Exposed: An inside look at the Magnitude Exploit Kit
Researchers at Trustwave have provided CSO with an inside look at the Magnitude Exploit Kit's infrastructure.
Steve Ragan | 05 Aug | Read more
Researchers at Trustwave have provided CSO with an inside look at the Magnitude Exploit Kit's infrastructure.
Steve Ragan | 05 Aug | Read more
Now that IT departments have fixed the Heartbleed bug in most internet-facing software, security pros have started debating the risk of not patching software buried deep in the data center.
Antone Gonsalves | 24 Jul | Read more
Confirming warnings that password managers are |not as secure as you might think, single sign-on provider LastPass shared details of two vulnerabilities it found last year, while Australian retail site CatchOfTheDay was also behind the times as it revealed details of an exploit that occurred back in 2011.
David Braue | 21 Jul | Read more
This year has been the best of times and the worst of times for open source code and security.
Maria Korolov | 02 Jul | Read more
After twenty years, a vulnerability in Lempel-Ziv-Oberhumer (LZO), an extremely efficient compression algorithm, has finally been patched. The flaw, a subtle integer overflow, existed for as long as it did because of the practice of recycling code in the development community.
Steve Ragan | 27 Jun | Read more
A PayPal error made it possible to bypass two-factor authentication on a user account, demonstrating what can go wrong in deploying a tricky security mechanism.
Antone Gonsalves | 26 Jun | Read more
Think of the perfect attack like the perfect murder. It must be planned carefully and meticulously then executed systematically and flawlessly. Remember all the small detail in Hitchcock’s “The Rear Window”? No-one would have noticed anything or even missed the victim if it weren’t for Jimmy Stewart, who, with a broken leg had nothing better to do all day than to gaze out his rear window.
Dr Claudia Johnson | 26 Jun | Read more
Attacks that proved successful on PCs are now being tested on unwitting mobile device users to see what works -- and with the number of mobile devices with poor protection soaring, there are plenty of easy targets. "Attackers are definitely searching after the weakest point in the chain," and then honing in on the most successful scams, says Lior Kohavi, CTO at CYREN, a cloud-based security solutions provider in McLean, Va.
Stacy Collett | 22 May | Read more
First off, what is it? Well, for those of you who may not know, Ruby on Rails is an open source web frame work that has been around since 2003. It was first developed by David Heinemeier Hansson and has since gone on to be used in thousands of web applications such as Basecamp, Twitter and Github.
Dave Lewis | 08 May | Read more
The developers behind Jetpack, one of WordPress' most popular plugins, have patched a serious flaw introduced in 2012 that would enable an attacker bypass access controls and publish posts to any website hosted on the blogging platform.
Steve Ragan | 15 Apr | Read more
After only a few days, the Internet is still buzzing with news surrounding CVE-2014-0160, better known as the Heartbleed vulnerability. CSO has compiled the following information in order to help administrators and security teams understand the issue, determine their risks, and if needed, fix the problem.
Steve Ragan | 11 Apr | Read more
Consumers may well have lost sensitive data without even knowing it.
David Braue | 09 Apr | Read more
HP's annual Pwn2Own contest has been run and won. Critical flaws in every major browser, which allowed remote code execution, were found as well as issues with Adobe's Flash and Reader products. Pwn2Own is a hacker contest that runs within the CanSecWest event in Vancouver. Hackers are offered cash prizes as incentives as well as donations of computer hardware and other prizes given to the security researchers.
Anthony Caruana | 15 Mar | Read more
Visit a security-focused conference and it’s a sure bet that several vendors will be spruiking their latest security report. This year's RSA Conference was not exception.
Anthony Caruana | 06 Mar | Read more
As a long time veteran of RSA, Robert Griffiths has worked across the world, with his most recent posting being in Zurich. He is the strategy architect for RSA in Europe. He is the director of a major project in Europe, funded by the EU, as part of its security project.
Anthony Caruana | 27 Feb | Read more