View Full Version : Security News



  1. Satellite communication systems rife with security flaws, vulnerable to remote hacks
  2. Why security professionals need to get more creative with penetration testing (and how to do it)
  3. U.S. commercial drone industry struggles to take off
  4. Testing your website for the heartbleed vulnerability with nmap, (Fri, Apr 18th)
  5. Open source trounces proprietary software for code defects, Coverity analysis finds
  6. Heartbleed: Security experts reality-check the 3 most hysterical fears
  7. 33 great tips and tricks for iOS 7
  8. Tor anonymity network to shrink as a result of Heartbleed flaw
  9. Netcraft tool flags websites affected by Heartbleed
  10. Federal CIOs Moving Cybersecurity Beyond Compliance
  11. IT security is national security -- but you're not alone
  12. Michaels says breach at its stores affected nearly 3M payment cards
  13. Organizations remain vulnerable to SQL injection attacks
  14. Beware of clever phishing scam that bypasses Steam Guard
  15. Compliance is no guarantee of security
  16. Understanding risk is a top security concern
  17. 3M payment cards compromised in Michaels Stores/Aaron Brothers breach
  18. Security pros largely unhappy with compliance methods
  19. ESET launches secure authentication SDK
  20. ISC StormCast for Friday, April 18th 2014 http://isc.sans.edu/podcastdetail.html?id=3941, (Fri, Apr 18th)
  21. Facebook users targeted by iBanking Android trojan app
  22. How a cyber cop patrols the underworld of e-commerce
  23. The dismal state of SATCOM security
  24. Tor relays vulnerable to Heartbleed dropped from anonymity network
  25. Attackers use reflection techniques for larger DDoS attacks
  26. Dangerous spam targets Brits with fake Easter offers
  27. Zeus/rootkit combo delivered via Starbucks-themed emails
  28. Student arrested for Heartbleed-exploiting tax agency breach
  29. Microsoft extends Windows 8.1 Update migration deadline for business
  30. **** arrested in Heartbleed attack against Canadian tax site
  31. Windows XP's retirement turns into major security project for Chinese firm
  32. How a cyber cob patrols the underworld of e-commerce
  33. 9 Things You Need to Know Before You Store Data in the Cloud
  34. Kimberly Clark names new CISO
  35. Samsung Galaxy S5 fingerprint scanner can be tricked
  36. Event: 2nd Annual Oil & Gas Cyber Security Conference
  37. Oracle patches 104 vulns, still working on some Heartbleed fixes
  38. Secure email service Lavaboom launches
  39. Hackers steal info of 480,000 people interested in cosmetic surgery
  40. Security pros and government failing to collaborate
  41. Downtime explanation
  42. Microsoft releases Threat Modeling Tool 2014
  43. SharePoint users are breaching security policies
  44. ISC StormCast for Thursday, April 17th 2014 http://isc.sans.edu/podcastdetail.html?id=3939, (Thu, Apr 17th)
  45. Heartbleed CRL Activity Spike Finally Found, (Wed, Apr 16th)
  46. Samsung Galaxy S5 fingerprint scanner can be tricked
  47. Security pros actively hiding negative facts from executives
  48. WinXP and/or Win2003 hanged systems because of SC Forefront Endpoint Protection faulty update, (Wed, Apr 16th)
  49. Lavaboom builds encrypted webmail service to resist snooping
  50. Oracle identifies products affected by Heartbleed, but work remains on fixes
  51. Microsoft slashes Windows XP custom support prices just days before axing public patches
  52. Organizations suffer SQL Injection attacks, but do little to prevent them
  53. Oracle Critical Patch Update for April 2014, (Wed, Apr 16th)
  54. ModSecurity 2.8.0 released
  55. New Feature: Monitoring Certification Revocation Lists (Wed, Apr 16th)
  56. ISC StormCast for Wednesday, April 16th 2014
  57. Looking for malicious traffic in electrical SCADA networks - part 1, (Tue, Apr 15th)
  58. TrueCrypt source code audit finds no critical flaws or intentional backdoors
  59. FTC warning unlikely to stop Facebook from changing WhatsApp privacy policies
  60. Heartbleed threatens mobile users
