SQL injection flaw in Wall Street Journal database led to breach

By Jeremy Kirk | 23 July, 2014 20:34

A vulnerability in a web-based graphics system led to a breach of The Wall Street Journal's network by a hacker, the newspaper acknowledged late Tuesday.

Zero-day flaws in Tails aren't for sale, vulnerability broker says

By Jeremy Kirk | 23 July, 2014 12:27

A company that specializes in selling information on software vulnerabilities has reignited a debate over the handling of such information, especially when it pertains to privacy-focused tools.

Nigerian scammers move from gullible consumers to businesses

By Antone Gonsalves | 23 July, 2014 10:53

Nigerian scammers known for grammatically challenged email promising riches in return for a small up-front payment are moving into the business of launching malware attacks against companies.

Google details Knox-inspired enterprise ‘managed profiles’ for Android L

By Liam Tung | 23 July, 2014 09:21

Google and Samsung have clarified that Knox features destined for Android L won’t include the best parts of the Korean company’s enterprise security features for Android.

Apple "inadvertently admitted" to iOS backdoor: forensics expert

By John Cox | 23 July, 2014 08:17

Apple has "inadvertently admitted" to creating a "backdoor" in iOS, according to a new post by a forensics scientist, iOS author and former hacker, who this week created a stir when he posted a presentation laying out his case.

Juniper jettisons mobile security business

By Jim Duffy | 23 July, 2014 08:07

Juniper Networks has divested its mobile security product line, selling the assets to a private equity firm for $250 million.

TOR patch coming

By Tim Greene | 23 July, 2014 08:06

The TOR Project thinks it has figured out how the author of a canceled Black Hat talk cracked its software to mask the source of Internet traffic, and it is working on a patch.

UK ISPs to tell illegal file-sharers off - with letter in the post

By Margi Murphy | 23 July, 2014 04:03

Sky, TalkTalk, BT and Virgin Media will send customers who download illegal files over their network "education letters", the latest initiative in the UK crackdown on online piracy.

Apple responds to troubling allegations of iOS 'backdoor'

By Dan Moren | 23 July, 2014 03:35

Information security has never been a more sensitive subject than it is these days, so it's little surprise that allegations from a security researcher that iOS contains a "backdoor" permitting access to users' information provoked a strong response from Apple.

Hackers inside Chinese military steal U.S. corporate trade secrets

By David Geer | 23 July, 2014 02:55

In May, a grand jury in the Western District of Pennsylvania indicted five members of the Chinese military on charges of hacking and economic espionage, according to a May 19 U.S. Department of Justice media release. Per the same release, the targets were six U.S. enterprises operating in the solar products, nuclear power, and metals industries. The attacks began as early as 2006 and were carried out over many years and into this year, according to the same release.

Tor Project working to fix weakness that can unmask users

By Lucian Constantin | 23 July, 2014 01:06

Developers of Tor software believe they've identified a weakness that was scheduled to be revealed at the Black Hat security conference next month that could be used to de-anonymize Tor users.

Cybercrime wave whacks European banks

By Ellen Messmer | 23 July, 2014 00:34

Banks across Europe are now coping with a wave of cybercrime in which crooks are transferring funds out of customer accounts through a scam involving bypassing some two-factor authentication systems to steal large sums, according to a security firm assisting in the investigation.

Open sesame: How iOS 8 will unlock Touch ID's power

By Marco Tabini | 22 July, 2014 23:15

As iOS 8--and, presumably, new iPhone and iPad hardware--approaches its release day, big changes are on the horizon for Apple's Touch ID, a technology that has been met with less enthusiasm than it deserves.

Russian cyberweapons cross-pollinating commercial malware, analysis claims

By John E Dunn | 22 July, 2014 23:05

Sophisticated code of the sort used in Russian Government cyberweapons could be seeping into the commercial malware wielded by the country's criminals, a security firm has suggested after analysing the apparent cross-pollination in a previously unknown piece of malware called ‘Gyges'.

Virtru launches business email encryption service for Google Apps

By Jeremy Kirk | 22 July, 2014 21:34

Email encryption startup Virtru has launched a version of its service for businesses using Google Apps, a market segment that the company thinks is showing increased interest in secure communications.

Almost half UK businesses POS systems are vulnerable to hackers say IT

By Margi Murphy | 22 July, 2014 17:05

Nearly half of UK IT directors said their company could not adequately control access to their point-of-sale systems, leaving sensitive data vulnerable to theft, a study revealed.

Imperva security stats confirm even hackers love a World Cup thriller

By David Braue | 22 July, 2014 15:34

The 2014 World Cup soccer grand final between Germany and Argentina was so popular around the world that even hackers took time off from their depredations to watch, a traffic analysis from Imperva has revealed.

Goodwill Industries investigates suspected payment card breach

By Jeremy Kirk | 22 July, 2014 13:43

Goodwill Industries International said on Monday that federal authorities are investigating a possible payment card breach at its US-based retail outlets.

Black Hat presentation on TOR suddenly cancelled

By Jeremy Kirk | 22 July, 2014 12:59

A presentation on a low-budget method to unmask users of a popular online privacy tool, TOR, will no longer go ahead at the Black Hat security conference early next month.

Stealthy Web tracking tools pose increasing privacy risks to users

By Jeremy Kirk | 22 July, 2014 11:27

Three stealthy tracking mechanisms designed to avoid weaknesses in browser cookies pose potential privacy risks to Internet users, a new research paper has concluded.

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Identity & Security Management

Identity and Security Management

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.