- Can funding open source bug bounties save Europe from mass-surveillance?
- Second HTTPS snooping flaw breaks security for thousands of iOS apps
- Police breaks up cybergang that stole over $15 million from banks
- How the Internet of Things is reshaping the future of security
- Aussie banks targeted by botnets: Report
intrusion - News, Features, and Slideshows
Follow me, if you will, on a journey back in time to just one year ago. As 2013 turned into 2014, the information security industry was buzzing about the latest spate of breaches. Target had ushered in a new era of retail security breaches, with 40 million card numbers lost to the hackers. Little did we know at the time that this was just the beginning, and small potatoes in comparison to what was to come. One year ago, Neiman Marcus and Michaels had joined Target, and I wrote in response to the growing number of breach disclosures that "in fact, I have to wonder which retailers have not suffered breaches. The word on the street is that at least a half-dozen other retailers were compromised in the past few months, without publicity." Sadly, this turned out to be true. I hate being right all the time.
In today's threatscape, antivirus software provides little piece of mind. In fact, antimalware scanners on the whole are horrifically inaccurate, especially with exploits less than 24 hours old. After all, malicious hackers and malware can change their tactics at will. Swap a few bytes around, and a previously recognized malware program becomes unrecognizable.
Police in Austin, Texas, set up sting operations with cars they have under surveillance, watching for thieves to break into them. Marcus J. Carey's Web service, HoneyDocs -- born in the same city -- uses the same concept, only with computer files.
Security pros and government officials warn of a possible cyber 9/11 involving banks, utilities, other companies, or the Internet
Last week Gen. David Petraeus, the director of the Central Intelligence Agency, resigned in response to what has turned out to be a much bigger scandal than it first appeared.
Not long ago, the legal department at a financial services company in New York got a phone call from a hospital in London. The query: Why are you hacking us? With two known IP addresses, it wasn't difficult for the financial firm's information security staff to go back through the logs looking for traffic between the two organizations. And with the traffic identified, locating the computer from which the hacks were taking place didn't take long, either. The culprit: an individual who-as their human resources records soon confirmed-had formerly worked at that very hospital.