  61. The security of the most popular programming languages
  62. Heartbleed should jumpstart important security changes
  63. Hardware manufacturer LaCie suffered year-long data breach
  64. Heartbleed: VMware starts delivering patches
  65. Google patches Android icon permissions attack
  66. Guardian, Post win Pulitzers for NSA spying coverage
  67. Data breaches nail more US Internet users, regulation support rises
  68. Box patches Heartbleed flaw in its cloud storage systems
  69. First sites admit data loss through Heartbleed attacks
  70. Businesses take little action to mitigate the insider threat
  71. Half of IT pros make undocumented changes to IT systems
  72. Blocking DDoS attacks with a cloud-based solution
  73. First phase of TrueCrypt audit finds no backdoors
  74. Growing concerns over data privacy
  75. VMWare Advisory VMSA-2014-0004 - Updates on OpenSSL HeartBleed
  76. AT&T hacker Weev released from prison after appeals court overturns conviction
  77. Your no-fuss, fail-safe guide to protecting Android devices
  78. Jetpack for WordPress pushes patch for two year-old flaw
  79. Heartbleed vulnerability linked to breach of Canadian tax data
  80. Google said to be eyeing a boost to encrypted sites in search results
  81. Heartbleed: Private crypto keys can be extracted from vulnerable servers
  82. 52% of enterprises defenseless against cyber attacks
  83. Confirmed Heartbleed victim: Canada Revenue Agency
  84. Heartblead: Private crypto keys can be extracted from vulnerable servers
  85. Security still the biggest concern for cloud adoption
  86. INFOCon Green: Heartbleed - on the mend, (Mon, Apr 14th)
  87. Jetpack pushes update to close critical security hole
  88. Tests confirm Heartbleed bug can expose server's private key
  89. Obama administration backs disclosing software vulnerabilities in most cases
  90. Akamai admits its OpenSSL patch was faulty, reissues keys
  91. Appeals court overturns AT&T hacker's sentence
  92. Identifying security innovation strategies
  93. Week in review: OpenSSL Heartbleed bug, Windows XP reaches end of line
  94. ISC StormCast for Monday, April 14th 2014
  95. Reverse Heartbleed Testing, (Sun, Apr 13th)
  96. Interested in a Heartbleed Challenge?, (Sat, Apr 12th)
  97. Heartbleed flaw affects mobile apps, too
  98. Tip of the Hat: Heartbleed exposes an open source failing
  99. NSA denies knowing about Heartbleed flaw for years
  100. How you need to respond to Heartbleed, and how you can explain it to others
  101. Critical Security Update for JetPack WordPress Plugin. Bug has existed since Jetpack 1.9, released in October 2012.
  102. Heartbleed Fix Available for Download for Cisco Products, (Fri, Apr 11th)
  103. Tonight OpenSSL Webcast #4: Client Site Issues / What to tell your kids & managers about it, (Fri, Apr 11th)
  104. Heartbleed (CVE-2014-0160): An overview of the problem and the resources needed to fix it
  105. Don't overlook URL fetching agents when fixing Heartbleed flaw on servers, researchers say
  106. Schneier: Internet has delivered a 'golden age of surveillance'
  107. US charges nine with distributing Zeus malware
  108. The Internet of Things: An exploding security minefield
  109. Entrust offer new certificates in wake of Heartbleed
  110. The effect of the Heartbleed bug on open source projects
  111. Vendors address the Heartbleed bug
  112. Heartbleed bug: Checking websites and changing passwords
  113. VMware Security Advisories / Patches released for 2 issues (NOT Heartbleed)
  114. In Heartbleed's wake, Comodo cranks out fresh SSL certificates
  115. Microsoft drags customers 'kicking and screaming' into its world of faster updates
  116. Website operators will have a hard time dealing with the Heartbleed vulnerability
  117. What you need to do about Heartbleed
  118. FTC implores WhatsApp to keep its promises on privacy in Facebook deal
  119. US agencies: Sharing cyberthreat info isn't an antitrust violation
  120. Google amps up fight against malicious apps with enhanced Android security
  121. xkcd: Heartbleed Explanation
