Steve Ragan
Senior Staff Writer
Prior to joining the journalism world in 2005, Steve Ragan spent 15 years as a freelance IT contractor focused on infrastructure management and security. He's a father of two and rounded geek with a strong technical background.
Rogue cell towers discovered in Washington, D.C.
After initially discovering more than a dozen rogue cell towers in the U.S., ESD America and IntegriCell discovered more questionable towers in the nation's capitol, 15 of them to be exact. Ownership remains unknown, but Tuesday's...
Addressing security with the board: Tips for both sides of the table
In the boardroom, when it comes to addressing the topic of security, there's tension on both sides of the table. It doesn't happen all the time, but when it does, the cause of the friction is usually security executives and board...
Configuration errors lead to HealthCare.gov breach
The Health and Human Services Department (HHS) said that HealthCare.gov, the nation's health insurance enrollment website, was breached in July and that the attackers uploaded malware to the server. Officials say that while the...
Industrial software website used in watering hole attack
AlienVault Labs has discovered a watering hole attack that's using a framework developed for reconnaissance as the primary infection vector.
27 million South Koreans affected by data breach
South Korean authorities have revealed details surrounding massive data breach that impacts 27 million people aged 15-65. Moreover, local media is reporting that 16 people involved with the scheme were arrested, and that the full...
Exposed: An inside look at the Magnitude Exploit Kit
Researchers at Trustwave have provided CSO with an inside look at the Magnitude Exploit Kit's infrastructure. Linked to attacks against PHP.net and Yahoo, this kit has gone from obscurity to a certified threat in just a few short...
E-ZPass drivers warned about Phishing scam
E-ZPass Group, a toll collection program consisting of 25 agencies in 15 states, has issued a warning to customers concerning a Phishing scam that is posing as a collection notice.
Microsoft's takedown of No-IP pushes innocents into the crossfire
On Monday, Microsoft said they were taking No-IP (noip.com) to task for failing to prevent criminals from abusing their services. The case is Microsoft's latest effort to slow the spread of malware online, but this time innocents are...
Twenty-year-old vulnerability in LZO finally patched
After twenty years, a vulnerability in Lempel-Ziv-Oberhumer (LZO), an extremely efficient compression algorithm, has finally been patched. The flaw, a subtle integer overflow, existed for as long as it did because of the practice of...
Information overload: Finding signals in the noise
Signal-to-noise ratios are hard to manage. As a security professional, you want the threat data, you want the attack notifications and alerts, and you need intelligence. But, when there's too much coming in, those alerts and...
Bitly discloses account compromise, urges users to change passwords
On Thursday evening, Bitly (bit.ly), one of the Web's largest URL shortening services, urged users to reset their API keys, OAuth tokens, and passwords.
Avoiding burnout: Ten tips for hackers working incident response
Recent security graduates entering the world of incident response, or those with a strong security background making a career move, face a challenging environment that often leads to frustration and burnout.
Microsoft confirms Internet Explorer zero-day
On Saturday, late in the evening, Microsoft issued a public advisory confirming the existence of a new vulnerability in Internet Explorer that's being used in targeted attacks online.
Activism's slippery slope: Anonymous targets children's hospital
Supporters of the faceless collective known as Anonymous have taken up the cause of a young girl, after the State of Massachusetts removed her from her parents earlier this year. However, the methods used to show support may have...
Hundreds of medical professionals targeted in multi-state tax scam
Medical professionals in ten states have become victims of identity theft, after someone used their personal information, including Social Security Number, to file fraudulent tax returns.
Organizations suffer SQL Injection attacks, but do little to prevent them
On Wednesday, the Ponemon Institute released the results of a new study conducted for DB Networks. In it, 65 percent of the respondents said that they've experienced one or more SQL Injection attacks in the last 12 months. In...
Heartbleed vulnerability linked to breach of Canadian tax data
In a statement on Monday, the Canada Revenue Agency (CRA), Canada's tax-collection agency, confirmed that the Heartbleed vulnerability was to blame for the loss of tax-related information.
Jetpack for WordPress pushes patch for two year-old flaw
The developers behind Jetpack, one of WordPress' most popular plugins, have patched a serious flaw introduced in 2012 that would enable an attacker bypass access controls and publish posts to any website hosted on the blogging...
Heartbleed (CVE-2014-0160): An overview of the problem and the resources needed to fix it
After only a few days, the Internet is still buzzing with news surrounding CVE-2014-0160, better known as the Heartbleed vulnerability. CSO has compiled the following information in order to help administrators and security teams...