Ellen Messmer

Office 365 is the Microsoft Office suite of desktop applications and hosted versions of Microsoft's server products delivered and accessed over the Internet.

Security startup Vaultive debuts this month with a product to remotely manage encryption of email data that enterprises may choose to keep in the Microsoft Office 365 cloud service.

Doctors are being cautioned by hospitals they work with to avoid interacting with patients on social media, and that they reject any overtures by patients to interact on the likes of Facebook and Twitter.

Stanford University School of Medicine student Matt Goldstein, who graduates in June and has accepted a position at Brigham & Women's Hospital in Boston, says the hospital specifically stated in a letter to him that it would like him to refrain from using social media with patients. Goldstein also says the letter he got told him he should change his privacy settings on Facebook, if he used it at all, to optimize privacy.

A survey of more than 4,000 mobile-device users and IT professionals shows wildly abundant use of mobile devices, but profound concerns about security and how employee-owned devices ought to be used for business purposes.

According to the "Trusted Mobility Index," a survey Juniper Networks undertook to explore the ongoing mobile experience in the U.S., United Kingdom, Germany, China and Japan, mobile-device users on average own three mobile devices, whether they be smartphones, tablets, e-readers or portable video game systems. Eighteen percent of the survey respondents say they own five devices. About three-quarters of respondents are already using some of their mobile devices for sensitive applications, such as online banking and medical information. But the survey reveals considerable anxiety and even confusion about security, and where they should be looking for help or handling of security incidents.

There is now an ongoing and massive cyberattack targeting the American gas-pipeline industry, aimed at giving the attacker a way to gather sensitive information by compromising business systems and possibly even subverting industrial control systems. The Department of Homeland Security's investigative division, called the ICS-CERT, says it's taking the somewhat unusual step of issuing an alert and speaking publicly about it to heighten awareness of a dangerous situation.

ICS-CERT, whose job at DHS is to interact with the nation's utilities and manufacturing firms that use industrial control systems and help them assess possible cyberattacks, is referring to it as the "Gas Pipeline Cyber Intrusion Campaign." In speaking briefly about it today at a conference here, Kevin Hemsley, a leader in the ICS-CERT, said a "sophisticated threat actor" is going after the national gas pipeline operators, mostly through spear-phishing, and has in some cases been able to compromise them.

Intel, which last year acquired McAfee for its security expertise, recently described work it is doing to provide enterprises with a way to secure data stored in public or hybrid cloud environments.

Jason Waxman, general manager of Intel's Cloud Infrastructure Group, joined with Greg Brown, vice president of network security at McAfee, to describe the strategy that's being pursued to let IT managers gain better understanding about the security of their cloud workloads.

Hackers are always hunting to find business-logic flaws, especially on the Web, in order to exploit weaknesses in online ordering and other processes. NT OBJECTives, which validates Web application security, says these are the top 10 business-logic flaws they see all the time.

1. Authentication flags and privilege escalation

A bi-annual survey of 250 healthcare organizations shows that the percentage experiencing a patient data breach is up. And with the growth in electronic records-keeping, more of those problems are originating from laptops and mobile devices rather than a human slip-up in handling paper documents.

Background: High-tech healthcare technology gone wild

Cyberattacks are starting to eclipse terrorism as a threat to the country, say top officials from the Federal Bureau of Investigation, speaking before an audience of security professionals here at the GovSec Conference today.

"You'll see a greater prevalence of cyber-related offenses, including cyber-terrorism," predicted Ralph Boelter, assistant director of the counterterrorism division at the FBI. There's has not yet been a major cyber-terrorism attack in this country, he said, adding, "But that's not to say we're not preparing for it."

It may look like an app for a Chinese game called "The Roar of the Pharaoh," but it's actually just another fake Android app that's really a malware Trojan in disguise, according to security researchers warning about it.

Writing in a blog, Sophos security researcher Chester Wisniewski calls it a "malicious application" that "gathers sensitive information" about the Android device it lands on, collecting personal information and technical details, including phone number, and "sends it off to the malware's authors."

In its annual review of global security threats, Websense says a major trend it observed last year is that more malware connections, hosting and phishing appear to be occurring in the United States and Canada.

Facebook scammers host Trojan horse extensions in the Chrome Web store.

A study of how 31 popular open-source code libraries were downloaded over the past 12 months found that more than a third of the 1,261 versions of these libraries had a known vulnerability and about a quarter of the downloads were tainted.

The study was undertaken by Aspect Security, which evaluates software for vulnerabilities, with Sonatype, a firm that provides a Central Repository housing more than 300,000 libraries for downloading open-source components and gets 4 billion requests per year.

Symantec this week put the focus on its mobile security strategy with its announcement that it's acquiring Nukona, the software provider for mobile application management.

Since Symantec has mobile-device management (MDM) software in the market already -- its Symantec Mobile Manager, an upgrade for which was announced just this month -- the question is, what approach does Symantec foresee in presenting two mobile security and management products in the future?