- Hacker-built drone can hunt, hijack other drones
- Malware still running rings around security tools, eThreatz testing finds
- 2 million stolen login credentials discovered for Facebook, Google, LinkedIn, Twitter, other sites
- Conventional insurance may not cover cyber security breaches: Centre for Internet Safety
- Botnet snatches 2 million logins for Facebook, ADP payroll processor and other sites
security in pictures
The UK public sector is poorly equipped to combat fraud, with civil servants not being given the necessary training to help detect the estimated £20.6 billion lost every to fraud, says big data analytics firm SAS.
On any given day cybercriminals and nation states are in possession of as many as 100 zero-day software exploits known only to them, NSS Labs has calculated using the commercial vulnerability market as a baseline.
Natwest has been targeted in a cyber attack which prevented customers from accessing its website.
The U.S. Defense Department may have found a new way to scan millions of lines of software code for vulnerabilities, namely by turning the practice into a set of video games and puzzles and have volunteers do the work.
The maker of a popular flashlight app for Android phones has agreed to settle charges brought by the Federal Trade Commission that it left consumers in the dark about its data-sharing practices.
Update, update, update: Form that habit now, if you haven't already, to keep up with security fixes. The latest include the usual tweaks to fend off malicious attacks, and a fix to Java that should prevent it from disabling itself constantly. That would be nice.
Anyone who's paid attention to computer security over the past few years will probably tell you that your password isn't enough. Passwords are often awkward and hard to remember--leading people to use the same password for multiple sites--and if someone gets a hold of your login credentials, they can wreak havoc with your personal information. Not good.
Don doesn't need to keep other people off his PC. He asked me how he could skip the logon screen and boot directly into Windows without a password.
It seems like every day you read about another password security breach. It doesn't matter how robust your actual password is; if a hacker makes off with an entire password database, he can potentially access your account.
Your Android phone not only enables you to do nearly everything online, but also allows you to carry your life in your pocket. Although having all that information in a single location and always on hand may be especially convenient, it makes for an appealing target to thieves and hackers. But you're not defenseless: You can take a number of steps and precautions to ensure that your stuff stays safe.
Amazon's nascent plan to use unmanned drones to deliver packages to customers has already raised strong privacy concerns that could ultimately nip it in the bud.
Ceaselessly, with no end in sight despite outlays that amount to a tax on doing business, the decades-long struggle against malware drags on.
Any effort to rein in the National Security Agency after its widespread spy activities were revealed in leaked documents must focus on more than simply limiting what personal data can be collected.
The government's insistence, in its dispute with Lavabit, that cloud service providers hand over their encryption keys when asked, has refocused attention on the issue of key ownership and management in the cloud.
Going into 2014, a whirlwind of security start-ups are looking to have an impact on the enterprise world. Most of these new ventures are focused on securing data in the cloud and on mobile devices. Santa Clara, California-based Illumio, for example, founded earlier this year, is only hinting about what it will be doing in cloud security. But already it's the darling of Silicon Valley investors, pulling in over $42 million from backer Andreesen Horowitz, General Catalyst, Formation 8 and others.
Whitepapers about security
Threat Emulation uses a sandbox as a separate, isolated environment in which files are open and run to determine whether they are safe or malicious. In this infographic, we look at its implementation and the technology required to avoid infecting a corporate network.
Sign up now »
Manage and visualize the security and compliance of VMware, physical, and hybrid-cloud infrastructure from the RSA Archer eGRC Platform.
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.