Brian Prince

Firms Unaware of How Privileged Accounts Are Secured in Cloud: Survey

Many organizations are failing to keep track of how privileged accounts are being protected as they move to the cloud, according to a survey of nearly 1,000 IT and C-level executives. In Cyber-Ark Software’s 7th Annual Global Advanced Threat Landscape Survey, researchers found that 56 percent of respondents do not know what their cloud service […]

Black Hat 2013 Set to Shine Security Light on Vulnerabilities

In another month, security researchers, IT professionals and hackers of all stripes will descend on Las Vegas for the annual Black Hat security conference. Black Hat USA 2013 is expected to draw a crowd of 6,500 from around the world when the convention opens July 27. This year, it will offer attendees 11 content tracks, […]

Popular WordPress Plug-ins Vulnerable to Attack: Checkmarx Research

A new study has found that roughly 20 percent of the 50 most popular plug-ins for the WordPress platform are vulnerable to common Web attacks. According to research from security vendor Checkmarx, that figure represents nearly 8 million downloads of plug-ins vulnerable to issues such as SQL injection, cross-site scripting, cross-site request forgery and path […]

OWASP Lists Top 10 Most Critical Web Application Risks

The Open Web Application Security Project cited injection flaws as the top risk facing software developers today in the recent version of its annual list of security threats. The findings are based on data from eight firms that specialize in application security, and span more than 500,000 vulnerabilities across hundreds of organizations and thousands of […]

Malware Abuses Windows EFS to Thwart Security Analysis

Getting inside a network is only part of the fight for attackers; the other is avoiding detection for as long as possible. Yet another part is keeping analysts from dissecting and reverse-engineering their malicious wares once they end up in the hands of their opponents. Recently, researchers at Symantec found a backdoor, known as Tranwos, […]

NetTraveler Cyber-Spying Campaign Swiped Data for Years

A cyber-espionage operation has been linked to a hacking group based in China that may have been active for as long as a decade. The attack campaign has been dubbed NetTraveler by Kaspersky Lab, and is so named because of an internal string present in early versions of the malware used by the attackers. According […]

McAfee Unveils Simplified Endpoint Security Suites

McAfee has introduced two new security suites aimed at streamlining security features for its business customers. With McAfee Complete Endpoint Protection, offered in Enterprise and Business editions, the company is looking to simplify management and deployment of its endpoint security technologies throughout an IT environment. “What we are trying to do is give people everything […]

Stratfor Hacker Admits Guilt, Faces Possible 10-Year Prison Term

A Chicago man has pleaded guilty to hacking charges in connection with the 2011 cyber-attack on a well-known military and intelligence think-tank. Jeremy Hammond, 28, pleaded guilty to one count of conspiracy to engage in computer hacking and faces as much as 10 years in prison and up to $2.5 million in restitution. According to […]

Chinese Hackers Access U.S. Weapons Systems’ Design Plans: Report

Hackers have accessed design plans for more than two dozen U.S. weapons systems, according to a confidential report by the Pentagon’s Defense Science Board (DSB) that was leaked to The Washington Post. The affected systems were listed in a confidential version of the report, and include the PAC-3 Patriot missile system and the Navy’s Aegis […]

Iranian Hackers Launching Cyber-Attacks on U.S. Energy Firms: Report

Iranian hackers have amped up a campaign of cyber-attacks against America’s energy industry, according to a report from The Wall Street Journal. Citing current and former U.S. officials speaking under the blanket of anonymity, the Journal reported that Iranian hackers accessed control system software that could have allowed them to manipulate oil or gas pipelines. […]