|
|
Free Newsletters
|
|
|
|
|
|
IT trainer offers master's degree for hackers In an effort to produce the next generation of chief security officers and IT systems defense experts, an online training company is offering a new master's degree program in security science. Microsoft plays 'Detective' to determine phishing frequency Microsoft's research arm has been quietly collecting data through an add-on service to its Windows Live Toolbar to determine how often Web users actually fall prey to phishing attacks. October 5, 3:41 a.m. PDT SEC suspends trading of firms susceptible to stock spam The U.S. Securities and Exchange Commission has suspended the stock trading of three companies that haven't provided adequate information about themselves to the public, making them susceptible to spam-based stock scams, the agency said. October 4, 8:53 a.m. PDT eBay: Phishers getting better organized, using Linux When it comes to launching online attacks, criminals are getting more organized and branching out from the Windows operating system, eBay's security chief said Tuesday. October 3, 4:31 p.m. PDT Fraudsters jump to U.S. to cash out on U.K. cards The U.S. has overtaken France as the No. 1 place where fraudsters can convert U.K. credit and debit card details into cash, according to a U.K. banking trade group. October 3, 8:27 a.m. PDT Malware boom puts pressure on second-tier AV labs Over the first six months of 2007, anti-virus applications market leader Symantec found a total of 212,101 new malware variants, an astonishing 185 percent increase over the second half of 2006, totaling an average of well over 1,100 unique samples arriving per day.  October 3, 7:08 a.m. PDT How to think like an online con artist Con job, pretexting, social engineering – the art and science of manipulating human beings for nefarious ends – goes back as far as the origin of the species. The techniques have been practiced and perfected by a rogue's gallery of flimflam artists, from legendary carnival operator P. T. Barnum to infamous FBI mole Robert Hanssen. October 1, 3:00 a.m. PDT eBay: Phishing likely to blame for members' data theft eBay's security experts have determined that it's highly likely that whoever posted confidential information about its members in a company discussion forum this week stole the data via an e-mail phishing scam, an eBay spokeswoman said Thursday. September 27, 3:36 p.m. PDT Fraud police buckling under mountains of data Fraud investigators are struggling to cope with vast quantities of data sent to them by financial institutions, meaning some crimes may go uninvestigated or even unnoticed, experts said on Wednesday. September 26, 5:06 a.m. PDT PayPal claims gains against phishers PayPal security chief Michael Barrett isn't ready to claim a victory in the fight against phishing schemes, but he said that his company is slowly turning the tide using a set of new partnerships and technological means. September 20, 4:23 a.m. PDT AT&T: Network perimeter security should be virtual Enterprise companies will soon begin offloading many of their network security responsibilities to telecommunications and Internet service providers and save vast amounts of time and money doing so, if AT&T has its way. September 20, 4:05 a.m. PDT Fear of insider threats hits home The more money that companies spend on securing their IT operations from external attack, the more it seems they become aware that the potential threat posed by their own employees remains their most significant risk. September 18, 10:42 a.m. PDT E-card industry gets the message from fraudsters The e-card industry began seeing some pretty unfriendly greetings this past June. That's when scammers started flooding e-mail in-boxes with fake greeting cards, trying to trick victims into clicking on links that would send them to malicious Web sites. September 18, 7:39 a.m. PDT Infrastructure threats: Botnets show DoS who's boss Malware-infected botnet PCs have overtaken DoS attacks as the top security issue facing Internet service providers and other Web infrastructure hosting players, according to a new survey of the organizations. September 18, 3:54 a.m. PDT Symantec: Stolen bank account details fetch $400 online Stolen bank account numbers are commanding the highest price in an underground trade of personal details stolen by hackers, according to a survey released Monday by security vendor Symantec. September 17, 3:51 a.m. PDT Badware hunters tame wild Webmasters, hosts If hijacked sites and hosting companies that fail to police malware distribution sources represent two of the most serious threats to Internet security, there may be hope for improvement, according to researchers working with Harvard Law School's StopBadware.org. September 14, 3:45 a.m. PDT