News

Financial services firms to increase cyber security budgets this year, PwC claims

By Matthew Finnegan | 17 April, 2014 02:05

Financial services firms plan to increase spending on cyber defences this year, as more become aware of the risks to the sector.

Oracle identifies products affected by Heartbleed, but work remains on fixes

By Chris Kanaracus | 17 April, 2014 01:30

Oracle has issued a comprehensive list of its software that may or may not be affected by the OpenSSL (secure sockets layer) vulnerability known as Heartbleed, while warning that no fixes are yet available for some likely affected products.

LaCie warns hackers may have customer info, credit cards after year-long breach

By Ian Paul | 17 April, 2014 00:16

Seagate-owned LaCie fessed up on Tuesday to a major security breach that put sensitive customer information at risk for nearly a year. The hard drive and peripheral storage maker isn't sure what information has been compromised; however, the company says the list may include customer names, email addresses, credit card numbers, and card expiration dates.

Microsoft slashes Windows XP custom support prices just days before axing public patches

By Gregg Keizer | 17 April, 2014 00:08

Just days before Microsoft retired Windows XP from public support, the company drastically reduced the price of custom support agreements that give large companies and government agencies another year of XP patches, experts reported today.

Leave no trace: Tips to cover your digital footprint and reclaim your privacy

By Alex Castle | 16 April, 2014 23:35

Privacy is at a premium. Whether it's the NSA, a hacker cabal, or corporate marketers, someone is looking over your shoulder every time you use your PC.

Organizations suffer SQL Injection attacks, but do little to prevent them

By Steve Ragan | 16 April, 2014 23:34

On Wednesday, the Ponemon Institute released the results of a new study conducted for DB Networks. In it, 65 percent of the respondents said that they've experienced one or more SQL Injection attacks in the last 12 months. In addition, each incident took an average of 140 days to discover, and 68 days to fix the issue.

Think tank challenges Heartbleed handwringing

By Antone Gonsalves | 16 April, 2014 22:45

A think tank opinion piece that claims the threat from the Heartbleed bug is overblown has sparked a debate among researchers over the seriousness of the OpenSSL flaw.

German researchers hack Galaxy S5 fingerprint login

By Mikael Ricknäs | 16 April, 2014 22:19

It took just four days for German researchers to trick the Samsung Galaxy S5's fingerprint scanner into accepting a mold of a fingerprint instead of a real finger.

Telefónica starts exchange for targeted mobile ads

By Loek Essers | 16 April, 2014 21:54

Telecom operator Telefónica has launched the first mobile ad-exchange platform to use the operator's customer demographics and real-time location data to serve targeted mobile ads, the company said on Wednesday.

Ukraine tensions could hurt international security efforts, Kaspersky says

By Stephen Lawson | 16 April, 2014 11:27

International conflicts such as the current tensions over Ukraine could stand in the way of global cooperation on cybersecurity, according to the founder of Kaspersky Lab.

Rushed Heartbleed fixes may expose users to new attacks

By Stephen Lawson | 16 April, 2014 10:15

In the race to protect themselves from the Heartbleed vulnerability, enterprises could be opening themselves up to new attacks if they aren't careful.

Heartbleed bug is irritating McAfee, Symantec, Kaspersky Lab

By Ellen Messmer | 16 April, 2014 08:19

The Heartbleed Bug disclosed by the OpenSSL group on April 7 has sent many vendors scurrying to patch their products and that includes security firms Symantec, Intel Security's McAfee division, and Kaspersky Lab.

JP Morgan to invest £150 million on boosting cyber security

By Matthew Finnegan | 16 April, 2014 04:08

US bank JP Morgan has increased its budget for cyber security in reaction to an "unprecedented" threat faced in the past two years.

Big bucks going to universities to solve pressing cybersecurity issues

By Bob Brown | 16 April, 2014 03:14

During a week in which everyone seemed to be searching for answers amid revelations of the Heartbleed bug, several universities and their partners announced new efforts to explore IT security advances.

TrueCrypt for Windows: No major flaws found in first phase of security audit

By Ian Paul | 16 April, 2014 00:59

The first round of results are in, and so far TrueCrypt, the popular open-source encryption program, has a relatively clean bill of health. Security firm iSec Partners recently carried out the first phase of the TrueCrypt audit on behalf of the Open Crypto Audit Project (OCAP).

VMware promises Heartbleed patches for affected products by the weekend

By Lucian Constantin | 16 April, 2014 00:48

VMware started patching its products against the critical Heartbleed flaw that puts encrypted communications at risk, and plans to have updates ready for all affected products by Saturday.

TrueCrypt source code audit finds no critical flaws or intentional backdoors

By Lucian Constantin | 15 April, 2014 23:28

The source code of TrueCrypt, a popular disk encryption tool, is not the most polished work of programming, but it has no critical flaws or intentional backdoors, security testers concluded in a report released Monday.

Windows XP lives on: Avast survey shows 27 percent of its XP users don't plan to switch

By Mark Hachman | 15 April, 2014 23:04

Microsoft may have ended support for Windows XP, but free antivirus software vendor Avast projects that for millions of users, that won't mean squat.

Phishing domains at record levels at criminals target Chinese consumers, says APWG

By John E Dunn | 15 April, 2014 23:00

The number of domains registered to carry out phishing attacks broke all records in the second half of 2013 and yet a huge proportion of this type of fraud can now be explained by a single country, China.

Mumsnet falls to Heartbleed hackers as 1.5 million users reset passwords

By John E Dunn | 15 April, 2014 22:54

The Heartbleed flaw has claimed its first big-name victim with the hugely popular British Mumsnet site admitting that cyber-thieves have exploited the bug to compromise an unknown number of if its 1.5 million user accounts.

CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

ZENworks® Endpoint Security Management

Get powerful mobile security capabilities, and protect the data the various mobile devices inside your organization.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.