- AT&T hacker Weev released from prison after appeals court overturns conviction
- Symantec draws new security picture
- Confirmed: hackers can use Heartbleed to steal private SSL keys
- Heartbleed panic drives flood of enquiries to Symantec's Melbourne CA
- Rising security threat should motivate better employee support: Symantec
The source code of TrueCrypt, a popular disk encryption tool, is not the most polished work of programming, but it has no critical flaws or intentional backdoors, security testers concluded in a report released Monday.
Websites that use encryption could be elevated in Google search results sometime in the future, according to The Wall Street Journal.
Andrew Auernheimer, known online as "weev," has won an appeal against his conviction for exploiting a vulnerability in AT&T's website to collect the email addresses of Apple iPad users. The 2010 incident earned him a 41-month prison sentence.
Four researchers working separately have demonstrated a server's private encryption key can be obtained using the Heartbleed bug, an attack thought possible but unconfirmed.
Companies faced with the threat posed by networking equipment that contains the notorious Heartbleed bug have few security options beyond working closely with affected vendors, most notably Cisco Systems and Juniper Networks.
CSOs need to take a number of steps as soon as possible to protect their organizations against the OpenSSL vulnerability that has shaken the tech industry, experts say.
How do you know your employees retain what you teach them in company-required security awareness training? You don't -- unless you regularly test their security savvy and effectively address their mistakes during post-test follow-up sessions.
Kirsty woke up to find that someone else had taken control of her Twitter account. I tell her how to get it back.
Risks to enterprises are not only of the security breach variety from outside attackers, malicious insiders or even careless employees. Another comes from everybody in an organization – even its most loyal, careful, capable members.
In large-scale organizations, implementing mobile device management (MDM) is typically given. After all, with so many employees using mobile devices that either contain or connect to sources of sensitive information, there needs to be some way to keep everything in check. But what about those companies that aren't big enough to be able to afford an MDM implementation and a full-sized IT department to manage it? Without a means to centralize the control of mobile devices, how can these smaller companies protect their data?
Online tracking is on the rise, but efforts to create a practical Do Not Track policy have slowed to a crawl. Meanwhile, users and browser companies are taking matters into their own hands.
Stories like Jordan Belfort exist beyond the 80s. With the increasingly stringent regulatory requirements to tame the latest wolves of Wall Street, more financial institutes are turning towards proactive monitoring tools to avoid fraud. As big data is becoming a helpful tool to detect and alert potential fraud, the technology is also raising concern over its impact on personal data privacy.
That someone had to take the fall for the massive breach at Target is neither surprising nor unexpected. The only question is whether more heads will roll in the aftermath of one the biggest data compromises in retail history.
Whitepapers about data protection
Due to a lack of consumer confidence and a subsequent drop in sales, all entities that handle credit cardholder information are being challenged to adopt more effective data protection measures. This paper provides information on available tools to help validate compliance with the latest version of the Payment Card Industry Data Security Standard (PCI DSS).
Sign up now »
Enforce compliance consistently and cost-effectively across your organization.
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.