  122. Securing mobile applications
  123. Advanced attackers go undetected for 229 days
  124. Most cloud services are putting businesses at risk
  125. The digital universe will reach 44 trillion gigabytes by 2020
  126. The state of remote access security
  127. The Other Side of Heartbleed - Client Vulnerabilities, (Fri, Apr 11th)
  128. Universities now have access to cybersecurity education
  129. How to talk to your kids about "Heartbleed", (Fri, Apr 11th)
  130. ISC StormCast for Friday, April 11th 2014
  131. Swedish ISP deletes all retained customer data in wake of EU court ruling
  132. Security update for BlackBerry 10 OS fixes remote code execution vulnerability
  133. Lame "SEO" Android Apps Claim To Be Antivirus
  134. NSA subverted EU privacy laws, spied on human rights orgs
  135. Heartbleed bug: What regular users need to do
  136. Brace Yourselves (and your Users / Clients) for Heartbleed SPAM, (Thu, Apr 10th)
  137. All things not Heartbleed, (Thu, Apr 10th)
  138. New IDS project spots anomalous system behavior
  139. The critical, widespread Heartbleed bug and you: How to keep your private info safe
  140. Tip of the Hat: What the Heartbleed bug means for you
  141. Twitter, at least, dodged the horrors of Heartbleed
  142. Facebook faces class action suit in Canada over interception of private messages
  143. Stung by file-encrypting malware, researchers fight back
  144. What you need to know about Heartbleed and OpenSSL
  145. Canada halts online tax returns in wake of Heartbleed
  146. Whitehat hacker breaches UMD servers to jump-start security remediation
  147. Whitehat hacker breaches UMD servers to jump-start security remediaton
  148. Breaches expose 552 million identities in 2013
  149. Demand for security and Big Data experts grows
  150. Lie detection technology that accurately reads eye behavior
  151. TCG releases TPM 2.0 specification for device security
  152. Whitepaper: Server virtualization and network management
  153. Email management lacks innovation, businesses turn to cloud
  154. Testing for Heartbleed, (Wed, Apr 9th)
  155. Adobe patches a critical flaw in Flash Player and AIR shown at Pwn2Own contest
  156. Symantec to CISOs: Watch for the 'mega-breach'
  157. How to Ensure SAM and SLM Compliance in Mobile Environments
  158. Heartbleed OpenSSL vulnerability: A technical remediation
  159. How does the Heartbleed bug affect me?
  160. Special Simulcast Presentation from SANS 2014 in Orlando: OpenSSL Heartbleed Briefing by Jake Williams. 8:15pm ET
  161. Heartbleed OpenSSL vulnerability: A technical remediation
  162. WordPress releases important security update
  163. Highest EU court rejects EU-wide Data Retention Directive
  164. Universities are a rich target for hackers
  165. Heartbleed vendor notifications, (Wed, Apr 9th)
  166. Facebook begins testing new, simplified privacy settings
  167. Admins: why not review config standards as you fix Heartbleed?
  168. Facebook begins testing new, simplified privacy settings
  169. Vendors and administrators scramble to patch OpenSSL vulnerability
  170. Yahoo email anti-spoofing policy breaks mailing lists
  171. Cybercriminals use sophisticated PowerShell-based malware
  172. Microsoft Patch Tuesday bids adieu to Windows XP
  173. Lawmakers push US attorney general for NSA surveillance changes
  174. A closer look at Microsoft's April Patch Tuesday
  175. Admins: why not review config standards as you fix Heartbleed?
  176. Compliance misconceptions, challenges and tips
  177. Insight, innovation and inspiration at Infosecurity Europe 2014
  178. Attitudes about best practices for physical access control
  179. 56% of employees still receive no security awareness training
  180. Best practices for secure use of Windows XP
  181. Microsoft releases final security updates for Windows XP
  182. UK spies did not misuse powers for mass surveillance, watchdog says
  183. Yahoo email anti-spoofing policy breaks mailing lists
  184. Popular but fake security app removed from Google Play
  185. OpenSSL "Heartbleed" bug undermines widely used encryption scheme
