News

Georgia Tech launches early warning system for cyberthreats

By Antone Gonsalves | 29 July, 2014 22:27

Georgia Institute of Technology's applied research arm has launched an early warning system to help organizations prepare for possible cyberattacks.

Is the WEDG the answer to post-Snowden data paranoia? Its inventor remains hopeful

By John E Dunn | 29 July, 2014 20:48

The British entrepreneur behind the innovative WEDG secure storage box for the ‘post-Snowden era' has told Techworld he remains upbeat about its chances despite still being some way short of the £90,000 ($150,000) set for the project on Kickstarter.

Privacy groups call for action to stop Facebook's off site user tracking plans

By Loek Essers | 29 July, 2014 20:42

U.S. and EU privacy and consumer groups called on privacy regulators to stop Facebook's plans to gather the Internet browsing patterns of its users while they visit other sites.

City of London Police to deploy warning banners on illegal websites

By Sam Shead | 29 July, 2014 20:39

The City of London Police today announced that it has started replacing advertising on copyright infringing websites with official force banners.

Using Instagram on public Wi-Fi poses risk of an account hijack, researcher says

By Jeremy Kirk | 29 July, 2014 15:47

A configuration problem in Facebook's popular Instagram application for Apple devices could allow a hacker to hijack a person's account if they're both on the same public Wi-Fi network.

Mobile-loving Aussies open targets for Koler malware: Kaspersky

By David Braue | 29 July, 2014 14:44

Australians are the third most-frequent victims of a new infection vector for 'Koler' ransomware, which emerged in April and was targeting both mobile and PC users with 'Australianised' content until it began uninstalling itself from infected mobiles this week.

Despite shocks, organisations still not making security a continuous process: Bussiere

By David Braue | 29 July, 2014 09:58

The ongoing spate of high-profile data thefts is spurring companies to action but much of it is still reactionary and short-lived due to a lack of technical understanding about the security technologies now available on the market, according to one security industry architect.

Analysis skills lacking as security data piles up, consultant warns

By David Braue | 29 July, 2014 09:57

Organisations are able to collect more data about security breaches than ever but face an ironic challenge because most still lack the skills to effectively interpret and act upon that data, a security consultant has warned.

Virtual servers still face real security threats

By Tony Bradley | 29 July, 2014 08:15

Don't let the word "virtual" in virtual servers fool you. You're the only one who knows it's virtual. From the perspective of the virtual server itself, the devices connected to it, applications running on it, end-users connecting to it, or security threats trying to compromise it, the server is very, very real. A new survey from Kaspersky Labs found that many IT professionals understand that securing virtual environments is important, but don't fully understand the threats or how to properly defend against them.

Is Bring Your Own Identity a security risk or advantage?

By Ellen Messmer | 29 July, 2014 04:51

The "Bring Your Own Identity" (BYOID) trend in which websites let users authenticate using identities established through Facebook, LinkedIn, Google, Amazon, Microsoft Live, Yahoo or other means raises some questions in the minds of IT and business managers. And a survey conducted by Ponemon Institute shows a vast difference in how the IT and business sides think about this so-called BYOID method of authentication.

Insecure Connections: Enterprises hacked after neglecting third-party risks

By George V. Hulme | 29 July, 2014 04:03

It is said that an enterprise is only as secure as its weakest link. Today, that weak link often turns out to be partners, suppliers, and others with persistent network and application access.

Attackers install DDoS bots on Amazon cloud, exploiting Elasticsearch weakness

By Lucian Constantin | 28 July, 2014 23:44

Attackers are exploiting a vulnerability in distributed search engine software Elasticsearch to install DDoS malware on Amazon and possibly other cloud servers.

CIOs, CSOs should address cloud sovereignty uncertainty with facts: Gartner

By David Braue | 28 July, 2014 16:15 | 2 Comments

IT and security leaders should arm themselves with details about the location of their corporate data and use a growing comfort with cloud computing to address policy concerns about data sovereignty, a recent Gartner analysis has recommended.

The week in security: Hackers swarm banks, break for World Cup

By David Braue | 28 July, 2014 16:06

It seems even cybercriminals love their soccer, with statistics suggesting]] that the volumes of online attacks almost stopped during the nailbiting grand final this month. Yet others were up to their usual tricks, with a Wordpress plugin targeted and still others ransoming the European Central Bank after stealing user contact information.

Until the Tails privacy tool is patched, here's how to stay safe

By Jeremy Kirk | 28 July, 2014 11:24

Vulnerabilities in the Tails operating system could reveal your IP address, but you can avoid trouble by taking a couple of precautions.

Firefox gains Chrome-like malicious file defences

By Liam Tung | 28 July, 2014 08:27

Mozilla has implemented Google’s application reputation feature in Firefox, bringing its browser closer to Chrome’s capacity to detect and block malware on the Web.

Mystery 'Onion/Critroni' ransom Trojan evolves to use more sophisticated encryption

By John E Dunn | 26 July, 2014 23:01

Kaspersky Lab has added more detail on the fiendish ‘Onion' (aka 'Critroni') ransom Trojan that uses the Tor anonymity service to hide its command and control (C&C) as well as displaying a level of thoughtfulness about its encryption design that bodes ill for future attacks.

Criminals ride Google coattails in DDoS attacks

By Antone Gonsalves | 26 July, 2014 22:59

The easy access Google's web crawlers have to sites is increasingly being exploited by cybercriminals in launching distributed denial of service attacks, a security vendor says.

Russian government offers money for identifying Tor users

By Lucian Constantin | 26 July, 2014 01:15

The Russian Ministry of Interior is willing to pay 3.9 million roubles, or around US$111,000, for a method to identify users on the Tor network.

EU, Google, Microsoft, Yahoo meet on 'right to be forgotten' but questions remain

By Loek Essers | 25 July, 2014 23:57

European data protection authorities still have questions after meeting with Google, Microsoft and Yahoo about the implementation of a recent ruling that gave European citizens the right to be forgotten by search engines.

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Email Security and Data Protection

Encrypt your sensitive email

Latest Jobs
Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.