Trust key to Internet security A few of my previous columns discussed my vision of creating a more secure Internet. It involved replacing the Internet's default anonymity with pervasive authentication, from the hardware initialization, through the OS and all applications, the user, and ending with a verifiable network stream. It is my strong belief that without a complete overhaul of default authentication, malicious hacking is going to continue indefinitely. September 14, 3:00 a.m. PDT Online thugs assault security help sites The good guys are taking a hit in the ongoing online war between the thugs who profit from phishing and malware, and those who work to stop them. September 12, 9:22 a.m. PDT Mobile phones with SafePass help secure BofA online banking Bank of America customers can now use their mobile phones to make online banking more secure. September 11, 5:49 a.m. PDT Financially motivated malware thrives Financially motivated malware attacks are on the rise, with automated software packages making it easy for unskilled hackers to earn a living by sending out spam, researchers at messaging security vendor Secure Computing say. September 7, 9:19 a.m. PDT Four plead guilty to e-mail, securities fraud Three U.S. men and one man living in France have pleaded guilty to charges related to a stock manipulation scheme that included sending out tens of millions of spam messages to pump up the stock value of 15 companies, the U.S. Department of Justice said Thursday. September 6, 9:42 a.m. PDT Forrester security show stresses risk management Enterprise security decision makers have long been more likely to be swayed by flashy new technologies than by the notion of comprehensive IT restructuring to protect data and other corporate assets, but the situation is evolving rapidly, according to experts participating in Forrester Research's ongoing Security Forum. September 5, 11:33 a.m. PDT FBI: Enterprises need counterintelligence The Chinese government has denied involvement in a series of hacks carried out against IT systems at the Pentagon in June this week, but the threat of technology-driven espionage has forced the FBI to push businesses and academic institutions to better prepare for such attacks. September 4, 3:45 p.m. PDT Free gift offers dupe users into giving personal data The personal details of thousands of mostly U.S.-based PC users have been discovered stashed on a server located in France, another indication of use of the Internet to collect personal data on a vast scale. September 4, 4:09 a.m. PDT Malicious Web: Not just porn sites The New Zealand Honeynet Project, which produced Capture-HPC (mentioned here last week), also produced an excellent white paper about using Capture-HPC to identify malicious Web servers. On the group's Web site, you'll find that paper, the captured data, and the tools for anyone to inspect and replicate. August 31, 3:00 a.m. PDT Monster outlines anti-fraud measures One week after hackers stole personal information from millions of people who had posted their resumes to the job-searching site Monster.com, the company has warned its users to be vigilant about online fraud because the breach was not an isolated incident. August 29, 3:02 p.m. PDT 10 reasons to be paranoid The truth is out there ... and so is your data. And just because there are no virtual black helicopters following you doesn't mean somebody somewhere doesn't have a bead on who you are and what you are doing. August 27, 3:00 a.m. PDT FTC stops e-mail marketing of weight-loss products A U.S. district judge has ordered a company to stop sending unsolicited e-mail marketing weight-loss and anti-aging products that allegedly did not work, the U.S. Federal Trade Commission (FTC) announced Thursday. August 23, 9:20 a.m. PDT Monster shuts down rogue server after data breach Monster Worldwide, whose job-hunting sites suffered a massive data breach caused by hackers, has shut down a rogue server that had been used to gather personal details of job seekers. August 23, 4:54 a.m. PDT Security SaaS maturing fast Security technologies delivered via the SaaS (software-as-a-service) business model may still be in their nascent stage, but some early adopters are already piecing together multiple offerings to outsource a significant portion of their IT systems defense infrastructure. August 22, 11:06 a.m. PDT Mobile workers still struggling with security A fair amount of business users remain oblivious or unconcerned about many of the security issues involved with mobile devices, according to a new study published by Cisco and the National Cyber Security Alliance. August 21, 3:08 p.m. PDT Phishers looking to cash in on Wells Fargo crash Wells Fargo may have a new problem following its widespread computer crash earlier