Week in review: OpenSSL Heartbleed bug, Windows XP reaches end of line

Here’s an overview of some of last week’s most interesting news, interviews, reviews and articles:

Does IP convergence open you up to hackers?
Recent reports indicate that unauthorized persons gained access to Target’s network using credentials stolen from a company that worked on the company’s refrigeration, heating, ventilation and air conditioning. The ongoing investigation will have to determine whether this was the root cause of the Point-of-Sale (POS) malware, or was a parallel attack. Whichever it turns out to be, it is clear that you should take steps to assure that any access you provide for vendors not be abused or misused.

Windows XP will leave organizations severely exposed
What does the expiration of Windows XP support mean for organizations?

CISO challenges and security ROI
Mark Brown is the Director of Information Security at EY. In this interview he offers guidance for CISOs, discusses the technical competence of company leaders, tackles security ROI, and more.

Professional Penetration Testing, Second Edition
Are you interested in a career in penetration testing, and don’t know where to start? Here is a book that gathers all the relevant information in one place, and gives a good overview of what the job entails and what skills are needed.

Organizations need data analytics to tackle supply chain fraud
As complexity in global supply chain networks continues to increase, less than one-third (26 percent) of business executives are using data analytics tools and processes to help manage third party relationship risks.

A security advisor’s perspective on the threat landscape
In this interview, Sean Sullivan, the Security Advisor at F-Secure Labs, talks about threats he’s seen during his career, iOS vs. Android security, security awareness and threat evolution.

Why ending user support for Microsoft XP is the right thing to do
The main security issue with XP is that its security model is ancient in terms of the internet, meaning hackers have had a lot of time to dig in and find flaws.

Whitepaper: Planning a career path in cybersecurity
The need for personnel knowledgeable and experienced in security implementation and management has never been greater, and the need is growing. Get this whitepaper and learn more.

OpenSSL “Heartbleed” bug undermines widely used encryption scheme
OpenSSL, an open-source cryptographic library that is the default encryption engine for popular Web server software and is used in many popular operating system and apps, sports a critical vulnerability that can easily be misused by attackers to impersonate online services and steal information users believe to be protected by SSL/TLS.

Popular but fake security app removed from Google Play
In little over a week, a developer selling a security app named Virus Shield on Google Play has managed to earn over $40,000, and the software topped the list of most downloaded new paid apps. But unfortunately for those who paid for it, the app in question actually does nothing to protect the device, as the claims made by the developer are completely bogus.

Compliance misconceptions, challenges and tips
In this interview, Paul Koziarz, President and General Manager of Regulatory Compliance at CSI, talks about the misconceptions related to compliance, provides advice for CSOs and discusses the difference between being compliant and being secure.

Heartbleed OpenSSL vulnerability: A technical remediation
Since the announcement, there has been buzz around the underground and malicious actors have been actively leaking software library data and using one of the several provided PoC code to attack the massive amount of services available on the internet.

Highest EU court rejects EU-wide Data Retention Directive
It’s a good thing that the European Union is working on a new Data Retention Directive, as the European Court of Justice (ECJ) has ruled on Tuesday that the one issued in 2006 is invalid.

Best practices for secure use of Windows XP
If XP systems are continued to be used, Gartner recommends that organizations follow the 10 best practices to reduce the risk of using these systems to a tolerable level.

56% of employees still receive no security awareness training
A new research survey by EMA examines the implementation of security awareness training in government, public and private companies and non-profit groups.

Heartbleed bug: What regular users need to do
As the news of the existence of the Heartbleed bug in OpenSSL and the implications of its existence trickles down into mainstream media, users are trying to figure out what passwords to change and which software to update.

NSA subverted EU privacy laws, spied on human rights orgs
In a testimony delivered by video-link from Moscow, NSA whistleblower Edward Snowden has revealed to EU parliamentarians that the US NSA is actively spying on human rights organizations such as UNICEF and Amnesty International.

Securing mobile applications
In this interview, Dan Cornell, Principal of Denim Group, talks about the most common pitfalls of securing mobile applications, discusses the challenges involved in performing a detailed mobile application security assessment, and illustrates what future threats we can expect down the road.

Advanced attackers go undetected for 229 days
A new FireEye report details the tactics used by threat actors to compromise organizations and steal data. It also highlights emerging global threat actors, their suspected motives, as well as the types of targets and information they are after.

The effect of the Heartbleed bug on open source projects
The Heartbleed bug in OpenSSL is all the information security world is talking about these days. Many are beginning to realize, its existence has opened multiple cans of worms. One aspect of the revelation is how it will affect the trust professionals and regular users have in open source software.

Insight, innovation and inspiration at Infosecurity Europe 2014
The information security community is about to gather at Infosecurity Europe, taking place the 29th April – 01 May 2014 in London. Infosecurity Europe 2014 is paving the way for three exciting days of multiple opportunities for networking with a global audience of over 16,700 information security professionals.

More about

Don't miss