When it rains it pours for eBay. Less than a week after the popular website revealed it was the victim of a massive data breach and directed users to change their passwords, researchers have discovered that it is vulnerable to serious flaws that could allow an attacker to access user accounts. Individuals need to know how to guard against falling victim to these security issues, and other businesses need to learn from eBay's mistakes and do a better job of protecting resources on the Web.
Tony Bradley |
30 May |
Read more
You've probably heard by now that eBay is the latest victim of a massive data breach. The popular online auction site has asked users to reset their passwords as a precautionary measure, but the data that matters most is already compromised, and there is nothing you can do to "reset" it.
Tony Bradley |
22 May |
Read more
Security researchers have been stressing the dramatic rise in mobile malware for a few years now--which naturally leads to more users downloading and using some sort of mobile antimalware app. But now even malware protection has become a risk: last month the popular Virus Shield Android app was outed as fraud, and this week Kaspersky announced the discovery of a pair of fake apps using its name in the Google and Windows Phone app stores.
Tony Bradley |
17 May |
Read more
Once upon a time one of the primary handicaps of iOS devices was the fact that you had to physically connect it to a Windows or Mac PC with a USB sync cable to back it up using iTunes. With iOS 5 Apple introduced iCloud, essentially allowing users to cut the cord. But these iOS backup methods were not created equal, and if you don't choose carefully you could be risking significant data loss. To ensure your iPhone or iPad data is fully protected, here's a look at what each option backs up and when to use it.
Tony Bradley |
15 May |
Read more
When it comes down to it, spam and phishing scams rely primarily on exploiting trust. If the attacker can find a way to make the message appear to be from a known source, the odds that a user will take the bait are much higher. This has led to malware infections that access your contacts and send out infected emails on your behalf to everyone you know, and those same basic techniques have been adapted for instant messaging, social networks, and even SMS text messaging. According to a new report from Kaspersky Lab, Mobile apps are the new frontier.
Tony Bradley |
08 May |
Read more
Well, it took a bit longer than many security experts expected, but the first big security threat for Windows XP users has arrived. The zero day vulnerability will be quickly patched by Microsoft--for supported platforms at least. That means that this will be the first of many open wounds for Windows XP--known vulnerabilities left exposed because the OS is no longer supported by Microsoft.
Tony Bradley |
30 Apr |
Read more
If you want to catch trout, you have to fish where the trout swim. That same logic applies for cyber criminals--they will focus their efforts wherever there is a fair chance of finding targets to prey on. This is underscored by a new report from Alert Logic that reveals a dramatic rise in cloud-based attacks as more businesses and individuals migrate applications and data to the cloud.
Tony Bradley |
24 Apr |
Read more
We recently passed an Internet milestone: April 12 marked the 20-year anniversary of commercialized spam. But even with two decades and trillions of unsolicited messages behind us, it seems there is still no end in sight.
Tony Bradley |
22 Apr |
Read more
Twitter announced that it is putting its MoPub acquisition to use by enabling Twitter marketers to promote and distribute mobile apps. There is a potential opportunity there, though, for attackers to exploit the system if users become conditioned to download apps from their Twitter feed without thinking.
Tony Bradley |
19 Apr |
Read more
Heartbleed has dominated tech headlines for a week now. News outlets, citizen bloggers, and even late-night TV hosts have jumped on the story, each amping up the alarm a little more than the last one. But while it's true Heartbleed is a critical flaw with widespread implications, several security experts we've spoken with believe the sky-is-falling tone of the reporting is a bit melodramatic.
Tony Bradley |
17 Apr |
Read more
The Internet has been abuzz for the last week or so in response to the Heartbleed vulnerability in OpenSSL. While almost all of the attention has centered on patching Web servers and advising users to change their passwords, security researchers have discovered that individual client PCs and devices are also at risk thanks to "Reverse Heartbleed."
Tony Bradley |
15 Apr |
Read more
Let's be clear: There is no such thing as an invulnerable application. Some have more critical vulnerabilities than others as we discovered this week with the Heartbleed bug, but any application can be exploited given a dedicated attacker. According to the HP 2013 Cyber Risk Report, though, the application itself is not to blame for most vulnerabilities - you are.
Tony Bradley |
12 Apr |
Read more
The Internet was rocked this week by revelations that a critical vulnerability in OpenSSL has left Web traffic open to compromise for years. The Heartbleed bug has potentially serious security ramifications, and it's difficult--if not impossible--to know whether data has been exposed. In an effort to restore trust, and help organizations return to normal Web operations, Entrust is providing fresh certificates for customers at no cost.
Tony Bradley |
12 Apr |
Read more
By now you've likely heard about the Heartbleed bug, a critical vulnerability that exposes potentially millions of passwords to attack and undermines the very security of the Internet. Because the flaw exists in OpenSSL--which is an open source implementation of SSL encryption--many will question whether the nature of open source development is in some way at fault. I touched based with security experts to get their thoughts.
Tony Bradley |
10 Apr |
Read more
You know that little padlock icon you look for to ensure your Web traffic is encrypted and secure? It turns out that you might not be as secure as you think thanks to a vulnerability that was accidentally introduced into the code of OpenSSL.
Tony Bradley |
10 Apr |
Read more