this week: online scammers. August 21, 2:57 p.m. PDT Worried companies block Facebook in security backlash The security backlash against Facebook has taken a new twist with a survey finding that large numbers of employees are now being blocked from accessing it. August 21, 7:21 a.m. PDT Monster.com identity attack may claim more vicitims The 46,000 people reportedly infected by ads on job sites may be only a fraction of the victims of an ambitious, multistage attack that has stolen data belonging to several hundred thousand people who posted resumes on Monster.com, a researcher said this weekend. August 20, 8:37 a.m. PDT Your data's less safe today than two years ago Today's electronic world is a risky place for your personal data -- and it's not getting any safer. More than 158 million data records of U.S. residents have been exposed as a result of security breaches since January 2005, according to The Privacy Rights Clearing House, a nonprofit consumer rights organization. August 20, 8:07 a.m. PDT Google Gadgets can be misused by phishers The domain used to host small Google Gadget applications written by Web developers could be misused by phishers, a Web security researcher said Friday. August 17, 4:45 p.m. PDT Web scam: Pssst... wanna buy a house? Web scammers are turning to online property forums to collect personal information about users for later attempts to swindle them out of money, according to a security researcher. August 7, 7:21 a.m. PDT Update: Dateline NBC 'mole' outed, booted at Defcon Dateline NBC Producer Michelle Madigan was publicly outed at the Defcon security conference in Las Vegas Friday after show organizers were tipped off that she was trying to film show attendees with a hidden camera. August 3, 6:00 p.m. PDT Mozilla shares scanning tool, Firefox 3 features Open source browser maker Mozilla has developed a wide array of secure coding analysis tools as part of its internal development process, and now it's beginning to share those programs with the outside world. August 3, 2:28 p.m. PDT Apps security to dominate Black Hat Black Hat kicks off this week in Las Vegas with a big shift in focus from Internet viruses to application security. July 31, 3:00 a.m. PDT Take a byte out of ID crime More than a year after President Bush commissioned a task force on the topic, the Department of Justice has finally drawn up legislation to combat identity theft. And if the DoJ's efforts remain consistent with the objectives stated in the task force's strategic plan (PDF), the new bill could in fact mark significant progress in protecting personal identity data. July 27, 3:00 a.m. PDT Recovering from identity theft Our government is working hard to reassure us that identity theft is a figment of our imaginations, but if you’re a victim in one of those not-so-imaginary crimes, there are proactive steps you can take. July 27, 3:00 a.m. PDT Users urged to patch serious hole in BIND 9 DNS server A security researcher has reported a serious vulnerability in BIND 9, the software widely used in the Internet's DNS addressing system. July 25, 4:31 a.m. PDT Organized crime infiltrates financial IT In Martin Scorsese's hit movie "The Departed," actor Matt Damon plays the part of a mole -- someone who helps his connected mob friends stay a step ahead of the cops by becoming one of the very law enforcement officials assigned to stop them. July 23, 11:14 a.m. PDT Identity theft? What identity theft? Whew! We can relax. July 20, 3:00 a.m. PDT Much ado over click-fraud statistics The battle between advertisers and online search networks over the pervasiveness of click-fraud continues to grow more heated with researchers claiming rapid growth of automated ad impressions and outside observers noting an overall lack of transparency in the space. July 19, 4:18 p.m. PDT Texas state Web site leaks sensitive information Troy Aikman may not be happy about it, but the State of Texas has made his address and social security number available via the Internet. July 19, 4:52 a.m. PDT FBI, military names being used in e-mail scams The FBI's Internet Crime Complaint Center (IC3) is warning of fraudulent e-mails that appear to come from the FBI and U.S. military. July 17, 12:26 p.m. PDT Italy arrests 26 for phishing operation Italy has become the latest country to clamp down on phishing, with authorities there arresting 26 people for an alleged scam to swindle bank customers. July 16, 4:58 a.m. PDT Anti-phishing techniques for the real world I need to expand my idea of a secure computing ecosystem into the real world. Let me explain. July 13, 3:00 a.m. PDT Mounting scrutiny for Google security Much as the ubiquity of Microsoft's Windows operating system and Office productivity tools has made the software giant a focal point