businesses not to rely on cyber insurance in the face of increased cyber attacks.

• February 06, 2015 06 Feb'15

  Same-origin policy IE vulnerability may signal new attack trend

  A new IE vulnerability has led to a proof-of-concept same-origin policy exploit, and some experts say it highlights a technique that may soon become popular among attackers.

• February 06, 2015 06 Feb'15

  Report: Most enterprise security operations centers ineffective

  A new report by HP shows most enterprise security operations centers fail to meet recommended maturity levels needed to detect and manage cybersecurity threats.

• February 05, 2015 05 Feb'15

  US health insurer Anthem hacked, exposing up to 80 million records

  Hackers have broken into a database at US health insurer Anthem said to contain the personal data of up to 80 million people

• February 04, 2015 04 Feb'15

  Sony says cyber attack will cost $15m

  Sony expects the investigation and remediation costs of the November 2014 cyber attack on its movie subsidiary will amount to $15m

• February 02, 2015 02 Feb'15

  Adobe Flash patch promised this week for new zero-day bug

  Trend Micro discovered a new zero-day bug in Adobe Flash that is being actively exploited in the wild. Adobe promises a patch for the vulnerability this week.

• January 29, 2015 29 Jan'15

  The politics of DDoS response

  Reports of a 'hack back' DDoS attack by Sony stirred up acceptable use questions.

• January 23, 2015 23 Jan'15

  Detection vs. prevention: Ponemon report points to controversial trend

  A Ponemon Institute report highlights the biggest risks to endpoint security, and what IT professionals plan to do to fight back, including one controversial tactic in malware protection.

• January 23, 2015 23 Jan'15

  CryptoWall 3.0: Ransomware returns, adopts I2P

  Shortly after CryptoWall began using TOR to conduct transcations, a new version of the ransomware, dubbed CryptoWall 3.0, has begun using I2P.

• January 22, 2015 22 Jan'15

  Report: Popularity of biometric authentication set to spike

  Juniper Research claims that the popularity of biometric authentication will rise dramatically in the next five years, incorporating innovative technology beyond today's fingerprint sensors and voice authentication systems.

• January 21, 2015 21 Jan'15

  Report: More than 90% of 2014 data breaches could have been prevented

  The Online Trust Alliance finds that over 90% of data breaches resulting in data loss could have been prevented.

• January 21, 2015 21 Jan'15

  Wasted spending on security shelfware affects small businesses more

  Osterman Research and Trustwave report that organizations waste money on underutilized security software because IT often doesn't have enough time or resources to use it.

• January 20, 2015 20 Jan'15

  ISACA: Majority of enterprises report cybersecurity workforce shortage

  In its new 2015 Global Cybersecurity Status Report, ISACA finds that most organizations are aware of cyberattack risk, but few believe they have the capability to thwart a sophisticated attack.

• January 15, 2015 15 Jan'15

  Cybersecurity training needed to raise number of skilled workers

  A survey by ESG finds that IT has an ongoing problematic shortage of enterprise cybersecurity skills, and the problem is getting worse.

• January 13, 2015 13 Jan'15

  Cisco releases multiple WebEx security patches

  The most important of the seven fixes for the WebEx Meeting Server platform remedies a flaw that could allow a cross-site request forgery attack.

• October 15, 2014 15 Oct'14

  Remembering Shon Harris: Logical Security founder passes away

  Shon Harris, founder and CEO of Logical Security and recognized security certification training expert, died Oct. 8, 2014, after a long illness. SearchSecurity pays tribute to her contributions to the information security field.

• September 02, 2014 02 Sep'14

  Apple and FBI launch iCloud hack investigation

  Apple and FBI investigate the breach of Apple’s iCloud causing fresh business concerns over cloud security

• August 07, 2014 07 Aug'14

  Black Hat 2014: Researcher reveals Amazon cloud security weaknesses

  At Black Hat 2014, a researcher showed how AWS cloud security flaws and misconfigurations can have devastating consequences for AWS customers that don't take security seriously.

• August 06, 2014 06 Aug'14

  Russian hackers steal over a billion usernames and passwords

  A group of Russian cyber criminals have attacked 500 million email addresses and gained 1.2 billion usernames and passwords.

• June 12, 2014 12 Jun'14

  Pandemiya banking malware emerges as Zeus-level threat

  RSA researchers say the costly Pandemiya banking malware was written entirely from scratch, a dangerous oddity in the world of malware.

• April 25, 2014 25 Apr'14

  Report: Gap between on-premises and cloud attacks closing

  A new report shows the volume of cloud attacks is rising, as attack types traditionally associated with on-premises environments migrate with users.

• April 10, 2014 10 Apr'14

  NSA TAO: What Tailored Access Operations unit means for enterprises

  The NSA's top-secret Tailored Access Operations offensive hacking unit offers enterprise defense strategy lessons. Expert Nick Lewis discusses.

