Skip the navigation

Security Topic Center

Get the latest news and in-depth analysis about IT security, including information about viruses and other malware, security patches, data protection and more

Security News

Nokia suspends tablet sales due to faulty charger

Nokia has temporarily halted sales of the Lumia 2520 in seven countries, because the tablet's AC-300 charger can give users an electric shock.
Read more...

Android trojan app targets Facebook users

Cybercriminals have started using a sophisticated Android Trojan app designed for e-banking fraud to target Facebook users, possibly in an attempt to bypass the two-factor authentication protection on the social network.

Microsoft extends Windows 8.1 Update migration deadline for business

Microsoft on Wednesday extended the Windows 8.1 Update migration deadline for businesses by three months, but again told consumers they had less than four weeks to make the move before the company shuts off their patch faucet.

Windows XP retirement creates opportunity for Chinese security firm

Microsoft may have retired Windows XP, but one of China's leading security vendors is trying to keep the OS threat-free, and rolling out protection software to hundreds of millions of users in the nation.

Teen nabbed in Heartbleed attack against Canadian tax site

Canadian police have arrested a 19-year-old man for allegedly using the Heartbleed bug to steal data about taxpayers.

Court rejects Lavabit appeal, cites improper procedural handling

A federal court has affirmed contempt charges against Lavabit, rejecting an attempt by company attorneys to argue new issues on appeal.

Two more states eye drone use limits

Louisiana and Pennsylvania could become the latest states to impose restrictions on the use of commercial drone aircraft over their airspace.

Lavaboom creates an encrypted webmail service that fends off snooping

A new webmail service called Lavaboom promises to provide easy-to-use email encryption without ever learning its users' private encryption keys or message contents.

Oracle identifies products affected by Heartbleed, but work remains on fixes

Oracle has issued a comprehensive list of its software that may or may not be affected by the OpenSSL (secure sockets layer) vulnerability known as Heartbleed, while warning that no fixes are yet available for some likely affected products.

Microsoft slashes Windows XP custom support prices just days before axing public patches

Just days before Microsoft retired Windows XP from public support, the company drastically reduced the price of custom support agreements that give large companies and government agencies another year of XP patches, experts reported today.

Security In Depth

How a cyber cop patrols the underworld of e-commerce

Melissa Andrews, a resident of Canada, is a cyber security "cop" for Payza, an international e-commerce payment platform operating in 97 countries. Her job, described by the company's public relations firm as "the worst security job on the Internet," is to protect the public from illegal, and many times revolting, content, by shutting the sites down and alerting authorities about criminal activity. She spoke with CSO this week about her job and why she is proud of what she does.

A simple cure for the cybersecurity skills shortage

An approach that has worked for centuries in all sorts of industries is just as applicable to the security field.

3 ways to reduce BYOD legal liability with the right conversation

As "bring your own device" (BYOD) reshapes the way organizations handle technology, how do we handle the uncertainty of legal liability and security concerns?

Big data security context

I just finished up a lengthy tour through Latin America and Asia, as described in many of my latest blogs. Most recently I was in Australia and New Zealand (ANZ). I had the opportunity to work with various government agencies, organizations within critical infrastructure and general enterprise businesses across ANZ. Their primary topic of interest: big data. More specifically, they were interested in determining what needs to be part of a successful big data security strategy.

Evan Schuman: With Heartbleed, IT leaders are missing the point

If our checks and balances are so fragile that a typo can obliterate all meaningful security, we have some fundamental things to fix.

How to create awareness of the insider threat

One of the legacies of Edward Snowden's treason is that companies are now concerned about the insider threat more than they ever were before. He demonstrates that a single person inside an organization can devastate the organization. While technology should have caught Snowden, there is also the realization that his coworkers and managers should have noticed indications of unusual activities.

Secure browsers offer alternatives to Chrome, IE and Firefox

The Web browser has been a major infection vector for years, allowing malware to be transported to millions of computers through phishing, man-in-the-middle, SQL injection and countless other attacks. But what if there were a way to stop this madness and secure the browsing channel itself?

IT departments are a dying breed

Earlier this week, I posted a question to Twitter and one reader offered an interesting rant on the topic, one that I felt was worth sharing.

How to defend against the OpenSSL Heartbleed flaw

CSOs need to take a number of steps as soon as possible to protect their organizations against the OpenSSL vulnerability that has shaken the tech industry, experts say.

What you need to know about Heartbleed and OpenSSL

You know that little padlock icon you look for to ensure your Web traffic is encrypted and secure? It turns out that you might not be as secure as you think thanks to a vulnerability that was accidentally introduced into the code of OpenSSL.