The U.S. Department of Defense has announced a set of five guiding strategic principles for better preparing its forces to handle operations to defend the nation in cyberspace.
Robert Lemos | 16 Jul | Read more
Agricultural technology firm Monsanto became the latest target of hacktivists this week, when hackers donning the mantle of the distributed protest group Anonymous <a href="http://pastebin.com/vrDGwuUH">claimed</a> that it had penetrated the firm's network and leaked personal information on 2,500 of the company's employees.
Robert Lemos | 15 Jul | Read more
Code that exploits two iPhone flaws to allow people to jailbreak their devices could, ironically, force security-conscious users to use the vulnerabilities to jailbreak their own iPhones and apply a third-party patch.
Robert Lemos | 09 Jul | Read more
If companies patch the most popular 37 Windows programs, they could cut their risk by 80 percent, according to a report released on Wednesday by vulnerability management and information firm Secunia.
Robert Lemos | 30 Jun | Read more
With the surge in <a href="http://blogs.csoonline.com/hacktivism">hacktivism</a> and nation-state espionage in recent years, not to mention the continuing high levels of cybercrime, companies need better tools to evaluate the quality of any developer's code.
Robert Lemos | 29 Jun | Read more
Companies and bloggers that run their own WordPress installations should make sure that they have not downloaded any of three popular plugins that were, for about 24 hours, playing host to <a href="http://www.csoonline.com/topic/43400/malware-cybercrime">malicious code</a>, WordPress creator Auttomatic warned.
Robert Lemos | 25 Jun | Read more
Online criminals have evolved their tactics to harden their botnets against takedown using a variety of tactics, including fast-flux networks and Conficker-like dynamic domain generation. Yet, such tactics can also pinpoint when such networks are being created by bot operators, according to research from the Georgia Institute of Technology.
Robert Lemos | 22 Jun | Read more
Massive website compromises using a technique known as <a href="http://www.csoonline.com/article/499964/sql-injection-attacks-led-to-heartland-hannaford-breaches-">SQL injection</a> has long been a top security concern for Web developers and site owners. Now, the attacks may become harder to detect and prevent, according to one security firm's analysis.
Robert Lemos | 20 Jun | Read more
In June 2007, Apple released the iPhone, and the device quickly took off to become a major brand in the smartphone market. Yet when the iPhone shipped, security on the mobile operating system was nearly nonexistent. Missing from the initial iOS (then called iPhone OS) were many of the security features that modern-day desktop software has as a matter of course, such as data-execution protection (DEP) and address-space layout randomization (ASLR). Apple's cachet lured security researchers to test the platform, and in less than a month, a trio had released details on the first vulnerability: an exploitable flaw in the mobile Safari browser.
Robert Lemos | 06 Jun | Read more
The source code and a manual to the popular crimeware creation kit Zeus has been leaked, perhaps giving defenders additional tools to fight infections but also raising concerns that criminals may use the source code to create a rapidly expanding compendium of variants.
Robert Lemos | 14 May | Read more
On Superbowl Sunday, HBGary CTO Greg Hoglund found himself locked out of his own e-mail account. As has since been widely reported in the media, the hacking group Anonymous leaked thousands of e-mail messages from the accounts of Hoglund and HBGary Federal's CEO Aaron Barr, chastising the company in a public statement.
Robert Lemos | 18 Mar | Read more
Security company RSA's revelation that its network had been breached and information relating to its SecurID one-time password technology stolen has left customers and industry experts with more questions than answers.
Robert Lemos | 19 Mar | Read more
The malicious code that led Google to remove more than 50 Trojan applications from the Android Marketplace appears to mainly be a "dropper" -- a program designed to load other code to further compromise the affected smartphone, according to a security firm's analysis.
Robert Lemos | 09 Mar | Read more
An old standby of cyber criminals -- the denial-of-service attack -- has become a new worry for data center operators.
Robert Lemos | 02 Nov | Read more
While Google, Amazon and Salesforce have gotten the most attention as cloud service providers, Microsoft-with its 300 products and services delivered from its data centers-has a large cloud bank all its own.
Robert Lemos | 26 Aug | Read more