News

News

• January 10, 2017 10 Jan'17

  January Patch Tuesday sparse before Windows security updates change

  Microsoft offers up a meager January 2017 Patch Tuesday release before bigger changes planned for Windows security update announcements, which are set to take effect in February.

• January 10, 2017 10 Jan'17

  What are the potential pros and cons of a Cyber National Guard?

  A congressman proposed adding a Cyber National Guard to the military to protect the U.S. from cyber adversaries. Expert Mike O. Villegas examines the potential drawbacks of this branch.

• January 09, 2017 09 Jan'17

  In a post-Mirai world, the FTC wants more secure routers from D-Link

  The Federal Trade Commission filed a lawsuit against D-Link, and experts said the move was likely to push more secure routers in the wake of the Mirai botnet attacks.

• January 06, 2017 06 Jan'17

  FTC launches competition to improve IoT device security

  News roundup: FTC starts a contest to create a better IoT device security tool. Plus, ransomware is now illegal in California; Google patches 29 critical Android flaws; and more.

• January 06, 2017 06 Jan'17

  Doxware: New ransomware threat, or just extortionware rebranded?

  The threat of ransomware continues to evolve, with a new spin on extortionware, called doxware, that's designed to target and potentially expose sensitive data of ransomware victims.

• January 04, 2017 04 Jan'17

  SSL certificate validation flaw discovered in Kaspersky AV software

  Google Project Zero discovers more antivirus vulnerabilities. This time, the issues are with how Kaspersky Lab handles SSL certificate validation and CA root certificates.

• January 03, 2017 03 Jan'17

  Decades-old bug in the libpng open source graphics library patched

  A low-severity vulnerability dating back to 1995 in libpng, the official reference library implementation for PNG, may have enabled remote DoS attacks.

• December 16, 2016 16 Dec'16

  Vulnerable websites make up half of the internet's top sites

  News roundup: A report finds nearly half the internet is filled with vulnerable websites. Plus, SWIFT confirms more hacks, Amit Yoran steps down from RSA and more.

• November 17, 2016 17 Nov'16

  Chinese company caught preinstalling Android spyware on budget devices

  A Chinese company was found to be preinstalling Android spyware on budget smartphones and collecting phone call and messaging data without consent.

• August 29, 2016 29 Aug'16

  Pegasus iOS exploit uses three zero days to attack high-value targets

  A new remote iOS exploit called Pegasus leverages three zero days in what appear to be state-sponsored targeted attack campaigns against political dissidents.

• June 27, 2016 27 Jun'16

  Intel reportedly considering selling its security business

  New reports suggest Intel may be looking into selling off its security business, and experts are unclear whether it means Intel's McAfee acquisition has gone sour.

• June 17, 2016 17 Jun'16

  FBI facial recognition systems draw criticism over privacy, accuracy

  GAO report blasts FBI facial recognition programs over privacy and accuracy concerns; FBI systems offer access to over 411 million photos from federal and state sources.

• June 15, 2016 15 Jun'16

  Ransomware worm raises concerns for enterprise security

  In this Risk & Repeat podcast, SearchSecurity editors break down the discovery of the ZCryptor ransomware worm and what it means for future ransomware threats.

• June 13, 2016 13 Jun'16

  Symantec acquisition of Blue Coat shakes up security industry

  Symantec agreed to acquire Blue Coat Systems for $4.65 billion, with Blue Coat CEO Greg Clark taking over as new CEO of the combined company.

• May 26, 2016 26 May'16

  Retiring obsolete SHA-1 and RC4 cryptographic algorithms, SSLv3 protocol

  Microsoft speeds deprecation of SHA-1, Google dropping support for RC4, SSLv3, as web software publishers approach end of life for obsolete cryptographic algorithms and protocols.

• May 06, 2016 06 May'16

  Commercial code riddled with open source vulnerabilities

  Roundup: Customers, vendors both unaware of unpatched open source vulnerabilities in commercial software. Plus OpenSSL patches, warrantless wiretaps and more.

