Skip the navigation

Security Topic Center

Get the latest news and in-depth analysis about IT security, including information about viruses and other malware, security patches, data protection and more

Security News

U.S. commercial drone industry struggles to take off

The U.S. commercial drone industry is still struggling to get off the ground more than two years after President Obama signed into law a bill that permits the civilian use of unmanned aerial vehicles (UAV) over the country's airspace.
Read more...

Michaels breach exposes nearly 3M payment cards

About 2.6 million payment cards at Michaels Stores and another 400,000 at subsidiary Aaron Brothers may have been affected in a card skimming attack that compromised its point-of-sale systems, the retailer said Thursday.

This Netcraft tool flags sites affected by Heartbleed

Worried about how the Heartbleed vulnerability may affect your personal accounts? A new tool may be of help.

Nokia suspends tablet sales due to faulty charger

Nokia has temporarily halted sales of the Lumia 2520 in seven countries, because the tablet's AC-300 charger can give users an electric shock.

Android trojan app targets Facebook users

Cybercriminals have started using a sophisticated Android Trojan app designed for e-banking fraud to target Facebook users, possibly in an attempt to bypass the two-factor authentication protection on the social network.

Microsoft extends Windows 8.1 Update migration deadline for business

Microsoft on Wednesday extended the Windows 8.1 Update migration deadline for businesses by three months, but again told consumers they had less than four weeks to make the move before the company shuts off their patch faucet.

Windows XP retirement creates opportunity for Chinese security firm

Microsoft may have retired Windows XP, but one of China's leading security vendors is trying to keep the OS threat-free, and rolling out protection software to hundreds of millions of users in the nation.

Teen nabbed in Heartbleed attack against Canadian tax site

Canadian police have arrested a 19-year-old man for allegedly using the Heartbleed bug to steal data about taxpayers.

Court rejects Lavabit appeal, cites improper procedural handling

A federal court has affirmed contempt charges against Lavabit, rejecting an attempt by company attorneys to argue new issues on appeal.

Two more states eye drone use limits

Louisiana and Pennsylvania could become the latest states to impose restrictions on the use of commercial drone aircraft over their airspace.

Security In Depth

Why security professionals need to get more creative with penetration testing (and how to do it)

Security professionals have long been running penetration tests against their firewalls and other security systems to find weaknesses that need to be addressed.

LaCie compromised for over a year

I guess there is truth in the saying that the devil is in the details. If anyone ever tries to tell you that their product or service is 100% secure you have my permission to smack them with a large fish (not an actual permission slip). That being said, it is good to tackle the issues straight on when you've been hacked. In this case the storage manufacturer LaCie was breached by a nefarious third party who managed to set up shop on their internal network well over a year ago.

How a cyber cop patrols the underworld of e-commerce

Melissa Andrews, a resident of Canada, is a cyber security "cop" for Payza, an international e-commerce payment platform operating in 97 countries. Her job, described by the company's public relations firm as "the worst security job on the Internet," is to protect the public from illegal, and many times revolting, content, by shutting the sites down and alerting authorities about criminal activity. She spoke with CSO this week about her job and why she is proud of what she does.

A simple cure for the cybersecurity skills shortage

An approach that has worked for centuries in all sorts of industries is just as applicable to the security field.

3 ways to reduce BYOD legal liability with the right conversation

As "bring your own device" (BYOD) reshapes the way organizations handle technology, how do we handle the uncertainty of legal liability and security concerns?

Big data security context

I just finished up a lengthy tour through Latin America and Asia, as described in many of my latest blogs. Most recently I was in Australia and New Zealand (ANZ). I had the opportunity to work with various government agencies, organizations within critical infrastructure and general enterprise businesses across ANZ. Their primary topic of interest: big data. More specifically, they were interested in determining what needs to be part of a successful big data security strategy.

Evan Schuman: With Heartbleed, IT leaders are missing the point

If our checks and balances are so fragile that a typo can obliterate all meaningful security, we have some fundamental things to fix.

How to create awareness of the insider threat

One of the legacies of Edward Snowden's treason is that companies are now concerned about the insider threat more than they ever were before. He demonstrates that a single person inside an organization can devastate the organization. While technology should have caught Snowden, there is also the realization that his coworkers and managers should have noticed indications of unusual activities.

Secure browsers offer alternatives to Chrome, IE and Firefox

The Web browser has been a major infection vector for years, allowing malware to be transported to millions of computers through phishing, man-in-the-middle, SQL injection and countless other attacks. But what if there were a way to stop this madness and secure the browsing channel itself?

IT departments are a dying breed

Earlier this week, I posted a question to Twitter and one reader offered an interesting rant on the topic, one that I felt was worth sharing.