News

Until the Tails privacy tool is patched, here's how to stay safe

By Jeremy Kirk | 28 July, 2014 11:24

Vulnerabilities in the Tails operating system could reveal your IP address, but you can avoid trouble by taking a couple of precautions.

Firefox gains Chrome-like malicious file defences

By Liam Tung | 28 July, 2014 08:27

Mozilla has implemented Google’s application reputation feature in Firefox, bringing its browser closer to Chrome’s capacity to detect and block malware on the Web.

Mystery 'Onion/Critroni' ransom Trojan evolves to use more sophisticated encryption

By John E Dunn | 26 July, 2014 23:01

Kaspersky Lab has added more detail on the fiendish ‘Onion' (aka 'Critroni') ransom Trojan that uses the Tor anonymity service to hide its command and control (C&C) as well as displaying a level of thoughtfulness about its encryption design that bodes ill for future attacks.

Criminals ride Google coattails in DDoS attacks

By Antone Gonsalves | 26 July, 2014 22:59

The easy access Google's web crawlers have to sites is increasingly being exploited by cybercriminals in launching distributed denial of service attacks, a security vendor says.

Russian government offers money for identifying Tor users

By Lucian Constantin | 26 July, 2014 01:15

The Russian Ministry of Interior is willing to pay 3.9 million roubles, or around US$111,000, for a method to identify users on the Tor network.

EU, Google, Microsoft, Yahoo meet on 'right to be forgotten' but questions remain

By Loek Essers | 25 July, 2014 23:57

European data protection authorities still have questions after meeting with Google, Microsoft and Yahoo about the implementation of a recent ruling that gave European citizens the right to be forgotten by search engines.

How to prevent a website compromise like StubHub

By Antone Gonsalves | 25 July, 2014 23:12

The use of stolen passwords to compromise the website of ticket seller StubHub is a reminder that additional layers of protection are often needed for sites holding sensitive data.

Nigerian 419 scammers diversifying into Trojan malware, finds Palo Alto

By John E Dunn | 25 July, 2014 23:12

A Nigerian cybercrime gang versed in 419 social engineering scams has diversified into using off-the-shelf RAT tools to attacks Taiwanese and South Korean businesses, according to researchers working for Palo Alto Networks.

Internet Explorer vulnerabilities surge to record levels in 2014, NVD figures reveal

By John E Dunn | 25 July, 2014 20:21

Microsoft's Internet Explorer experienced a record number of software vulnerabilities in the first half of 2014, far above any other popular program, a Bromium analysis of US National Vulnerability Database (NVD) figures has shown.

Apple faces privacy suit following Chinese TV report

By Michael Kan | 25 July, 2014 16:49

An iPhone user has filed a lawsuit for invasion of privacy against Apple, about a week after a Chinese state broadcaster raised security concerns about the device's location-tracking functions.

New guide aims to remove the drama of reporting software flaws

By Jeremy Kirk | 25 July, 2014 15:36

Handling a software flaw can be messy, both for a security researcher who found it and for the company it affects. But a new set of guidelines aims to make that interaction less mysterious and confrontational.

Real-Time Analytics Helps Virginia Credit Union Prevent Fraud

By Mary K. Pratt | 25 July, 2014 08:58

Financial institutions use many technologies to fight crime, but much of the work comes too late, focusing on suspicious activity, like uncharacteristic charges or money transfers, after it happens.

New SSL server rules go into effect Nov. 1

By Ellen Messmer | 25 July, 2014 07:03

Public certificate authorities (CAs) are warning that as of Nov. 1 they will reject requests for internal SSL server certificates that don't conform to new internal domain naming and IP address conventions designed to safeguard networks.

'Anonymous Kenya' group hacks government Twitter accounts

By Rebecca Wanjiku | 25 July, 2014 06:58

A hacker group calling itself "Anonymous Kenya" has poked holes at the government's cybersecurity preparedness by hacking two official Twitter accounts.

ICO fines online travel services firm £150,000 over exposed personal data

By Anh Nguyen | 25 July, 2014 04:06

The Information Commissioner's Office (ICO) has fined an online travel services company £150,000 over a serious breach of the Data Protection Act (DPA).

European Central Bank announces personal information stolen in hack

By Sam Shead | 25 July, 2014 04:06

The European Central Bank website has been hacked, with attackers stealing personal information.

Malwarebytes questions poor showing in anti-malware protection-evaluation lab testing

By Ellen Messmer | 25 July, 2014 02:41

Dennis Technology Labs (DTL), which tests anti-malware products for effectiveness in protection, for the first time included the free version of the Malwarebytes software in the labs' competitive evaluation along with nine other vendor products, both paid and free. The results published by DTL today reveal Malwarebytes Anti-Malware Free had a poor showing, with only Microsoft Security Essentials doing worse in terms of effectiveness of protection.

Thousands of sites compromised through WordPress plug-in vulnerability

By Lucian Constantin | 25 July, 2014 02:06

A critical vulnerability found recently in a popular newsletter plug-in for WordPress is actively being targeted by hackers and was used to compromise an estimated 50,000 sites so far.

Are IT groups really ready for BYOD security challenges?

By John Cox | 25 July, 2014 01:47

A new survey of IT security professionals shows that many businesses are barely starting to exploit mobile technology, and some of them may be a mobile security nightmare waiting to happen.

EU hears Google, Microsoft, Yahoo on 'right to be forgotten'

By Loek Essers | 25 July, 2014 01:46

Google, Microsoft and Yahoo are meeting with European data protection authorities Thursday to discuss how to implement a recent ruling that gives people the right to have personal information excluded from search results.

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Enterprise Virtualisation Security

Deep Security provides a comprehensive Server Security Platform giving organisations advanced protection for Physical, Virtual, and Cloud Servers.

Latest Jobs
Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.