Network Security 

Shellshock a Fail for Security Disclosure

Shellshock and the Xen vulnerability. One of these things is not like the other, and an expert says they can teach us a lot about how to disclose security vulnerabilities.

Employee Error at Touchstone Medical Imaging Exposes 307,528 Patients' Personal Data

A folder containing billing information was mistakenly left accessible online.

Staples Investigates Possible Data Breach

Potentially affected locations include seven in Pennsylvania, three in New York City, and one in New Jersey.

Chinese Government Targets iCloud Users with MITM Attack

All Chinese visitors to iCloud.com are being directed to a fake page designed to steal login credentials.

Passwords Not Going Away Any Time Soon

While biometric authentication and other password alternatives abound, traditional passwords remain the go-to method of authentication due to low cost.

Cost of Cybercrime in U.S. Reaches $12.7 Million per Organization

The number of cyber attacks per week surged by 176 percent over the past five years, according to the Ponemon Institute.

Mobile Device Management Not Just for Big Companies

While mobile device management is often found at companies with big workforces, it can also help small companies with their mobile initiatives.

Forgotten Passwords Cost Companies $200,000 a Year

'Bottom line, it's time to kill passwords,' says Centrify CEO Tom Kemp.

Google Researchers Warn of POODLE SSL Vulnerability

Twitter immediately disabled SSL 3.0 support following the disclosure.

No Easy Fix for Point-of-Sale Security

Why is securing point-of-sale systems so hard, and what can retailers do to improve their PoS security postures?

Hackers Claim Breach of 7 Million Dropbox Accounts

Dropbox says it wasn't hacked, and that any stolen login credentials came from breaches at other sites.

Kmart Stores Infected with Point-of-Sale Malware

The company says the infection came from 'a new form of malware that was undetectable by current anti-virus systems.'

VeraCrypt a Worthy TrueCrypt Alternative

A fork of TrueCrypt's code, VeraCrypt strengthens the open source encryption software's transformation process and addresses other weaknesses.

Dairy Queen Acknowledges Major Credit Card Breach

Almost 400 locations are affected, exposing customer names, payment card numbers and expiration dates.

JPMorgan Hackers Also Hit Over a Dozen Other Financial Firms

Additional targets included Citigroup, HSBC, E*Trade, Regions Financial, ADP and Bank of the West, though it appears that no data was stolen.

Keeping SCADA Systems Secure

FireEye Turns Its Attention to SCADA industrial control systems.

Misconfigured Server Causes Massive Data Breach at MBIA

Account numbers and balances were exposed, along with detailed instructions on how to authorize new bank accounts for deposits.

FDA Issues Cyber Security Guidance for Medical Devices

The guidance is intended to help device manufacturers mitigate security risks.

Veracode Gears up for Security IPO

Veracode CEO explains what his company is doing now as he heads toward a public offering.

AT&T Acknowledges Another Insider Breach

An employee inappropriately accessed Social Security numbers, driver's license numbers, and Customer Proprietary Network Information (CPNI).

Enforcing Password Complexity without Alienating Users

Protecting passwords from compromise is a challenge for IT managers, who must deal with attacks that aim to compromise systems while giving users the simplicity they want.

JPMorgan Data Breach Impacts 76 Million Households, 7 Million Businesses

'You were affected if you used the following Web or mobile services: Chase.com, JPMorganOnline, Chase Mobile or JPMorgan Mobile,' the company says.

Supervalu Hacked Again

Payment card account numbers may have been accessed, along with some cardholder names and expiration dates.

Want to Beat Social Engineering? Training Is Key

Social engineering is an insidious – and highly successful – method of data theft. Training users to spot it is the key to beating it.

General Motors Appoints First Product Cybersecurity Officer

Mark Reuss, GM's vice president of global product development, says it's crucial to look at vehicle technology 'on a critical systems level.'