Steve Ragan

Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.

Recent articles by Steve Ragan

ICS-CERT Issues Warning After Full Disclosure of SCADA Flaws

ICS-CERT has issued an advisory after a researcher exposed four separate flaws within Pro-face Pro-server, a popular data management server that offers real-time reporting of automated manufacturing and production environments.
Report Analyzes Concerns, Business Impact of DDoS Attacks

Speaking to 1,000 IT professionals, from a wide range of industries (banking, retail, telecom, etc.), NeuStar asked about their perceptions on the overall business impact of a DDoS attack.
Users Warned of Malware After Ads Reported on Wikipedia Site

Wikimedia, the foundation responsible for information hub Wikipedia, is warning users that if they see ads on the encyclopedia’s webpage, their system might be infected with malware.
Utah's IT Boss Resigns After Massive Data Breach and Policy Failure

Stephen Fletcher, the executive director of Utah’s Dept. of Technology Services (DTS), has resigned following the aftermath of a massive data breach earlier this year that exposed nearly one million people
Espionage Campaign Targets Foreign Policy Domains

The attackers hijacked several websites related to matters of government and foreign policy, and used them to deliver malicious payloads to visitors by leveraging unpatched software flaws.
McAfee and Intel to Protect Critical Infrastructure

As seen in other layered approaches from McAfee, the solution or “joint implementation” that has been developed to help protect the energy infrastructure relies heavily on their ePolicy Orchestrator. However, this time Intel is kicking-in some additional juice with its vPro hardware-based security technology and AMT.
Zeus Variant Targeting Facebook, Google, and Yahoo

Researchers at Trusteer have discovered a variant of Zeus with a P2P component that is targeting high profile sites such as Facebook, Google, Hotmail, and Yahoo in order to compromise debit and credit card data.
Alleged Stratfor Hacker Pleads Not Guilty in Manhattan Court

Jeremy Hammond, former LulzSec member and alleged mastermind of the Stratfor hack, pled not guilty on Monday during a brief hearing at the US District Court in Manhattan, the Associated Press reported on Monday.
Russia’s Pirate Pay Promises to Plunder BitTorrent Protocol

A start-up in Russia, backed by Microsoft, says they have developed technology that can stop BitTorrent-based filesharing. The Pirate Pay came into existence due to the growth of copyright infringement in Russia, and the mounting international pressure to stop it.
China's ZTE Ships Smartphone with Backdoor to MetroPCS

ZTE, a handset manufacturer in China, has shipped Android smartphones to the U.S. with a fully enabled backdoor. The news of the backdoor came by way of an anonymous post to Pastebin, but was later confirmed by other researchers.
Adobe to Customers Exposed by Vulnerability: Pay to Upgrade or Remain at Risk

Earlier this week, Adobe posted a security bulletin for Photoshop 12 (Creative Suite 5), detailing vulnerabilities that impact both the Windows and Mac versions of the imaging software. But in order to address the security flaw, users will need to upgrade and pay for a new version of the software.
Department of Defense Expands Information Sharing Initiative

The U.S. Department of Defense, working alongside the U.S. Department of Homeland Security, announced on Friday that they would expand the availability of the cybersecurity information assurance program launched last year.
U.S. Army Wants Keylogging Software to Help Prevent a Second Cablegate

After suffering a massive amount of embarrassment over the leak of classified and sensitive diplomatic cables - allegedly at the hands of an insider - the Army wants to use keylogging software with additional abilities, to prevent another Cablegate scale data breach.
On Soviet Internet, Anonymous Targets Putin

They call it OpDefiance (or Operation Defiance), and on Wednesday Anonymous pushed forward in their continual acts of defiance by targeting the website of Russia’s on-again-off-again president, Vladimr Putin.
Social Media: Still A Popular Hunting Ground for Cyber Criminals

Here at SecurityWeek, we ran a test to see if we could see this bot in action. After mentioning Pinterest in a message, we were spammed with a link to a survey offering a gift card. To collect, we needed to complete several forms and refer people to do the same.
Clickjacking Ad Firm Agrees to Stop Spamming Facebook Users

Washington State Attorney General Rob McKenna sued Adscend earlier this year, after a rash of scams on Facebook led to users being tricked into sharing personal information and signing up for subscription services.
MySpace Settles With FTC Over Privacy Charges

MySpace settles with FTC after failing to live up to privacy expectations On Tuesday, the Federal Trade Commission (FTC) announced that MySpace has agreed to settle charges that the social networking portal misrepresented its privacy claims to users.
Attackers Used Plaxo as Proxy to Hijack Google Accounts

Plaxo has disabled its API and suspended some services after attackers used them as a proxy to target an unknown number of Google accounts.
Apple Releases iOS Update to Address Security Issues

Apple has released an update to its iOS platform, which addresses three vulnerabilities that could be used by attackers to execute code, crash applications, or trigger XSS (Cross-Site Scripting) attacks
General Alexander: Organizations Should be Required to Secure Networks

In a letter to Senator John McCain, General Keith Alexander, the director of the NSA and current commander of the U.S. Cyber Command, says that the U.S. should implement policy that would require hardened network defenses.
Blackhole Exploit Kit Holding Systems Hostage Over Copyright Violations

The Blackhole exploit kit has moved its ransom-based payloads forward from child porn and terrorism to copyright violations. The new theme from the crime kit is professionally developed and is mostly targeting users in Europe.
Working Patch for PHP Security Flaw to be Released Tuesday

On Tuesday, the PHP Group plans to release new versions of PHP in order to address the problems with a previous patch, which was intended to close a security problem. As SecurityWeek reported on Friday, the first patch released by PHP was easily bypassed.
Adobe to Offer Silent Updates for Mac OS and Protection on Firefox

Version 11.3 of Adobe’s Flash Player, due in June, will provide the same silent update feature currently available to Windows users to those running OS X. In addition, Adobe will also offer a new security enhancement to Firefox called protected mode.
Report: DHS Requested Gas Pipeline Companies to Let Attackers Lurk Inside Networks

According to reports, natural gas companies were requested in an alert not to take action to remove the cyber spies if discovered on their networks.
Intel Develops Cloud Security Strategy with McAfee

Aside from a few announcements since that time, Intel had not fully explained how McAfee would fit into the bigger picture. That changed on Friday, when Intel announced its cloud-based security initiatives, which rely heavily on McAfee.

SECURITYWEEK NETWORK:

Security Experts:

Steve Ragan

Recent articles by Steve Ragan

Subscribe to SecurityWeek

Popular Topics

Security Community

Stay Intouch

About SecurityWeek