Of the many casualties of the Heartbleed flaw, the Tor anonymity browser is one of the more interesting. As a heavy user of SSL to encrypt traffic between the various Tor nodes, it’s no surprise the network announced that it was vulnerable – which potentially compromises its much-vaunted privacy function.
19 April 2014
Michaels Stores, the arts and crafts retail chain, has confirmed that it has been the victim of two separate, eight-month-long point-of-sale (PoS) attacks, exposing the credit and debit card data of as many as 3 million customers.
18 April 2014
A malicious mobile application for Android that offers a range of espionage functions has now gone on sale in underground forums with a new trick: it’s being used by several banking trojans in an attempt to bypass the two-factor authentication method used by a range financial institutions.
17 April 2014
(ISC)² has announced the availability of its Certified Cyber Forensics Professional – European Union (CCFPSM-EU) certification.
17 April 2014
More than a year after security firm Mandiant caused a stir by publishing a report that alleged China was behind widespread and increasingly sophisticated cyber-espionage projects, it’s back again to tell us that things have gone from bad to worse.
15 April 2014
There is a growing global criminal-infrastructure-as-a-service economy being perpetrated through exploit kits and compromised website redirection chains – with billions of attacks adding to cybercriminals' sophistication and ability to evade detection. According to the latest Websense Security Labs 2014 Threat Report, the infrastructure of an attack campaign is now typically constantly developed, enhanced and reused throughout the entire threat lifecycle.
05 April 2014
An initiative that cuts across the security vendor landscape is one way that Exclusive Networks helps customers turn their preventive technologies into a problem solver in the aftermath of a data breach incident
02 April 2014
A prolific international scheme designed to fleece unwary consumers with bogus sub-$15 charges is making the rounds, according to security researcher Brian Krebs. The common thread? The victims have all paid for online learning tools, but instead have been subjected to multiple junk charges from a company called “BLS Weblearn.”
02 April 2014
It’s been in the works for months, but the UK's Computer Emergency Response Team (CERT-UK) has officially opened its doors for business, promising to “provide an authoritative voice to those agencies and organizations that are helping the UK to become more resilient and to prosper in the internet age.”
01 April 2014
Keeping ahead of web-based threats requires a mechanism to continually search for new types of attacks while understanding existing ones. However, data fragmentation and threat complexity plagues efforts to keep track of all the data related to malware, phishing and other risks – differences in how threats are discussed, categorized or even named vary from platform to platform and vendor to vendor. Facebook is taking steps to solve the issue for itself with the release of ThreatData.
31 March 2014