Network Security

Network security news, trends, analysis and practical advice

malware keyboard

Researcher creates proof-of-concept worm for network-attached storage devices

Network-attached storage (NAS) devices are riddled with vulnerabilities that can put the security of sensitive data and networks at risk, a researcher has found. To prove his point, he has created a proof-of-concept worm that can...

Telco Systems lays groundwork for fewer management worries with virtual routers, firewalls

The company's platform lets service providers offer virtual router and firewalls

poodle ssl 3

POODLE poos on flaw (in SSL) as Google causes panic

SSL is attack dog when protocol-downgrade sinks teeth in leg: Google infosec researchers have found a new nasty TLS downgrade attack. While we all knew these old versions of SSL crypto were insecure, it's always been thought hard to...

Security vendors claim progress against Chinese group that hacked Google

A collaborative effort has resulted in better defenses against the "Operation Aurora" hackers

Binary bomb with a lit fuse

Security experts warn of 'POODLE' attack against SSL 3.0

Google researchers have found a severe flaw in an obsolete but still used encryption software that could be exploited to steal sensitive data.

'Hurricane Panda' hackers used Microsoft zero-day

One of the zero-day flaws patched by Microsoft on Tuesday was used by a group with suspected Chinese government ties that targets tech firms, according to CrowdStrike.

Hong Kong protesters

Hong Kong pro-democracy activist websites compromised

Four websites promoting democracy in Hong Kong have been rigged to deliver malicious software, according to a Washington, D.C.-based security company.

nytimes.scam.leftsideblocked.620w

Fallout from the JPMorgan Chase breach

What's the fallout from the Chase bank breach? Phishing of course, but phone calls and snail mail can also be abused. I was targeted by a snail mail billing scam. Most website rating systems fail to warn about the site involved in the...

Hackers

Linux botnet Mayhem spreads through Shellshock exploits

The botnet targets Web servers that haven't been patched for recent vulnerabilities found in the Bash Linux shell.

ATM machine

Criminals used malware program to steal millions from ATMs

Criminals have stolen millions of dollars from ATMs worldwide using a specialized malware program that forces the machines to dispense cash on command.

eric holder reuters larry downing

Eric Holder says 'worrisome' tech companies are eyeing encryption

US attorney general's remarks follow similar concerns from the FBI

bankvault

An immature security program is an exciting challenge

After four years of building one company’s security program, our manager feels the need to take on a new challenge.

Organization sets out to make secure communication tools more user-friendly

Google, Dropbox and the Open Technology Fund are supporting a new organization focused on making open-source security and privacy tools more user-friendly.

China says US hacking accusations are 'totally groundless'

The Chinese government says accusations that it was involved in cyberattacks against U.S. transportation contractors are "totally groundless and untenable."

wells fargo avast screenshot

'Tiny banker' malware targets US financial institutions

A banking trojan, known for its small size but powerful capabilities, has expanded the number of financial institutions from which it can collect data, according to security vendor Avast.

network security diagram 42 25789247

Sprint, Windstream traffic routing errors hijacked other ISPs

Internet traffic routing errors made by U.S. operators Sprint and Windstream on the same day last week underscore a long-known Internet weakness, posing both security and reliability issues.

Salesforce warns customers of malware attack

Salesforce.com users are being targeted by a new version of a computer Trojan that has typically attacked online banking customers until now.

Twitter launches bug bounty program

The company will pay researchers at least $140 for privately reporting serious vulnerabilities in its Web services and mobile apps

Load More