Make in-app payments easy and secure with Apple Pay. Click here to see how.
Welcome Guest | Sign In
The Long and Winding Road to Shellshock Recovery
October 29, 2014
Four days after Shellshock was disclosed, Incapsula's Web application firewall deflected more than 217,000 attempted exploits on more than 4,100 domains. The company recorded upwards of 1,970 attacks per hour, from more than 890 IPs around the world. Shellshock was expected to be far worse than the Heartbleed flaw, which was expected to impact about 17 percent of the secure Web servers worldwide.
Toll Fraud Can Take a Big Toll on SMBs
October 22, 2014
Toll fraud -- the hijacking of a phone system to dial out to premium numbers in distant countries at several dollars a minute -- costs companies more than $4.7 billion a year, up nearly $1 billion from 2011. Major carriers, such as the companies that make up the CFCA, have sophisticated fraud systems in place to catch hackers, and they can afford to credit customers for fraudulent charges.
Microsoft Patch Blocks Sandworm Tunnels
October 17, 2014
iSight Partners this week revealed that a cybergang it dubbed "Sandworm" has been exploiting a zero-day vulnerability that impacts all supported versions of Microsoft Windows, including Windows Server 2008 and 2012. The announcement was held off until Microsoft issued its patch earlier this week. If exploited, the flaw will let attackers remotely execute code on target systems.
Report: Open Source Needs to Get With the Security Program
October 15, 2014
Open source developers apparently don't adhere to best practices such as using static analysis and conducting regular security audits, found Coverity's Spotlight report, released Wednesday. The Coverity Scan service, which is available at no charge to open source projects, helped devs find and fix about 50,000 quality and security defects in code last year.
Spam Still Packs a Punch
October 15, 2014
The days of in-boxes flooded with spam messages on an assortment of sordid subjects are a faint memory to most email users, but what spam has lost in volume it's gained in power. More than two-thirds of some 200 IT decision makers in companies with five to 1,000 employees said a spam incident in the last year had severely disrupted their business operations -- or halted them entirely.
Kaspersky Probes ATM Malware Mystery
October 10, 2014
Kaspersky Lab this week reported that criminals have been emptying ATMs and infecting them with malware dubbed "Tyupkin." About 50 machines have been infected in eastern Europe, and the attacks have spread to the United States, India and China, based on statistics culled from VirusTotal, Kaspersky said. The attackers target ATMs running Windows 32-bit operating systems.
Tech Execs Issue Dire Warnings on Impact of NSA Surveillance
October 10, 2014
The NSA's wide-ranging surveillance of people's communications worldwide is hitting America's high-tech industry hard, said panelists on Wednesday at a roundtable held by Senate Finance Committee Chairman Ron Wyden in Palo Alto, California. Wyden set the tone from the start: "This is going to cost America jobs." Several foreign governments are planning to build domestic Internets.
Phishers Find Apple Most Tasty Target
October 07, 2014
"Follow the money" isn't just the war cry of journalistic bloodhounds hot on the trail of political corruption. It's the mantra of Web predators, too. That's why PayPal consistently has been the top brand targeted by phishers -- although that appears to have changed. Apple now has the dubious distinction of most-phished brand, according to the latest report from the Anti-Phishing Work Group.
Consumers Fed Up With Data Breaches
September 30, 2014
Consumers are beginning to lose their patience with the custodians of their personal information. Survey results from 2,000 consumers released last week by HyTrust, suggest that 51 percent of those polled would bolt from any business involved in a data breach that compromised personal information such as address, Social Security number or credit card details.
Banks, Businesses Scramble to Smash Bash Shellshock Bug
September 29, 2014
Banks and businesses toiled over the weekend to crush a bug in a widely used open source operating system. The flaw has been in Unix for some 25 years, but it was revealed just last week. If exploited, the vulnerability could be used to inject malicious code or take command of a system or device. Dubbed "Shellshock," it requires patching systems and devices running Apple's OS X, Linux and Unix.
Bash Shellshock Bug Patched but Not Pummeled
September 25, 2014
Researchers on Thursday discovered proof-of-concept code that could take advantage of unpatched computer systems, and found evidence of attacks exploiting the BASH Shellshock bug in the wild. Shellshock, which came to light on Wednesday, could become a major threat to Linux/Unix and Apple operating systems if published patches to BASH are not applied before an attacker cashes in.
Banking Trojan Targets Petrochemical Outfits
September 23, 2014
The pernicious program Citadel has been around for awhile, but it's using some new tricks on new targets. From its humble origins as a "man in the browser" thief of banking credentials, Citadel has become a knave of all trades. Once it lands on a computer, it can be configured in a number of ways with a file from a server operated by Web predators.
