Security Experts:

More Security Headlines

ENISA, Europe's Cyber security agency, has released two reports that aim to inform and guide decision makers in the public and private sector on the use and implementation of cryptographic protocols for securing personal data.
A sophisticated cybersespionage tool has been stealing information from governments and businesses since 2008, researchers said Monday, and one report linked it to US and British intelligence.
In a letter, some 20 advocacy groups pushed for NIST to "publicly and irrefutably commit itself to independence from the NSA’s signals intelligence mission and any government surveillance programs, activities, or authorities."
Over the course of a single month in April 2008 the attackers collected administrative credentials that would allow them to manipulate a GSM network in a Middle Eastern country, according to Kaspersky Lab.
Google's Macintosh Operations Team announced last week the availability of the source code for "Santa," a tool designed for whitelisting and blacklisting binaries on Apple's Mac OS X operating systems.
Riot Games, the developer of the popular multiplayer online game League of Legends, has shared some details on its bug bounty program.
Symantec has released details of an extremely sophisticated cyber espionage tool that the company says has been used in “systematic spying campaigns” against a range of international targets since at least 2008.
Cybercriminals who specialize in payment card fraud can verify the validity of stolen data by using an automated tool which conducts transactions on the websites of non-profit organizations, researchers at PhishLabs reported.
Attackers managed to Hijack the domain name for Craigslist.org and alter the DNS settings to redirect users to other sites.
Thousands of backdoored plugins and themes for popular content management systems (CMS) are being leveraged by a threat group to abuse Web servers on a large scale.

SecurityWeek Experts

rss icon

Jason Polancich's picture
Sharing threat information, analysis and expertise within your “extended family” can be very valuable to establishing the kind of early warning system that is the promise of cyber information sharing to begin with - and without most of the risks.
Jon-Louis Heimerl's picture
We all know passwords are not a great solution for securing our accounts and information. But, it is what we have right now, so we might as well make the best of them, eh? Take this quick quiz to see how secure your password is.
Marcus Ranum's picture
To communicate about our metrics, we need ways that we can ground our experience in terms of “normal” for us; Otherwise, we really can't communicate our metrics effectively with anyone who isn't in a similar environment.
Avi Chesla's picture
In order to reap the greatest benefit from virtualization, SDN and NFV concepts, the control and data-plane functions of network security devices should be decoupled.
Travis Greene's picture
Done correctly, process automation can be used for triggering and diagnosing, with corrective actions presented as a menu of options for overworked security teams.
Pat Calhoun's picture
Adapted firewall VPN technology ensures network efficiency at a fraction of the cost of MPLS acquisition, with failover support to eliminate the pains of packet loss and minimize the impact on the user.
Adam Ely's picture
When determining how risky an app is, we must consider intentional features within these permissions to determine whether or not they’re a risk to the enterprise.
James McFarlin's picture
Whether Adm. Michael Rogers can capitalize on opportunities to pull together the teamwork necessary to shore up America’s cybersecurity is a game just begun.
David Holmes's picture
In 2011, Twitter began encrypting all information between the (mostly) mobile endpoints and their own servers. This made it more difficult for monitoring agencies to determine a mobile user’s Twitter profile, and thereby that user’s follow list. More difficult, but not impossible.
Torsten George's picture
It appears that 2014 will be remembered in the IT industry for several severe and wide-reaching server-side vulnerabilities. So what lessons can we learn from these vulnerabilities?
view counter