Heartbleed SSL Flaw's True Cost Will Take Time to Tally

Ever since news first broke on April 7 about the Heartbleed security vulnerability, IT professionals around the world have been struggling to contain its impact. The Heartbleed crisis will, no doubt, come with a high price tag when the final tally is taken for all the damage it has caused. The Heartbleed flaw is technically a security vulnerability in the open-source OpenSSL cryptographic library that provides Secure Sockets Layer (SSL) encryption capabilities.

Heartbleed prognosis: Long, laborious discovery, recovery

“I’ve been around a long time in infosec, and this is one of the scariest bugs I’ve seen, period,” said Jake Williams, a technical analyst with the Department of Defense, with more than a decade of experience and a certified instructor with the SANS Institute. “It’s not a joke.”

CryptoDefense ransomware leaves decryption key accessible

It's unlikely, however, that average users would pick up on the error and reclaim their files

Will Healthcare Ever Take IT Security Seriously?

More than half of that malevolent traffic came from network-edge devices such as VPNs (a whopping 33 percent), firewalls (16 percent) and routers (7 percent), suggesting "that the security devices and applications themselves were either compromised … or that these 'protection' systems are not detecting malicious traffic coming from the network endpoints inside the protected perimeter," Filkins writes, noting that many vulnerabilities went unnoticed for months. Connected endpoints such as radiology imaging software and digital video systems also accounted for 17 percent of malicious traffic.

Breach Hearings: How Did Security Fail?

At the hearing of the Energy & Commerce Committee's Subcommittee for Commerce, Manufacturing and Trade, executives from Target and Neiman Marcus testified that their breaches occurred when data from the magnetic stripes on credit and debit cards was collected in the clear at the point of sale before being encrypted as payment transactions were processed.

Android Apps, Internet Explorer, Java Among the Most Vulnerable

With the cost of cyber-crime rising at an alarming rate and several organizations calling attention to the increase in the use of exploits in the wild, Hewlett-Packard's cyber-risk report this year focuses on specific areas of the attack surface, the technologies that define them, and the vulnerabilities and actors that drive how they are abused. 

Iron Mountain Offers 10 Smart Ideas for Keeping Data Safe From Hackers

Data Privacy Day is recognized globally, and plans to celebrate it are scheduled for such countries as Australia, Japan, India, Belgium, Canada and the United States, according to the alliance. In a recent survey of IT professionals, data protection technology vendor Iron Mountain found that data loss is the top concern and that managing the skyrocketing volumes of data is the toughest challenge. 

App Misconfiguration, Mobile Apps With Poor Encryption Pose Risks

Jacob West, CTO of Hewlett-Packard's Enterprise Security Products, explains why application misconfiguration is an issue and offers advice on how to limit the risks.

Finger-Pointing at Breach Hearing

Several payment system experts testifying at a Senate hearing Feb. 3 urged the adoption of chip card technology in the wake of high-profile breaches at Target and Neiman Marcus.

Target Breach: New Questions Raised

A banking executive in the Midwest, who asked to remain anonymous, worries that banking institution routing numbers and even checking account numbers might also have been breached. If Target's website was breached, this source questions what other information linked to customer accounts, beyond PII, could have been exposed.

Syndicate content