Top IT Security Bloggers

TrendLabs - Malware Blog
  • The First Line of Defense: IT Personnel

    TrendLabs - Malware Blog
    The year so far has been a particularly stressful one for enterprise IT staff. Early in the year, concerns over data breaches and point of sale POS malware gave retailers something to worry about. The long-simmering headache of Windows XP migration came to a head when support for the venerable OS ended in April. That would […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroThe First Line of Defense: IT Personnel
  • Fake Facebook Chat Verification Used for Spam

    TrendLabs - Malware Blog
    Facebook users are once again the target of a malicious scheme—this time in the form of a notification about “Facebook Chat”. The spammed notification pretends to come from the “official Facebook Chat Team.” A notification shows users of a tagged comment to a Facebook Note containing a fake announcement about a Facebook Chat verification requirement. […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroFake Facebook Chat Verification Used for Spam
  • Trend Micro Heartbleed Detector Now Available

    TrendLabs - Malware Blog
    In previous blog entries, we’ve discussed various aspects of the Heartbleed vulnerability in OpenSSL. Last Tuesday, our first blog post covered an analysis of the vulnerability itself, as well as some steps that IT administrators of affected systems could do in order to protect themselves. Later entries looked at how popular websites and mobile apps were, […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroTrend Micro Heartbleed Detector Now Available
  • Old Java RAT Updates, Includes Litecoin Plugin

    TrendLabs - Malware Blog
    Out with the old, in with the new? When it comes to cybercrime, that’s rarely the case. We often seen old malware get upgrades with new techniques, payloads, and even targets. This is certainly the case for an old Java remote access Trojan (RAT) detected as JAVA_OZNEB.B. Users may encounter this threat as an attachment […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroOld Java RAT Updates, Includes Litecoin Plugin
  • Bundled OpenSSL Library Also Makes Apps and Android 4.1.1 Vulnerable to Heartbleed

    TrendLabs - Malware Blog
    In an earlier blog post, we mentioned that mobile apps are also affected by the Heartbleed vulnerability. This is because mobile apps may connect to servers affected by the bug. However, it appears that mobile apps themselves could be vulnerable because of a bundled OpenSSL library. OpenSSL Library Present in Android 4.1.1 and Certain Mobile […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroBundled OpenSSL Library Also Makes Apps and Android 4.1.1 Vulnerable to Heartbleed
  • Newly Patched MS Word 0-Day Heuristically Detected by Deep Discovery

    TrendLabs - Malware Blog
    In between the end of support for Windows XP and the Heartbleed OpenSLL vulnerability, one good bit of news may not have been noticed: the Microsoft Word zero-day vulnerability  (CVE-2014-1761) reported in late March was fixed. We have since looked into this attack and found that the exploit was created by an attacker with some skill, resulting in […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroNewly Patched MS Word 0-Day Heuristically Detected by Deep Discovery
  • Heartbleed Bug—Mobile Apps are Affected Too

    TrendLabs - Malware Blog
    The severity of the Heartbleed bug has led countless websites and servers scrambling to address the issue. And with good reason—a test conducted by Github showed that more than 600 of the top 10,000 sites (based on Alexa rankings) were vulnerable. At the time of the scanning, some of the affected sites included Yahoo, Flickr, […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroHeartbleed Bug—Mobile Apps are Affected Too
  • Heartbleed Vulnerability Affects 5% of Select Top Level Domains from Top 1M

    TrendLabs - Malware Blog
    In trying to gauge the impact of the Heartbleed vulnerability, we proceeded to scanning the Top Level Domain (TLD) names of certain countries extracted from the top 1,000,000 domains by Alexa. We then proceeded to separate the sites which use SSL and further categorized those under “vulnerable” or “safe.” The data we were able to […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroHeartbleed Vulnerability Affects 5% of Select Top Level Domains from Top 1M
  • Bitcoin, the Latest Lure of Scammers

    TrendLabs - Malware Blog
    “Get rich fast” scams have been circulating online for several years now. Some examples would be the classic Nigerian or 419 scams, lottery scams, and work-from-home scams. The stories may vary but the underlying premise is the same: get a large sum of money for doing something with little to no effort. Scammers have now […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroBitcoin, the Latest Lure of Scammers
  • Skipping a Heartbeat: The Analysis of the Heartbleed OpenSSL Vulnerability

    TrendLabs - Malware Blog
    Software vulnerabilities exist – it’s a fact of life that we all have to live with, and if we’re both lucky and diligent enough, we can patch it before any cybercriminals can exploit it. That isn’t always the case, but thankfully that’s the exception, not the rule. However, news broke out recently of a vulnerability […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroSkipping a Heartbeat: The Analysis of the Heartbleed OpenSSL Vulnerability
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Webroot SecureAnywhere Business

The lightest, fastest, easiest-to-manage, and most effective endpoint protection.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.