Stories by Ellen Messmer

Security researchers this week issued warnings about ransomware called Koler that demands $300 from Android users who bite on a fake app typically found on porn sites.

It's been a month since the Heartbleed Bug set off a stampede to patch software in everything from network gear to security software as it quickly became evident that vulnerable versions of the OpenSSL encryption code had been very widely deployed.

Companies were getting hit on average with "unknown malware" around 53 times a day in 2013, according to Check Point's annual analysis of threat data collected from about a thousand enterprise customers. Check Point defines 'unknown malware" as malicious code that exploits a known vulnerability or weakness, but can't be detected at the time of its discovery by up-to-date anti-virus or intrusion-prevention systems.

Threat protection company FireEye Tuesday announced it's acquiring nPulse Technologies, a privately-held maker of high-speed packet-capture, network analysis and forensics gear, for $70 million in a cash-stock deal expected to close during the second quarter.

There's been much discussion in the security industry that preventing malware-based infiltrations into the enterprise is nigh on impossible, and the new security mantra should be "rapid detection is the new prevention." On that, IBM begs to differ.

Symantec has announced its Advanced Threat Protection (ATP) effort for new products and managed security services to support enterprise customers in fending off targeted zero-day attacks in particular.

It cost U.S. companies hit by data breaches last year an average of $5.4 million to cope with the after-effects – up 9% from the year before, according to the ninth annual Ponemon Institute study published Monday.

VMware today put forward its "vision" for unifying the mobile security and management technology it acquired in its $1.5 billion acquisition of AirWatch earlier this year with its traditional line of virtualization software.

Target has named veteran IT executive Bob DeRodes as its CIO and is tasking him with taking the $73 billion retailer in a new technology direction following the mammoth data breach that it disclosed late last year. The breach resulted in information being stolen from 70 million payment card users and prompted the resignation of CIO Beth Jacob.

Cisco today announced Managed Threat Defense, a set of security services for the enterprise that Cisco is providing through two new operations centers to remotely support intrusion-detection, incident response and forensics, among other services.

Verizon today issued its annual data-breach investigations report, a study of what happened in 1,367 known cases across dozens of industries in 95 countries last year, and the most common form of attack was breaking in through Web applications.

The Stuxnet malware known to have stealthily targeted Iranian nuclear facilities a few years ago was a wake-up call about how vulnerable critical industrial systems can be to cyberattack. Now, an Israeli start-up, with help from General Electric, is testing security technology that would detect Stuxnet-like attacks on critical infrastructure systems used for power production.

Socially-engineered malware tries to trick users into downloading and executing malicious code through tactics that include everything from fake antivirus to fake utilities to fake upgrades to the operating system and trojanized applications.

The Heartbleed Bug disclosed by the OpenSSL group on April 7 has sent many vendors scurrying to patch their products and that includes security firms Symantec, Intel Security's McAfee division, and Kaspersky Lab.

The Heartbleed Bug, a flaw in OpenSSL that would let attackers eavesdrop on Web, e-mail and some VPN communications, is a vulnerability that can be found not just in servers using it but also in network gear from Cisco and Juniper Networks. Both vendors say there's still a lot they are investigating about how Heartbleed impacts their products, and to expect updated advisories on a rolling basis.