Security Trends 

Hackers Target Browsers, Especially IE: Bromium Labs

Hackers targeted Microsoft's Internet Explorer with an emerging attack technique called action script spray in the first half of 2014, say Bromium Labs researchers.

Google Project Zero Focuses on Internet Security

Months after reporting its first vulnerabilities, Google officially acknowledges the existence of a shadowy security group known as Project Zero.

Boleto Malware Hits Brazil Payment System

New IBM Trusteer research finds new variants of malware used to exploit Brazil's Boleto payment system.

Fighting Advanced Persistent Threats with Emulation

A layered approach to security is the key to fighting advanced persistent threats (APTs).

Identity and Access Management's Role in Secure Cloud Collaboration

As enterprises demand more secure cloud-based externalization, companies like Exostar are answering the call with IAM solutions.

Hackers Using DDoS to Distract Infosec Staff

Hackers are increasingly using DDoS attacks as a kind of 'smokescreen' that helps them carry out data breaches.

Data Breach Roundup: May 2014

Third-party vendors played a significant part in a handful of data breaches in May. This is why, experts say, companies must ensure vendors are careful with their data.

HR a Hot Target for Cybercriminals

Hackers see HR as an easy – and valuable – target. Educating HR staff is a key defense.

Are Anti-Malware's Days Numbered?

Anti-malware software can't spot all malicious code. Is  isolating end-user tasks through virtualization a better approach to security?

Retailers Partner on Cybersecurity Initiative

Retail Cyber Intelligence Sharing Center initiative will make it easy for retailers to share cybersecurity intelligence with each other and with government agencies.

Is Infosec Getting More Stressful?

Most IT professionals are stressed out at work, a recent survey suggests. Information security pros are especially stressed, thanks to growing levels of unpredictability.

Data Breach Roundup: April 2014

Would sharing intelligence on hackers and other threats help companies avoid data breaches? At least one expert thinks so.

Do You Need EV-SSL? [VIDEO]

The CEO of Comodo, a key contributor to the EV-SSL standard, explains why extended validation SSL matters but why you might not always actually need it.

Startup Spotlight: Cloud Security Specialist Armor5

Most mobile security solutions utilize a traditional endpoint management approach, but not the cloud security service provided by startup Armor5.

How Should Enterprises Score Security? [VIDEO]

Qualys CTO Wolfgang Kandek discusses his firm's Web application firewall and security scoring efforts and hints at future security technologies to come.

Are Companies Doing Enough for Cloud Security?

Bitglass found that few companies use single sign-on, which the security vendor calls ""the most basic security measure for SaaS adoption."

[VIDEO] Where Are Database Threats Today?

Amichai Shulman, CTO of Imperva, explains why SQL injection is not a database threat and discusses the current state of Oracle database patching.

[VIDEO] Dr. Larry Ponemon on How Security Survey Research Is Done

Head of the Ponemon Institute details the process and the challenges of conducting modern security surveys.

Cloud Requires Comprehensive Security: Report

Alert Logic's annual State of Cloud Security report shows a larger variety of attacks in the cloud, demonstrating the need for more comprehensive approaches to cloud security.

ATMs on Windows XP: How Risky Is It?

Microsoft has ended official support for Windows XP. What does that mean for the security of the world's ATMs, most of which run XP?

Does Your Organization Need a Chief Trust Officer? [VIDEO]

6 Steps for Fighting SQL Injection

Database usage is on the rise, as well as the applications that interconnect databases, meaning that SQL injection should still be a top concern for IT security pros.

VIDEO: Is Cognitive Injection the Key to Real Security?

Andy Ellis, chief security officer at Akamai, thinks that taking a positive approach to security tasks will result in better security outcomes.

Inside the U.S Department of Homeland Security's Network

Head of National Cybersecurity Protection System explains where DHS is making investments to defend the U.S federal government's network.

Chinese Government Hacking, One Year Later

What has changed in the year since Kevin Mandia first exposed hacking by the Chinese Army?