Stories by Ellen Messmer

Cisco announces security service linked with new operations centers

By Ellen Messmer | 22 April, 2014 23:06

Cisco today announced Managed Threat Defense, a set of security services for the enterprise that Cisco is providing through two new operations centers to remotely support intrusion-detection, incident response and forensics, among other services.

Verizon: Web apps are the security punching bag of the Internet

By Ellen Messmer | 22 April, 2014 21:11

Verizon today issued its annual data-breach investigations report, a study of what happened in 1,367 known cases across dozens of industries in 95 countries last year, and the most common form of attack was breaking in through Web applications.

Israeli start-up, working with GE, out to detect Stuxnet-like attacks

By Ellen Messmer | 18 April, 2014 06:17

The Stuxnet malware known to have stealthily targeted Iranian nuclear facilities a few years ago was a wake-up call about how vulnerable critical industrial systems can be to cyberattack. Now, an Israeli start-up, with help from General Electric, is testing security technology that would detect Stuxnet-like attacks on critical infrastructure systems used for power production.

Fortinet, McAfee, Trend Micro, Bitdefender battle in socially-engineered malware prevention test

By Ellen Messmer | 17 April, 2014 07:07

Socially-engineered malware tries to trick users into downloading and executing malicious code through tactics that include everything from fake antivirus to fake utilities to fake upgrades to the operating system and trojanized applications.

Heartbleed bug is irritating McAfee, Symantec, Kaspersky Lab

By Ellen Messmer | 16 April, 2014 08:19

The Heartbleed Bug disclosed by the OpenSSL group on April 7 has sent many vendors scurrying to patch their products and that includes security firms Symantec, Intel Security's McAfee division, and Kaspersky Lab.

Heartbleed Bug hits at heart of many Cisco, Juniper products

By Ellen Messmer | 11 April, 2014 09:16

The Heartbleed Bug, a flaw in OpenSSL that would let attackers eavesdrop on Web, e-mail and some VPN communications, is a vulnerability that can be found not just in servers using it but also in network gear from Cisco and Juniper Networks. Both vendors say there's still a lot they are investigating about how Heartbleed impacts their products, and to expect updated advisories on a rolling basis.

Who's to blame for 'catastrophic' Heartbleed Bug?

By Ellen Messmer | 11 April, 2014 03:23

The Heartbleed Bug, basically a flaw in OpenSSL that would let savvy attackers eavesdrop on Web, e-mail and some VPN communications that use OpenSSL, has sent companies scurrying to patch servers and change digital encryption certificates and users to change their passwords. But who's to blame for this flaw in the open-source protocol that some say also could impact routers and even mobile devices as well?

In Pictures: The worst data breaches of 2014… so far (Q1)

By Ellen Messmer | 09 April, 2014 08:30

The Identity Theft Resource Center, which tracks data breaches, has counted 204 of them from January 1 to March 27.

IBM claims new patent for mobile security technology

By Ellen Messmer | 09 April, 2014 00:22

IBM has come up with a technology for reducing the risk of data being exposed in mobile push notifications to mobile devices by coming up with a way to encrypt that information so service providers and others can't actually see any data related to the user's mobile device.

New federal rule requires banks to fight DDoS attacks

By Ellen Messmer | 05 April, 2014 00:12

Banks and financial institutions regulated by the federal government must now monitor for distributed denial-of-service (DDoS) attacks against their networks and have a plan in place to try and mitigate against such attacks, a federal regulatory body said this week.

Security pros talk about playing defense against cybercrime

By Ellen Messmer | 04 April, 2014 07:54

Security professionals are playing defense against cybercrime, and often feel outgunned by tech-savvy hackers and insiders out to steal sensitive data from within the business. They see a shortage of qualified security personnel to call on, but also believe that threat-detection tools are getting better.

FireEye, AhnLab score low in lab test of breach detection systems

By Ellen Messmer | 03 April, 2014 02:12

In an evaluative lab test, FireEye and Ahnlab each scored "below average" on their breach-detection systems (BDS) in a comparative group product test which was conducted by NSS Labs.

Patch management flubs facilitate cybercrime

By Ellen Messmer | 27 March, 2014 16:23

Failures in patch management of vulnerable systems have been a key enabler of cybercrime, according to the conclusions reached in Solutionary's annual Global Threat Intelligence Report out today, saying it sees botnet attacks as the biggest single threat.

How do the FBI and Secret Service know your network has been breached before you do?

By Ellen Messmer | 26 March, 2014 21:51

Knock, knock! Secret Service here. "Is this your customer payment card data?"

(Free!) Security Tools you should try

By Ellen Messmer | 25 March, 2014 12:25

Who doesn't like free stuff? There's a long tradition of free or open-source security tools, and one of the best sites to learn more about them is Security Tools, a running list of what it claims are the 125 best free security tools around.

CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Business Continuity Management Solutions

Automate business-continuity and disaster-recovery planning and enable crisis management in one solution.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.