• March 18, 2016 18 Mar'16

  Apple court filing challenges iPhone backdoor as rhetoric heats up

  The rhetoric about the iPhone backdoor from Apple and the FBI has gotten more intense as Apple challenged the FBI in court by calling its motion unconstitutional.

• March 02, 2016 02 Mar'16

  Bruce Schneier on IBM grabbing him up with Resilient Systems

  Bruce Schneier chats with SearchSecurity during lunch at RSAC about IBM's plans to acquire Resilient Systems to complete their security offering.

• January 29, 2016 29 Jan'16

  OpenSSL patch fixes encryption flaw and strengthens Logjam defense

  A new OpenSSL patch fixes a severe encryption flaw and strengthens the protocol against the Logjam vulnerability.

• January 28, 2016 28 Jan'16

  Oracle closing an attack vector by deprecating the Java browser plug-in

  Oracle announced plans to deprecate the Java browser plug-in, a noted attack vector, though the choice was not entirely its own.

• December 15, 2015 15 Dec'15

  Old Microsoft Kerberos vulnerability gets new spotlight

  A new blog post detailed authentication vulnerabilities in Microsoft Kerberos that cannot be patched and could lead to attackers having free rein over systems.

• December 01, 2015 01 Dec'15

  Amex credit card hack predicts replacement card number

  Samy Kamkar found a weakness in the algorithm American Express uses to generate replacement card information and created a credit card hack as a proof-of-concept.

• July 16, 2015 16 Jul'15

  Flash Player security failures turn up the hate

  There have been calls for the death of the Adobe Flash Player for years either due to performance issues or the threat of exploit. But with a recent rash of zero-day vulnerabilities, those calls are getting louder.

• July 10, 2015 10 Jul'15

  Homeland Security chief calls for federal breach reporting law

  The Homeland Security head wants federal laws requiring data breach reporting and information sharing, but one expert warns that government officials need better understanding of infosec technology before creating such laws.

• June 11, 2015 11 Jun'15

  Duqu malware makes a comeback and infiltrates Kaspersky systems

  The first strain of Duqu malware was found in late 2011. Now three and a half years later, Duqu 2.0 has emerged and is exploiting as many as three zero-day vulnerabilities in a new attack campaign.

• May 22, 2015 22 May'15

  Government backdoor security concerns prompt letter to president

  As privacy and security concerns rise, President Obama is urged to dismiss the call for government backdoors.

• May 20, 2015 20 May'15

  Google changes Chrome extension policy amid security concerns

  Google's new Chrome extension policy mandates that all users and developers must install web browser extensions from the Chrome Web Store.

• May 07, 2015 07 May'15

  Malware detection tool tackles medical device security

  WattsUpDoc, an embedded system security tool used to detect malware in medical devices, is now in beta testing at two major U.S. hospitals.

• April 29, 2015 29 Apr'15

  RSA Conference 2015 recap: Record attendance, record stakes

  This year's RSA Conference once again broke the previous year's attendance record. Is the show getting too big for San Francisco? Plus key takeaways and final words from our executive editor.

• April 28, 2015 28 Apr'15

  Comparing the top SSL VPN products

  Expert Karen Scarfone examines the top SSL VPN products available today to help enterprises determine which option is the best fit for them.

• April 24, 2015 24 Apr'15

  NIST wants help building the one ID proofing system to rule them all

  The U.S. government wants to solve the weaknesses in online ID proofing systems, but it needs the help of enterprise and security professionals in order to overcome privacy concerns and other issues.

• March 03, 2015 03 Mar'15

  Amid Apple Pay fraud, banks scramble to fix Yellow Path process

  Banks are rushing to fix sloppy authentication processes at the heart of rising Apple Pay fraud. Experts also worry about potential fraud with other mobile payment systems.

• March 02, 2015 02 Mar'15

  Q&A: Marcus Ranum chats with AT&T's CSO Ed Amoroso

  There's no shortage of new security technology, but enterprise integration is still a major hang-up, says AT&T's chief of security.

