Steve Ragan

Senior Staff Writer

Prior to joining the journalism world in 2005, Steve Ragan spent 15 years as a freelance IT contractor focused on infrastructure management and security. He's a father of two and rounded geek with a strong technical background.

GoDaddy accounts vulnerable to social engineering and Photoshop

GoDaddy serves more than 13 million customers, who in turn place 59 million domains under the registrar's management. On Tuesday, my personal account at GoDaddy was compromised. The attacker was able to gain control over my account...

Rogue cell towers discovered in Washington, D.C.

After initially discovering more than a dozen rogue cell towers in the U.S., ESD America and IntegriCell discovered more questionable towers in the nation's capitol, 15 of them to be exact. Ownership remains unknown, but Tuesday's...

Addressing security with the board: Tips for both sides of the table

Addressing security with the board: Tips for both sides of the table

In the boardroom, when it comes to addressing the topic of security, there's tension on both sides of the table. It doesn't happen all the time, but when it does, the cause of the friction is usually security executives and board...

Configuration errors lead to HealthCare.gov breach

The Health and Human Services Department (HHS) said that HealthCare.gov, the nation's health insurance enrollment website, was breached in July and that the attackers uploaded malware to the server. Officials say that while the...

Industrial software website used in watering hole attack

Industrial software website used in watering hole attack

AlienVault Labs has discovered a watering hole attack that's using a framework developed for reconnaissance as the primary infection vector.

27 million South Koreans affected by data breach

South Korean authorities have revealed details surrounding massive data breach that impacts 27 million people aged 15-65. Moreover, local media is reporting that 16 people involved with the scheme were arrested, and that the full...

Exposed: An inside look at the Magnitude Exploit Kit

Exposed: An inside look at the Magnitude Exploit Kit

Researchers at Trustwave have provided CSO with an inside look at the Magnitude Exploit Kit's infrastructure. Linked to attacks against PHP.net and Yahoo, this kit has gone from obscurity to a certified threat in just a few short...

E-ZPass drivers warned about Phishing scam

E-ZPass drivers warned about Phishing scam

E-ZPass Group, a toll collection program consisting of 25 agencies in 15 states, has issued a warning to customers concerning a Phishing scam that is posing as a collection notice.

Microsoft's takedown of No-IP pushes innocents into the crossfire

On Monday, Microsoft said they were taking No-IP (noip.com) to task for failing to prevent criminals from abusing their services. The case is Microsoft's latest effort to slow the spread of malware online, but this time innocents are...

Twenty-year-old vulnerability in LZO finally patched

After twenty years, a vulnerability in Lempel-Ziv-Oberhumer (LZO), an extremely efficient compression algorithm, has finally been patched. The flaw, a subtle integer overflow, existed for as long as it did because of the practice of...

Information overload: Finding signals in the noise

Signal-to-noise ratios are hard to manage. As a security professional, you want the threat data, you want the attack notifications and alerts, and you need intelligence. But, when there's too much coming in, those alerts and...

Bitly discloses account compromise, urges users to change passwords

On Thursday evening, Bitly (bit.ly), one of the Web's largest URL shortening services, urged users to reset their API keys, OAuth tokens, and passwords.

Avoiding burnout: Ten tips for hackers working incident response

Recent security graduates entering the world of incident response, or those with a strong security background making a career move, face a challenging environment that often leads to frustration and burnout.

Microsoft confirms Internet Explorer zero-day

On Saturday, late in the evening, Microsoft issued a public advisory confirming the existence of a new vulnerability in Internet Explorer that's being used in targeted attacks online.

Activism's slippery slope: Anonymous targets children's hospital

Supporters of the faceless collective known as Anonymous have taken up the cause of a young girl, after the State of Massachusetts removed her from her parents earlier this year. However, the methods used to show support may have...

Hundreds of medical professionals targeted in multi-state tax scam

Medical professionals in ten states have become victims of identity theft, after someone used their personal information, including Social Security Number, to file fraudulent tax returns.

Organizations suffer SQL Injection attacks, but do little to prevent them

On Wednesday, the Ponemon Institute released the results of a new study conducted for DB Networks. In it, 65 percent of the respondents said that they've experienced one or more SQL Injection attacks in the last 12 months. In...

Heartbleed vulnerability linked to breach of Canadian tax data

In a statement on Monday, the Canada Revenue Agency (CRA), Canada's tax-collection agency, confirmed that the Heartbleed vulnerability was to blame for the loss of tax-related information.

Jetpack for WordPress pushes patch for two year-old flaw

The developers behind Jetpack, one of WordPress' most popular plugins, have patched a serious flaw introduced in 2012 that would enable an attacker bypass access controls and publish posts to any website hosted on the blogging...

Heartbleed (CVE-2014-0160): An overview of the problem and the resources needed to fix it

After only a few days, the Internet is still buzzing with news surrounding CVE-2014-0160, better known as the Heartbleed vulnerability. CSO has compiled the following information in order to help administrators and security teams...

Load More