Amsterdam is again playing host to the annual Black Hat Europe information security gathering, and presenters have promised to cover everything from privacy flaws in wearable computers to two-factor authentication system failures.
Exploiting a vulnerability in Microsoft Office, a group of hackers believed to be Russians breached computers operated by the Ukrainian government during September's NATO summit, according to iSight Partners.
Malware known as "Mayhem" that targets Unix and Linux systems has been updated to exploit Shellshock flaws, security experts warn. But with few Unix-flavor systems running anti-virus software, how can it be stopped?
Citigroup, E*Trade, Regions Financial, Fidelity Investments, HSBC, Bank of the West and ADP are now believed to have been probed by the same hackers that targeted Chase, according to news reports. But so far, none of those firms believes data was compromised.
Nearly two weeks since news of Shellshock broke, attacks that are taking advantage of the Bash vulnerabilities are grabbing headlines. But Michael Smith of Akamai warns that the battle against hackers capitalizing on Shellshock could go on for years.
Yahoo confirms Shellshock-targeting attackers hacked into three of its servers, but claims they didn't exploit Bash flaws. Meanwhile, Lycos denies it's been breached and WinZip isn't responding directly to a report that it was hacked.
The hackers who breached JPMorgan Chase also infiltrated about nine other financial institutions, and may be operating from Russia, according to one news report. But security experts caution against jumping to conclusions over attackers' identities or motives.
The development of authentication technologies that could replace the password is "nearing a tipping point," but there's still several years of work to do, says Jeremy Grant, who oversees the National Strategy for Trusted Identities in Cyberspace.
The Justice Department announces that four alleged members of an international hacking ring have been charged with stealing intellectual property valued at $100 million, including a U.S. Army Apache helicopter simulator and Microsoft Xbox prototypes.
The automated version of the IT risk management and governance framework should save project leaders 30 to 60 hours of work over a manual process of building a secure IT system, ISACA President Robert Stroud says.