Many Android devices vulnerable to session hijacking through the default browser

	Twitter patches vulnerability that could have impacted advertising accounts | How to choose the best vulnerability scanning tool for your business
	ITworld Security Strategies
	Many Android devices vulnerable to session hijacking through the default browser The default browser in Android versions older than 4.4 has a vulnerability that allows malicious websites to bypass a critical security mechanism and take control of a user's authenticated sessions on other sites. Read More WEBCAST: Alcatel-Lucent Enterprise Integrating Mobility with Unified Access Meeting mobility demands of 4500 students, faculty and staff at a university is no small task. Join this Webcast to hear the Director of Enterprise Infrastructure explain the steps Abilene Christian University took to deliver a new level of student-faculty interaction. Learn More In this Issue Twitter patches vulnerability that could have impacted advertising accounts How to choose the best vulnerability scanning tool for your business 'Tiny banker' malware targets US financial institutions Data loss detection tool mines the ephemeral world of 'pastes' Caught in the breach: How a good CSO confronts inevitable bad news How network virtualization is used as a security tool Open-source project promises easy-to-use encryption for email, instant messaging and more Researcher disputes report BlackPOS used in Home Depot, Target attacks How Google tiff with certificate authorities can impact you Addressing security with the board: Tips for both sides of the table How Boston Children's Hospital hit back at Anonymous Citadel financial malware used in attacking petrochemical companies Today's security hacks are after more than bank info Is a remote-wipe policy a crude approach to BYOD security? New NSA-funded programming language could close long-standing security holes WHITE PAPER: Sourcefire, now part of Cisco 2014 Trends That Will Reshape Organizational Security The most useful predictions provide insight into events that are likely to happen. This report provides the background, rationale and advice for realigning organizational security in light of the evolving cybersecurity and business landscape. Security managers should compare these trends against their own environments. Learn More>> Twitter patches vulnerability that could have impacted advertising accounts Twitter's recently announced bug bounty program has helped the company identify and patch a serious vulnerability that could have potentially disrupted advertising on its platform. Read More How to choose the best vulnerability scanning tool for your business Any shop with Internet access must scan its network and systems regularly for vulnerabilities, but old-fangled tools made this a painful and time-consuming effort. Find out how new and improved vulnerability scanners make life easier for network admins. Read More 'Tiny banker' malware targets US financial institutions A banking trojan, known for its small size but powerful capabilities, has expanded the number of financial institutions it can collect data from, according to security vendor Avast. Read More Data loss detection tool mines the ephemeral world of 'pastes' It's not easy to figure out if your data has been collected by hackers, but an online tool has been expanded to hunt through one of the most prolific sources of leaked data, known as "pastes." Read More Caught in the breach: How a good CSO confronts inevitable bad news What goes through the mind of a CSO/CISO upon being told by his or her team that their organization has been breached? Read More How network virtualization is used as a security tool As VMware sells its network virtualization software, it's finding that security is a big driver for adoption. Read More Open-source project promises easy-to-use encryption for email, instant messaging and more A software development project launched Monday aims to create free tools that simplify the encryption of online forms of communication like email, instant messaging, SMS and more by solving the complexity associated with the exchange and management of encryption keys. Read More WHITE PAPER: Citrix 8 Steps to Fill the Mobile Enterprise Application Gap Mobile devices and applications are quickly becoming as important and widespread in the enterprise as PCs and traditional business apps. Traveling executives and Millennials alike expect to communicate, collaborate and access their important work applications and data from anywhere on whatever device they choose. Read now Researcher disputes report BlackPOS used in Home Depot, Target attacks A security researcher has found that the malware used in the Home Depot and Target breaches are unrelated and cannot be used as an indicator that the same group is behind the attacks. Read More How Google tiff with certificate authorities can impact you Certificate authorities want Google to give websites more time to make security changes before issuing warnings through the Chrome browser. Read More Addressing security with the board: Tips for both sides of the table In the boardroom, when it comes to addressing the topic of security, there's tension on both sides of the table. Read More How Boston Children's Hospital hit back at Anonymous Hackers purportedly representing Anonymous hit Boston Children's Hospital with phishing and DDoS attacks this spring. The hospital fought back with vigilance, internal transparency and some old-fashioned sneakernet. That – and a little bit of luck – kept patient data safe. Read More Citadel financial malware used in attacking petrochemical companies A Citadel variant has been used against several Middle Eastern petrochemical companies, marking the first time the financial malware has been found in targeted attacks against companies. Read More Today's security hacks are after more than bank info Customers cringe every time they hear about a bank, retail or healthcare hack that puts personal or financial data at risk. Today's hackers are after much more that credit card numbers, though -- and most firms are powerless to stop them. Read More Is a remote-wipe policy a crude approach to BYOD security? While the capability to remotely wipe data from lost or stolen mobile phones may help CIOs sleep at night, it may be an outdated approach to BYOD security. Read More New NSA-funded programming language could close long-standing security holes Wyvern securely rolls five programming languages into one. Read More
	DON'T MISS... Why many programmers don't bother joining the ACM Top 25 free tools for every Windows desktop 10 amazing (and bizarre) drone discoveries Just their type: 10 keyboards beloved by programmers 11 colorful characters seen at Comic-Con International 2014
	Get more peer perspective online Google+ | LinkedIn | Facebook | Twitter You are currently subscribed to itworld_security_strategies as garn14.tech@blogger.com. Unsubscribe from this newsletter | Manage your subscriptions | Subscribe | Privacy Policy If you are interested in advertising in this newsletter, please contact: sean_weglage@itworld.com When accessing content promoted in this email, you are providing consent for your information to be shared with the sponsors of the content. Please see our Privacy Policy for more information. To contact ITworld, please send an e-mail to online@itworld.com. Copyright (C) 2014 ITworld, 492 Old Connecticut Path, Framingham, MA 01701. ** Please do not reply to this message. If you want to contact someone directly, send an e-mail to online@itworld.com.