Skip the navigation

Security Topic Center

Get the latest news and in-depth analysis about IT security, including information about viruses and other malware, security patches, data protection and more

Security News

VMware promises Heartbleed patches for affected products by the weekend

VMware started patching its products against the critical Heartbleed flaw that puts encrypted communications at risk, and plans to have updates ready for all affected products by Saturday.
Read more...

Google issues patch for Android icon permissions attack

Google has issued a patch for an attack that could lead an Android user to a phishing site, according to security vendor FireEye.

Google updates terms of service, includes word of user email scans

Google has updated its terms of service to reflect that it analyzes user content including emails to provide users tailored advertising, customized search results and other features.

Mt. Gox seeks postponement of CEO's U.S. court deposition

Mt. Gox CEO Mark Karpeles, who was ordered to appear before a U.S. bankruptcy court to answer questions, has asked for a postponement of his deposition.

Server makers rush their Heartbleed patches

Enterprise IT vendors are rushing to protect users from the Heartbleed bug, which has been found in some servers and networking gear and could allow attackers to steal critical data -- including passwords and encryption keys -- from the memories of exposed systems.

Box patches Heartbleed flaw in its cloud servers

Box has patched the Heartbleed security hole on its servers and has advised its customers to change their passwords.

Data breaches nail more U.S. Internet users, who now want more regulation

More U.S. Internet users report they have been victims of data breach, while 80 percent want additional restrictions against sharing of online data, according to two surveys released Monday.

First sites admit data loss through Heartbleed attacks

Canada's tax authority and a popular British parenting website both lost user data after attackers exploited the Heartbleed SSL vulnerability, they said Monday.

Google said to be eyeing a boost to encrypted sites in search results

Websites that use encryption could be elevated in Google search results sometime in the future, according to The Wall Street Journal.

Facebook set to enter e-money market in Europe

Facebook is mere weeks away from becoming a registered e-money firm in Ireland, the Financial Times reported.

Security In Depth

Big data security context

I just finished up a lengthy tour through Latin America and Asia, as described in many of my latest blogs. Most recently I was in Australia and New Zealand (ANZ). I had the opportunity to work with various government agencies, organizations within critical infrastructure and general enterprise businesses across ANZ. Their primary topic of interest: big data. More specifically, they were interested in determining what needs to be part of a successful big data security strategy.

Evan Schuman: With Heartbleed, IT leaders are missing the point

If our checks and balances are so fragile that a typo can obliterate all meaningful security, we have some fundamental things to fix.

How to create awareness of the insider threat

One of the legacies of Edward Snowden's treason is that companies are now concerned about the insider threat more than they ever were before. He demonstrates that a single person inside an organization can devastate the organization. While technology should have caught Snowden, there is also the realization that his coworkers and managers should have noticed indications of unusual activities.

Secure browsers offer alternatives to Chrome, IE and Firefox

The Web browser has been a major infection vector for years, allowing malware to be transported to millions of computers through phishing, man-in-the-middle, SQL injection and countless other attacks. But what if there were a way to stop this madness and secure the browsing channel itself?

IT departments are a dying breed

Earlier this week, I posted a question to Twitter and one reader offered an interesting rant on the topic, one that I felt was worth sharing.

How to defend against the OpenSSL Heartbleed flaw

CSOs need to take a number of steps as soon as possible to protect their organizations against the OpenSSL vulnerability that has shaken the tech industry, experts say.

What you need to know about Heartbleed and OpenSSL

You know that little padlock icon you look for to ensure your Web traffic is encrypted and secure? It turns out that you might not be as secure as you think thanks to a vulnerability that was accidentally introduced into the code of OpenSSL.

Cognitive bias: The risk from everyone in your organization, including you

Risks to enterprises are not only of the security breach variety from outside attackers, malicious insiders or even careless employees. Another comes from everybody in an organization a even its most loyal, careful, capable members.

The real security lesson Windows XP taught us is to challenge our assumptions

Launched in October 2001, today (really) marks the end of support for the Windows XP operating system. As the 12+ year run of Windows XP comes to an end, it holds some curious lessons.

Heartbleed bug gets plugged

Cue the hyperbole and clapping monkeys. Today brings news to the screens of security folks the world over that OpenSSL has an OMG ZERO DAY AUUGGGGGHHHHH...oh, wait, there's a fix.