News

Activism's slippery slope: Anonymous targets children's hospital

By Steve Ragan | 25 April, 2014 06:52

Supporters of the faceless collective known as Anonymous have taken up the cause of a young girl, after the State of Massachusetts removed her from her parents earlier this year. However, the methods used to show support may have unintended consequences, which could impact patient care.

New iPad rumor rollup for week ending April 23

By John Cox | 25 April, 2014 05:57

iPad rumors have been rare for months, but April showers seemed to have caused them to burst into bloom.

Apple users put at risk by 3-week delay between OS X and iOS patches, researchers say

By Lucian Constantin | 25 April, 2014 05:41

Apple exposed iOS users to security threats by taking three weeks longer to patch the same vulnerabilities in the mobile OS that it previously fixed in Safari on OS X, a former Apple security engineer said.

Tip of the Hat: Heartbleed prompts chastened tech giants to fund OpenSSL

By Mike Bucken | 25 April, 2014 02:42

Computerworld offers a Tip of the Hat to Jon Brodkin of Ars Technica for an incisive look at how only a potential disaster could convince top tech execs to finally help fund the OpenSSL and other open-source projects.

'Francophoned' cybertheft operation reportedly back in action

By Lucian Constantin | 25 April, 2014 00:30

A cybercriminal operation that combines phone-based social engineering attacks with spear phishing and malware to steal money from organizations has resurfaced this year, finding victims in French-speaking countries in particular.

In Heartbleed's wake, tech titans launch fund for crucial open-source projects

By Ian Paul | 24 April, 2014 23:55

When the OpenSSL Heartbleed bug surfaced earlier in April, many people were shocked to discover that one of the most critical pieces of online infrastructure was so poorly supported.

UK businesses fail to prepare for upcoming changes to EU data laws

By Sam Shead | 24 April, 2014 22:48

UK businesses are unprepared for next year's changes to EU data laws, a survey has found.

Criminals have noticed the cloud: attacks on providers on the rise

By John E Dunn | 24 April, 2014 22:44

The number of cyberattacks directed at cloud infrastructure is still below that experienced by on-premises data centres but will probably reach parity at some point, an analysis by security-as-a-service provider Alert Logic has suggested.

Heartbleed prompts joint vendor effort to boost OpenSSL, security

By Juan Carlos Perez | 24 April, 2014 22:42

Reeling from the Heartbleed security fiasco, major IT vendors including Microsoft, IBM, Intel, Google and Cisco are backing a Linux Foundation initiative designed to boost open source projects considered critical to the industry.

Security vendor blames Amazon for customer malware

By Antone Gonsalves | 24 April, 2014 22:38

A security vendor claims Amazon Web Services provided a cloud-computing customer with an unpatched version of Windows that resulted in a malware infection.

Geopolitics aside, Huawei still selling to carriers in the US

By Michael Kan | 24 April, 2014 21:28

Despite its setbacks in the U.S., Huawei Technologies still expects growth from its carrier business in the nation, and is focusing on the market's smaller network operators to increase sales.

We Heart It turns off Twitter sharing following spam

By Jeremy Kirk | 24 April, 2014 15:21

A social network for sharing image collections has turned off sharing on Twitter after a large spam run referenced the service.

Data volumes making security-log centralisation trickier: ManageEngine

By David Braue | 24 April, 2014 14:20

Ongoing growth in security breaches have customers demanding better information about their security exposure, but most will struggle to get it without tapping into intelligent analytics platforms capable of scouring different kinds of log data for trends across cloud, mobile, and other enterprise environments, a security analytics expert has warned.

Megaupload seeks return of millions in frozen Hong Kong assets

By Jeremy Kirk | 24 April, 2014 11:24

Megaupload, the defunct file-storage site, is asking a Hong Kong court to release millions of dollars in assets as part of efforts to allow its former users to reclaim their data.

Privacy jitters derail controversial K-12 big data initiative

By Jaikumar Vijayan | 24 April, 2014 07:16

Unrelenting privacy concerns finally derailed a controversial big data initiative that promised to deliver more individualized instruction to public school students in the U.S.

Cloud attacks are following enterprise workloads

By Thor Olavsrud | 24 April, 2014 07:02

Enterprise workloads are shifting to Cloud and hosting environments in ever greater numbers and attacks that have historically targeted on-premises environments are following them, according to a new report.

Survey respondents shun much-hyped mobile shopping technologies

By John Cox | 24 April, 2014 06:53

A survey of iOS and Android users show the vast majority of them know little, and care less, about the so-called "mobile shopping experience", despite the endless hype about its benefits. Overall, the "mobile shopping experience" ... isn't.

Russian SMS Trojan for Android hits US, dozens of other countries

By Lucian Constantin | 24 April, 2014 04:32

An Android Trojan app that sends SMS messages to premium-rate numbers has expanded globally over the past year, racking up bills for users in over 60 countries including the U.S., malware researchers from Kaspersky Lab said.

Report: Attackers have their sights set on the cloud

By Tony Bradley | 24 April, 2014 04:13

If you want to catch trout, you have to fish where the trout swim. That same logic applies for cyber criminals--they will focus their efforts wherever there is a fair chance of finding targets to prey on. This is underscored by a new report from Alert Logic that reveals a dramatic rise in cloud-based attacks as more businesses and individuals migrate applications and data to the cloud.

Data breaches can be traced back to nine attack 'patterns', says Verizon report

By John E Dunn | 24 April, 2014 00:10

Almost every security incident and data breach recorded during 2013 can be traced back to a series of basic threat types or ‘patterns', many of which are specific to industry sectors, Verizon's bellwether 2014 Data Breach Investigations Report (DBIR) has concluded.

CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

ZENworks® Endpoint Security Management

Get powerful mobile security capabilities, and protect the data the various mobile devices inside your organization.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.