  186. Bliss
  187. Photos: Infosec World 2014
  188. * Patch Now: OpenSSL "Heartbleed" Vulnerability, (Tue, Apr 8th)
  189. Why ending user support for Microsoft XP is the right thing to do
  190. Businesses create IT security blind spots
  191. 'Heartbleed' bug in OpenSSL puts encrypted communications at risk
  192. Windows XP: Chronicle of a death foretold
  193. A security advisor's perspective on the threat landscape
  194. One third of phishing attacks aimed at stealing money
  195. Siemens and McAfee team up to provide security for industrial customers
  196. Worldwide interactive cyberthreat map
  197. OpenSSL CVE-2014-0160 Fixed, (Tue, Apr 8th)
  198. 6 ways the Internet of Things will transform enterprise security
  199. Low adoption rate of HSTS website security mechanism is worrying, EFF says
  200. US Supreme Court declines to hear NSA surveillance case
  201. CISO challenges and security ROI
  202. Review: Professional Penetration Testing, Second Edition
  203. Does IP convergence open you up to hackers?
  204. Windows XP will leave organizations severely exposed
  205. Public WiFi users regularly access sensitive info
  206. Organizations need data analytics to tackle supply chain fraud
  207. Samsung Galaxy enterprise mobility management
  208. Week in review: AET costs, Windows XP deadline, routers expose ISPs to DNS-based DDoS attacks
  209. "Power Worm" PowerShell based Malware, (Sun, Apr 6th)
  210. Those strange e-mails with URLs in them can lead to Android malware, (Sat, Apr 5th)
  211. Businesses face rising political pressure from data breaches
  212. BlackBerry pushes upcoming BBM Protected for end-to-end encrypted messaging
  213. Snowden leaks erode trust in Internet companies, government
  214. Microsoft to start blocking adware that lacks easy uninstall
  215. XSS flaw in popular video-sharing site enabled DDoS attack through visitors' browsers
  216. FTC Commissioner Wright's calendar heavy on lobbyists, light on consumer groups
  217. DeepGuard 5 vs. Word RTF zero-day CVE-2014-1761
  218. Windows 8.1 Update Released, (Fri, Apr 4th)
  219. SMS Trojan goes after digital wallets
  220. German police finds 18M stolen and misused account logins
  221. Dealing with Disaster - A Short Malware Incident Response, (Fri, Apr 4th)
  222. CryptoDefense developers "forget" decryption key on victims' computer
  223. Patch Tuesday pre-Announcement - XP officially becomes the enemy next week, (Fri, Apr 4th)
  224. PHP 5.4.27 released, (Fri, Apr 4th)
  225. April 8th: Not Just About XP
  226. Zeus malware found with valid digital certificate
  227. State AGs investigating Experian subsidiary's data breach
  228. Patch Tuesday: Final Microsoft support for Windows XP addresses Internet Explorer problems
  229. Yahoo! Encrypts! All! The! Things!
  230. Microsoft sketches out final Windows XP security updates for next week
  231. Indosat routing error impacts few but hits Akamai, Chevron
  232. Barrett Brown signs (sealed) plea agreement
  233. Microsoft to release only four bulletins on Tuesday
  234. Record year for Facebook bug hunters
  235. This phishing page can do more than steal your credentials
  236. Windows XP usage lower across industries
  237. Messaging apps turn to growth hacking to compete
  238. Thecus expands SMB and enterprise NAS line
  239. Whitepaper: Who's snooping on your email?
  240. Targeted Attacks and Ukraine
  241. Want to lower your risk? Lower the ROI of hackers
  242. New Windows Phone security necessary, but not groundbreaking
  243. 7 all-in-one security suites: Anti-malware for all your devices
  244. Users face serious threat as hackers take aim at routers, embedded devices
  245. Yahoo encrypts traffic between data centers, plans for encrypted Messenger
  246. Yahoo encrypts traffic between data centers, plans for encrypted Messenger
  247. Details for 30 Oracle Java Cloud Service flaws revealed
  248. The insider threat is growing
  249. Are you prepared for the end of Windows XP support?
  250. Cryptocat sticks to openness despite grief over audits