U.K. police arrested a 19-year-old on Monday for allegedly attacking a police website earlier in the day, in what is the first arrest connected with the rogue hacking group Lulz Security.
Jeremy Kirk | 21 Jun | Read more
Massive website compromises using a technique known as <a href="http://www.csoonline.com/article/499964/sql-injection-attacks-led-to-heartland-hannaford-breaches-">SQL injection</a> has long been a top security concern for Web developers and site owners. Now, the attacks may become harder to detect and prevent, according to one security firm's analysis.
Robert Lemos | 20 Jun | Read more
You can't survive without them. They wield enormous power over your systems, networks, and data -- the very lifeblood of your organization. Few people outside IT have any understanding of what they do, and fewer still exercise any oversight over their actions.
Electronic Frontiers Australia (EFA) has called for calm following the revelation that Apple has applied for a patent which could disable iPhones from video recording live music.
Tim Lohman | 21 Jun | Read more
The Joint Select Committee on Cyber Safety has advised the Federal Government to amend the <i>Privacy Act 1988</i> to ensure certain small businesses are subject to the requirements of the Act.
Chloe Herrick | 21 Jun | Read more
It's almost the end of financial year, and the Australian Taxation Office (ATO) has warned companies and consumers to beware of phishing emails and telemarketing calls.
Hamish Barwick | 21 Jun | Read more
Information security company Bridge Point Communications will take over the assets and staff of data centre specialist, Server Central, on 30 June once due diligence is completed.
Hamish Barwick | 21 Jun | Read more
Domain register and Web hosting provider, Distribute.IT, has been unable to recover any of the data hosted on its four servers following an [[artnid:390689|infrastructure hack|new]] last week by a group called Evil and is now transferring customers to other hosting providers.
Hamish Barwick | 21 Jun | Read more
Members of the Open Group's Security for the Cloud and SOA Project have launched a new <a href="http://www.csoonline.com/article/505871/the-curse-of-cloud-security">security architecture for the cloud</a>, to help security organizations better understand the unique security aspects of cloud computing.
Bob Violino | 20 Jun | Read more
I've been watching a challenge grow on the horizon. It comes up over and over again in conversations with security and technology executives alike, and if it hasn't hit your organization yet...well, let's just say that it probably has and you're just missing it. It's the broad issue of mobility and the consumerization of IT. Simply put, it's all those fun little devices that your employees are bringing to you and saying "support me."
Bob Bragdon | 21 Jun | Read more
A day after a pair of hacker groups promised to step up their attacks against government Web sites, one of them claimed to have knocked the U.K.'s Serious Organised Crime Agency (SOCA) offline.
Gregg Keizer | 21 Jun | Read more
Hackers are aggressively exploiting a just-patched Flash vulnerability, serving attack code "on a fairly large scale" from compromised sites as well as from their own malicious domains, a security researcher said Friday.
Computerworld Staff | 20 Jun | Read more
Countries will continue to press the envelope to determine how much damage can be inflicted before the United States declares a cyberwar according to a Federal Bureau of Investigation (FBI) associate.
Hamish Barwick | 20 Jun | Read more
Web scanning is different from vulnerability scanning because it looks for bugs in the Web apps themselves, rather than in the software installed on the Web server. For example, all of the vulnerability scanners told us about an old embedded system on our network vulnerable to a cross-site scripting attack because of an old version of PHP.
Joel Snyder | 20 Jun | Read more
Compliance is a natural extension of a vulnerability analysis tool. Normal vulnerability scanning includes searching for unpatched systems, unprotected directories and other errors in configuration.
Joel Snyder | 20 Jun | Read more
We developed a test methodology and evaluation criteria in six main areas, including results reporting, product controls and manageability, scan results, vulnerability workflow features, interoperability, and updates and protocol support.
Joel Snyder | 20 Jun | Read more
Who has your private info? Who knows, given how common <a href="http://www.pcworld.com/businesscenter/article/229301/are_you_a_data_breach_victim_heres_what_to_do.html">security breaches</a> have become. And credit card information is one of the most common types of <a href="http://www.pcworld.com/article/227255/protect_your_data_from_the_breach_epidemic.html">personal data</a> we volunteer online. So what can you do to minimize credit card fraud? Well, you can't stop the break-ins, but here are four ways to keep your funds out of the hands of the bad guys.
Jeff Bertolucci | 19 Jun | Read more
Amazon's Kindle e-reader store has a spam problem, and that isn't good news for legitimate authors and consumers trying to find their books.
Literary website Writerspace.com has admitted that almost a quarter <a href="Literary website Writerspace.com has admitted that almost a quarter of the 62,000 email logins published after an attack by LulzSec came from its user database. ">of the 62,000 email logins published</a> after an attack by LulzSec came from its user database.
John E Dunn | 18 Jun | Read more
Now that Connecticut Attorney General George has joined the brouhaha around Facebook's new facial recognition feature, it's possible the flap could get bigger.
Sharon Gaudin | 18 Jun | Read more