Target hired former General Motors executive Brad Maiorino as its first chief information security officer (CISO), the retail giant said. As the company’s new—and first—CISO, Maiorino will be responsible for Target’s information security and technology risk strategy. Maiorino is expected to begin his new role as CISO and senior vice president June 16. He will…
DetailsTwitter fixed a cross-site scripting flaw in its popular TweetDeck application Wednesday, after millions of users were hit with a malicious script targeting the vulnerability. The vulnerability allowed anyone to place a script in a tweet. Once the tweet appeared inside TweetDeck, the code could execute actions and be automatically re-tweeted to other accounts. The…
DetailsThere is a new exploit in OpenSSL that can allow a man-in-the-middle (MITM) to intercept and decrypt traffic and modify traffic between the vulnerable client and server, according to an OpenSSL advisory. The attack can only be performed between a vulnerable client and server. According to the advisory, all OpenSSL clients are vulnerable where servers…
DetailsLinkedIn announced in April that it had surpassed 300 million users. While LinkedIn has become a valuable networking tool and even somewhat of a useable social networking platform, especially its Groups, like all such platforms it attracts unsavory types. As of today there are actually 348,553,337 LinkedIn “accounts.” I can tell because I get several…
DetailsThe US department of Justice has announced with not just a touch of self congratulations that they have taken down the Gameover Zeus and Cryptolocker botnets. The Gameover Zeus malware intercepted the bank account numbers and passwords that unwitting victims typed into computers into the US which were then used to empty their accounts. In…
DetailsThe sudden and inexplicable demise of the popular TrueCrypt product is raising eyebrows this week. TrueCrypt was a free encryption product supported by anonymous developers. There was quite a bit of suspicion already about the provenience of TrueCrypt, which sparked an effort to independently validate that it did not contain backdoors or vulnerabilities. Last October…
DetailsEdward Snowden did an important thing: He made an important conversation on security and ethics popular and international. On one hand, he told us something we always knew: Spies spy. That is they stealthily gathering secrets. This is usually associated with times of war or matters of national security. I’d venture to say spying may be the third oldest profession. Spying…
DetailsThe widely used open-source TrueCrypt encryption program is “not secure” and should not be used, according to SourceForge, one of the official webpages for TrueCrypt. The announcement posted at truecrypt.sourceforge.net states: “WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues,” text in red at the top of TrueCrypt page on SourceForge…
DetailsNational Security Agency (NSA) leaker Edward Snowden called himself a patriot who simply was defending the constitution during an interview with NBC “Nightly News” broadcast on Wednesday. The former NSA contractor told Williams during the interview held in Moscow, Russia where Snowden has been for nearly a year, that while at the NSA he had…
DetailsF5 Networks has acquired privately held cloud-based distributed denial of service (DDoS) mitigation provider Defense.Net for an undisclosed sum, according to a press release. F5 said it took the move to complement its existing on-premise DDoS protection capabilities. The Defense.Net service, founded by Barrett Lyon who is known as a pioneer in the field of DDoS…
Details