The Heartbleed Bug disclosed by the OpenSSL group on April 7 has sent many vendors scurrying to patch their products and that includes security firms Symantec, Intel Security's McAfee division, and Kaspersky Lab.
During a week in which everyone seemed to be searching for answers amid revelations of the Heartbleed bug, several universities and their partners announced new efforts to explore IT security advances.
The Heartbleed Bug, a flaw in OpenSSL that would let attackers eavesdrop on Web, e-mail and some VPN communications, is a vulnerability that can be found not just in servers using it but also in network gear from Cisco and Juniper Networks. Both vendors say there's still a lot they are investigating about how Heartbleed impacts their products, and to expect updated advisories on a rolling basis.
While tax return fraud seems to have hit epidemic proportions, the Internal Revenue Service today said it has started more than 200 new investigations this filing season into identity theft and refund fraud schemes.
The Heartbleed Bug, basically a flaw in OpenSSL that would let savvy attackers eavesdrop on Web, e-mail and some VPN communications that use OpenSSL, has sent companies scurrying to patch servers and change digital encryption certificates and users to change their passwords. But who's to blame for this flaw in the open-source protocol that some say also could impact routers and even mobile devices as well?
IBM has come up with a technology for reducing the risk of data being exposed in mobile push notifications to mobile devices by coming up with a way to encrypt that information so service providers and others can't actually see any data related to the user's mobile device.
Virus Shield, by developer Deviant Solutions, was a handsome, apparently easy-to-use security app for Android devices. For $4, the app promised hassle-free, ad-free security for Android users, without impacting battery life or performance. And, mostly, Virus Shield delivered - no ads, no fuss.
Banks and financial institutions regulated by the federal government must now monitor for distributed denial-of-service (DDoS) attacks against their networks and have a plan in place to try and mitigate against such attacks, a federal regulatory body said this week.
Security professionals are playing defense against cybercrime, and often feel outgunned by tech-savvy hackers and insiders out to steal sensitive data from within the business. They see a shortage of qualified security personnel to call on, but also believe that threat-detection tools are getting better.
Microsoft's final patches for Windows XP that come out next week focus on critical problems with older versions of Internet Explorer that can result in malicious code being run remotely on victim machines.
Data breaches seem to be happening at an absurdly rapid rate these days with reported incidents involving the theft of personally identifiable information hitting 25,566 in 2013 up from 10,481 in 2009.
In an evaluative lab test, FireEye and Ahnlab each scored "below average" on their breach-detection systems (BDS) in a comparative group product test which was conducted by NSS Labs.
Failures in patch management of vulnerable systems have been a key enabler of cybercrime, according to the conclusions reached in Solutionary's annual Global Threat Intelligence Report out today, saying it sees botnet attacks as the biggest single threat.
Knock, knock! Secret Service here. "Is this your customer payment card data?"
Who doesn't like free stuff? There's a long tradition of free or open-source security tools, and one of the best sites to learn more about them is Security Tools, a running list of what it claims are the 125 best free security tools around.