5 Steps to Cost-Effectively Manage eCommerce Fraud This Holiday Season *Free Guide*
Welcome Guest | Sign In
ECommerceTimes.com
Wristband Heads Off Password Headaches
November 25, 2014
Has software glut got you down? Do you reuse passwords because creating unique ones for all your online accounts would cause a memory overload? If so, you may be interested in a bit of jewelry called the "Everykey," by a startup with the same name. Everykey is a wristband that removes the need to remember the countless log-in credentials we use every day.
EFF Spearheads Safer Web Initiative
November 24, 2014
The Electronic Frontier Foundation has announced a nonprofit organization that will aim to secure the entire Web. Let's Encrypt, starting in summer 2015, will offer free server certificates to help websites transition from HTTP to the more secure HTTPS protocol. EFF is partnering with Akamai, Mozilla, Cisco, iDenTrust and University of Michigan researchers.
NotCompatible Mobile Malware Gets Badder
November 21, 2014
A new version of the NotCompatible malware, which first appeared in 2012, is bigger, badder and pretty much indestructible, Lookout Security reported. And it can compromise corporate networks, thanks to the BYOD trend. The malware, called "NotCompatible C," focuses on Android devices. The NotCompatible Trojan is used to spread spam campaigns, among other nefarious activities.
Citadel Trojan Adds Keylogging to Arsenal
November 21, 2014
Cybercriminals are using a new version of the dangerous Citadel Trojan, which has been employed to attack the financial and petrochemical industries, to compromise password and authentication solutions, IBM Trusteer has reported. The new version begins capturing keystrokes, or keylogging, when some processes are running. It was discovered on a server that already had been infected.
BitTorrent Sync Goes Pro
November 20, 2014
BitTorrent on Wednesday announced new plans for its Sync service, including a premium subscription option, along with other new paid products. Sync, which was released in beta in July, is billed as a cloud-free file-sharing solution. Currently in version 1.4, Sync soon will graduate to version 2.0, with both an improved free version and a Pro version offered by subscription for $39.99 per year.
IBM Begins New Email Chapter With Intelligent Verse
November 19, 2014
IBM on Tuesday introduced Verse, its entry into the reinventing email derby. Verse, which will be available in both an enterprise and freemium edition, integrates the many ways people communicate with each other every day -- email, meetings, calendars, file sharing, instant messaging, social media, video chats and more -- into a single collaboration environment.
China Suspected in Attacks on USPS, NOAA
November 19, 2014
The U.S. Postal Service and National Oceanic and Atmospheric Administration last week confirmed that their computer systems were targeted in months-long cyberattacks that appear to have originated in China. The attack on USPS compromised information of an estimated 800,000 employees. Data at risk includes names, date of birth, Social Security numbers, addresses and dates of employment.
USPS Employees, Retirees, Customers Exposed in Hack Attack
November 11, 2014
Hackers siphoned off data from United States Postal Service servers for more than eight months before being detected, the USPS said. The personal data -- including names, dates of birth, Social Security numbers, addresses, beginning and end dates of employment and emergency contact information -- of more than 800,000 employees and some retirees has been exposed.
Feds Flummoxed Over Cloud Contract Management
November 07, 2014
Federal agencies may spend as much as $10 billion annually on cloud technology by 2018, as the government seeks to take advantage of the operational improvements and efficiencies it offers. However, deficiencies in contracting for cloud services could compromise the effectiveness of such investments. Furthermore, reactions to proposed remedies have revealed some tensions over contract management.
Russian Cyberspies Caught With Mittens in Cyber Cookie Jar
November 06, 2014
Russian cyberspies -- unlike their Chinese counterparts -- have a reputation for stealth, so it's unusual when two digital espionage operations linked to the Kremlin come to light in a week. FireEye early last week released a report detailing how hackers working for the Russian government have been using sophisticated techniques over a seven-year period to penetrate computer systems.
Dropbox, Microsoft Gang Up on Google
November 04, 2014
Microsoft on Tuesday announced a strategic partnership with Dropbox -- only eight days after announcing unlimited cloud storage for Office 365 subscribers in a move widely seen as a frontal attack on Dropbox and Google. The companies will integrate their services forphones, tablets and the Internet, so that users can access and collaborate on Office files either from Dropbox or Microsoft Office.
Cyberattacks Could Wreak Widespread Havoc by 2025
November 03, 2014
The Pew Research Center last week released a report suggesting that cyberattacks in the next 10 years might cause major destruction of human lives and tens of billions of dollars in property damage. However, the situation might not be as overwhelming as the raw numbers indicate, said report author Janna Quitney Anderson, director of the Imagining the Internet Center at Elon University.
