-
Oracle renumbers Java patch updates, confuses users even more
Oracle has changed the numbering of its Java security updates, prompting one expert to say, "As if Java updates weren't confusing already."
-
Printers, routers used as bots in DDoS attacks
Printers, routers, IP cameras, sensors and other Internet-connected devices are increasingly used to launch large distributed denial of service attacks, security firm Prolexic warned in a report this week.
-
Vulnerable terminal servers could let bad guys hack stoplights, gas pumps
Thousands of older systems, including those used to manage traffic lights, fuel pumps, point-of-sale terminals and building automation can be tampered with because they're insecurely connected to the Internet.
-
Schnucks supermarket chain struggled to find breach that exposed 2.4M cards
The Schnucks supermarket chain struggled for two weeks to find the source of a breach that exposed credit and debit card information on as many as 2.4 million customers.
-
DHS warns of spear-phishing campaign against energy companies
The Department of Homeland Security has a warning for organizations that post a lot of business and personal information on public web pages and social media sites: Don't do it.
-
Bank security weaknesses led to cyber looting of $45M from ATMs
Alberto Yusi Lajud Pena, found dead in the Dominican Republic two weeks ago, was the leader of the New York cell of an international gang of cyber thieves that authorities allege stole a staggering $45 million from ATM machines around the world.
-
Security Manager's Journal: Spam makes a comeback
Out of the blue, phishing attacks previously caught in the spam filter are getting through to employee inboxes.
-
How to talk security so people will listen (and comply!)
Sure you want users to comply with security edicts, but would you phish your own employees or share your company's hack history? At least some CIOs say yes. Insider (registration required)
-
Security Manager's Journal: Security has to extend to your customers
When a security manager's company sells software, he can't ignore the potential vulnerability of those products.
Get exclusive access to CSO, invitation only events, reports & analysis. - 1
Bank trojan targets users of Bitcoin exchange Mt Gox
- 2
Australian Information Security Association issues blunt warning as National Cyber Security Awareness Week begins
- 3
ACMA database keeps finger on Australia’s malware pulse
- 4
Review: Mobile Device Management
- 5
The week in security: Aussie banks targeted as mobiles drive privacy fears
- FTLead Software EngineerSA
- FTFlash / ActionScript Developer - ContractNSW
- FTOS Web Applications DeveloperNSW
- FTJob Title: Mac Systems/ Enterprise Systems EngineerNZ
- FTTest Analyst (MS Environment) .netNSW
- FTSenior Python DeveloperNSW
- FTTest Analyst (MS Environment) .netNSW
- FTR&D EngineerSA
- FTTest EngineerVIC
- FT.NET - Sitecore Developer - Melbourne - PermNSW
- FTQuality ManagerSA
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
Warning: Tips for secure mobile holiday shopping
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.
