Welcome Guest | Sign In
LinuxInsider.com
Adobe Hack Victim Count Skyrockets to 38M
October 31, 2013
After initially estimating that a mere 3 million customers had been affected by the security breach it announced at the start of October, Adobe on Wednesday admitted that the actual number now looks to be closer to an eye-popping 38 million. In addition, the breach seems to be more far-reaching than initially thought, extending to the Photoshop family of products as well.
Strong Encryption, Natural Language Search Make Potent Cocktail
October 22, 2013
Strong encryption and natural language search can be like oil and water. That's because encrypted data can't be digested by your typical search engine. However, CipherCloud announced a solution to that knotty problem last week. The latest version of the 3-year-old company's cloud-based service includes something it's calling "searchable strong encryption."
Oracle Unleashes the Mother of All Security Patches
October 17, 2013
Oracle has released a whopper of a critical patch update for October, with 127 security fixes across several of the company's products. Of these, 51 are fixes for Java SE, and all but one of those will allow remote exploitation of a computer without authentication. Oracle recommends the patch be applied as soon as possible, as many of the vulnerabilities cross product family lines.
MediaFire's Derek Labian: Cloud Storage Is an Everyday Need
October 15, 2013
Security and privacy concerns may be far outweighed for many users by the convenience and appeal of the cloud, but users need to view cloud access as more than just another storage utility on the desktop. That's according to Derek Labian, CEO of cloud storage service MediaFire. Instead, cloud users need to focus on cloud performance and application functionality, Labian suggests.
Hackers Purloin 2.9M Adobe Customers' Data
October 04, 2013
Adobe on Thursday announced what has become depressingly familiar news to consumers and security experts: It has been hacked, and on a large scale. "Very recently, Adobe's security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products," said Brad Arkin, the company's chief security officer.
Coverity's Zack Samocha: Software Quality and the Open Source Advantage
October 01, 2013
Software quality is a topic close to most developers' hearts, whether they work with open source or proprietary code. Assessing quality, however, isn't always a simple matter. As a result, several efforts have sprung up to tackle the challenge, including the Coverity Scan project. Coverity began work in 2006 on the open source project, which is a joint endeavor with the Department of Homeland Security.
Revisiting Risk Assessment in the Cloud
October 01, 2013
The case for cloud is compelling for a number of reasons, but one of the more compelling reasons from a technologist's point of view has to do with the ability to abstract lower levels of the application stack. Depending on the model of cloud employed, varying amounts of the underlying technology components move out of the scope of your direct control.
Google Adds Remote Locking for MIA Androids
September 25, 2013
Google on Tuesday rolled out a feature for its recently launched Android Device Manager that lets users lock down a stolen Android device from anywhere, via the Web. "This is something that should be built into the OS and the platform because it's an inherent security feature," said tech analyst Rob Enderle. Google is late to the game in rolling out its remote lock capability.
AlienVault's Barmak Meftah: Time to Put Hackers on the Defensive
September 24, 2013
As CEO of AlienVault, Barmak Meftah faces enemies every day who play out their attacks from faraway lands using seemingly unbeatable weapons. One of the weapons AlienVault uses with the support of the open source community is a global report called the Open Threat Exchange that tracks threats to computer networks. The results make it possible to identify trouble spots and take corrective action.
BYOD Security Is All About Juggling Risks
September 23, 2013
Allowing workers to use personal phones and tablets to do their jobs has created security risks in the workplace, but those risks can be minimized if they're managed. What should such a risk management program do? "The first step is you have to protect the device," said IBM Application, Data and Mobile Security Director Caleb Barlow. That includes everything from provisioning to data wiping.
Cracking the BYOD Security Nut
September 23, 2013
While so-called BYOD isn't necessarily new -- IT departments, after all, have been supporting mobile road warriors since the 1980s -- the rising tide of end users seeking the use and support of their own consumer devices is different. It's so different that IT departments are grasping for any standard or proven approaches that make BYOD access of enterprise resources both secure and reliable.
RSA Warns Customers Off Suspected NSA-Tainted Crypto Tools
September 21, 2013
RSA has advised its customers to make a configuration adjustment to its BSafe security software products. This follows an announcement issued by NIST not to use a security standard it designed and published. The standard is the Dual Elliptic Curve Deterministic Random Bit Generator. The Dual_EC_DRBG is believed to contain an NSA backdoor that would in essence nullify the standard's security.
Heavy Attacks Expected as Microsoft Scrambles to Fix IE Flaw
September 18, 2013
Microsoft revealed Tuesday it was investigating a previously unknown security flaw affecting all versions of its IE Web browser. Hackers have attempted to exploit the vulnerability in targeted attacks on users of versions 8 and 9, it reported in a security advisory. "The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code," the advisory says.
Symantec Exposes Crackerjack Cybercriminal Group
September 17, 2013
Symantec on Tuesday disclosed the existence of a group of 50 to 100 top-rate hackers. Named "Hidden Lynx," the group is an advanced persistent threat that has skills well ahead of similar organizations in the region, such as APT1, Symantec said. "The Hidden Lynx group is methodical in its approach and leverages zero days quickly," said Vikram Thakur, a researcher at Symantec Security Response.
Web App Firewalls Blunt Attacks
September 16, 2013
Web applications have become attractive targets for hackers because they allow bad actors to maximize the reach of their mischief with a minimum of effort. That's what originally attracted the Internet underworld to programs like Windows and Adobe Acrobat, and it's what continues to attract them to Java. A vulnerability in one of those programs can be exploited in millions of machines.
Needle in a Haystack: Harnessing Big Data for Security
September 14, 2013
The combination of the polymorphic nature of malware, failure of signature-based security tools, and massive amounts of data and traffic flowing in and out of enterprise networks is making threat management using traditional approaches virtually impossible. Until now, security has been based largely on the opinions of researchers who investigate attacks.
Neutralizing the 'Weapons Grade' Enterprise Cybersecurity Threat
September 09, 2013
IT leaders are improving security and reducing risks as they adapt to new and often harsh realities of doing business online. CSC and HP, for example, have entered a strategic partnership to help companies and governments better adapt to the tough cybersecurity landscape. "The reality is that we are under attack and have been for quite some time," said Dean Weber, CTO of CSC Global Cybersecurity.
Samsung Enlists Lookout for Android Enterprise Security
September 05, 2013
Samsung will bundle a forthcoming business suite from Lookout into its flailing Knox enterprise security solution for the Android platform. Knox, an end-to-end solution that provides security from the hardware all the way through to the application level, is Samsung's approach to the security threats posed by BYOD. The announcement is drawing mixed responses from security professionals.
No End to the Headaches Endpoints Give System Defenders
September 03, 2013
If there's one attack surface that's attracting growing attention from digital marauders, it's a system's endpoints. With the proliferation of BYOD, securing connections can be a defender's nightmare. Endpoints have an allure for attackers because they offer multiple attack vectors, such as social engineering attacks, spearphishing, USB infection, and compromise of WiFi networks and routers.
4 Quick and Dirty SaaS Technical Controls
September 03, 2013
Because of the rapid pace of SaaS adoption, many security practitioners have found themselves scrambling to ensure the security of the specific technologies their enterprises want to employ. However, the dynamics of SaaS can make this a challenging exercise. This is because most of the options for specific security controls are, by necessity, of the contractual or procedural variety.

See More Articles in Enterprise Security Section >>
Facebook Twitter LinkedIn Google+ RSS