of security research, search giant Google is facing new scrutiny as it diversifies its products and moves further into the business environment. July 12, 4:24 p.m. PDT Microsoft launches OneCare 2.0 beta Microsoft released a beta version of its next-generation Windows Live OneCare 2.0 desktop security and management package on July 11, touting a number of improvements made to the product, including the ability to monitor multiple PCs on a local network. July 11, 3:01 p.m. PDT Phishing tool constructs new sites in two seconds Software developers like to make installation of their programs simple and quick. So do hackers. July 10, 9:17 a.m. PDT Botnets, spam used in stock scheme The U.S. Securities and Exchange Commission has filed securities fraud charges against two Texas men who allegedly hijacked computers nationwide to send millions of spam e-mails and cheat investors out of more than $4.6 million. July 10, 7:20 a.m. PDT Fraudsters use charities to test credit cards Credit card thieves are becoming big-time charity donors, but it's not out of the goodness of their hearts. July 6, 3:38 p.m. PDT Beijing scores number one spot for malware China is proving to be a mighty force not only economically, but also as the launching point for malicious software and spam. July 3, 4:54 a.m. PDT Hackers target execs and their families Hackers appear to have stepped up their efforts to trick corporate executives into downloading malicious software programs that can steal company data over the past year, according to new data released Monday. July 2, 4:47 a.m. PDT Homeland Security to host closed-door security forum The U.S. Department of Homeland Security will host a invite-only conference two months from now that will bring together security experts from law enforcement, Internet service providers, and the technology industry. June 29, 7:16 a.m. PDT MySpace again under phishing attack Phishers have been using compromised MySpace.com accounts to attack unsuspecting Web surfers, security experts said Thursday. June 28, 1:01 p.m. PDT Policy experts split on spyware laws CAMBRIDGE, Mass. -- Two of the agencies most actively involved in bringing cyber-criminals to justice in the United States have expressed opposing opinions over pending anti-spyware legislation. June 28, 5:45 a.m. PDT DOJ warns U.S. citizens of phishing attack The U.S. Department of Justice (DOJ) is alerting e-mail users about a possible phishing attack using messages that claim to be from the DOJ. June 28, 4:46 a.m. PDT Gonzales: DOJ committed to fighting cybercrime The U.S. Department of Justice and President George Bush are committed to fighting intellectual-property theft and cybercrime, Attorney General Alberto Gonzales told a small audience in Seattle on Wednesday morning. June 27, 12:10 p.m. PDT The struggle to protect enterprise data Long ago, when businesses kept sensitive information locked away in file cabinets and safes, it was relatively cheap and easy to store valuable data and control who had access to it. Today, enterprises invest millions in security, storage, and compliance technologies -- all in the name of increasing visibility into where vital electronic information lives and how it is being defended. June 25, 3:00 a.m. PDT Microsoft sues more alleged Hotmail spammers Microsoft has filed two lawsuits over the past weeks looking to crack down on spam on its Windows Live Hotmail network. June 23, 11:52 a.m. PDT PayPal, eBay offer Security Key to U.S. customers PayPal unveiled a new Security Key on Friday that will add an additional layer of security to user accounts and help prevent online criminals from gaining access to them. The PayPal Security Key is a small electronic token that generates a unique code that can be used in addition to a user name and password when users sign in to their PayPal account. June 15, 3:00 a.m. PDT Global co-op feeds FBI's botnet fight Officials with the FBI claim that global law enforcement partnerships are playing a significant role in its ongoing efforts to stomp out botnets and other computer-borne crimes. June 14, 3:09 p.m. PDT Helping retailers wipe ID data issue When data breach investigator Bryan Sartin gets a call to check into an incident involving customer records loss at a retailer, he knows that the situation most likely involves information that has been lifted from a company's point-of-sale systems. June 13, 8:44 a.m. PDT AOL spammer pleads guilty Adam Vitale pled guilty Monday to sending unsolicited e-mail to 1.2 million AOL LLC subscribers, U.S. Attorney for the Southern District of New York Michael J. Garcia said. June 12, 4:44 a.m. PDT Stupid hacker tricks The annals of crime are rife with tales of heists pulled off by enterprising criminal minds. But for every caper carried out with