• January 22, 2015 22 Jan'15

  Report: Popularity of biometric authentication set to spike

  Juniper Research claims that the popularity of biometric authentication will rise dramatically in the next five years, incorporating innovative technology beyond today's fingerprint sensors and voice authentication systems.

• September 02, 2014 02 Sep'14

  Apple and FBI launch iCloud hack investigation

  Apple and FBI investigate the breach of Apple’s iCloud causing fresh business concerns over cloud security

• August 07, 2014 07 Aug'14

  Black Hat 2014: Researcher reveals Amazon cloud security weaknesses

  At Black Hat 2014, a researcher showed how AWS cloud security flaws and misconfigurations can have devastating consequences for AWS customers that don't take security seriously.

• August 06, 2014 06 Aug'14

  Russian hackers steal over a billion usernames and passwords

  A group of Russian cyber criminals have attacked 500 million email addresses and gained 1.2 billion usernames and passwords.

• April 10, 2014 10 Apr'14

  NSA TAO: What Tailored Access Operations unit means for enterprises

  The NSA's top-secret Tailored Access Operations offensive hacking unit offers enterprise defense strategy lessons. Expert Nick Lewis discusses.

• February 05, 2014 05 Feb'14

  Amid Microsoft MD5 deprecation, experts warn against SHA-1 algorithm

  With Microsoft's MD5 deprecation set for next week, experts say companies must be careful to avoid other weak protocols, like SHA-1.

• January 03, 2014 03 Jan'14

  FireEye buys Mandiant in $1 billion deal

  In acquiring the incident response firm, FireEye will combine Mandiant's endpoint defense product with its network-based detection technology.

• December 02, 2013 02 Dec'13

  Return on security investment: The risky business of probability

  You are better off with real numbers when it comes to measuring probability and the elements of security risk, even if they are wrong.

• September 20, 2013 20 Sep'13

  HP introduces 'self-healing' BIOS protection with SureStart

  HP's new SureStart feature detects and 'heals' corrupted BIOS code.

• June 19, 2013 19 Jun'13

  RSA Silver Tail improves online fraud detection, enterprise security

  Fraud prevention for the Web: RSA Silver Tail sets stage for enterprise-level security with big data and brand new interface.

• January 17, 2013 17 Jan'13

  Thirteen principles to ensure enterprise system security

  Designing sound enterprise system security is possible by following Gary McGraw's 13 principles, many of which have held true for decades.

• December 07, 2012 07 Dec'12

  Twelve common software security activities to lift your program

  Software security expert Gary McGraw explains the processes commonly found in highly successful software security programs.

• November 01, 2012 01 Nov'12

  Protecting Intellectual Property: Best Practices

  Organizations need to implement best practices to protect their trade secrets from both internal and external threats.

• July 11, 2012 11 Jul'12

  AWS outage doesn't discourage Netflix

  Netflix says it remains bullish on the cloud despite major Amazon outage.

• June 28, 2012 28 Jun'12

  Operation High Roller: Online bank fraud

  McAfee and Guardian Analytics released the findings of an investigation into a global online bank fraud ring that takes the old techniques up a notch.

• June 28, 2012 28 Jun'12

  Putting the mobile botnet threat in perspective

  While lucrative mobile botnets do exist, Industry experts provide a perspective on seems to be a relatively small mobile botnet threat.

• June 21, 2012 21 Jun'12

  Review your security contingency plan during the Games

  U.K. companies are preparing to manage their security during the Olympics. Would your security contingency plan hold up to such a disruptive event?

• June 01, 2012 01 Jun'12

  Stuxnet details should prompt call to action, not words

  Security experts have warned of potential problems with military cyberstrikes. Cyberwarfare is difficult to plan and could put civilians at risk.

• May 24, 2012 24 May'12

  Technology raises visibility of partner networks

  Lookingglass shines a light on the security posture of an enterprise’s partners, clients and third-party providers.

• May 24, 2012 24 May'12

  A bold view on prioritizing computer security laws

  The number of computer security laws in the U.S. can be daunting. One bold lawyer suggests a way to prioritize the laws and avoid most legal battles.

