Skip the navigation

Security Topic Center

Get the latest news and in-depth analysis about IT security, including information about viruses and other malware, security patches, data protection and more

Security News

Apple users were left at risk by 3-week delay between OS X and iOS patches

Apple exposed iOS users to security threats by taking three weeks longer to patch the same vulnerabilities in the mobile OS that it previously fixed in Safari on OS X, a former Apple security engineer said.
Read more...

Tip of the Hat: Heartbleed prompts chastened tech giants to fund OpenSSL

Computerworld offers a Tip of the Hat to Jon Brodkin of Ars Technica for an incisive look at how only a potential disaster could convince top tech execs to finally help fund the OpenSSL and other open-source projects.

Huawei still selling to carriers in the U.S.

Despite its setbacks in the U.S., Huawei Technologies still expects growth from its carrier business in the nation, and is focusing on the market's smaller network operators to increase sales.

Top vendors join to bolster OpenSSL, other open source projects, after Heartbleed

Reeling from the Heartbleed security fiasco, major IT vendors including Microsoft, IBM, Intel, Google and Cisco are backing a Linux Foundation initiative designed to boost open source projects considered critical to the industry.

Privacy jitters derail controversial K-12 big data initiative

Unrelenting privacy concerns finally derailed a controversial big data initiative that promised to deliver more individualized instruction to public school students in the U.S.

Russian Android SMS Trojan hits U.S.

An Android Trojan app that sends SMS messages to premium-rate numbers has expanded globally over the past year, racking up bills for users in over 60 countries including the U.S., malware researchers from Kaspersky Lab said.

Coding error protects some Android apps from Heartbleed

Some Android apps thought to be vulnerable to the Heartbleed bug were spared because of a common coding error in the way they implemented their own native OpenSSL library.

Apple patches Secure Transport, but not because of Heartbleed

Apple today issued a security-only update for OS X, patching 25 vulnerabilities in Mavericks, its newest operating system, and 7 bugs in older editions.

Search and rescue group sues FAA over drone use

A battle for rights to U.S. airspace is brewing between the Federal Aviation Administration and organizations looking to operate small, unmanned aerial vehicles, or drones, for commercial and other purposes.

Mystery malware infecting jailbroken iPhones, iPads

A malware campaign of yet-to-be-determined origin is infecting jailbroken iPhones and iPads to steal Apple account credentials from SSL encrypted traffic.

Security In Depth

Microsoft Surface Mini seems likely to ship soon

Microsoft may be prepping to ship a mini version of its Surface tablets within a month, based on an Amazon.com listing for a case custom made for the device.

Steven J. Vaughan-Nichols: Here comes the black market for XP patches

For most people, XP patches will be unobtainable through legitimate channels. Sounds like a market to me.

Heartbleed bled out and now, an arrest

The RCMP have managed to track down and arrest the first ne'er do well in London, Ontario. The RCMP have not indicated how they managed to puzzle out who attacked the Canada Revenue Agency. I am curious myself but, not for the same reasons. I'm curious what led a 19 year old from Southern Ontario to think that activity was acceptable.

Self-taught hackers rule

Ilio Kolochenko, CEO of High-Tech Bridge, a Swiss information security company, gave the keynote address on governments' role in cybersecurity this past Sunday at the Regional cybersecurity Summit in Oman.

How to keep your smartphone (and its data) secure

We keep a large amount of personal and business data on our smartphones and tablets; here are some tips and tricks to help you protect both your hardware and your information.

Exclusive video: How a Boston hospital protected healthcare data after last year's Marathon explosions

Dr. John Halmaka tells how his IT team invented a real-time security plan in the midst of the chaos.

Thornton May: Your privacy map is probably wrong

The privacy maps being created today are primarily designed to avoid lawsuits.

Security Manager's Journal: Virtual machines, real mess

When Internet and phone service are impaired at a development center, the problem is traced to VM images installed in a classroom.

3 privacy violations you shouldn't worry about

There are many major threats to our privacy that we should be up in arms about, but iBeacons, Gmail scanning and Google Glass are not among them, says Mike Elgan.

Why security professionals need to get more creative with penetration testing (and how to do it)

Security professionals have long been running penetration tests against their firewalls and other security systems to find weaknesses that need to be addressed.