-
25,000 co-opted Linux servers spread spam, drop malware and steal credentials
A new report details how 25,000 servers were compromised. The attacks would have failed if more than single-factor login (username/password) had been required.
-
SMB penny stretching 101: Making the most of your security budget
SMBs can learn how to deal with limited IT security budgets and scarce resources by prioritizing security controls and needs.
-
Droidpak: A sneak attack on Android devices via PC malware
New Android banking malware leverages vulnerable PCs to install itself on Android mobile devices. Learn how to foil this latest exploit.
-
Internet of Things botnet may include TVs and a fridge
Security firm Proofpoint believes they've detected a spam-sending botnet that includes internet-connected televisions and a refrigerator.
-
![]()
Fake security messages more believable than real warnings research shows
Cambridge University researchers reveal why people believe malicious, fake security messages and ignore real warnings.
-
![]()
Target data breach exposes serious threat of POS malware and botnets
In the wake of Target's massive data breach, Michael Kassner explores the rise of POS malware and botnets.
-
![]()
Technology can't stop phishing perhaps common sense can
Despite the warning, phishing attacks are still the favored attack vector of bad guys. It's time to forget technology and rely on good old common sense.
-
![]()
Neverquest banking malware more dangerous than Zeus trojan
New Neverquest malware steals bank account logins and lets attackers access accounts through victims' computers.
-
![]()
Target data breach: What you should tell non-IT folks right now
Help your friends, family, and coworkers understand the Target security breach, protect their accounts, and stay calm.
-
![]()
Android flashlight app tracks users via GPS, FTC says hold on
Buried deep in the Brightest Flashlight Free app's EULA is language that let's the maker collect and resell user location data. An FTC complaint leads to better user notification and deletion of all e...
-
![]()
AutoCAD malware: Rare but malignant
There's no better way for thieves to steal design secrets than straight from the engineers and designers who create them. CAD software programs are ripe for exploit.
-
![]()
Continuous security monitoring: Wave of the future
The new wave of continuous security monitoring solutions bring together views of security-related data that are often in different silos throughout the organization.
-
![]()
Social engineering red flags and tips for training users
Social engineering leads to dangerous security lapses and is notoriously difficult to prevent. Make sure your organization's users can spot the most obvious red flags.
-
![]()
Encryption for the paranoid: Verifying TrueCrypt source code and binaries
TrueCrypt is open source and verifiable, but until someone actually does the verification, recent events have taught us to be skeptical.
-
![]()
Five takeaways from the NSA and Internet surveillance disclosures
The ripples from Edward Snowden's whistleblowing on NSA surveillance tactics continue to be felt. What are the biggest takeaways for those in the technology field?
-
25,000 co-opted Linux servers spread spam, drop malware and steal credentials
A new report details how 25,000 servers were compromised. The attacks would have failed if more than single-factor login (username/password) had been required.
-
Is metadata collected by the government a threat to your privacy?
Seemingly unobtrusive digital bytes known as metadata have been vaulted to the tech media limelight. What is metadata, and why all of a sudden is it so interesting to so many?
-
Droidpak: A sneak attack on Android devices via PC malware
New Android banking malware leverages vulnerable PCs to install itself on Android mobile devices. Learn how to foil this latest exploit.
-
Infographic: What happens after a data breach?
High profile data breaches that expose customer information are in the news. This graphic shows how the thieves sell the info and make their money.
-
![]()
Hackers: From innocent curiosity to illegal activity
Researchers asked why talented youth skilled in "computerese" evolve into criminal hackers. Michael P. Kassner explains their unexpected results.
-
![]()
Security's weakest link: Technology no match for social engineering
A security researcher says there is a 100-percent success rate any time pen-testing uses social engineering to target victims. Here are some of the techniques used.
-
![]()
National Computer Forensics Institute: Demystifying cybercrime
Knowing how to handle digital evidence and discovery correctly prevents costly mistakes. A federal facility in Birmingham, Alabama is working hard to improve that situation.
-
![]()
What’s better than creating your own DDoS? Renting one
Thanks to the cloud, anyone can now initiate a DDoS attack. Find out how booter services work.
-
![]()
UAB takes aim at spammers, phishers, and purveyors of malware
Birmingham, Alabama, is fast becoming a hotspot for digital crime fighting. Together, let's learn what they're doing right.
-
![]()
SMB penny stretching 101: Making the most of your security budget
SMBs can learn how to deal with limited IT security budgets and scarce resources by prioritizing security controls and needs.
-
![]()
Cloud-service contracts and data protection: Unintended consequences
There are things your cloud-service (Facebook, Amazon, Google, Dropbox, etc.) contracts aren't telling you. Michael P. Kassner interviews an attorney concerned about what's not being said.
-
![]()
Changes to Google Chrome and Chrome OS certificate handling
Beefed up requirements for RSA keys and changes to the way Google Chrome handles certificates will benefit Internet security for end users.
-
![]()
Continuous security monitoring: Wave of the future
The new wave of continuous security monitoring solutions bring together views of security-related data that are often in different silos throughout the organization.
-
![]()
Target data breach: What you should tell non-IT folks right now
Help your friends, family, and coworkers understand the Target security breach, protect their accounts, and stay calm.
-
![]()
BGP and Internet security: Is it better to be lucky or good?
Does "it's not a problem until it actually happens" apply to Internet security? Michael P. Kassner interviews a networking expert who's wondering about the same thing.
