Skip the navigation

Security Topic Center

Get the latest news and in-depth analysis about IT security, including information about viruses and other malware, security patches, data protection and more

Security News

Oracle identifies products affected by Heartbleed, but work remains on fixes

Oracle has issued a comprehensive list of its software that may or may not be affected by the OpenSSL (secure sockets layer) vulnerability known as Heartbleed, while warning that no fixes are yet available for some likely affected products.
Read more...

Microsoft slashes Windows XP custom support prices just days before axing public patches

Just days before Microsoft retired Windows XP from public support, the company drastically reduced the price of custom support agreements that give large companies and government agencies another year of XP patches, experts reported today.

Rushed Heartbleed fixes may expose users to more attacks

In the race to protect themselves from the Heartbleed vulnerability, enterprises could be opening themselves up to new attacks if they aren't careful.

VMware promises Heartbleed patches for affected products by the weekend

VMware started patching its products against the critical Heartbleed flaw that puts encrypted communications at risk, and plans to have updates ready for all affected products by Saturday.

Google issues patch for Android icon permissions attack

Google has issued a patch for an attack that could lead an Android user to a phishing site, according to security vendor FireEye.

Google updates terms of service, includes word of user email scans

Google has updated its terms of service to reflect that it analyzes user content including emails to provide users tailored advertising, customized search results and other features.

Mt. Gox seeks postponement of CEO's U.S. court deposition

Mt. Gox CEO Mark Karpeles, who was ordered to appear before a U.S. bankruptcy court to answer questions, has asked for a postponement of his deposition.

Server makers rush their Heartbleed patches

Enterprise IT vendors are rushing to protect users from the Heartbleed bug, which has been found in some servers and networking gear and could allow attackers to steal critical data -- including passwords and encryption keys -- from the memories of exposed systems.

Box patches Heartbleed flaw in its cloud servers

Box has patched the Heartbleed security hole on its servers and has advised its customers to change their passwords.

Data breaches nail more U.S. Internet users, who now want more regulation

More U.S. Internet users report they have been victims of data breach, while 80 percent want additional restrictions against sharing of online data, according to two surveys released Monday.

Security In Depth

3 ways to reduce BYOD legal liability with the right conversation

As "bring your own device" (BYOD) reshapes the way organizations handle technology, how do we handle the uncertainty of legal liability and security concerns?

Big data security context

I just finished up a lengthy tour through Latin America and Asia, as described in many of my latest blogs. Most recently I was in Australia and New Zealand (ANZ). I had the opportunity to work with various government agencies, organizations within critical infrastructure and general enterprise businesses across ANZ. Their primary topic of interest: big data. More specifically, they were interested in determining what needs to be part of a successful big data security strategy.

Evan Schuman: With Heartbleed, IT leaders are missing the point

If our checks and balances are so fragile that a typo can obliterate all meaningful security, we have some fundamental things to fix.

How to create awareness of the insider threat

One of the legacies of Edward Snowden's treason is that companies are now concerned about the insider threat more than they ever were before. He demonstrates that a single person inside an organization can devastate the organization. While technology should have caught Snowden, there is also the realization that his coworkers and managers should have noticed indications of unusual activities.

Secure browsers offer alternatives to Chrome, IE and Firefox

The Web browser has been a major infection vector for years, allowing malware to be transported to millions of computers through phishing, man-in-the-middle, SQL injection and countless other attacks. But what if there were a way to stop this madness and secure the browsing channel itself?

IT departments are a dying breed

Earlier this week, I posted a question to Twitter and one reader offered an interesting rant on the topic, one that I felt was worth sharing.

How to defend against the OpenSSL Heartbleed flaw

CSOs need to take a number of steps as soon as possible to protect their organizations against the OpenSSL vulnerability that has shaken the tech industry, experts say.

What you need to know about Heartbleed and OpenSSL

You know that little padlock icon you look for to ensure your Web traffic is encrypted and secure? It turns out that you might not be as secure as you think thanks to a vulnerability that was accidentally introduced into the code of OpenSSL.

Cognitive bias: The risk from everyone in your organization, including you

Risks to enterprises are not only of the security breach variety from outside attackers, malicious insiders or even careless employees. Another comes from everybody in an organization a even its most loyal, careful, capable members.

The real security lesson Windows XP taught us is to challenge our assumptions

Launched in October 2001, today (really) marks the end of support for the Windows XP operating system. As the 12+ year run of Windows XP comes to an end, it holds some curious lessons.