Stories by Ellen Messmer

Fortinet, McAfee, Trend Micro, Bitdefender battle in socially-engineered malware prevention test

Socially-engineered malware tries to trick users into downloading and executing malicious code through tactics that include everything from fake antivirus to fake utilities to fake upgrades to the operating system and trojanized applications.

Heartbleed bug is irritating McAfee, Symantec, Kaspersky Lab

The Heartbleed Bug disclosed by the OpenSSL group on April 7 has sent many vendors scurrying to patch their products and that includes security firms Symantec, Intel Security's McAfee division, and Kaspersky Lab.

Heartbleed Bug hits at heart of many Cisco, Juniper products

The Heartbleed Bug, a flaw in OpenSSL that would let attackers eavesdrop on Web, e-mail and some VPN communications, is a vulnerability that can be found not just in servers using it but also in network gear from Cisco and Juniper Networks. Both vendors say there's still a lot they are investigating about how Heartbleed impacts their products, and to expect updated advisories on a rolling basis.

Who's to blame for 'catastrophic' Heartbleed Bug?

The Heartbleed Bug, basically a flaw in OpenSSL that would let savvy attackers eavesdrop on Web, e-mail and some VPN communications that use OpenSSL, has sent companies scurrying to patch servers and change digital encryption certificates and users to change their passwords. But who's to blame for this flaw in the open-source protocol that some say also could impact routers and even mobile devices as well?

In Pictures: The worst data breaches of 2014… so far (Q1)

The Identity Theft Resource Center, which tracks data breaches, has counted 204 of them from January 1 to March 27.

IBM claims new patent for mobile security technology

IBM has come up with a technology for reducing the risk of data being exposed in mobile push notifications to mobile devices by coming up with a way to encrypt that information so service providers and others can't actually see any data related to the user's mobile device.

1

New federal rule requires banks to fight DDoS attacks

Banks and financial institutions regulated by the federal government must now monitor for distributed denial-of-service (DDoS) attacks against their networks and have a plan in place to try and mitigate against such attacks, a federal regulatory body said this week.

Security pros talk about playing defense against cybercrime

Security professionals are playing defense against cybercrime, and often feel outgunned by tech-savvy hackers and insiders out to steal sensitive data from within the business. They see a shortage of qualified security personnel to call on, but also believe that threat-detection tools are getting better.

FireEye, AhnLab score low in lab test of breach detection systems

In an evaluative lab test, FireEye and Ahnlab each scored "below average" on their breach-detection systems (BDS) in a comparative group product test which was conducted by NSS Labs.

Dell unveils BYOD-focused mobility product plans

Dell today unveiled enterprise mobility software for Google Android or Apple iOS that supports employee "bring your own device" use by selectively applying VPN controls only to the corporate apps on the device, not the employee's personal apps.

Patch management flubs facilitate cybercrime

Failures in patch management of vulnerable systems have been a key enabler of cybercrime, according to the conclusions reached in Solutionary's annual Global Threat Intelligence Report out today, saying it sees botnet attacks as the biggest single threat.

How do the FBI and Secret Service know your network has been breached before you do?

Knock, knock! Secret Service here. "Is this your customer payment card data?"

(Free!) Security Tools you should try

Who doesn't like free stuff? There's a long tradition of free or open-source security tools, and one of the best sites to learn more about them is Security Tools, a running list of what it claims are the 125 best free security tools around.

Foundation to fight cybercrime by offering free advice on domain-name security

A newly formed non-profit called the Secure Domain Foundation (SDF) says its mission will be to provide free advice on security practices to protect the Internet's core infrastructure related to the Domain Name System.

Palo Alto Networks buys endpoint security software maker Cyvera for $200M

Palo Alto Networks, known for its next-generation firewall, Monday said it is buying Israeli start-up Cyvera for about $200 million to gain access to its endpoint security product for real-time attack prevention. The deal is expected to close in a few weeks.

Sign up now to get free exclusive access to reports, research and invitation only events.

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia