Latest

Mobility

Broadening the Scope of Mobile Security

Eric Chabrow  •  September 26, 2016

Most enterprises, when addressing mobile security, focus on securing applications, such as the devices' operating systems, or preventing the installation of malware. But NIST cybersecurity experts say organizations should take a much broader approach to ensuring mobile security.

Anti-Malware

The Malware Threat Grows: So Now What?

Tracy Kitten  •  September 23, 2016

Given the rapid spread of malware and difficulties with detection, what actions should organizations take? In this interview, Chris Novak of Verizon and Stephen Orfei of the PCI Security Standards Council offer insights.

CISO

Ideas for Filling the Cybersecurity Skills Gap

Eric Chabrow  •  September 21, 2016

A group of cybersecurity policymakers recommends a series of steps the U.S. federal government and the private sector should take to ensure that the nation will have enough cybersecurity specialists in the coming decade.

Application Security

Tesla Patches Cars Against Wi-Fi 'Braking' Attack

Jeremy Kirk  •  September 21, 2016

Electric car manufacturer Tesla has updated its firmware after researchers in China remotely turned on a vehicle's windshield wipers, opened the trunk and applied the brakes in new Model S sedans.

Privacy

Hey, Webcam User: Cover Up!

Mathew J. Schwartz  •  September 21, 2016

FBI Director James Comey, Facebook CEO Mark Zuckerberg and security expert Mikko Hypponen all advocate covering up your webcam as a cheap and no-brainer defense against everything from unscrupulous competitors to sextortionists.

Network & Perimeter

After Equation Group Dump, Cisco Finds New Zero-Day Flaw

Jeremy Kirk  •  September 20, 2016

Cisco has patched another zero-day flaw stemming from the Shadow Brokers' leak of Equation Group tools and attack code. The technology giant warns that attackers have been exploiting the vulnerability.

Forensics

Could FBI Have Cracked Shooter's iPhone for Less Than $100?

Jeremy Kirk  •  September 20, 2016

Apple-FBI crypto debate update: A researcher successfully defeated an iPhone passcode using less than $100 in equipment. But the delicate procedure, if used on the San Bernardino shooter's iPhone, could have accidentally obliterated its data.

Breach Response

Helping Police Solve Cybercrimes

Tracy Kitten  •  September 19, 2016

Because many law enforcement agencies lack cybercrime expertise, it's important for companies that have been attacked to provide as much technical and forensic information as possible to authorities to help ensure that investigations lead to arrests and prosecutions, a panel of experts says.

Application Security

Dropbox 'Hacks' Macs, Developer Warns

Jeremy Kirk  •  September 19, 2016

A developer warns that Dropbox gains wide-ranging access to Apple's OS X operating system using a SQL trick that some equate to hacking users' systems. Here's why giving a desktop app unusual access to Apple's privacy settings poses a security risk.

Breach Notification

The Breach That Supposedly Isn't a Breach

Jeremy Kirk  •  September 16, 2016

The handling of a recent data breach - the details of which are still unfolding - by Oakland, Calif.-based web services company Regpack provides a look into how the discovery and disclosure of a breach can turn into a real train wreck.

Cybersecurity

While NSA Hacks, US-CERT Frets

Mathew J. Schwartz  •  September 15, 2016

All in the family: A "sophisticated attacker" alert from US-CERT, urging enterprises to lock down their networking gear, was triggered by the leak of exploit tools - targeting, in part, U.S.-built networking gear - that may have been tied to the NSA.

Anti-Malware

Microsoft Patches Zero-Day Flaw Used by Malvertising Gangs

Mathew J. Schwartz  •  September 14, 2016

Microsoft has released a slew of security fixes to patch critical vulnerabilities, including in its IE and Edge browsers. One zero-day flaw, fixed via a Microsoft Office patch, has been exploited in the wild for more than two years.