Home Depot Gives 56 Million Customers a Heads Up
September 19, 2014
Home Depot on Thursday said it had excised the malware demon from its computerized payment system after its recent discovery of a security breach in which thieves stole records of 56 million credit cards. Home Depot stopped short of admitting that an ongoing security upgrade may have contributed to the breach. Efforts to harden the system with enhanced encryption are under way.
DoD Ramps Up Security as It Drifts Toward Cloud
September 12, 2014
DoD is committed to pursuing cloud-based services and steadily has been improving its capabilities to utilize the technology. The latest evidence of its embracing the cloud is approval of a protocol that will facilitate the use of the technology at higher security levels. DISA has granted provisional authorization for the use of cloud services to levels 3 to 5 of its Cloud Security Model.
IBM Enlists Intel to Shore Up Hybrid Cloud
September 10, 2014
Despite the growing momentum behind cloud computing in recent times, security concerns have been a drag on adoption. IBM sought to reduce that resistance by announcing on Monday that it would start using Intel chip technology to better secure its SoftLayer cloud platform. The Intel technology can be especially reassuring to enterprises running hybrid clouds.
Salesforce Issues Dyre Warning
September 10, 2014
Salesforce.com this week notified its customers that the Dyre malware, which typically targets customers of large financial institutions, might have been tweaked to target some Salesforce users as well. There was no evidence that any Salesforce customers had been impacted, the company said, but if any customer should be affected, it would provide guidance.
The Dark Side of BYOD
September 09, 2014
The BYOD trend offers pluses for both employers and employees, but sometimes there's a hitch. Under certain circumstances, the owner of a device suddenly might lose all of the data stored on it. Clients of Fiberlink remotely wiped 81,000 mobile devices between January and June. About 30,000 of them, or 37 percent, were cleaned of everything -- including personal data.
We Can Fly to the Moon, but We Can't Secure the Cloud?
September 04, 2014
The entire freaking tech industry is falling down on the job, and Apple, my favorite company in the world, is stumbling around too. What's worse is that it doesn't seem to care. Apple is the most profitable consumer tech company in the world, with billions of dollars in the bank. Yet the company can't seem to be bothered to imagine how easily iCloud user accounts could be compromised.
Sizing Up the Cloud's Risks
September 04, 2014
The iCloud security issue that's been in the headlines all week should be a great big wake-up call to everyone. The cloud is coming; however, we are still in the very early days. Security threats keep growing, so it is important for both individuals and companies to be prepared. The news this week suggested an iCloud security flaw allowed private nude photos to be stolen.
Home Depot All But Confirms Doozy of a Data Breach
September 03, 2014
Home Depot may have experienced a massive security breach -- possibly on a greater scale than last year's Target breach, which affected an estimated 110 million people. Home Depot said it was investigating the possibility, following security researcher Brian Krebs' Tuesday alert. It appears the perpetrators are the same hackers responsible for the data breaches at Target and elsewhere.
Admins Grapple With Shadow Tech
September 03, 2014
If you want to see an IT pro twitch, bring up Shadow IT in a conversation. "Shadow IT" is a term applied to technology deployed by an organization's users outside the purview of the IT department. It's bothersome to system shepherds because it can open up an organization to data leakages. It's also growing. Many Shadow IT programs run in the cloud, but all clouds are not created equal.
Russian Hackers Sack US Banks: Report
August 29, 2014
Hackers appear to have stolen data from JPMorgan Chase and at least one other U.S. bank in retaliation for economic sanctions against Russia. The raid on the banks' computer systems reportedly resulted in the theft of gigabytes of sensitive data. JPMorgan did not confirm the incident. However, the FBI is conducting an investigation into reports of cyberattacks on U.S. banks.
Hacker Attacks on Healthcare Providers Jump 600 Percent
August 28, 2014
The recent data breach at Community Health Systems, in which Chinese hackers stole the personal information of 4.3 million patients, was another sign of a disturbing trend: Healthcare providers are coming under cyberattack at an alarming rate. "We've seen a 600 percent increase in attacks on the healthcare sector in the last 10 months," said Carl Leonard, senior manager at Websense Security Labs.
It's Time Companies Put Mobile First
August 21, 2014
A growing number of consumers are becoming mobile-first or even mobile-only, so why not businesses? Granted, it is hard to image the company whose computing power and data could be accessed and manipulated only through a mobile device. However, a company that gives mobile the same status and resources as its other IT initiatives? That is a little easier to envision.

See More Articles in Enterprise Security Section >>
Facebook Twitter LinkedIn Google+ RSS