Latest Articles

Howard Schmidt on the Cyber Security Czar, Cybercrime and How to Fix Federal Cyber Security

Categories: Government, Podcasts

Dennis Fisher talks with former White House cyber security adviser Howard Schmidt about the need for a cyber security czar, the rise of cybercrime and how to fix federal cyber security.

Read more...

A guide to the IIS WebDAV vulnerability

Categories: Vulnerabilities

Even for the most experienced security professionals, understanding complex attacks and vulnerabilities sometimes can be a serious challenge. A perfect example is the recent Microsoft IIS WebDAV vulnerability, which surfaced last week and has yet to be patched by Microsoft. It’s a complicated issue, which some experts say was made more so by the guidance that the software maker released about it. Luckily, Steve Friedl of Unixwiz.net has taken the time to make some sense of it all.

Read more...

Private sector relations should be job one for cyber security czar

Categories: Government

Whoever is brave enough to fill the soon-to-be-created cybersecurity czar position will find a rather large pile of challenges waiting. Among them will be dealing with a confused and argumentative Congress, doing a full-scale assessment of the country’s critical infrastructure and reaching out to all of the federal agencies that have been without leadership on cybersecurity for months. But none of those should be the cybersecurity czar’s top priority.

Read more...

RIM issues patch for serious PDF flaw in BlackBerry software

Categories: Malware, Vulnerabilities

There is a series of vulnerabilities in the widely used BlackBerry Enterprise Server software that could allow an attacker to compromise BlackBerry devices by sending a malicious PDF file. Research in Motion, the software’s maker, has issued a patch that fixes the problem in BES, as well as in BlackBerry Professional Software.

Read more...

Twitter API ripe for malware, worm abuse

Categories: Vulnerabilities

A security researcher is warning that the Twitter API can be trivially abused by hackers to launch worm attacks.
The red-hot social networking/microblogging service has been scrambling to plug cross-site scripting and other Web site vulnerabilities to thwart worm attacks but, as researcher Aviv Raff points out, it’s much easier to misuse the Twitter API as a “weak link” to send worms squirming through Twitter.  Read the full story [zdnet.com]

Read more...

Cybersecurity czar position, 60-day review report coming this week

Categories: Government

From The Washington Post (Ellen Nakashima)
The Obama administration is set to announce the creation of a new high-level position to run the cybersecurity program for the country. The announcement is expected on Friday, along with the release of the report on the administration’s 60-day review of the country’s cybersecurity posture.

Read more...

Gumblar: The malware that is sweeping the nation

Categories: Malware

The latest large-scale malware outbreak to hit the Web, known variously as Gumblar and Geno and Martuz, is a multi-stage attack that not only infects compromised machines with a number of separate pieces of malware but also has the ability to steal credentials and block the victim from taking actions to clean his PC.

Read more...

FBI, US Marshals hit by mystery malware

Categories: Government, Malware

From the Associated Press
Law enforcement computers were struck by a Mystery computer virus Thursday, forcing the FBI and the U.S. Marshals to shut down part of their networks as a precaution.
The U.S. Marshals confirmed it disconnected from the Justice Department’s computers as a protective measure after being hit by the virus; an FBI official said only that that agency was experiencing similar issues and was working on the problem. Read the full story [yahoo.com]

Read more...