Heartbleed (CVE-2014-0160): An overview of the problem and the resources...
After only a few days, the Internet is still buzzing with news surrounding CVE-2014-0160, better known as the Heartbleed vulnerability. CSO has compiled the following information in order to help...
View ArticleJetpack for WordPress pushes patch for two year-old flaw
The developers behind Jetpack, one of WordPress' most popular plugins, have patched a serious flaw introduced in 2012 that would enable an attacker bypass access controls and publish posts to any...
View ArticleHeartbleed vulnerability linked to breach of Canadian tax data
In a statement on Monday, the Canada Revenue Agency (CRA), Canada's tax-collection agency, confirmed that the Heartbleed vulnerability was to blame for the loss of tax-related information.Last week,...
View ArticleOrganizations suffer SQL Injection attacks, but do little to prevent them
On Wednesday, the Ponemon Institute released the results of a new study conducted for DB Networks. In it, 65 percent of the respondents said that they've experienced one or more SQL Injection attacks...
View ArticleHundreds of medical professionals targeted in multi-state tax scam
Medical professionals in ten states have become victims of identity theft, after someone used their personal information, including Social Security Number, to file fraudulent tax returns.In a majority...
View ArticleActivism's slippery slope: Anonymous targets children's hospital
Supporters of the faceless collective known as Anonymous have taken up the cause of a young girl, after the State of Massachusetts removed her from her parents earlier this year. However, the methods...
View ArticleMicrosoft confirms Internet Explorer zero-day
On Saturday, late in the evening, Microsoft issued a public advisory confirming the existence of a new vulnerability in Internet Explorer that's being used in targeted attacks online.The vulnerability...
View ArticleAvoiding burnout: Ten tips for hackers working incident response
Recent security graduates entering the world of incident response, or those with a strong security background making a career move, face a challenging environment that often leads to frustration and...
View ArticleBitly discloses account compromise, urges users to change passwords
On Thursday evening, Bitly (bit.ly), one of the Web's largest URL shortening services, urged users to reset their API keys, OAuth tokens, and passwords.In a notice to users, Bitly's CEO, Mark...
View ArticleInformation overload: Finding signals in the noise
Signal-to-noise ratios are hard to manage. As a security professional, you want the threat data, you want the attack notifications and alerts, and you need intelligence. But, when there's too much...
View ArticleTwenty-year-old vulnerability in LZO finally patched
After twenty years, a vulnerability in Lempel-Ziv-Oberhumer (LZO), an extremely efficient compression algorithm, has finally been patched. The flaw, a subtle integer overflow, existed for as long as...
View ArticleMicrosoft's takedown of No-IP pushes innocents into the crossfire
On Monday, Microsoft said they were taking No-IP (noip.com) to task, "as the owner of infrastructure frequently exploited by cybercriminals to infect innocent victims with the Bladabindi (NJrat) and...
View ArticleE-ZPass drivers warned about Phishing scam
E-ZPass Group, a toll collection program consisting of 25 agencies in 15 states, has issued a warning to customers concerning a Phishing scam that is posing as a collection notice.In a notice to...
View ArticleBuilding a security awareness program on a shoestring budget
Implementing a security awareness program seems rather straightforward, until you actually start to implement one - factoring in things like resources and the people (users) to be trained. At that...
View ArticleExposed: An inside look at the Magnitude Exploit Kit
LAS VEGAS (Black Hat USA) - Researchers at Trustwave have provided CSO with an inside look at the Magnitude Exploit Kit's infrastructure. Linked to attacks against PHP.net and Yahoo, this kit has gone...
View ArticleHeartbleed to blame for Community Health Systems breach
According to a blog post from TrustedSec, an information security consultancy in Ohio, the breach at Community Health Systems (CHS) is the result of attackers targeting a flaw OpenSSL, CVE-2014-0160,...
View Article27 million South Koreans affected by data breach
South Korean authorities have revealed details surrounding massive data breach that impacts 27 million people aged 15-65. The compromised data comes from website registrations for various games and...
View ArticleOrganizations suffer SQL Injection attacks, but do little to prevent them
On Wednesday, the Ponemon Institute released the results of a new study conducted for DB Networks. In it, 65 percent of the respondents said that they've experienced one or more SQL Injection attacks...
View ArticleHundreds of medical professionals targeted in multi-state tax scam
Medical professionals in ten states have become victims of identity theft, after someone used their personal information, including Social Security Number, to file fraudulent tax returns.In a majority...
View ArticleActivism's slippery slope: Anonymous targets children's hospital
Supporters of the faceless collective known as Anonymous have taken up the cause of a young girl, after the State of Massachusetts removed her from her parents earlier this year. However, the methods...
View Article
More Pages to Explore .....