As news of the Shellshock bug continues to spread, CISOs in all sectors are taking steps to mitigate the risks posed by the vulnerability. Likewise, regulators and industry groups have ramped up dissemination of alerts.
Attackers have exploited the Shellshock vulnerability - a.k.a. Bash bug - to infect at least 700 Linux systems with malware that includes the ability to launch DDoS attacks. Users of Unix systems are vulnerable.
To mitigate the newly discovered Bash bug - AKA Shellshock - which may make millions of systems vulnerable to remote takeover, organizations must take several key steps, says security expert Alan Woodward.
Initial reports suggested that Russian hackers could behind an attack against JPMorgan Chase, and perhaps other U.S. banks. While it's still far from clear who the culprits are, experts discuss the potential hacking motivations of a nation-state.
As more organizations accommodate employees' demands to use mobile devices, ensuring the security of the applications on those smart phones and tablets has become critical. That's why NIST is developing new apps testing guidance.
Healthcare IT security experts weigh in on whether the new alliance of IBM and Apple could potentially help transform the iPhone and iPad from favorite personal devices used by clinicians to enterprise-sanctioned, secure mobile platforms.
Oracle has stopped supporting XP, but promises the next update for Java 7 -- though not Java 8 -- will still run on XP. But for how long will this continue? Security experts chart XP's "downward spiral."
For too long, code writers have been measured on the features built into their applications - not the potential security vulnerabilities. It's time to change that perspective, says Maty Siman of Checkmarx.
The fact that the U.S. federal government would, under some circumstances, exploit software vulnerabilities to attack cyber-adversaries didn't perturb a number of IT security providers attending the 2014 Infosecurity Europe conference in London.
A hot topic among U.S. federal government security managers and other infosec pros is developing a process to vet mobile applications. The National Institute of Standards and Technology is offering a solution called AppVet.
The chief executive of the Finnish company that uncovered the Internet website vulnerability known as Heartbleed says security practitioners should rethink how they approach IT security by placing a greater emphasis on vetting software for vulnerabilities.