style and smarts, there are hundreds of imprisoned examples of the boneheaded desperado -- guys too greedy, too hasty, or just too brain dead to pull off their nefarious deeds without getting caught. June 11, 3:00 a.m. PDT 2007 InfoWorld CTO 25: Chris Uriarte When Chris Uriarte needs a forensics fix, he doesn't turn on "CSI." As CTO of Retail Decisions (ReD), he has a slew of online fraud and threat studies at his fingertips. June 8, 3:00 a.m. PDT Experts: Botnets add fault tolerance Security experts contend that a growing number of operators of compromised computer networks (or "botnets") are finding new ways to grow their networks and make them immune to potential shutdowns, including sophisticated fault-tolerance planning to help ensure that their networks can't be easily wiped out. June 7, 12:00 a.m. PDT 2007 InfoWorld CTO 25: Paul Judge When online technology evangelists began chatting up Dr. Paul Judge about the promise of e-commerce in the late 1990s, he couldn't get one thought out of his head: With all that money trading hands, criminals were sure to come knocking. June 6, 3:00 a.m. PDT Microsoft unveils integrated security Microsoft shared details of its long-term security product strategy as part of its ongoing TechEd 2007 training conference on June 4, lifting the lid on plans to deliver an integrated suite of its software by mid-2009. June 4, 7:24 a.m. PDT Spammers' use of AI only just begun Though security industry experts were openly referring to the death of spam several years ago, the arrival of image-based attacks has resulted in a stunning renaissance in the volumes of unwanted e-mail reaching end-users' inboxes. May 31, 5:03 p.m. PDT E-mail scammers hiding malware in fake IRS notices If you get an e-mail telling you that you're under investigation by the U.S. Internal Revenue Service, take a breath before calling your lawyer. It's a scam. May 31, 3:20 p.m. PDT Google buys into security, acquires GreenBorder Google has jumped into the anti-malware market, snatching up browser-based security software maker GreenBorder Technologies for an undisclosed amount of money. May 29, 9:32 a.m. PDT Companies open wallets for secure data An annual VanDyke Software-sponsored survey of IT network and systems administrators finds that businesses have increased their spending on secure data communications technologies and also have undertaken significant work to improve their internal processes to benefit security. May 22, 11:42 a.m. PDT Spyware hunter probes larger market flaws Ben Edelman made a name for himself while still a graduate student by digging into the shady dealings that spawned what most people considered an innocuous problem: pop-up Web advertising. May 16, 3:00 a.m. PDT Scammers gaming YouTube ratings for profit The half-minute-long commercial for energy drink IRN-BRU on YouTube isn't all that original or really very funny. All the same, the clip "R0049_TDAU8" garnered 113 million hits and received a five-star review, with more than 70,000 visitors giving the clip the popular video site's highest content approval rating. (Editor's note: the file has since been removed from YouTube.) May 16, 3:00 a.m. PDT Social Security, spyware bills go to House vote The House Energy and Commerce Committee unanimously approved a pair of bills on May 10 that aim to bolster consumers' protection against misuse of their social security numbers and computer-borne spyware. May 11, 11:23 a.m. PDT Building trust in downloads no simple feat The Truste group's goal of creating an online ecosystem through which software makers are held accountable for the functions of their programs and end users are given the power to keep unwanted applications off their devices won't be achieved easily, according to security researchers and participants in the nonprofit's Trusted Downloads project. May 10, 5:04 p.m. PDT Symantec pitches rootkit tech as Veritas validation Some industry watchers may still question why Symantec moved to acquire storage software maker Veritas for $10.2 billion in 2004, but the fruits of the companies' combined labors are already proving the deal as a winner, according to executives with the massive security firm. May 9, 4:26 p.m. PDT Varonis matches data, fishy behavior In the old days, keeping track of critical files was pretty easy: just lock up the file cabinets. These days, the problem is not so simple. With the advent of corporate messaging systems, desktop (and now Web-based) productivity suites, CRM systems and other must-have enterprise applications, companies are drowning in data. Not surprisingly, that's led to some embarrassing gaffes (two words for you: "Veterans Administration.") Now a new generation of companies has sprung up to address that problem with so-called "DLP" or data