Network Security

Network Security news, trend analysis and opinion

Vulnerabilities found in more command-line tools, wget and tnftp get patches

Flaws identified in wget and tnftp allow malicious servers to execute rogue commands on users' systems

Drupal: If you weren't quick to patch, assume your site was hacked

Drupal site owners who failed to rapidly deploy a recent critical patch were advised to restore their sites from backups


Attack campaign infects industrial control systems with BlackEnergy malware

Customers of three SCADA human-machine interface products from different vendors were potentially affected, ICS-CERT said

Gigamon says it can analyze attacker SSL traffic without hitting performance

Attackers are increasingly using SSL to encrypt data they steal, which poses challenges for security

What IBM can learn from its own cybersecurity business

IBM’s fortunes in cybersecurity improved substantially when it abandoned its internally focused strategy and built a business to meet customer requirements.

Security vendor coalition cleans 43,000 malware infections used for cyberespionage

The removed tools were used by a prolific Chinese cyberespioange group dubbed Axiom

'ScanBox' keylogger targets Uyghurs, US think tank, hospitality industry

The JavaScript-based attack doesn't put malware on a computer's disk

Clues point to Russia in long-running spying campaign

'APT28' has predominantly focused on targets of interest to Russia, FireEye said

Vulnerability in widely used 'strings' utility could spell trouble for malware analysts

Extracting text strings from binary files is not as safe as most people think, a security researcher found

Cyberespionage group launches sophisticated phishing attacks against Outlook Web App users

The group targeted military agencies, embassies, defense contractors and media organizations, researchers from Trend Micro said

DNS is ubiquitous and it's easily abused to halt service or steal data

DNS may be absolutely fundamental to the way the Internet works, but it was never designed with security in mind. Here are four ways that attackers and cyber thieves are exploiting the Internet's plumbing to deny service and steal...

Facebook and Yahoo prevent use of recycled email addresses to hijack accounts

A new mechanism helps email servers determine if a message was intended for a recycled account's previous owner

Enterprises Establish a 'Cybersecurity Cavalry'

As expert group gains status and budget, large organizations are moving away from the status quo.

Abandoned subdomains pose security risk for businesses

Attackers could hijack subdomains pointed by companies at external services they no longer use, researchers say

Massive malvertising campaign on Yahoo, AOL and other sites delivers ransomware

The malicious ads exploited vulnerabilities to install the CryptoWall ransomware on computers, researchers from Proofpoint said

Android ransomware 'Koler' turns into a worm, spreads via SMS

The Koler ransomware locks the device screen and displays fake messages from police agencies

One week after patch, Flash vulnerability already exploited in large-scale attacks

The Fiesta exploit kit bundles an exploit for the CVE-2014-0569 vulnerability in Flash Player, researchers found

Researcher creates proof-of-concept worm for network-attached storage devices

Infecting NAS devices with malware can be very valuable for attackers, a researcher said

Yet another Proofpoint for Network and Endpoint Security Integration

Network/Endpoint integration initiatives gaining traction at advanced organizations driven by threat management and security analyst teams

New technique allows attackers to hide stealthy Android malware in images

The attack could be used to distribute malware through applications that appear harmless, researchers said

Load More