Stories by Jeremy Kirk


Google patches Android icon permissions attack

By Jeremy Kirk | 15 April, 2014 12:49

Google has issued a patch for an attack that could lead an Android user to a phishing site, according to security vendor FireEye.

Akamai admits its OpenSSL patch was faulty, reissues keys

By Jeremy Kirk | 14 April, 2014 16:20

Akamai Technologies, whose network handles up to 30 percent of all Internet traffic, said Sunday a researcher found a fault in custom code that the company thought shielded most of its customers from the Heartbleed bug.

Tests confirm Heartbleed bug can expose server's private key

By Jeremy Kirk | 14 April, 2014 11:15

Four researchers working separately have demonstrated a server's private encryption key can be obtained using the Heartbleed bug, an attack thought possible but unconfirmed.

In Heartbleed's wake, Comodo cranks out fresh SSL certificates

By Jeremy Kirk | 11 April, 2014 12:12

Tens of thousands of new digital certificates have been issued by Comodo in the wake of the "Heartbleed" security flaw, which has put Internet users' data at risk.

Stung by file-encrypting malware, researchers fight back

By Jeremy Kirk | 10 April, 2014 13:05

Jose Vildoza's 62-year-old father was using his old Windows computer when a warning in broken English flashed on the screen: your files have been encrypted.

'Heartbleed' bug in OpenSSL puts encrypted communications at risk

By Jeremy Kirk | 08 April, 2014 11:54

Computer security experts are advising administrators to patch a severe flaw in a software library used by millions of websites to encrypt sensitive communications.

Indosat routing error impacts few but hits Akamai, Chevron

By Jeremy Kirk | 04 April, 2014 13:20

A routing error by one of Indonesia's largest telecommunications providers on Wednesday made it briefly appear it controlled a large swath of the Internet, according to monitoring firm Renesys.

Cryptocat sticks to openness despite grief over audits

By Jeremy Kirk | 03 April, 2014 14:29

People in the security community often criticize the code behind Cryptocat, an open-source encrypted instant messaging project.

Sality malware, growing old, takes on a new trick

By Jeremy Kirk | 03 April, 2014 13:11

A botnet that was slowly shrinking has taken on a new trick: brute-forcing routers set to easy-to-guess credentials.

Smaller banks warned of hackers raising ATM withdrawal limits

By Jeremy Kirk | 03 April, 2014 10:03

Smaller financial institutions have been warned to look out for attacks that aim to increase the withdrawal limit on customer payment cards for fraud purposes.

Mistake in ransomware program leaves decryption key accessible

By Jeremy Kirk | 01 April, 2014 14:04

A malicious software program that encrypts a person's files until a ransom is paid has a crucial error: it leaves the decryption key on the victim's computer.

Banks withdraw claim against Target over break-in

By Jeremy Kirk | 01 April, 2014 11:13

Two banks that took legal action against Target over its recent data breach have withdrawn their claims, apparently due to an erroneous allegation against a security vendor also named in the suit.

Google, Level 3 DNS services hijacked by TurkTelekom

By Jeremy Kirk | 31 March, 2014 13:00

Google said its free DNS (Domain Name System) service is being intercepted by most Turkish ISPs as the country battles users trying to circumvent censorship efforts by the government.

Banks pulls out of class-action suit against Target, Trustwave

By Jeremy Kirk | 31 March, 2014 10:15

One of the two banks suing Target and security vendor Trustwave over responsibility for one the largest data breaches in history has pulled out of the lawsuit.

Hosting company describes security scare aimed at Bitcoin accounts

By Jeremy Kirk | 27 March, 2014 04:38

On Sunday morning, Nate Daiger, one of the owners of a small Los Angeles-based hosting company Chunk Host, received an odd email on his phone.

CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Trend Micro Data Loss Prevention

Comprehensive Data Loss Prevention Lowers Cost and Complexity

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).

  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.