Skip the navigation

Security Topic Center

Get the latest news and in-depth analysis about IT security, including information about viruses and other malware, security patches, data protection and more

Security News

Privacy jitters derail controversial K-12 big data initiative

Unrelenting privacy concerns finally derailed a controversial big data initiative that promised to deliver more individualized instruction to public school students in the U.S.
Read more...

Russian Android SMS Trojan hits U.S.

An Android Trojan app that sends SMS messages to premium-rate numbers has expanded globally over the past year, racking up bills for users in over 60 countries including the U.S., malware researchers from Kaspersky Lab said.

Coding error protects some Android apps from Heartbleed

Some Android apps thought to be vulnerable to the Heartbleed bug were spared because of a common coding error in the way they implemented their own native OpenSSL library.

Apple patches Secure Transport, but not because of Heartbleed

Apple today issued a security-only update for OS X, patching 25 vulnerabilities in Mavericks, its newest operating system, and 7 bugs in older editions.

Search and rescue group sues FAA over drone use

A battle for rights to U.S. airspace is brewing between the Federal Aviation Administration and organizations looking to operate small, unmanned aerial vehicles, or drones, for commercial and other purposes.

Mystery malware infecting jailbroken iPhones, iPads

A malware campaign of yet-to-be-determined origin is infecting jailbroken iPhones and iPads to steal Apple account credentials from SSL encrypted traffic.

NEC launches face-recognition protection for PCs

NEC has launched a biometric security program that uses face recognition to unlock access to PCs.

Web apps and point-of-sale were leading hacker targets in 2013, says Verizon

Web application attacks, cyber-espionage and point-of-sale intrusions were among the top IT security threats in 2013, according to Verizon's latest annual report on data breach investigations.

SEC seeks data on cyber security policies at Wall Street firms

The Securities and Exchange Commission plans to review the cyber defenses of 50 Wall Street broker-dealers and investment advisers to determine whether they are prepared for potential cyber threats.

Most but not all sites have fixed Heartbleed flaw

The world's top 1,000 websites have been patched to protect their servers against the "Heartbleed" exploit, but up to 2% of the top million were still vulnerable as of last week.

Security In Depth

Heartbleed bled out and now, an arrest

The RCMP have managed to track down and arrest the first ne'er do well in London, Ontario. The RCMP have not indicated how they managed to puzzle out who attacked the Canada Revenue Agency. I am curious myself but, not for the same reasons. I'm curious what led a 19 year old from Southern Ontario to think that activity was acceptable.

Self-taught hackers rule

Ilio Kolochenko, CEO of High-Tech Bridge, a Swiss information security company, gave the keynote address on governments' role in cybersecurity this past Sunday at the Regional cybersecurity Summit in Oman.

How to keep your smartphone (and its data) secure

We keep a large amount of personal and business data on our smartphones and tablets; here are some tips and tricks to help you protect both your hardware and your information.

Exclusive video: How a Boston hospital protected healthcare data after last year's Marathon explosions

Dr. John Halmaka tells how his IT team invented a real-time security plan in the midst of the chaos.

Thornton May: Your privacy map is probably wrong

The privacy maps being created today are primarily designed to avoid lawsuits.

Security Manager's Journal: Virtual machines, real mess

When Internet and phone service are impaired at a development center, the problem is traced to VM images installed in a classroom.

3 privacy violations you shouldn't worry about

There are many major threats to our privacy that we should be up in arms about, but iBeacons, Gmail scanning and Google Glass are not among them, says Mike Elgan.

Why security professionals need to get more creative with penetration testing (and how to do it)

Security professionals have long been running penetration tests against their firewalls and other security systems to find weaknesses that need to be addressed.

LaCie compromised for over a year

I guess there is truth in the saying that the devil is in the details. If anyone ever tries to tell you that their product or service is 100% secure you have my permission to smack them with a large fish (not an actual permission slip). That being said, it is good to tackle the issues straight on when you've been hacked. In this case the storage manufacturer LaCie was breached by a nefarious third party who managed to set up shop on their internal network well over a year ago.

How a cyber cop patrols the underworld of e-commerce

Melissa Andrews, a resident of Canada, is a cyber security "cop" for Payza, an international e-commerce payment platform operating in 97 countries. Her job, described by the company's public relations firm as "the worst security job on the Internet," is to protect the public from illegal, and many times revolting, content, by shutting the sites down and alerting authorities about criminal activity. She spoke with CSO this week about her job and why she is proud of what she does.