A new Linux malware, GTPDOOR, specifically designed to target telecom networks connected to GPRS roaming exchanges (GRX), has emerged. This malware stands out because it utilizes the GPRS Tunnelling Protocol (GTP) for command-and-control (C2) communi...
Printers using server software offered by Hewlett-Packard (HP) are reportedly vulnerable to attack. In fact, it's possible for a hacker to use the flaw to bypass security defenses, steal documents, and crash every machine connected to the same network.
The Security for Business Innovation Council, comprised of IT security professionals from 19 companies worldwide, called cloud computing the main disruptive force for 2013.
A fool and his feeble p@$$w0rd are soon rooted, but if 2012 has proven anything, it's that even the most cautious security-minded souls need to double down on their protective practices, and think about the best ways to mitigate damage if the worst happens in our increasingly cloud-connected world.
Because Web 1.0 is many years behind us, we can all look back and laugh at the sorry state of application and database security in those days. When we look back at Cloud 1.0 in a few more years, we're sure to have another good chuckle.
A whole range of Arcor, Asus and TP-Link routers are vulnerable to being reconfigured remotely without authorisation. On his blog, security researcher Bogdan Calin demonstrates that just displaying an email within the router's own network can have far-reaching consequences: when opened, his specially crafted test email reconfigures the wireless router so that it redirects the user's internet data traffic.
Any enterprise looking to use cloud computing services will also be digging into what laws and regulations might hold in terms of security and privacy of data stored in the cloud. At the Cloud Security Alliance Congress in Orlando this week, discussion centered on two important regulatory frameworks now being put in place in Europe and the U.S.
Not computer networks, networks in general:
Findings so far suggest that networks of networks pose risks of catastrophic danger that can exceed the risks in isolated systems. A seemingly benign disruption can generate rippling negative effects.
When it comes to security, most mobile devices are a target waiting to be attacked. That's pretty much the conclusion of a report to Congress on the status of the security of mobile devices this week by watchdogs at the Government Accountability Office.
While Steve Wozniak's main concern is with cloud user agreements, there are security issues as well. Wired reporter Mat Honan reported that his iCloud account had been hacked on Friday, and that the intruder had remotely wiped the shared content on all of his devices -- including MacBook Air, iPhone and iPad.
This is the third in a series of interviews with C-level executives responsible for cyber security and privacy in business and government, who also happen to be thought leaders. (Remember, as I mentioned previously, "C-level executive" and "thought leader" are not synonyms.)
Although a 2011 Educause survey reported that only seven percent of faculty and staff use a voice over IP service, the allure of VoIP is hard for IT organizations in colleges and universities to ignore. The benefits are many. By consolidating voice and data communications, schools can also consolidate their maintenance efforts under IT, reduce phone charges dramatically, and add functionality such as "follow me" or emailed voice messages to enable more efficient communications among faculty, staff, and others.
Despite all of the hand wringing over cloud security, major cloud security breaches haven't been grabbing headlines. The past year has seen major breaches, such as the ones that hit Sony and Epsilon, but we haven't heard much of an emphasis about the cloud being a weakness.
Cloud providers ought to provide data security -- that should be obvious. But some providers themselves, along with some security analysts, say they also ought to be doing more, such as educating their customers about best security practices.
Mozilla developers are working on a new Firefox feature that will block the automated display of plug-in-based content like Flash videos, Java applets or PDF files, and will protect users from attacks that exploit vulnerabilities in browser plug-ins to install malware on their computers.
ICANN has revealed that it took down its top-level domain application system yesterday after discovering a potentially serious data leakage vulnerability.
The financial services industry saw nearly triple the number of distributed denial-of-service (DDOS) attacks during the first three months of this year compared to the same period last year, according to a report released Wednesday.
The hacktivist collective Anonymous are staging a distributed denial of service attack on the UK Government's Home Office, the Prime Minister's Number 10 and the Ministry of Justice web sites. The attacks began on the evening of Saturday 7 April and were claimed as the work of Anonymous in three tweets (1, 2, 3) by @YourAnonNews, the first of which read "TANGO DOWN - https://www.gov.uk/government/organisations/home-office (via @AnonymouSpoon) For your draconian surveillance proposals! Told you to #ExpectUs! #ANONYMOUS #AnonUK".