Web Security

Before the kill chain: What attackers are doing and how you can spot them

What if you could uncover the infrastructure attackers are staging and identify threats BEFORE the kill chain begins?

Senators introduce bill to expand DHS oversight of federal .gov domain

By

A bipartisan group of senators introduced legislation, that would increase the Department of Homeland Security's role in protecting federal the .gov domain.

TerraCom, Yourtel America fined $3.5M for storing customer data on unsecured severs

By

TerraCom and Yourtel America have been ordered to pay a $3.5 million in civil penalties to the FCC for failing to adequately store customer data.

'Prized' app developers banned from distributing malware in FTC settlement

'Prized' app developers banned from distributing malware in FTC settlement

By

The Federal Trade Commission banned app developers Equiliv Investments and Ryan Ramminger from creating and distributing malware after their "Prized" app commandeered consumer devices to mine digital currency.

Is the password dead? Not just yet.

Mark Twain once said, "The report of my death was an exaggeration." Can the same be said for the password?

Understanding SSL/TLS best practices and application protection

Websites are under attack. In the last year, new vulnerabilities have been uncovered that allows malicious attackers to undermine security that organizations put in place to protect themselves and their end users sensitive information.

Study: 15-30 percent of eCommerce site visitors infected with CSIM

Study: 15-30 percent of eCommerce site visitors infected with CSIM

By

Startup security company Namogoo says that 15-30 percent of eCommerce site visitors are infected with client side injected malware (CSIM).

Microsoft deems Ask.com toolbar malware, will automatically remove

Microsoft deems Ask.com toolbar malware, will automatically remove

By

Earlier versions of the Ask.com toolbar will meet the same fate as other programs with browser search protection functionality.

Practical security control mapping for financial services organizations

According to Accenture's 2015 Global Risk Management Study, financial services and banking executives view cyber & IT risk as their top risk area over the next two years.

Remediate before it's too late

With mega breaches springing up one after another, many industry players have registered both disbelief and awe at the sheer numbers of individual credentials stolen.

Who goes there?: Tor Project

Who goes there?: Tor Project

By

Misperceptions about Tor - and who is using it - are preventing its wider acceptance, says security researcher Runa Sandvik. Adam Greenberg reports..

Talk therapy: Information sharing

Talk therapy: Information sharing

Companies benefit by communicating with each other about the attacks they've incurred, reports Jesse Staniforth.

Music streaming service Gaana offline after hacker exposes user database flaw

By

The website for the Indian streaming service was still down as of Thursday afternoon EST, but Gaana says that the vulnerability is patched.

SEA hacks Washington Post mobile site

By

Back in 2013, the Syrian Electronic Army (SEA) hacked The Washington Post's site, redirecting visitors to hacker-controlled pages.

Distil Networks 2015 Bad Bot Report: 5 high-risk lessons

Distil Networks has produced their annual Bad Bot Report. It's the IT Security Industry's most in-depth analysis on the sources, types, and sophistication levels of last year's bot attacks-- and there are serious implications for anyone responsible for securing their web infrastructure.

Ad network compromised to redirect users to Nuclear EK, install Carberp

Ad network compromised to redirect users to Nuclear EK, install Carberp

By

Attackers targeted a server operated by New Jersey-based advertising network, Mad Ads Media, in order to redirect users to an exploit kit.

Sign on the digital line: Case study

Sign on the digital line: Case study

By

Biopharma companies need a secure digital signing infrastructure. SureClinical found an answer for them, reports Greg Masters.

Hinkley to replace founder Grossman as WhiteHat CEO

By

After more than a year with company founder Jeremiah Grossman serving as interim CEO, WhiteHat has selected Craig Hinkley to fill the top spot.

Key security insights for 2015

It's clear that cyber-crimes are alive and well on the global stage and will only continue to be pervasive as long as organizations prolong taking the necessary defense measures to stop threats from slipping through the cracks.

Citizen Lab says 'Great Cannon' tool allowed DDoS against GitHub, GreatFire.org

By

Researchers described "Great Cannon" as China's latest internet censorship tool.

Google says it will no longer trust digital certs issued by CNNIC

Google says it will no longer trust digital certs issued by CNNIC

By

Google made the decision after investigating a security incident in which digital certs were "misissued."

F5 Networks opens new security operations center

By

5 Networks opened the doors to its new security operations center (SOC) facility at its Seattle headquarters today.

Taming the third-party threat: Application security

Taming the third-party threat: Application security

By

The challenge for security practitioners is to make the mobile ecosystem more trustable, reports Alan Earls.

Debate: Your money is safe online.

Debate: Your money is safe online.

Given the recent headline-grabbing breaches, in this month's debate information security professionals discuss whether or not money is safe online.

Skills in demand: Web application security

Skills in demand: Web application security

With so many of us visiting the web for social-networking, shopping, banking, paying bills and general surfing, it's imperative that companies ensure their web facing applications are secure and free from vulnerabilities.

IBM security expert panel: Fighting today's advanced attacks with behavioral-based prevention

With security incidents becoming a weekly, if not daily, occurrence, organizations need proactive, preventative security measures to protect themselves and their customers. Hear from a diverse panel of IBM Security experts.

How to help remove the big risks from big data

Although the IBM z Systems platform is known for scalability and security, you still have to monitor who did what, when, why, where and how to ensure that information stays protected.

NYPD union website hacked

By

The New York Police Department's (NYPD) Captains Endowment Association website was hit by a cyber attack over the weekend.

How to extend threat protection to off-network employees

Many of the largest data breaches recently were initiated by attackers targeting the weakest links—remote sites, supplier networks, and mobile workers.

Malvertising has a big impact

By

In this video, Manoj Leelanivas, president and CEO of Cyphort, discusses how malvertising works, the impact of the threat, and how the issue can be addressed.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US