Security » News »

  • US agency to seek consensus on divisive, volatile topic of security vulnerability disclosures

    The U.S. National Telecommunications and Information Administration will host a series of discussions about the best way to disclose cybersecurity vulnerabilities.

  • Grsecurity will stop issuing patches citing trademark abuse

    A major corporation is misusing grsecurity’s trademarks and violating the terms of the GNU Public License – and as a consequence, the leader of the project said Wednesday, grsecurity will stop making its stable patches available to the general public.

  • Attention whitehats, The FTC wants you to lead new privacy, security push

    The FTC’s PrivacyCon will include brief privacy and security research presentations, along with expert panel discussions on the latest privacy and security challenges facing consumers. Whitehat researchers and academics will discuss the latest security vulnerabilities, explain how they can be exploited to harm consumers, and highlight research affecting consumer privacy and data security.

  • Researchers find many more modules of Regin spying tool

    Security researchers from Symantec have identified 49 more modules of the sophisticated Regin cyberespionage platform that many believe is used by the U.S. National Security Agency and its close allies.

  • Website blocking and the known unknowns of the copyright crackdown

    Rights holders are making noises about gearing up to use legislation that will allow them to obtain court orders forcing ISPs to block access to piracy-linked websites. But exactly how the law will function in practice is still somewhat unclear.

  • Google to freeze some Adobe Flash content on Sept. 1

    Google will stop some Flash content from automatically playing starting Sept. 1, a move it decided on earlier this year to improve browser performance.

  • BitTorrent patches flaw that could amplify distributed denial-of-service attacks

    BitTorrent fixed a vulnerability that would have allowed attackers to hijack BitTorrent applications used by hundreds of millions of users in order to amplify distributed denial-of-service (DDoS) attacks.

  • Some routers vulnerable to remote hacking due to hard-coded admin credentials

    Several DSL routers from different manufacturers contain a guessable hard-coded password that allows accessing the devices with a hidden administrator account.

  • Tech nightmares that keep Turing Award winners up at night

    "What about the tech world today keeps you up at night?" was the question. RSA encryption algorithm co-inventor Leonard Adelman, "Father of the Internet" Vint Cerf and cryptography innovator Manuel Blum all shared their biggest fears.

  • Tor security concerns prompt largest dark market to suspend operations

    Administrators of Agora, the largest online black marketplace operating on the Tor anonymity network, decided to temporarily suspend the website because of possible attacks based on recent methods of exposing Tor Hidden Services.

  • AT&T Wi-Fi hotspot reportedly stuffs extra ads into Web pages

    Stanford computer scientist Jonathan Mayer was recently Web browsing at a U.S. airport when he reportedly noticed there were too many online advertisements.

  • Dell Oro Group: Check Point, Fortinet, Palo Alto making gains in security appliances

    There’s a shift among the top security vendors that has Cisco remaining at the top of the heap but with Check Point Software, Fortinet and Palo Alto Networks making gains and pressuring Juniper Networks, according to new research from Dell’Oro Group.

  • Ethernet switching in high gear in Q2

    $5.9 billion market stoked by campus and China

  • DARPA: Current DDoS protection isn’t cutting it

    The DARPA program, called Extreme DDoS Defense (XD3) looks to :
    • thwart DDoS attacks by dispersing cyber assets (physically and/or logically) to complicate adversarial targeting
    • disguise the characteristics and behaviors of those assets to confuse or deceive the adversary
    • blunt the effects of attacks that succeed in penetrating other defensive measures by using adaptive mitigation techniques on endpoints such as mission‐critical servers.

  • Wyndham vs. FTC: Corporate security pros need to lawyer up about data breach protection, experts say

    Corporate security executives need to meet with their legal teams to find out if the way they protect customer data will keep them out of trouble with the Federal Trade Commission if it should be compromised in a data breach.

  • Certifi-gate flaw in Android remote support tool exploited by screen recording app

    An application hosted in Google Play until yesterday took advantage for months of a flaw in the TeamViewer remote support tool for Android in order to enable screen recording on older devices.

  • Designing a good security awareness program

    Badly designed security awareness programs can damage the relationship between the user population and the security team instead of educating people about security according to Gartner research director Andrew Walls.

  • Optus locks down admin rights

    Optus has used a privilege management software tool to reduce the number of PCs with admin rights.

  • OAIC investigates Ashley Madison data breach

    Acting Australian Information Commissioner Timothy Pilgrim has launched an investigation into the release of confidential data from AshleyMadison.com.

  • Ashley Madison hauled to court in class action suits over data breach

    Legal pressure on Ashley Madison and its parent company is picking up with more class-action lawsuits filed this week against the extramarital hookup site in the U.S., alleging negligence by the site in protecting confidential user data.