• February 28, 2014 28 Feb'14

  RSA Conference 2014 analysis: Security topics to keep on the radar

  Several information security topics emerged as hot topics at RSA 2014. Learn three security topics enterprises should keep on their radar.

• February 05, 2014 05 Feb'14

  Amid Microsoft MD5 deprecation, experts warn against SHA-1 algorithm

  With Microsoft's MD5 deprecation set for next week, experts say companies must be careful to avoid other weak protocols, like SHA-1.

• January 03, 2014 03 Jan'14

  FireEye buys Mandiant in $1 billion deal

  In acquiring the incident response firm, FireEye will combine Mandiant's endpoint defense product with its network-based detection technology.

• December 02, 2013 02 Dec'13

  Return on security investment: The risky business of probability

  You are better off with real numbers when it comes to measuring probability and the elements of security risk, even if they are wrong.

• September 20, 2013 20 Sep'13

  HP introduces 'self-healing' BIOS protection with SureStart

  HP's new SureStart feature detects and 'heals' corrupted BIOS code.

• August 01, 2013 01 Aug'13

  New data on enterprise mobile security

  We polled readers in our annual Enterprise Mobile Security Survey and the 2013 results are in.

• June 19, 2013 19 Jun'13

  RSA Silver Tail improves online fraud detection, enterprise security

  Fraud prevention for the Web: RSA Silver Tail sets stage for enterprise-level security with big data and brand new interface.

• January 17, 2013 17 Jan'13

  Thirteen principles to ensure enterprise system security

  Designing sound enterprise system security is possible by following Gary McGraw's 13 principles, many of which have held true for decades.

• November 01, 2012 01 Nov'12

  Protecting Intellectual Property: Best Practices

  Organizations need to implement best practices to protect their trade secrets from both internal and external threats.

• July 11, 2012 11 Jul'12

  AWS outage doesn't discourage Netflix

  Netflix says it remains bullish on the cloud despite major Amazon outage.

• July 11, 2012 11 Jul'12

  Survey: Firewall rules sprawl makes firewall policy management a mess

  Bloated firewall rules are making security unmanageable and audits a nightmare, according to a survey by firewall management vendor Athena.

• July 09, 2012 09 Jul'12

  DNSChanger malware problems unlikely

  DNSChanger infections have declined precipitously, but remaining systems could have Internet access turned off today.

• June 28, 2012 28 Jun'12

  Putting the mobile botnet threat in perspective

  While lucrative mobile botnets do exist, Industry experts provide a perspective on seems to be a relatively small mobile botnet threat.

• June 28, 2012 28 Jun'12

  Operation High Roller: Online bank fraud

  McAfee and Guardian Analytics released the findings of an investigation into a global online bank fraud ring that takes the old techniques up a notch.

• June 21, 2012 21 Jun'12

  Review your security contingency plan during the Games

  U.K. companies are preparing to manage their security during the Olympics. Would your security contingency plan hold up to such a disruptive event?

• June 14, 2012 14 Jun'12

  Opinion: LinkedIn hacking incident betrays users’ trust

  Users are told to create strong passwords, but the LinkedIn hacking showed strong passwords are no defense when the application provider is attacked.

• June 08, 2012 08 Jun'12

  Arbor Networks warns of IP-Killer, MP-DDoser DDoS tool

  Arbor Networks researchers found robust capabilities in the MP-DDoser/IP-Killer tool used to conduct powerful distributed denial-of-service attacks.

• June 07, 2012 07 Jun'12

  Information technology security jobs hiring outlook

  The unemployment rate for IT security pros is 0%, says CompTIA, leaving some companies with key information technology security jobs unfilled.

• June 01, 2012 01 Jun'12

  Stuxnet details should prompt call to action, not words

  Security experts have warned of potential problems with military cyberstrikes. Cyberwarfare is difficult to plan and could put civilians at risk.

• May 31, 2012 31 May'12

  Why execs really need corporate security training

  Senior executives may be the most likely to disobey all your hard-won corporate security training. Here are five reasons why.

• May 24, 2012 24 May'12

  A bold view on prioritizing computer security laws

  The number of computer security laws in the U.S. can be daunting. One bold lawyer suggests a way to prioritize the laws and avoid most legal battles.

• May 24, 2012 24 May'12

  Technology raises visibility of partner networks

  Lookingglass shines a light on the security posture of an enterprise’s partners, clients and third-party providers.

• May 17, 2012 17 May'12

  Maybe security is recession proof; VCs investing again

  Venture capital firms are funding security technologies after a quiet period. The investments are a silver lining in a still bleak overall outlook.

• May 17, 2012 17 May'12

  Division of CISO responsibilities may prevent burnout

  CISO responsibilities can be overwhelming, according to a new IBM survey. One solution may be to divide the role into two jobs.

• May 02, 2012 02 May'12

  Analysis: Oracle trips on TNS zero-day workaround

  Oracle's refusal to patch a zero-day in its flagship database management system is another example of how it carelessly exposes customers to risk.

• April 27, 2012 27 Apr'12

  CISPA threat intelligence bill passes House

  The Cyber Intelligence Sharing and Protection Act (CISPA), clears security vendors of any liability for sharing customer attack data with federal officials.

• April 24, 2012 24 Apr'12

  Spam filter gets better of Microsoft SDL—almost

  Two program managers at SOURCE Boston shared how a serious vulnerability reported to the MSRC fell into a spam filter and caused an out-of-band patch.

• April 19, 2012 19 Apr'12

  Experts differ on European ‘cookie law’ advice

  U.S. firms with European customers are wondering about the new “cookie law.” Experts have different advice for European cookie law compliance.

• April 12, 2012 12 Apr'12

  Defining a full security threat

  How would you define a security threat? The correct answer could score the funding you need for your next security project.

• April 11, 2012 11 Apr'12

  Azure boosts CSA’s STAR

  Cloud Security Alliance transparency effort expands with addition of Windows Azure.

• April 09, 2012 09 Apr'12

  Gary McGraw: Build security in from start

  If the field of computer security is to be fixed, the only hope we have is building security in, says software security expert Gary McGraw.

• April 09, 2012 09 Apr'12

  Business and IT security alignment is off

  Aligning IT security with business goals is nice, but is it always realistic? Mandates from management often clash with the industry’s ideal characterization of an IT security leader.

• April 04, 2012 04 Apr'12

  TIBCO to acquire SIEM vendor LogLogic

  TIBCO, an integration software company with little security experience, will purchase one of the few remaining viable standalone SIEM vendors. Terms were not disclosed.

• April 03, 2012 03 Apr'12

  Experts say it's time for a mobile security review

  There are many mobile device management (MDM) platforms, but they may be unnecessary if you can use the security features native to the devices.

• April 03, 2012 03 Apr'12

  Global Payments breach exposes PCI shortcomings

  Payment processor Global Payment is the latest poster child for PCI shortcomings and shoddy data security.

• March 28, 2012 28 Mar'12

  Verizon sheds some light on cloud breaches

  Verizon says cloud breaches are more about giving up control of assets rather than technology vulnerabilities.

• March 27, 2012 27 Mar'12

  Facebook attacks illustrate need for education

  Stolen Facebook account credentials could potentially give attackers access to the victim’s corporate network.

• March 26, 2012 26 Mar'12

  ISP’s anti-botnet code of conduct accomplishes little

  Leading ISPs sign the U.S. Anti-Bot Code of Conduct, which stops short of demanding ISPs provide a clean pipe to customers.

• March 19, 2012 19 Mar'12

  Professional developers behind Duqu Trojan

  The Duqu Trojan’s communications module was written in a custom version of C—indicating a sophisticated professional development team at work.

• March 15, 2012 15 Mar'12

  Can a security association bring us all together?

  Vendors and government call for security pros from different organizations to work together, but will our competitive nature stand in our way?

• March 15, 2012 15 Mar'12

  NSA mobile security plan could be industry roadmap

  Tight controls over the mobile device and the use of VPN tunnels could be employed in enterprise mobile security plans.

• March 12, 2012 12 Mar'12

  Do we need zero-day research?

  Vulnerability research is at a crossroads as bug hunters in pursuit of zero-day vulnerabilities and exploits feel pressure from the security community.

• March 08, 2012 08 Mar'12

  Changes to European privacy laws foreshadow serious business impact

  Changes to the data protection regulations are on the way for the European Union, and the fallout in Europe serves as a good case study for U.S. businesses.

• March 02, 2012 02 Mar'12

  OpenDNS hires Websense CTO, readies enterprise strategy

  DNS provider said it plans a big move into enterprise security market.

• March 01, 2012 01 Mar'12

  Dan Kaminsky offers unconventional wisdom on security innovation

  Luminary Dan Kaminsky, known for his DNS research, pushed RSA Conference 2012 attendees toward security innovation by upending conventional wisdom.

• January 27, 2012 27 Jan'12

  Time to ban dangerous apps? Exploring third-party app security

  Column: Third-party applications are notoriously hard to patch and often easy to exploit. Is it time to ban applications, or can they be secured with a new approach?

• January 23, 2012 23 Jan'12

  More information security news from SearchSecurity

  For all the enterprise information security news that matters, visit our news page on SearchSecurity.

• December 14, 2011 14 Dec'11

  Nitro attackers use Symantec report

  Those responsible for the Nitro attacks earlier this year are targeting chemical companies with malicious emails claiming to be from Symantec.

• December 09, 2011 09 Dec'11

  Special report: 'Eye On' mobile security

  SearchSecurity.com's news team explores the challenges and technologies enterprises must know to successfully manage mobile security.

• May 11, 2010 11 May'10

  Aite Group: Take action now to manage remote deposit capture risks

  Fraud losses involving RDC technology have the potential to skyrocket if banks don't work proactively to deal with the risks, research firm says.