Skip the navigation

Cyberwarfare Topic Center

Cyberwarfare news, in-depth articles and more

Cyberwarfare News

Michaels breach exposes nearly 3M payment cards

About 2.6 million payment cards at Michaels Stores and another 400,000 at subsidiary Aaron Brothers may have been affected in a card skimming attack that compromised its point-of-sale systems, the retailer said Thursday.
Read more...

Court rejects Lavabit appeal, cites improper procedural handling

A federal court has affirmed contempt charges against Lavabit, rejecting an attempt by company attorneys to argue new issues on appeal.

Google said to be eyeing a boost to encrypted sites in search results

Websites that use encryption could be elevated in Google search results sometime in the future, according to The Wall Street Journal.

Obama backs disclosure of most software flaws

The Obama administration favors disclosing to the public vulnerabilities in commercial and open source software in the national interest, unless there is a national security or law enforcement need, the National Security Agency says.

NSA denies it knew about Heartbleed flaw

The U.S. National Security Agency, which has a cybersecurity mission in addition to surveillance, has disputed a report that it knew about the Heartbleed security vulnerability for at least two years before other researchers disclosed the flaw this month.

NSA secretly exploited devastating Heartbleed bug for years, report says

You had to see this one coming.

Website admins will be busy dealing with Heartbleed

Website and server administrators will have to spend considerable time, effort and money to mitigate all the security risks associated with Heartbleed, one of the most severe vulnerabilities to endanger encrypted SSL communications in recent years.

Feds are OK with cyberthreat info sharing, say it's not an antitrust violation

U.S. businesses can share most cyberthreat information with competitors without facing antitrust enforcement action, two U.S. enforcement agencies said Thursday.

Canada halts online tax returns in wake of Heartbleed

Canada Revenue Agency has halted online filing of tax returns by the country's citizens following the disclosure of the Heartbleed security vulnerability that rocked the Internet this week.

Twitter says it dodged the horrors of Heartbleed

Twitter was not affected by the Heartbleed Internet vulnerability that rocked the Web security world this week, making one less password consumers need to change to protect themselves, but users still need to be careful how they respond to the threat.

Cyberwarfare In Depth

Why security professionals need to get more creative with penetration testing (and how to do it)

Security professionals have long been running penetration tests against their firewalls and other security systems to find weaknesses that need to be addressed.

LaCie compromised for over a year

I guess there is truth in the saying that the devil is in the details. If anyone ever tries to tell you that their product or service is 100% secure you have my permission to smack them with a large fish (not an actual permission slip). That being said, it is good to tackle the issues straight on when you've been hacked. In this case the storage manufacturer LaCie was breached by a nefarious third party who managed to set up shop on their internal network well over a year ago.

3 ways to reduce BYOD legal liability with the right conversation

As "bring your own device" (BYOD) reshapes the way organizations handle technology, how do we handle the uncertainty of legal liability and security concerns?

How to create awareness of the insider threat

One of the legacies of Edward Snowden's treason is that companies are now concerned about the insider threat more than they ever were before. He demonstrates that a single person inside an organization can devastate the organization. While technology should have caught Snowden, there is also the realization that his coworkers and managers should have noticed indications of unusual activities.

Secure browsers offer alternatives to Chrome, IE and Firefox

The Web browser has been a major infection vector for years, allowing malware to be transported to millions of computers through phishing, man-in-the-middle, SQL injection and countless other attacks. But what if there were a way to stop this madness and secure the browsing channel itself?

IT departments are a dying breed

Earlier this week, I posted a question to Twitter and one reader offered an interesting rant on the topic, one that I felt was worth sharing.

What you need to know about Heartbleed and OpenSSL

You know that little padlock icon you look for to ensure your Web traffic is encrypted and secure? It turns out that you might not be as secure as you think thanks to a vulnerability that was accidentally introduced into the code of OpenSSL.

The real security lesson Windows XP taught us is to challenge our assumptions

Launched in October 2001, today (really) marks the end of support for the Windows XP operating system. As the 12+ year run of Windows XP comes to an end, it holds some curious lessons.

Heartbleed bug gets plugged

Cue the hyperbole and clapping monkeys. Today brings news to the screens of security folks the world over that OpenSSL has an OMG ZERO DAY AUUGGGGGHHHHH...oh, wait, there's a fix.

Salted Links: 7 April 2014

The Hash is on the road this week, but while yours truly is flying the friendly skies, the following round-up will keep you in the loop on current events and interesting research. Today's cache includes a unique attack on Microsoft Outlook, using XSS to launch DoS attacks, and a note on the end of Windows XP.