- German researchers hack Galaxy S5 fingerprint login
- JP Morgan to invest £150 million on boosting cyber security
- Today's Approach to Security is Broken
- Heartbleed bug is irritating McAfee, Symantec, Kaspersky Lab
- Symantec draws new security picture
The Stuxnet malware known to have stealthily targeted Iranian nuclear facilities a few years ago was a wake-up call about how vulnerable critical industrial systems can be to cyberattack. Now, an Israeli start-up, with help from General Electric, is testing security technology that would detect Stuxnet-like attacks on critical infrastructure systems used for power production.
Socially-engineered malware tries to trick users into downloading and executing malicious code through tactics that include everything from fake antivirus to fake utilities to fake upgrades to the operating system and trojanized applications.
With nearly every major threat to information security, it is not long before security experts ask the question, "Can the threat play a role in distributed denial of service (DDoS) attacks?" When it comes to Heartbleed, some people are screaming that the sky is falling, but it is more complicated than that.
The Heartbleed Bug disclosed by the OpenSSL group on April 7 has sent many vendors scurrying to patch their products and that includes security firms Symantec, Intel Security's McAfee division, and Kaspersky Lab.
During a week in which everyone seemed to be searching for answers amid revelations of the Heartbleed bug, several universities and their partners announced new efforts to explore IT security advances.
Going into 2014, a whirlwind of security start-ups are looking to have an impact on the enterprise world. Most of these new ventures are focused on securing data in the cloud and on mobile devices. Santa Clara, California-based Illumio, for example, founded earlier this year, is only hinting about what it will be doing in cloud security. But already it's the darling of Silicon Valley investors, pulling in over $42 million from backer Andreesen Horowitz, General Catalyst, Formation 8 and others.
It may be difficult to remember now, but not too long ago, cyberattacks rarely made headlines in mainstream news. That's not to say that these advanced persistent threats, sometimes state-sponsored or the product of organized crime, were uncommon. On the contrary, they were booming. It was just that few people liked to talk about them.
The firewall in decades past was mainly the port-based guardian of the Internet. Now vendors are vying to build so-called "next-generation firewalls" that are "application-aware" because they can monitor and control access based on application use.
When it comes to information security, there are a lot of "misperceptions" and "exaggerations" about both the threats facing businesses and the technologies that might be used to protect their important data assets, according to Gartner analyst, Jay Heiser.
They're security myths, oft-repeated and generally accepted notions about IT security that ... simply aren't true. As we did a year ago, we've asked security professionals to share their favorite "security myths" with us. Here are 13 of them.
Sign up now »
Run your mission-critical applications in a secure and compliant virtual datacenter, or private cloud.
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.