leak prevention technology. May 9, 12:00 a.m. PDT Document shell code attacks loom large Targeted attacks that utilize vulnerabilities in popular document file formats and execute via hard-to-find shell code are becoming an increasingly popular menace, according to researchers at IBM's Internet Security Systems division. May 2, 12:37 p.m. PDT Making sense of Websense's SurfControl buyout Websense's $400 million buyout offer for rival network filtering specialist SurfControl should help position the two companies for short-term growth and possible acquisition in the future, according to market watchers. May 1, 11:27 a.m. PDT Nokia expands security appliance line Nokia introduced two new network security appliances on April 30, adding high- and low-end models that aim to help companies filter out malware traffic before it penetrates their IT systems. April 30, 2:17 p.m. PDT Britain spearheads European e-crime reporting portal British computer security experts are designing a Web portal to gather more precise statistics on Europeans victimized by Internet crime, an area that remains difficult for collecting accurate data. April 18, 9:39 a.m. PDT Large enterprises still serving up spam Well-known enterprise companies are still having their IT systems hijacked by spammers despite investing in many different types of technologies aimed at stopping the problem. April 17, 3:04 p.m. PDT IRS warns of tax phishing scheme The U.S. Internal Revenue Service is warning taxpayers to be wary of e-mail messages that provide links to supposedly free tax-filing services endorsed by the agency. April 16, 11:42 a.m. PDT Bottom line impact of data breaches unclear Despite the fact that unwanted exposure of consumer data has become a hot-button issue in the media and among legislators nationwide, experts admit that it remains unclear just how much damage the events will cause to the finances and reputations of companies that experience major incidents. April 13, 3:01 p.m. PDT McAfee: Cyber-crime will continue to pay The latest research report from McAfee's Avert Labs paints a frightening picture for enterprise IT administrators and end-users, predicting continued maturation of cyber-crime and the technological means being used to carry out external attacks. April 10, 9:00 p.m. PDT Finding security in Windows Mobile monoculture Without a doubt, the most influential factor driving the current state of IT security is the ubiquitous presence of Microsoft's dominant Windows operating system on a vast majority of the world's PCs. April 6, 4:52 p.m. PDT Domain name app gives phishers a new foe Ben Jackson's goal is to stymie people who develop phishing sites -- misleading Web sites designed to steal people's personal information. April 4, 7:55 a.m. PDT Debate lingers over federal data-handling laws Even as the federal government appears poised to create new consumer data protection laws in 2007, businesses and privacy advocates in the United States remain at odds over the parameters of such legislation and its potential impact. April 3, 6:59 p.m. PDT Microsoft issues emergency Windows patch With attackers finding more ways to exploit a critical flaw in its Windows operating system, Microsoft has published an emergency software patch. April 3, 1:13 p.m. PDT British UFO hacker loses extradition appeal A British hacker who broke into U.S. military computers looking for evidence of UFOs lost another extradition appeal on Tuesday in London's High Court. April 3, 5:02 a.m. PDT Payment systems culprit in TJX heist Confirmed as the largest exposure of consumer information on record in the United States, the network intrusion experienced by TJX Companies highlights serious data security risks posed by outdated payment card systems, experts observed. March 29, 1:07 p.m. PST TJX data heist confirmed as largest ever TJX Companies confirmed in its latest filings with the Securities and Exchange Commission that the network intrusion carried out on its systems resulted in the loss of 45.7 million consumer records, making it the largest such breach on record. March 29, 9:00 a.m. PST IBM ISS goes fishing for phishers There’s just no stopping it: Spam continues to get worse, and more of it is now targeted at obtaining financial or corporate information rather than just selling herbal remedies or porn. Phishing, or trying to get users to go to Web sites that seem legitimate but are actually forgeries intended to capture users’ information, is an increasing threat, too. March 29, 3:00 a.m. PST Hackers build private IM to keep the law out Hackers have built their own encrypted IM (instant-message) program to shield themselves from law enforcement trying to spy on their communication channels. March 28, 6:36 a.m. PST > Security |
|
|
|||||||||||||||||||||