The Long and Winding Road to Shellshock Recovery
October 29, 2014
Four days after Shellshock was disclosed, Incapsula's Web application firewall deflected more than 217,000 attempted exploits on more than 4,100 domains. The company recorded upwards of 1,970 attacks per hour, from more than 890 IPs around the world. Shellshock was expected to be far worse than the Heartbleed flaw, which was expected to impact about 17 percent of the secure Web servers worldwide.
Toll Fraud Can Take a Big Toll on SMBs
October 22, 2014
Toll fraud -- the hijacking of a phone system to dial out to premium numbers in distant countries at several dollars a minute -- costs companies more than $4.7 billion a year, up nearly $1 billion from 2011. Major carriers, such as the companies that make up the CFCA, have sophisticated fraud systems in place to catch hackers, and they can afford to credit customers for fraudulent charges.
Microsoft Patch Blocks Sandworm Tunnels
October 17, 2014
iSight Partners this week revealed that a cybergang it dubbed "Sandworm" has been exploiting a zero-day vulnerability that impacts all supported versions of Microsoft Windows, including Windows Server 2008 and 2012. The announcement was held off until Microsoft issued its patch earlier this week. If exploited, the flaw will let attackers remotely execute code on target systems.
Report: Open Source Needs to Get With the Security Program
October 15, 2014
Open source developers apparently don't adhere to best practices such as using static analysis and conducting regular security audits, found Coverity's Spotlight report, released Wednesday. The Coverity Scan service, which is available at no charge to open source projects, helped devs find and fix about 50,000 quality and security defects in code last year.
Spam Still Packs a Punch
October 15, 2014
The days of in-boxes flooded with spam messages on an assortment of sordid subjects are a faint memory to most email users, but what spam has lost in volume it's gained in power. More than two-thirds of some 200 IT decision makers in companies with five to 1,000 employees said a spam incident in the last year had severely disrupted their business operations -- or halted them entirely.
Kaspersky Probes ATM Malware Mystery
October 10, 2014
Kaspersky Lab this week reported that criminals have been emptying ATMs and infecting them with malware dubbed "Tyupkin." About 50 machines have been infected in eastern Europe, and the attacks have spread to the United States, India and China, based on statistics culled from VirusTotal, Kaspersky said. The attackers target ATMs running Windows 32-bit operating systems.
Tech Execs Issue Dire Warnings on Impact of NSA Surveillance
October 10, 2014
The NSA's wide-ranging surveillance of people's communications worldwide is hitting America's high-tech industry hard, said panelists on Wednesday at a roundtable held by Senate Finance Committee Chairman Ron Wyden in Palo Alto, California. Wyden set the tone from the start: "This is going to cost America jobs." Several foreign governments are planning to build domestic Internets.
Phishers Find Apple Most Tasty Target
October 07, 2014
"Follow the money" isn't just the war cry of journalistic bloodhounds hot on the trail of political corruption. It's the mantra of Web predators, too. That's why PayPal consistently has been the top brand targeted by phishers -- although that appears to have changed. Apple now has the dubious distinction of most-phished brand, according to the latest report from the Anti-Phishing Work Group.
Consumers Fed Up With Data Breaches
September 30, 2014
Consumers are beginning to lose their patience with the custodians of their personal information. Survey results from 2,000 consumers released last week by HyTrust, suggest that 51 percent of those polled would bolt from any business involved in a data breach that compromised personal information such as address, Social Security number or credit card details.
Banks, Businesses Scramble to Smash Bash Shellshock Bug
September 29, 2014
Banks and businesses toiled over the weekend to crush a bug in a widely used open source operating system. The flaw has been in Unix for some 25 years, but it was revealed just last week. If exploited, the vulnerability could be used to inject malicious code or take command of a system or device. Dubbed "Shellshock," it requires patching systems and devices running Apple's OS X, Linux and Unix.
Bash Shellshock Bug Patched but Not Pummeled
September 25, 2014
Researchers on Thursday discovered proof-of-concept code that could take advantage of unpatched computer systems, and found evidence of attacks exploiting the BASH Shellshock bug in the wild. Shellshock, which came to light on Wednesday, could become a major threat to Linux/Unix and Apple operating systems if published patches to BASH are not applied before an attacker cashes in.
Banking Trojan Targets Petrochemical Outfits
September 23, 2014
The pernicious program Citadel has been around for awhile, but it's using some new tricks on new targets. From its humble origins as a "man in the browser" thief of banking credentials, Citadel has become a knave of all trades. Once it lands on a computer, it can be configured in a number of ways with a file from a server operated by Web predators.

See More Articles in Enterprise Security Section >>
Facebook Twitter LinkedIn Google+ RSS