A new variant of a Trojan program that targets online banking accounts also contains code to search if infected computers have SAP client applications installed, suggesting that attackers might target SAP systems in the future.
Security experts used fake Facebook and LinkedIn profiles pretending to represent a smart, attractive young woman to penetrate the defenses of a U.S. government agency with a high level of cybersecurity awareness, as part of an exercise that shows how effective social engineering attacks can be,...
Law enforcement agencies should be allowed to hack into computers to identify cybercriminals and collect evidence, representatives from Europol and the Dutch National Police argued in front of a room full of security professionals at the RSA Europe security conference in Amsterdam.
Many open-source software developers need to improve the way in which they handle vulnerability reports, according to researchers from security firm Rapid7, who recently found and reported vulnerabilities in seven popular open-source software applications.
A cadre of prominent broadcasters including ABC and CBS petitioned the U.S. Supreme Court on Friday to shut down Aereo, a television streaming service, alleging that Aereo infringes their copyrights and puts their businesses at risk, according to a Wall Street Journal report.
Research firms paint a dire picture of a massive big data skills gap that will get worse over time. But companies like Persado, which uses big data to help marketers optimize their messages, are finding success training their existing staff in the new big data technologies.
The U.S. National Security Agency's reported efforts to weaken encryption standards have prompted an encrypted communications company to move away from cryptographic algorithms sanctioned by the U.S. National Institute of Standards and Technology (NIST).
The U.S. Federal Trade Commission should back away from its claim of broad authority to seek sanctions against companies for data breaches when it has no clearly defined data security standards, critics of the agency said Thursday.
Within five years the math for cracking encryption algorithms could become so efficient that it may render today’s commonly used RSA public key cryptography algorithm obsolete, Black Hat attendees were told.
RSA President Tom Heiser is transferring from the security company to its parent company EMC to focus on cloud computing initiatives, according to an internal communication sent from the company today.
A new report from the SANS Institute and RSA on help desk security and privacy finds help desk workers are the easiest victims for a determined social engineering criminal. Due to metrics and basic job requirements, end user and network support operations are still the top target when it comes to...
By building on the natural strengths of PCI Express (PCIe) -- it's everywhere, it's fast, it's low power, it's affordable -- and by adding some straightforward, standards-compliant extensions that address multi-host communication and I/O sharing capabilities, a universal interconnect now exists...
Last week here in Backspin I discussed how real-world "things" that aren't easily augmented with digital instrumentation, such as bicycles, cars and even dogs, can be indirectly connected to the Internet of Things (IoT) using physical ID tags and online proxies. This is, as I pointed out, a...
What could be better than a portable hard drive? A battery-powered portable hard drive that provides its own Wi-Fi hotspot, of course. Corsair's Voyager Air and Seagate's Wireless Plus command hefty price premiums compared to more ordinary drives, but they are also extremely convenient.
The recent RSA conference in San Francisco was awash in talk of big data, but it was clear there was some disagreement about what people mean by big data and some outright skepticism about it being the answer.
Any business that anticipates using cloud-based services should be asking the question: What can my cloud provider do for me in terms of providing digital forensics data in the event of any legal dispute, civil or criminal case, cyberattack or data breach?
In another breakthrough for China's anti-piracy efforts, four major record labels have signed a deal to license music to a Chinese Internet firm in exchange for royalties, after the company had previously been accused of hosting links to illegal music downloads.
It may be time to brace yourself for the post-crypto world, according to Adi Shamir, one of the founding fathers of public-key cryptology. Shamir's comments came at this week's RSA Security conference.
Symantec today began offering multi-algorithm SSL certificates for Web servers that go beyond traditional crypto to include what's known as the Elliptic Curve Cryptography (ECC) Digital Signature Algorithm (DSA), which the firm says will be 10,000 times harder to break than an RSA-bit key....
RSA, the security division of EMC, today announced Security Analytics, its tool for real-time analysis of large amounts of data from security and business information to determine if an organization is being attacked, especially by stealthy threats intent on stealing sensitive information.
Cryptography Research, known for its crypto system-breaking stunts, will be at it again at the RSA Conference in San Francisco next month when it shows a way to steal encryption keys off hardware chips and smart cards.
RSA, the security division of EMC, is looking to big data for the future of security, arguing that applying analytics to massive amounts of data related to users, their devices and network management will be increasingly important to detect fraud and cyberattacks.
The Security for Business Innovation Council, comprised of IT security professionals from 19 companies worldwide, called cloud computing the main disruptive force for 2013. In its report, "Information Security Shake-Up," the group said it was evident many organizations are preparing to move more...
The concept of the Internet of Things is a powerful one. You take a device that can be monitored and or controlled in the physical world and connect it to the 'Net such that it has a virtual doppelganger online. This not only allows for things in the real world to be controlled by computers, it...
To hear Rod Canion and his fellow co-founders of Compaq Computer Corporation tell it, Compaq was an amazing company during its 20-year existence. From humble beginnings on farmland north of Houston to the Fortune 500 list, Compaq was the undisputed global leader of the PC industry for a number of...
The questions are being asked more often: When a cyberattack hits your network, is it right to launch a counter-attack of some type to try to at least identify the source if not stop it? Since the wheels of justice do indeed grind slowly, should frustrated IT professionals with security skills take...
RSA, the security division of EMC, today announced a security product intended to protect simple passwords stored within businesses for authentication purposes, by splitting these passwords in two pieces kept separately, in theory making it harder for hackers to get hold of them.
RSA is readying a product it calls Security Analytics whose purpose is basically to transform the company's traditional security information and event management (SIEM) product, EnVision, into a hunter of stealthy attackers, and a forensics tool to analyze attacks.
Industrial Ethernet switches and other devices produced by industrial networking equipment manufacturer RuggedCom contain a vulnerability that could be exploited to compromise SSL-based communications between them and their users, according to a security researcher from security startup Cylance.
RSA Wednesday introduced a service at the Black Hat Conference to monitor far and wide for signs of phony corporate mobile apps, and to work with Google Play, Apple iTunes and other major app stores to remove them quickly.
Horace Dediu writes data-driven analyses on a wide range of mobile industry topics. He is the founder and author of Asymco, a blog for "curated market intelligence," and previously worked for eight years at Nokia, as an industry analyst and business development manager.
Get it while you can, is the cry from the denizens of the Russian-speaking malware underworld regarding the Citadel Trojan, offered openly for $2,500, plus more for plug-ins and a monthly fee for "membership" in Citadel's crimeware syndicate. But now the Citadel gang is taking the malware off the...
Five years ago today, the original iPhone went on sale. Since then, to its growing legions of users, the iPhone has become less a gadget or machine, and more a personal means of relating to a wider and richer world.
Cisco's Linksys brand of home wireless networking routers today joined other vendors in coming out with 802.11ac equipment, as well as enabling a cloud-based platform for configuration and control of its "Smart Wi-Fi Routers."
The larger and more complex an organization's processing environments are, including cloud instances, the more challenging the process of application deployment. Automation tools support the best practice of keeping these apps updated for peak performance, capability and security.
According to reports, Apple doesn't want to hand over depositions from late CEO Steve Jobs and vice president of internet software and services Eddy Cue, as part of a class action case against Universal Music Group.