Security

In an evaluative lab test, FireEye and Ahnlab each scored “below average” on their breach-detection systems (BDS) in a comparative group product test which was conducted by NSS Labs.

NSS Labs tested how well malware would be caught by the AhnLab MDS, FireEye’s Web MPS 4310 and Email MPS 5300, the General Dynamics’ product Fidelis XPS Direct 1000 , the Fortinet FortiSandbox 3000D, Cisco’s Sourcefire Advanced Malware Protection, and Trend Micro’s Deep Discovery Inspector Model 1000. NSS also tested for stability and reliability, and estimated the cost effectiveness of each product.

This afternoon, Yahoo detailed progress relating to the encryption of its various web services and properties. Most importantly, Yahoo now “fully” encrypts data moving between its data centers, as of March 31.

Yahoo was one of two companies that the NSA targeted with its MUSCULAR program, which tapped data cables between the foreign data centers of Yahoo and Google. A similar program had been found illegal in the United States. Google has made similar efforts to bolster encryption.

I recently encountered a botnet targeting Android smartphone users who bank at financial institutions in the Middle East. The crude yet remarkably effective mobile bot that powers this whole operation comes disguised as one of several online banking apps, has infected more than 2,700 phones, and has intercepted at least 28,000 text messages.

DNS software specialist Nominum has revealed that DNS-based DDoS amplification attacks have significantly increased in the recent months, targeting vulnerable home routers worldwide.

The research reveals that more than 24 million home routers have open DNS proxies which potentially expose ISPs to DNS-based DDoS attacks.

An organization can spend mountains of cash on best of breed network defenses and security tools, but it can all come crashing down with one click from a user. Users are the weakest link when it comes to network and computer security, but a new survey from Globalscape reveals that the users themselves aren’t entirely to blame.

These days, the threat landscape for most companies is massive. But while there is a litany of outside threats that their security teams need to worry about, there is often an even greater danger much closer to home. Insider threats are an issue that no company is safe from, with breaches not just occurring at the hands of a disgruntled or malicious employee, but also unintentionally as a result of ignorance.

Hackers posted names, e-mail addresses, message histories, and partially protected login credentials for more than 158,000 forum users of Boxee.tv, the Web-based television service that was acquired by Samsung last year, researchers said.

Cybersecurity officials are still sizing up how much truth, if any, there is in a hacker group's claim that it stole data on hundreds of millions of U.S. card accounts.

The group, calling itself Anonymous Ukraine, said last week that it has seized information related to 800 million U.S. credit and debit card accounts — including cards said to belong to President Obama and other political heavyweights. The group says it wants to harm the U.S. economy.

Saturday marks World Arduino Day, an eponymous celebration of the first decade of the open-source single-board microcontroller designed for do-it-yourself electronics projects.

Developed in 2004 for Italian design students, Arduino quickly became a favorite for builders and makers all over the world. With a built-in set of inputs and outputs that can be directly connected to sensors, Arduino allows for projects that interact with the environment outside the tiny microcontroller.

While connected cars with more digital components is inevitable, what this means is that it could open up more cars to hackers who could find a way to take control of your car or access it remotely. Apparently Tesla’s electric vehicles exhibit such vulnerabilities, according to Nitesh Dhanjani, a corporate security consultant and an owner of a Tesla vehicle himself.