Heartbleed Bug: What Are We Forgetting to Worry About?

Considering that SSL protocols, including OpenSSL, are used anywhere machines have to communicate securely with each other, Heartbleed isn’t just a problem for Web servers. The vulnerability is present in client software running on PCs and Android tablets, as well. For example, many routers and other networking equipment come with built-in Web servers to run…

Details

Heartbleed Vulnerability is a Major Heartache

The announcement yesterday of a widely deployed vulnerability in OpenSSL, the Heartbleed Bug, is set to shake up the security industry. According to the discoverers at Codenomicon and Google, all Apache web servers and most recent distributions of open source operating systems suffer from this bug in the way a SSL heartbeat function works. An attacker can…

Details

Federal Banking Regulators Warn of Increased Cyberattacks on ATMs

Cyber-attackers are withdrawing large amounts of money using stolen debit card information, often in amounts exceeding ATM limits or even the amount the victim has in the account, the Federal Financial Institutions Examination Council (FFIEC) said in a four-page statement last week. The cash-fraud scheme, which the US Secret Services refers to as “Unlimited Operations,” appears…

Details

FFIEC Notifies Financial Institutions of Continued DDoS Attacks

The US Federal Financial Institution Examination Council’s (FFIEC) recent guidance on distributed denial of service (DDoS) attacks, provides financial institutions with at least six-steps as part of their responsibility to mitigate risk. The announcement in a press release outlines expectations to ensure businesses are aware of DDoS attacks and then expect organizations to conduct a risk…

Details

Apple Agrees to Settle Patent Infringement Lawsuit Brought by Intertrust Technologies Corp

Apple Inc  and Intertrust Technologies Corp, a provider of  trusted computing technologies, have agreed to settle a year-old patent infringement case, according to court records. Terms of the settlement were not disclosed. Sony Corp and Philips have a 49 percent stake in Silicon valley-based Intertrust.  Intertrust filed a lawsuit against Apple in March 2013 saying…

Details

Firewall Policy Management Evolves to Security Policy Orchestration

This series of articles and the accompanying videos are part of an ongoing project to illuminate the people, products, and vendors that make up the IT security industry. The vendors paid for the video production. As networks have grown and network security device deployments have skyrocketed, it has become much more difficult to manage the…

Details

Cyber Policy Experts to Follow on Twitter

The emerging field of cyber policy is attracting government, academic, and technology experts. Here is a list of cyber policy experts from around the world who are well worth following on Twitter. You can follow them individually or read their posts on this Twitter list we have created. Please tweet suggested additions to the list…

Details

Breach Detection Report From NSS Labs Defines Winners/Losers

NSS Labs has issued the first test results of Breach Detection Systems (BDS). Breach Detection, sometimes called Advanced Malware Defense, is usually a gateway device that inspects downloaded executables by detonating them in virtualized environments and inspecting them for behavior that indicates the presence of malware. Command and Control communications is a key indicator that…

Details

Why Is Congress So Hot on Information Sharing?

A perplexing question for those in IT security is why are so many in government pushing for “information sharing” as their solution to the cyber crisis? The crisis is apparent and shows up as the preamble to every proposed bill and National Cybersecurity Strategy. But what about information sharing? If one where to create a…

Details