Skip the navigation

More Malware and Vulnerabilities In Depth

Kicking the stool out from under the cybercrime economy

Put simply, cybercrime, especially financial malware, has the potential to be quite the lucrative affair. That's only because the bad guys have the tools to make their work quick and easy, though. Cripple the automated processes presented by certain malware platforms, and suddenly the threats -- and the losses --aren't quite so serious.

Security Manager's Journal: Peering behind the firewall

The corporate firewall is like a dike keeping out a raging sea of malware. Where does it all come from?

Security Manager's Journal: A ransomware flop, thanks to security awareness

Only one person clicks on a bad link, and she had all her files properly backed up. Maybe employees aren't a security manager's nightmare after all.

Virtual servers still face real security threats

Don't let the word "virtual" in virtual servers fool you. You're the only one who knows it's virtual. From the perspective of the virtual server itself, the devices connected to it, applications running on it, end-users connecting to it, or security threats trying to compromise it, the server is very, very real. A new survey from Kaspersky Labs found that many IT professionals understand that securing virtual environments is important, but don't fully understand the threats or how to properly defend against them.

11 signs you've been hacked -- and how to fight back

Redirected Net searches, unexpected installs, rogue mouse pointers: Here's what to do when you've been 0wned

Kenneth van Wyk: We can't just blame users

Yes, users sometimes do stupid things. Some always will. But developers need to do more to save users from themselves.

Heartbleed still matters, and we're all partly to blame

Extremely weak passwords make us vulnerable, but there are ways to create passwords you'll remember and yet are hard to crack. (Insider; registration required)

Security Manager's Journal: We manage our threats, but what about our vendors?

We've all learned that we're no safer than our least safe partner on our networks.

Information overload: Finding signals in the noise

Signal-to-noise ratios are hard to manage. As a security professional, you want the threat data, you want the attack notifications and alerts, and you need intelligence. But, when there's too much coming in, those alerts and notifications fall to the wayside. They're easily dismissed and ignored.

Dark Wallet--Threat or No Threat?

The Fuss About Dark Wallet

Security Manager's Journal: Dealing with the heartburn of Heartbleed

Our manager scrambles to find and fix any vulnerable resources after the OpenSSL flaw is discovered.

Security Manager's Journal: With Heartbleed, suddenly the world is paying attention to security

Why have recent vulnerabilities gotten so much more attention than the ones that preceded them? It's hard to say, but the new awareness is a mixed blessing.

Kenneth van Wyk: Looking beyond Heartbleed

We can do things now to make things a little easier should we face another widespread security defect in code like OpenSSL.

Steven J. Vaughan-Nichols: Here comes the black market for XP patches

For most people, XP patches will be unobtainable through legitimate channels. Sounds like a market to me.

Security Manager's Journal: Virtual machines, real mess

When Internet and phone service are impaired at a development center, the problem is traced to VM images installed in a classroom.

How a cyber cop patrols the underworld of e-commerce

Melissa Andrews, a resident of Canada, is a cyber security "cop" for Payza, an international e-commerce payment platform operating in 97 countries. Her job, described by the company's public relations firm as "the worst security job on the Internet," is to protect the public from illegal, and many times revolting, content, by shutting the sites down and alerting authorities about criminal activity. She spoke with CSO this week about her job and why she is proud of what she does.

Evan Schuman: With Heartbleed, IT leaders are missing the point

If our checks and balances are so fragile that a typo can obliterate all meaningful security, we have some fundamental things to fix.

Security Manager's Journal: A rush to XP's end of life

The end of Microsoft support is fast approaching, and the company still has a lot of machines running the old Windows operating system.

The new security perimeter: Human Sensors

Security Manager George Grachis discusses the current cyber threat landscape and why Human Sensors, our users, are our most underutilized resource that can make all the difference

McAfee Offers Global Response to Nationalized Malware

In medieval times, kings let barbarians break down the castle gates but made sure they paid the price once they got inside. McAfee's approach to security takes a similar approach -- since data breaches are inevitable, companies should worry less about the perimeter and more on catching the bad guys in the act.