News

Blame Heartbleed: HealthCare.gov requires users to change their passwords

By Nick Mediati | 20 April, 2014 05:41

If you have an account with HealthCare.gov, you can expect to change your password the next time you log in. And you can thank Heartbleed for it.

Major security flaws threaten satellite communications

By Antone Gonsalves | 19 April, 2014 08:21

An analysis of satellite communication gear from more than a half-dozen major manufacturers has uncovered critical vulnerabilities that could be exploited to disrupt military operations and ship and aircraft communications.

Satellite communication systems rife with security flaws, vulnerable to remote hacks

By Lucian Constantin | 19 April, 2014 03:20

Security researchers have found that many satellite communication systems have vulnerabilities and design flaws that can let remote attackers intercept, manipulate, block and in some cases take full control of critical communications.

Chrome OS may kill the password with Easy Unlock smartphone option

By Ian Paul | 18 April, 2014 23:41

Google may be opening a new front on the war against the password with a smartphone-enabled unlock option for Chrome OS PCs. Dubbed Easy Unlock, the new test feature would "instantly unlock your Chromebook when you and your phone are nearby, no password necessary."

Hackers try to blackmail plastic surgeon after stealing 500,000 patient records

By Antony Savvas | 18 April, 2014 17:06

Almost 500,000 patient records have been hacked from the servers of the Harley Medical Group, the plastic surgery firm which has clinics across the UK.

Michaels says breach at its stores affected nearly 3M payment cards

By John Ribeiro | 18 April, 2014 13:05

About 2.6 million payment cards at Michaels Stores and another 400,000 at subsidiary Aaron Brothers may have been affected in a card skimming attack that compromised its point-of-sale systems, the retailer said Thursday.

DDoS Attackers Change Techniques To Wallop Sites

By Antone Gonsalves | 18 April, 2014 10:08

Criminals behind distributed denial of service attacks are relying less on traditional botnets and more on techniques capable of launching larger assaults on websites.

IT security is national security -- but you're not alone

By Stephen Lawson | 18 April, 2014 08:47

National security may be at stake as private businesses try to manage a growing number of cyberthreats, but IT professionals shouldn't have to bear that burden alone.

Federal CIOs Moving Cybersecurity Beyond Compliance

By Kenneth Corbin | 18 April, 2014 06:46

The evolving nature of cyberattacks demands a more dynamic response, according to government CIOs making an effort to implement real-time, continuous monitoring and reporting for security issues.

Netcraft tool flags websites affected by Heartbleed

By Joab Jackson | 18 April, 2014 06:33

Worried about how the Heartbleed vulnerability may affect your personal accounts? A new tool may be of help.

Israeli start-up, working with GE, out to detect Stuxnet-like attacks

By Ellen Messmer | 18 April, 2014 06:17

The Stuxnet malware known to have stealthily targeted Iranian nuclear facilities a few years ago was a wake-up call about how vulnerable critical industrial systems can be to cyberattack. Now, an Israeli start-up, with help from General Electric, is testing security technology that would detect Stuxnet-like attacks on critical infrastructure systems used for power production.

Tor anonymity network to shrink as a result of Heartbleed flaw

By Lucian Constantin | 18 April, 2014 03:15

The Tor Project has flagged 380 Tor relays vulnerable to the critical Heartbleed flaw to be rejected from the Tor anonymity network, reducing the network's entry and exit capacity.

VPN provider proves OpenVPN private keys at risk from Heartbleed bug

By Ian Paul | 18 April, 2014 01:42

The fallout from the OpenSSL Heartbleed bug continues. Recently, personal virtual private network provider Mullvad said it was able to extract private encryption keys for OpenVPN from a test server.

33 great tips and tricks for iOS 7

By Serenity Caldwell and Dan Moren | 17 April, 2014 23:39

Whether it's the first time you've picked up an iPad or the seventeenth time you've pulled out your iPhone today, there are probably still some iOS 7 features and functionality that you're not familiar with. Don't sweat it: We're here to help. We've collected some of our favorite and most useful tips and compiled them here, just for you.

Heartbleed: Security experts reality-check the 3 most hysterical fears

By Tony Bradley | 17 April, 2014 23:38

Heartbleed has dominated tech headlines for a week now. News outlets, citizen bloggers, and even late-night TV hosts have jumped on the story, each amping up the alarm a little more than the last one. But while it's true Heartbleed is a critical flaw with widespread implications, several security experts we've spoken with believe the sky-is-falling tone of the reporting is a bit melodramatic.

19 year-old arrested for attack on Canadian tax agency

By Steve Ragan | 17 April, 2014 23:30

A 19 year old London, Ontario man was arrested by the RCMP on Tuesday, in connection to the ongoing investigation of the Canada Revenue Agency data breach.

Open source trounces proprietary software for code defects, Coverity analysis finds

By John E Dunn | 17 April, 2014 22:54

Forget bad headlines generated by the Heartbleed flaw, when it comes to code defects open source is still well ahead of proprietary software, generating fewer coding defects for every size of project, according to a new analysis by scanning service Coverity.

'Snowden effect' has changed cloud data security assumption, survey claims

By John E Dunn | 17 April, 2014 22:50

Edward Snowden's revelations of sophisticated NSA spying have made many senior IT staff distinctly edgy about their use of the cloud with nine out of teen now paying close attention to the location of stored data, a survey of global attitudes has found.

Facebook users targeted by iBanking Android trojan app

By Lucian Constantin | 17 April, 2014 21:59

Cybercriminals have started using a sophisticated Android Trojan app designed for e-banking fraud to target Facebook users, possibly in an attempt to bypass the two-factor authentication protection on the social network.

Microsoft extends Windows 8.1 Update migration deadline for business

By Gregg Keizer | 17 April, 2014 20:49

Microsoft on Wednesday extended the Windows 8.1 Update migration deadline for businesses by three months, but again told consumers they had less than four weeks to make the move before the company shuts off their patch faucet.

CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Endpoint Security and Data Protection

Protect your computers and data.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.