The week in security: Old malware continues onslaught as new devices found vulnerable

By David Braue | 20 August, 2014 16:37

A broad study of equipment firmware found poor security practices are rife, with weaknesses presenting new opportunities for hackers to exploit the emerging 'Internet of Things'. Seemingly confirming their fears, a hacking contest found 15 new router vulnerabilities while others warned that the emergence of the 'Heartbleed' OpenSSL bug this year highlighted more severe underlying issues in hardware design.

Customers welcome C-suite advocate, CipherCloud chief trust officer reports

By David Braue | 20 August, 2014 16:34

Working as a chief trust officer has given Bob West a new perspective on the conversations security companies are having with customers – and his experience so far has convinced him that a growing number of companies are going to find value in appointing board-level executives to act as data-security liaisons between customers and the executive.

Smart city control networks being architected more securely than SCADA

By David Braue | 20 August, 2014 16:31

Advocates of heavily instrumented 'smart city' infrastructure are acutely aware of the legacy left by insecure SCADA control systems and are instrumenting modern industrial-control networks with a higher degree of security, according to smart-cities architect Silver Spring Networks.

'Reveton' ransomware upgraded with powerful password stealer

By Jeremy Kirk | 20 August, 2014 13:22

A type of malware called Reveton, which falsely warns users they've broken the law and demands payment of a fine, has been upgraded with powerful password stealing functions, according to Avast.

Workers at U.S. nuclear regulator fooled by phishers

By Antone Gonsalves | 20 August, 2014 11:03

Nuclear Regulatory Commission employees were tricked into disclosing passwords and downloading malware in three phishing attacks that occurred over a three-year period.

Heartbleed to blame for Community Health Systems breach

By Steve Ragan | 20 August, 2014 11:02

According to a blog post from TrustedSec, an information security consultancy in Ohio, the breach at Community Health Systems (CHS) is the result of attackers targeting a flaw OpenSSL, CVE-2014-0160, better known as Heartbleed.

Many Chrome browser extensions do sneaky things

By Jeremy Kirk | 20 August, 2014 11:01

An analysis by security researchers of 48,000 extensions for Google's Chrome browser uncovered many that are used for fraud and data theft, actions that are mostly undetectable to regular users.

Should Tor fork Chrome instead of playing security catchup on Firefox?

By Liam Tung | 20 August, 2014 09:12

The project behind Tor, the online anonymity network, has a long, expensive and tricky road ahead before its browser bundle offers users the best defence against attacks from police and spy agencies.

5 cool new security research breakthroughs

By Bob Brown | 20 August, 2014 08:46

University and vendor researchers are congregating in San Diego this week at USENIX Security '14 to share the latest findings in security and privacy, and here are 5 that jumped out to me as being particularly interesting.

Healthcare organizations still too lax on security

By Jaikumar Vijayan | 20 August, 2014 06:25

The data breach at Community Health Systems that exposed the personal information on more than 4.5 million people is a symptom of the chronic lack of attention to patient data security and privacy within the healthcare industry.

Facebook says most outbound email is encrypted now

By Jeremy Kirk | 20 August, 2014 03:03

Nearly all of Facebook's outbound notification emails are now encrypted while traveling the Internet, a collaborative feat that comes from the technology industry's push to thwart the NSA's spying programs.

Tech pros in healthcare, retail and finance admit they are failing on data compliance

By Antony Savvas | 20 August, 2014 02:08

Most technology pros charged with maintaining compliance at tightly regulated healthcare, retail and financial organisations admit they are failing.

Digital signatures make peak season less taxing for H&R Block

By David Braue | 19 August, 2014 23:17

Tax-preparation firm H&R Block has used a digital signature-based solution to streamline the process of bringing on additional tax specialists to help it through its busiest season – the third calendar quarter of the year, when the company will process more than 750,000 tax returns.

Data breaches compromise seven million UK credit and debit cards since 2011, says Worldpay

By John E Dunn | 19 August, 2014 23:00

Data breaches have compromised nearly seven million UK credit and debit cards over the last three years, with breached businesses each paying out almost a million in forensic and remediation costs, payments processor Worldpay has calculated.

Why it is time to intensify employee education on phishing

By Antone Gonsalves | 19 August, 2014 22:40

Companies should consider intensifying employee training to combat the increasing craftiness of phishers who are working harder to obtain personal details on targets in order to trap them in scams.

Former employees have become 'application menace' new study claims

By John E Dunn | 19 August, 2014 17:06

Many SME employees retain alarming levels of access to critical business applications after they've stopped working for a company, a survey for cloud services firm Intermedia has claimed.

Symantec folds nine Norton products into one service

By Jeremy Kirk | 19 August, 2014 11:27

Symantec will consolidate its cluttered Norton line of security software, folding nine products into one online service that can be used across desktop computers and mobile devices.

Why would Chinese hackers want US hospital patient data?

By Martyn Williams | 19 August, 2014 10:06

The theft of personal data on 4.5 million patients of Community Health Systems by hackers in China highlights the increasing degree to which hospitals are becoming lucrative targets for information theft.

Senator questions airlines' data privacy practices

By Grant Gross | 19 August, 2014 05:35

A senior U.S. senator is asking airlines about their data privacy practices, saying he's concerned about what information the companies are collecting and sharing with third parties.

About 4.5M face risk of ID theft after hack of hospital network

By Jaikumar Vijayan | 19 August, 2014 05:19

About 4.5 million people in 28 states face the risk of identity theft due to a massive data breach at Community Health Systems (CHS) a Franklin, Tenn., based health network.

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Cloud Trust Authority

Reduce complexity and increase trust for public cloud service providers and their customers.

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.