Stories by Antone Gonsalves

Android users warned of critical vulnerability

By Antone Gonsalves | 30 July, 2014 22:32

A critical vulnerability affecting millions of Android devices could let a hacker take control of a smartphone or insert malicious code in another app, security researchers say.

Georgia Tech launches early warning system for cyberthreats

By Antone Gonsalves | 29 July, 2014 22:27

Georgia Institute of Technology's applied research arm has launched an early warning system to help organizations prepare for possible cyberattacks.

Criminals ride Google coattails in DDoS attacks

By Antone Gonsalves | 26 July, 2014 22:59

The easy access Google's web crawlers have to sites is increasingly being exploited by cybercriminals in launching distributed denial of service attacks, a security vendor says.

How to prevent a website compromise like StubHub

By Antone Gonsalves | 25 July, 2014 23:12

The use of stolen passwords to compromise the website of ticket seller StubHub is a reminder that additional layers of protection are often needed for sites holding sensitive data.

When is your infrastructure safe from Heartbleed?

By Antone Gonsalves | 24 July, 2014 22:42

Now that IT departments have fixed the Heartbleed bug in most internet-facing software, security pros have started debating the risk of not patching software buried deep in the data center.

Nigerian scammers move from gullible consumers to businesses

By Antone Gonsalves | 23 July, 2014 10:53

Nigerian scammers known for grammatically challenged email promising riches in return for a small up-front payment are moving into the business of launching malware attacks against companies.

Researcher finds backdoors in Apple iOS

By Antone Gonsalves | 22 July, 2014 10:31

A number of undocumented features in iOS have been found to essentially create backdoors for siphoning large amounts of users' personal data from Apple devices.

Government-grade code found in criminal malware

By Antone Gonsalves | 19 July, 2014 10:28

Cybercriminals have inserted government-grade malware into run-of-the-mill ransomware and online banking Trojans to bolster their ability to avoid detection and block tampering.

Why '123456' is a great password

By Antone Gonsalves | 18 July, 2014 10:51

New research shows that "123456" is a good password after all.

Google bug-hunting Project Zero could face software developer troubles

By Antone Gonsalves | 17 July, 2014 22:48

Google's launch of a bug-hunting initiative has raised concerns over how the company will handle conflicts with vendors unable to patch software before Google's deadline for reporting vulnerabilities.

Why the Microsoft Active Directory design flaw isn't serious

By Antone Gonsalves | 16 July, 2014 10:46

Experts are skeptical of the threat posed by a reported design flaw in Microsoft Active Directory, which is used by many enterprises to control employee access to the corporate network.

Why password managers are not as secure as you think

By Antone Gonsalves | 15 July, 2014 18:49

University researchers have raised concerns about the security of web-based password managers that free people from the burden of having to remember website credentials.

Google denies report of Gmail security risk on Apple iOS

By Antone Gonsalves | 12 July, 2014 13:11

Google has denied a security vendor report that users of Gmail on Apple iOS could have data intercepted because of a missing security component in the popular app.

Shipping companies' computers compromised by malware-infected Chinese scanners

By Antone Gonsalves | 11 July, 2014 23:17

Malware-infected scanners sold by a Chinese manufacturer led to the theft of sensitive financial and operational data from at least a half-dozen U.S. and European logistics and shipping companies.

Blackshades RAT analysis finds key to popularity

By Antone Gonsalves | 10 July, 2014 22:30

An analysis of the notorious Blackshades remote administration tool, which was at the center of a global criminal network, found the toolkit rich in features bound to attract nontechnical criminals.

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Sophos Mobile Control

Data protection, policy compliance and device control for mobile devices

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.