News

'Francophoned' cybertheft operation reportedly back in action

By Lucian Constantin | 25 April, 2014 00:30

A cybercriminal operation that combines phone-based social engineering attacks with spear phishing and malware to steal money from organizations has resurfaced this year, finding victims in French-speaking countries in particular.

In Heartbleed's wake, tech titans launch fund for crucial open-source projects

By Ian Paul | 24 April, 2014 23:55

When the OpenSSL Heartbleed bug surfaced earlier in April, many people were shocked to discover that one of the most critical pieces of online infrastructure was so poorly supported.

UK businesses fail to prepare for upcoming changes to EU data laws

By Sam Shead | 24 April, 2014 22:48

UK businesses are unprepared for next year's changes to EU data laws, a survey has found.

Criminals have noticed the cloud: attacks on providers on the rise

By John E Dunn | 24 April, 2014 22:44

The number of cyberattacks directed at cloud infrastructure is still below that experienced by on-premises data centres but will probably reach parity at some point, an analysis by security-as-a-service provider Alert Logic has suggested.

Heartbleed prompts joint vendor effort to boost OpenSSL, security

By Juan Carlos Perez | 24 April, 2014 22:42

Reeling from the Heartbleed security fiasco, major IT vendors including Microsoft, IBM, Intel, Google and Cisco are backing a Linux Foundation initiative designed to boost open source projects considered critical to the industry.

Security vendor blames Amazon for customer malware

By Antone Gonsalves | 24 April, 2014 22:38

A security vendor claims Amazon Web Services provided a cloud-computing customer with an unpatched version of Windows that resulted in a malware infection.

Geopolitics aside, Huawei still selling to carriers in the US

By Michael Kan | 24 April, 2014 21:28

Despite its setbacks in the U.S., Huawei Technologies still expects growth from its carrier business in the nation, and is focusing on the market's smaller network operators to increase sales.

We Heart It turns off Twitter sharing following spam

By Jeremy Kirk | 24 April, 2014 15:21

A social network for sharing image collections has turned off sharing on Twitter after a large spam run referenced the service.

Data volumes making security-log centralisation trickier: ManageEngine

By David Braue | 24 April, 2014 14:20

Ongoing growth in security breaches have customers demanding better information about their security exposure, but most will struggle to get it without tapping into intelligent analytics platforms capable of scouring different kinds of log data for trends across cloud, mobile, and other enterprise environments, a security analytics expert has warned.

Megaupload seeks return of millions in frozen Hong Kong assets

By Jeremy Kirk | 24 April, 2014 11:24

Megaupload, the defunct file-storage site, is asking a Hong Kong court to release millions of dollars in assets as part of efforts to allow its former users to reclaim their data.

Privacy jitters derail controversial K-12 big data initiative

By Jaikumar Vijayan | 24 April, 2014 07:16

Unrelenting privacy concerns finally derailed a controversial big data initiative that promised to deliver more individualized instruction to public school students in the U.S.

Cloud attacks are following enterprise workloads

By Thor Olavsrud | 24 April, 2014 07:02

Enterprise workloads are shifting to Cloud and hosting environments in ever greater numbers and attacks that have historically targeted on-premises environments are following them, according to a new report.

Survey respondents shun much-hyped mobile shopping technologies

By John Cox | 24 April, 2014 06:53

A survey of iOS and Android users show the vast majority of them know little, and care less, about the so-called "mobile shopping experience", despite the endless hype about its benefits. Overall, the "mobile shopping experience" ... isn't.

Russian SMS Trojan for Android hits US, dozens of other countries

By Lucian Constantin | 24 April, 2014 04:32

An Android Trojan app that sends SMS messages to premium-rate numbers has expanded globally over the past year, racking up bills for users in over 60 countries including the U.S., malware researchers from Kaspersky Lab said.

Report: Attackers have their sights set on the cloud

By Tony Bradley | 24 April, 2014 04:13

If you want to catch trout, you have to fish where the trout swim. That same logic applies for cyber criminals--they will focus their efforts wherever there is a fair chance of finding targets to prey on. This is underscored by a new report from Alert Logic that reveals a dramatic rise in cloud-based attacks as more businesses and individuals migrate applications and data to the cloud.

Data breaches can be traced back to nine attack 'patterns', says Verizon report

By John E Dunn | 24 April, 2014 00:10

Almost every security incident and data breach recorded during 2013 can be traced back to a series of basic threat types or ‘patterns', many of which are specific to industry sectors, Verizon's bellwether 2014 Data Breach Investigations Report (DBIR) has concluded.

SMS spam rises in UK as 'accident compensation' scammers get busy

By John E Dunn | 23 April, 2014 22:58

The volume of SMS spam being sent to UK mobile users rose 11 percent in the first quarter of 2014 thanks mainly to a sudden spike in accident compensation scams, according to messaging security firm Cloudmark.

Verizon breach report makes case for behavioral analytics

By Antone Gonsalves | 23 April, 2014 22:45

Verizon's annual data-breach investigations report makes a strong case for behavioral analytics technology that looks for anomalies among user activity to spot hackers.

NSA spying revelations have tired out China's Huawei

By Michael Kan | 23 April, 2014 16:47

Revelations about U.S. secret surveillance programs have left China's Huawei Technologies exhausted on the public relations front, a top company executive said Wednesday.

Coding error protects some Android apps from Heartbleed

By Jeremy Kirk | 23 April, 2014 13:52

Some Android apps thought to be vulnerable to the Heartbleed bug were spared because of a common coding error in the way they implemented their own native OpenSSL library.

CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Sophos SafeGuard Enterprise

Your central key for data protection

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.