Security Trends 

Shellshock a Fail for Security Disclosure

Shellshock and the Xen vulnerability. One of these things is not like the other, and an expert says they can teach us a lot about how to disclose security vulnerabilities.

Passwords Not Going Away Any Time Soon

While biometric authentication and other password alternatives abound, traditional passwords remain the go-to method of authentication due to low cost.

Malvertising, Online Ad Networks a Dangerous Duo

Bad guys are using online advertising networks and popular sites like YouTube to serve malware to unsuspecting Internet users, finds new research from Bromium Networks.

No Silver Bullet for Use-After-Free Flaws [VIDEO]

TrueCrypt Getting a New Life

TrueCrypt will stay alive, thanks to devotees who are forking the encryption program's code. 'Cleaned up' code will get a new name, CipherShed, and a different open source license.

Internet of Things a Potential Security Disaster

Experts believe the Internet of Things will be highly insecure, at least in the early days.

Startup Spotlight: CloudPassage's Software-defined Security

As the software-defined data center becomes more common, enterprises are seeking security solutions that are abstracted from the underlying infrastructure.

Security Research and the Law: What You Need to Know

Security researchers must navigate a minefield of U.S. laws and statutes, such as the Computer Fraud and Abuse Act.

DefCon: Advice on Evading Black Helicopters

You say 'paranoid,' I say 'careful.' Expert offers 'practical' advice on living the paranoid lifestyle.

Yahoo CISO Details Challenge of Security at Scale

Security vendors focus on banks not Web-scale companies, says Yahoo CISO Alex Stamos.

Backoff PoS Malware Demonstrated at Black Hat [VIDEO]

Trustwave researchers demonstrate Backoff malware, which targets POS systems, at Black Hat. Attack that has compromised 600 retailers relies on Java.

Using Military Strategy to Fight Cyber Battles

What does the Library of Sparta have to do with modern IT security? Military strategies are increasingly common in cybersecurity – and with good reason.

Buy All the Cybersecurity Vulnerabilities: Black Hat Keynote

Black Hat keynote speaker Dan Geer has some radical ideas to reshape modern security, including a suggestion that the United States purchase security vulnerabilities and make them public.

Dude, How Secure Is My Connected Car?

With connected cars becoming more common, experts say vehicle manufacturers should adopt security best practices used by mobile device makers.

Hackers Target Browsers, Especially IE: Bromium Labs

Hackers targeted Microsoft's Internet Explorer with an emerging attack technique called action script spray in the first half of 2014, say Bromium Labs researchers.

Google Project Zero Focuses on Internet Security

Months after reporting its first vulnerabilities, Google officially acknowledges the existence of a shadowy security group known as Project Zero.

Boleto Malware Hits Brazil Payment System

New IBM Trusteer research finds new variants of malware used to exploit Brazil's Boleto payment system.

Fighting Advanced Persistent Threats with Emulation

A layered approach to security is the key to fighting advanced persistent threats (APTs).

Identity and Access Management's Role in Secure Cloud Collaboration

As enterprises demand more secure cloud-based externalization, companies like Exostar are answering the call with IAM solutions.

Hackers Using DDoS to Distract Infosec Staff

Hackers are increasingly using DDoS attacks as a kind of 'smokescreen' that helps them carry out data breaches.

Data Breach Roundup: May 2014

Third-party vendors played a significant part in a handful of data breaches in May. This is why, experts say, companies must ensure vendors are careful with their data.

HR a Hot Target for Cybercriminals

Hackers see HR as an easy – and valuable – target. Educating HR staff is a key defense.

Are Anti-Malware's Days Numbered?

Anti-malware software can't spot all malicious code. Is  isolating end-user tasks through virtualization a better approach to security?

Retailers Partner on Cybersecurity Initiative

Retail Cyber Intelligence Sharing Center initiative will make it easy for retailers to share cybersecurity intelligence with each other and with government agencies.

Is Infosec Getting More Stressful?

Most IT professionals are stressed out at work, a recent survey suggests. Information security pros are especially stressed, thanks to growing levels of unpredictability.