Target Hires Its First CISO

Target hired former General Motors executive Brad Maiorino as its first chief information security officer (CISO), the retail giant said. As the company’s new—and first—CISO, Maiorino will be responsible for Target’s information security and technology risk strategy. Maiorino is expected to begin his new role as CISO and senior vice president June 16. He will…

Details

Twitter Fixes Cross-Site Scripting Flaw in TweetDeck

Twitter fixed a cross-site scripting flaw in its popular TweetDeck application Wednesday, after millions of users were hit with a malicious script targeting the vulnerability. The vulnerability allowed anyone to place a script in a tweet. Once the tweet appeared inside TweetDeck, the code could execute actions and be automatically re-tweeted to other accounts. The…

Details

New OpenSSL Man-in-the-Middle Vulnerability Revealed

There is a new exploit in OpenSSL that can allow a man-in-the-middle (MITM) to intercept and decrypt traffic and modify traffic between the vulnerable client and server, according to an OpenSSL advisory. The attack can only be performed between a vulnerable client and server. According to the advisory, all OpenSSL clients are vulnerable where servers…

Details

6 Tips to Avoid Scammers on LinkedIn

LinkedIn announced in April that it had surpassed 300 million users. While LinkedIn has become a valuable networking tool and even somewhat of a useable social networking platform, especially its Groups, like all such platforms it attracts unsavory types. As of today there are actually 348,553,337 LinkedIn “accounts.”  I can tell because I get several…

Details

Gameover Zeus and Cryptolocker Botnets Shut Down! But Wait, Are they Really?

The US department of Justice has announced with not just a touch of self congratulations that they have taken down the Gameover Zeus and Cryptolocker botnets. The Gameover Zeus malware intercepted the bank account numbers and passwords that unwitting victims typed into computers into the US which were then used to empty their accounts. In…

Details

TrueCrypt Dies, Not a Huge Issue for the Enterprise

The sudden and inexplicable demise of the popular TrueCrypt product is raising eyebrows this week. TrueCrypt was a free encryption product supported by anonymous developers. There was quite a bit of suspicion already about the provenience of TrueCrypt, which sparked an effort to independently validate that it did not contain backdoors or vulnerabilities. Last October…

Details

The Snowden Conversation We Are All Having in One Way or Another…

Edward Snowden did an important thing: He made an important conversation on security and ethics popular and international. On one hand, he told us something we always knew: Spies spy. That is they stealthily gathering secrets. This is usually associated with times of war or matters of national security. I’d venture to say spying may be the third oldest profession. Spying…

Details

“TrueCrypt is not secure,” Official SourceForge Page Warns of Crypto Program

The widely used open-source TrueCrypt encryption program is “not secure” and should not be used, according to SourceForge, one of the official webpages for TrueCrypt. The announcement posted at truecrypt.sourceforge.net states: “WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues,” text in red at the top of TrueCrypt page on SourceForge…

Details

“I was Trained as a Spy,” Snowden Says

National Security Agency (NSA) leaker Edward Snowden called himself a patriot who simply was defending the constitution during an interview with NBC “Nightly News” broadcast on Wednesday. The former NSA contractor told Williams during the interview held in Moscow, Russia where Snowden has been for nearly a year, that while at the NSA he had…

Details

F5 Networks Acquires Cloud DDoS Mitigation Provider Defense.Net

F5 Networks has acquired privately held cloud-based distributed denial of service (DDoS) mitigation provider Defense.Net for an undisclosed sum, according to a press release. F5 said it took the move to complement its existing on-premise DDoS protection capabilities. The Defense.Net service, founded by Barrett Lyon who is known as a pioneer in the field of DDoS…

Details