The Heartbleed Bug, basically a flaw in OpenSSL that would let savvy attackers eavesdrop on Web, e-mail and some VPN communications that use OpenSSL, has sent companies scurrying to patch servers and change digital encryption certificates and users to change their passwords. But who's to blame for this flaw in the open-source protocol that some say also could impact routers and even mobile devices as well?
Stories by Ellen Messmer
IBM has come up with a technology for reducing the risk of data being exposed in mobile push notifications to mobile devices by coming up with a way to encrypt that information so service providers and others can't actually see any data related to the user's mobile device.
Banks and financial institutions regulated by the federal government must now monitor for distributed denial-of-service (DDoS) attacks against their networks and have a plan in place to try and mitigate against such attacks, a federal regulatory body said this week.
Security professionals are playing defense against cybercrime, and often feel outgunned by tech-savvy hackers and insiders out to steal sensitive data from within the business. They see a shortage of qualified security personnel to call on, but also believe that threat-detection tools are getting better.
In an evaluative lab test, FireEye and Ahnlab each scored "below average" on their breach-detection systems (BDS) in a comparative group product test which was conducted by NSS Labs.
Dell today unveiled enterprise mobility software for Google Android or Apple iOS that supports employee "bring your own device" use by selectively applying VPN controls only to the corporate apps on the device, not the employee's personal apps.
Failures in patch management of vulnerable systems have been a key enabler of cybercrime, according to the conclusions reached in Solutionary's annual Global Threat Intelligence Report out today, saying it sees botnet attacks as the biggest single threat.
Knock, knock! Secret Service here. "Is this your customer payment card data?"
Who doesn't like free stuff? There's a long tradition of free or open-source security tools, and one of the best sites to learn more about them is Security Tools, a running list of what it claims are the 125 best free security tools around.
A newly formed non-profit called the Secure Domain Foundation (SDF) says its mission will be to provide free advice on security practices to protect the Internet's core infrastructure related to the Domain Name System.
Palo Alto Networks, known for its next-generation firewall, Monday said it is buying Israeli start-up Cyvera for about $200 million to gain access to its endpoint security product for real-time attack prevention. The deal is expected to close in a few weeks.
The Syrian Electronic Army, a hacker group closely associated with Syria's president, this week shared documents it allegedly stole that show what Microsoft charges the FBI monthly for information on the software maker's customers.
Here are 20 of the most notorious known break-ins over the past decade.
The willingness to invest in new security start-ups is continuing at such a breakneck pace that start-ups still in stealth mode are getting snapped up by more established players before they even publicly introduce their security products and services.
There used to be a whopping 110 million attack messages per day spoofing the Twitter domain name as cyber-criminals blasted out fake Twitter e-mail at intended victims to try and fool them into opening dangerous malware-infested links and other scams. But by adopting a messaging authentication protocol called Domain-based Message Authentication, Reporting and Conformance (DMARC), Twitter has seen that number drop to a few thousand.