- Hackers try to blackmail plastic surgeon after stealing 500,000 patient records
- How to keep your smartphone (and its data) secure
- Espionage outpacing financial crime as better reporting improves security picture: Verizon
- Web apps and point-of-sale were leading hacker targets in 2013, says Verizon
- Today's Approach to Security is Broken
After only a few days, the Internet is still buzzing with news surrounding CVE-2014-0160, better known as the Heartbleed vulnerability. CSO has compiled the following information in order to help administrators and security teams understand the issue, determine their risks, and if needed, fix the problem.
In light of overall low adoption of HTTP security headers, Mozilla is advising webmasters to at least implement X-Frame-Options on their sites, arguing that this header can prevent several types of attacks.
The number of DDoS (distributed denial-of-service) attacks that target weak spots in Web applications in addition to network services has risen during the past year and attackers are using increasingly sophisticated methods to bypass defenses, according to DDoS mitigation experts.
Chinese hackers are using an automated tool to exploit known vulnerabilities in Apache Struts, in order to install backdoors on servers hosting applications developed with the framework.
The World Wide Web Consortium has rejected an attempt by the advertising industry to hijack a specification describing how websites should respond to "do not track" requests sent by Web browsers.
Sign up now »
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.