• May 17, 2012 17 May'12

  Maybe security is recession proof; VCs investing again

  Venture capital firms are funding security technologies after a quiet period. The investments are a silver lining in a still bleak overall outlook.

• April 27, 2012 27 Apr'12

  CISPA threat intelligence bill passes House

  The Cyber Intelligence Sharing and Protection Act (CISPA), clears security vendors of any liability for sharing customer attack data with federal officials.

• April 11, 2012 11 Apr'12

  Azure boosts CSA’s STAR

  Cloud Security Alliance transparency effort expands with addition of Windows Azure.

• April 09, 2012 09 Apr'12

  Gary McGraw on software security assurance: Build it in, build it right

  If the field of computer security is to be fixed, the only hope we have is building security in, says software security expert Gary McGraw.

• April 09, 2012 09 Apr'12

  Business and IT security alignment is off

  Aligning IT security with business goals is nice, but is it always realistic? Mandates from management often clash with the industry’s ideal characterization of an IT security leader.

• April 04, 2012 04 Apr'12

  TIBCO to acquire SIEM vendor LogLogic

  TIBCO, an integration software company with little security experience, will purchase one of the few remaining viable standalone SIEM vendors. Terms were not disclosed.

• April 03, 2012 03 Apr'12

  Experts say it's time for a mobile security review

  There are many mobile device management (MDM) platforms, but they may be unnecessary if you can use the security features native to the devices.

• March 28, 2012 28 Mar'12

  Verizon sheds some light on cloud breaches

  Verizon says cloud breaches are more about giving up control of assets rather than technology vulnerabilities.

• March 27, 2012 27 Mar'12

  Facebook attacks illustrate need for education

  Stolen Facebook account credentials could potentially give attackers access to the victim’s corporate network.

• March 26, 2012 26 Mar'12

  ISP’s anti-botnet code of conduct accomplishes little

  Leading ISPs sign the U.S. Anti-Bot Code of Conduct, which stops short of demanding ISPs provide a clean pipe to customers.

• March 15, 2012 15 Mar'12

  NSA mobile security plan could be industry roadmap

  Tight controls over the mobile device and the use of VPN tunnels could be employed in enterprise mobile security plans.

• March 02, 2012 02 Mar'12

  OpenDNS hires Websense CTO, readies enterprise strategy

  DNS provider said it plans a big move into enterprise security market.

• March 01, 2012 01 Mar'12

  Dan Kaminsky offers unconventional wisdom on security innovation

  Luminary Dan Kaminsky, known for his DNS research, pushed RSA Conference 2012 attendees toward security innovation by upending conventional wisdom.

• January 27, 2012 27 Jan'12

  Time to ban dangerous apps? Exploring third-party app security

  Column: Third-party applications are notoriously hard to patch and often easy to exploit. Is it time to ban applications, or can they be secured with a new approach?

• January 23, 2012 23 Jan'12

  More information security news from SearchSecurity

  For all the enterprise information security news that matters, visit our news page on SearchSecurity.

• December 09, 2011 09 Dec'11

  Special report: 'Eye On' mobile security

  SearchSecurity.com's news team explores the challenges and technologies enterprises must know to successfully manage mobile security.

• May 18, 2010 18 May'10

  Should there be PCI security requirements for bank account data?

  Gartner analyst wonders why no PCI-like standard exists for bank account information, which online criminals are targeting.

• March 24, 2010 24 Mar'10

  Apple iPhone, Microsoft IE 8 get hacked in Pwn2Own contest

  Hackers also exploited zero-day vulnerabilities in Apple Safari and Mozilla Firefox browsers in the first day of TippingPoint's Pwn2Own contest Wednesday.

• March 19, 2009 19 Mar'09

  How do you align an IT risk assessment with COBIT controls?

  [One of our readers, compliance officer Ramon de Bruijn, wrote to the editors of SearchCompliance.com at [email protected] last month looking for some advice. Specifically, he asked "What ...