IT Security
Security bloggers help keep you up to date on how to protect your network through news, updates, advice, and opinions on how you can stay ahead of hackers.
-
25,000 co-opted Linux servers spread spam, drop malware and steal credentials
A new report details how 25,000 servers were compromised. The attacks would have failed if more than single-factor login (username/password) had been required.
-
User education drops down ASD strategies to prevent security intrusions
An increase in intrusions using techniques that an educated user would not detect has led Australia's signals intelligence unit to place user education as the 28th most effective strategy for mitigating a cyber-intrusion.
-
How mid-to-large companies can optimize security budgets
These tips will help medium-to-large businesses learn to make the most of their IT security budgets.
-
SMB penny stretching 101: Making the most of your security budget
SMBs can learn how to deal with limited IT security budgets and scarce resources by prioritizing security controls and needs.
-
Droidpak: A sneak attack on Android devices via PC malware
New Android banking malware leverages vulnerable PCs to install itself on Android mobile devices. Learn how to foil this latest exploit.
-
Malicious intent can turn Chrome speech recognition into spying device
A speech recognition expert contends malicious players can turn Google's Chrome web browser into a remote listening device.
-
Researchers describe tool that manipulates RAM, misleads cybercrime investigators
At Shmoocon 2014, Jacob Williams and Alissa Torres described a concept tool that would allow cybercriminals to cover their tracks by altering the contents of a computer's memory.
-
Internet of Things botnet may include TVs and a fridge
Security firm Proofpoint believes they've detected a spam-sending botnet that includes internet-connected televisions and a refrigerator.
-
Fake security messages more believable than real warnings research shows
Cambridge University researchers reveal why people believe malicious, fake security messages and ignore real warnings.
-
Target data breach exposes serious threat of POS malware and botnets
In the wake of Target's massive data breach, Michael Kassner explores the rise of POS malware and botnets.
-
Technology can't stop phishing perhaps common sense can
Despite the warning, phishing attacks are still the favored attack vector of bad guys. It's time to forget technology and rely on good old common sense.
-
Neverquest banking malware more dangerous than Zeus trojan
New Neverquest malware steals bank account logins and lets attackers access accounts through victims' computers.
-
Target data breach: What you should tell non-IT folks right now
Help your friends, family, and coworkers understand the Target security breach, protect their accounts, and stay calm.
-
Android flashlight app tracks users via GPS, FTC says hold on
Buried deep in the Brightest Flashlight Free app's EULA is language that let's the maker collect and resell user location data. An FTC complaint leads to better user notification and deletion of all exiting data.
-
AutoCAD malware: Rare but malignant
There's no better way for thieves to steal design secrets than straight from the engineers and designers who create them. CAD software programs are ripe for exploit.
-
Chip and PIN: The technology is no longer secure
Chip and PIN transaction systems were thought to be secure. The only way to bypass the technology required a stolen card and knowing the PIN. That is no longer the case.
-
Ask potential cloud vendors these 10 security questions
Dominic Vogel offers his list of ten questions you should be asking cloud vendors about their security practices. Make sure you get the proof to back up their claims.
-
Cloud services: The threat of side channels
Cloud services offer convenience and potential cost savings, but a potential security issue may negate the benefits. Michael Kassner digs into some of the latest research.
-
25,000 co-opted Linux servers spread spam, drop malware and steal credentials
A new report details how 25,000 servers were compromised. The attacks would have failed if more than single-factor login (username/password) had been required.
-
Locating cell-phone owners the non-GPS way
Using GPS, a cell phone can be located within a few feet. So why are researchers concerned about locating a cell phone by its association with a specific cell tower?
-
COBIT 5 for information security: The underlying principles
COBIT 5, a governance model for enterprise IT, introduces a framework that is better focused on information security.
-
Encrypt calls on your Android device with RedPhone
Whisper Systems offers call encryption on Android with RedPhone. Chad Perrin describes how it works and where the potential security questions exist.
-
Use sSMTP to send e-mail simply and securely
Computer users like me, who prefer daily e-mail dealings to be quick, simple, and devoid of distractions, tend to use a collection of small, separate tools to fulfill each of the critical functions of dealing with e-mail. This article addresses sending e-mail with a simple SMTP client called sSMTP on Unix and Linux systems, including how to use it for secure encrypted connections to your outgoing mail server.
-
Does your flashlight app know where you are? Probing Android permissions
Android permissions are difficult to understand. Michael Kassner interviews a research team using the "wisdom of the crowd" to clarify what a permission actually does.
-
The truth behind those Nigerian 419 scammers
Why would 419 scammers say they're Nigerian, even if they are as American as apple pie? Michael Kassner provides some insight as to why.
-
The convergence of biological and computer viruses
The difference between a biological virus and a computer virus is blurring. Learn how a researcher infected himself with a computer virus.
-
Lock down Cisco switch port security
One way to boost network security is to use Cisco's Port Security feature to lock down switch ports. Learn the basics of port security, and find out how to configure this feature.
-
What’s better than creating your own DDoS? Renting one
Thanks to the cloud, anyone can now initiate a DDoS attack. Find out how booter services work.
-
Rootkit coders beware: Malwarebytes is in hot pursuit
Anti-malware heavy-hitter Malwarebytes is now laser-focused on eliminating rootkits. Michael P. Kassner asks the creators of MBAM how they approach this particular threat.