While responding to a vulnerability report submitted in April, ICS-CERT told a researcher that documented, changeable default passwords are not vulnerabilities. But given the risk behind default passwords and the focus on critical infrastructure security, shouldn't such things be considered an issue?
Steve Ragan | 15 Oct | Read more
The one constant about user awareness training is that the awareness part is supposed to stick with you. Learning how to spot one type of phishing email is only good for that particular email, thus the concept of awareness is learning to trust your gut when something looks suspicious.
Steve Ragan | 09 Oct | Read more
After twenty-four hours of speculation, as well as a wall of silence from officials connected to the case, Europol's Troels Oerting, who is head of the European Cybercrime Center, has confirmed that 'Paunch' -- one of the people behind the creation and maintenance of the Blackhole Exploit Kit -- has been arrested in Russia.
Steve Ragan | 08 Oct | Read more
Last month, CSO presented findings from Skyhigh Networks, which outlined the types of risky applications that exist on a given network. The study noted that many popular applications were monitored and controlled, but lesser-known applications were given free-reign for the most part.
Steve Ragan | 08 Oct | Read more
Examining data from one million devices, Fiberlink, a mobile management firm, examined the often forgotten part of mobility in the workforce -- laptops. While IT and security vendors focus on Google's Android, Apple's iOS, tablets, and smartphones, Lenovo's ThinkPad and Dell's Latitude chug along, remaining a stable fixture in the workplace. According to Fiberlink, almost 50 percent of the laptops observed in their study are running Windows XP.
Steve Ragan | 07 Oct | Read more
As part of National Cyber Security Awareness Month, Rapid7 is publishing a series of easily emailed awareness tips. Last week, CSO shared the letter addressing the topic of phishing. Today, the topic is BYOD and mobile risk.
Steve Ragan | 07 Oct | Read more
Hong Kong-based PureVPN faced problems this weekend, after someone used a Zero-Day vulnerability in WHMCS to send the networking firm's customers an alarming message. The rogue email stated that the VPN service was going to shutdown due to legal issues, and that customer information was handed over to the authorities.
Steve Ragan | 07 Oct | Read more
In a series of posts for National Cyber Security Awareness Month, Rapid7 is releasing a set of easily emailed user awareness notes. With permission, and because we fully support the notion of raising awareness when it comes to security topics, CSO has published the letter below.
Steve Ragan | 07 Oct | Read more
Symantec has announced that they've successfully taken down a significant part of the ZeroAccess botnet, by exploiting a weakness discovered in its code.
Steve Ragan | 07 Oct | Read more
A new report from the Polytechnic Institute of New York University has linked susceptibility to phishing scams to personality traits, noting that women may be more vulnerable to men.
Steve Ragan | 07 Oct | Read more
Facebook has announced new changes to the way Graph Search discovers information, including the fact that status updates, photos, check-ins, and comments are now included in search results. This new stream of information offers criminals developing phishing campaigns all-new attack surfaces to exploit.
Steve Ragan | 07 Oct | Read more
In a blog post on Thursday, Adobe said that during a security audit sometime around September 17, the company discovered that attackers had accessed Adobe customer IDs, as well as encrypted passwords. In addition to IDs and passwords, Adobe Chief Security Officer, Brad Arkin, said that the attackers also accessed customer names, encrypted credit and debit card numbers, expiration dates and "other information."
Steve Ragan | 07 Oct | Read more
Kaspersky Lab has released details on an espionage campaign active since 2011, which targeted organizations in Japan and South Korea, which are key elements to Western supply chains
Steve Ragan | 26 Sep | Read more
Police arrest eight men in connection with a reported $2-million robbery at Barclays Bank, accomplished by compromising both physical and system security
Steve Ragan | 20 Sep | Read more
Microsoft alert says all supported versions of Internet Explorer contain a zero day vulnerability that is being actively targeted online, and 70 percent of Windows business users are impacted
Steve Ragan | 19 Sep | Read more