Stories by Antone Gonsalves

When is your infrastructure safe from Heartbleed?

By Antone Gonsalves | 24 July, 2014 22:42

Now that IT departments have fixed the Heartbleed bug in most internet-facing software, security pros have started debating the risk of not patching software buried deep in the data center.

Nigerian scammers move from gullible consumers to businesses

By Antone Gonsalves | 23 July, 2014 10:53

Nigerian scammers known for grammatically challenged email promising riches in return for a small up-front payment are moving into the business of launching malware attacks against companies.

Researcher finds backdoors in Apple iOS

By Antone Gonsalves | 22 July, 2014 10:31

A number of undocumented features in iOS have been found to essentially create backdoors for siphoning large amounts of users' personal data from Apple devices.

Government-grade code found in criminal malware

By Antone Gonsalves | 19 July, 2014 10:28

Cybercriminals have inserted government-grade malware into run-of-the-mill ransomware and online banking Trojans to bolster their ability to avoid detection and block tampering.

Why '123456' is a great password

By Antone Gonsalves | 18 July, 2014 10:51

New research shows that "123456" is a good password after all.

Google bug-hunting Project Zero could face software developer troubles

By Antone Gonsalves | 17 July, 2014 22:48

Google's launch of a bug-hunting initiative has raised concerns over how the company will handle conflicts with vendors unable to patch software before Google's deadline for reporting vulnerabilities.

Why the Microsoft Active Directory design flaw isn't serious

By Antone Gonsalves | 16 July, 2014 10:46

Experts are skeptical of the threat posed by a reported design flaw in Microsoft Active Directory, which is used by many enterprises to control employee access to the corporate network.

Why password managers are not as secure as you think

By Antone Gonsalves | 15 July, 2014 18:49

University researchers have raised concerns about the security of web-based password managers that free people from the burden of having to remember website credentials.

Google denies report of Gmail security risk on Apple iOS

By Antone Gonsalves | 12 July, 2014 13:11

Google has denied a security vendor report that users of Gmail on Apple iOS could have data intercepted because of a missing security component in the popular app.

Shipping companies' computers compromised by malware-infected Chinese scanners

By Antone Gonsalves | 11 July, 2014 23:17

Malware-infected scanners sold by a Chinese manufacturer led to the theft of sensitive financial and operational data from at least a half-dozen U.S. and European logistics and shipping companies.

Blackshades RAT analysis finds key to popularity

By Antone Gonsalves | 10 July, 2014 22:30

An analysis of the notorious Blackshades remote administration tool, which was at the center of a global criminal network, found the toolkit rich in features bound to attract nontechnical criminals.

Defensive tactics against sophisticated cyberspies

By Antone Gonsalves | 09 July, 2014 10:50

Aligning security systems with intelligence gathered on groups of elite hackers working for nation states is a key defense for targeted organizations, experts say.

Dormant Miniduke APT campaign returns with better malware

By Antone Gonsalves | 08 July, 2014 22:43

The Miniduke advanced persistent threat (APT) campaign that has been dormant for more than a year is back with more data-stealing tools and better defenses against prying security researchers.

Ideas for defending against cyberespionage

By Antone Gonsalves | 02 July, 2014 10:57

Russian hackers who broke into the networks of Western oil and gas companies used techniques that companies can detect and oftentimes defend against, experts say.

U.S. surveillance disclosure mostly useless to business

By Antone Gonsalves | 01 July, 2014 10:59

Businesses will find very little value in the government's first annual report on surveillance activities, experts say.

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Business Risk Management Solutions

Create and deliver online assessments to identify business risks and track their mitigation and resolution.

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.