Access Control

Access Control news, trend analysis and opinion

Arrests made after international cyber-ring targets StubHub

StubHub accounts were compromised and used to buy tickets for popular events, which were then resold

Systems engineer arrested in massive data leak in Japan

At least 7 million names were stolen from the database of education firm Benesse


Botnet brute-forces remote access to point-of-sale systems

A new malware threat scans the Internet for POS systems and tries to access them using common usernames and passwords

Vulnerability in AVG security toolbar puts IE users at risk

Bad design decisions could have enabled malware infections, researchers from CERT/CC said

BrandPost Brocade

Internet of Overwhelming Things

As the era of Internet of Things (IoT) dawned, the fridge got hacked. Well, maybe not.

Attack on Dailymotion redirected visitors to exploits

A rogue iframe injected into the site led visitors to exploits that installed a click-fraud Trojan program, researchers from Symantec said

Attack on Dailymotion redirected visitors to exploits

A rogue iframe injected into the site led visitors to exploits that installed a click-fraud Trojan program, researchers from Symantec said

Critical vulnerability in popular WordPress newsletter plug-in endangers many blogs

Attackers could exploit a flaw in the MailPoet Newsletters plug-in to take full control of vulnerable blogs, researchers from Sucuri said

Hardcoded SSH key gives backdoor access to Cisco communications manager

Cisco released new software versions to fix the issue and patch another serious vulnerability

BrandPost Brocade

Against All Odds

No doubt, there are consumers of data center services who share my despair over getting access to the unrestricted wonders enabled by ongoing innovations in social, mobile, cloud and big data. IDC has dubbed those innovations

password

8 ways the password is dying

From smartphones that know you’re near to tattoos and even pills, high-tech companies are busy replacing pesky strings of text with easier ways to authenticate. Check out the future here.

New malware program hooks into networking APIs to steal banking data

The Emotet malware can sniff information even from HTTPS conenctions, researchers from Trend Micro said

Cyphort provides guidance on prioritizing APTs for mitigation

Cyphort has announced a next generation threat defense system said to prevent and detect threats and help prioritize the highest risks so infosec professionals know how to focus their resources.

Researchers bypass PayPal's two-factor authentication system

An API and mobile app loophole allowed access to 2FA-enabled accounts with only a user name and password, researchers from Duo Security said

Big Data, Big Mess: Sound Risk Intelligence Through Complete Context

This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.

CIOs Will Find That the Most Valuable Data Comes From Outside

Adam Hartung says CIOs are too focused on creating data about internal operations and need to augment that with external data about market conditions.

New Havex malware variants target industrial control system and SCADA users

Attackers compromised ICS/SCADA vendor sites and altered software downloads to distribute the malware, researchers from F-Secure said

Researchers expect large wave of rootkits targeting 64-bit systems

Rootkits are again on the rise with the number of new samples reaching levels not seen since 2011, a McAfee report said

Ad network compromise led to rogue page redirects on Reuters site

The Syrian Electronic Army compromised a third-party widget to redirect some Reuters.com visitors to a defacement page

Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk

This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this information to determine which cyber insurance options make the most sense based on your

Will full encryption sideline Google's targeted ads?

Mining personal data to deliver targeted ads is the lifeblood of Google's business -- and of many other online firms. But what if that data dries up at the source?

Maliciously crafted files can disable Microsoft's antimalware products

A vulnerability in the engine used by many Microsoft antimalware products can lead to a persistent denial-of-service condition

Amazon CTO says business unaffected by Snowden revelations

Business overseas is as strong as ever, Werner Vogels says

Biggest, baddest, boldest software backdoors of all time

These 12 historically insidious backdoors will have you wondering what’s in your software -- and who can control it

Load More