The yield on the benchmark 10-year Treasury note fell to its lowest level since September 2017 as the Fed began its two-day policy meeting.Bondsread more
The move is part of a larger trend that saw the survey's 179 participants move away from risk and toward positions that reflect fear of a coming economic slowdown spurred by a...Marketsread more
Shares of Beyond Meat soared 18% in premarket trading Tuesday, surpassing $200 per share.Food & Beverageread more
Investors bracing themselves for lower Federal Reserve rates should think about loading up on health care stocks, history shows.Marketsread more
Trump went after Draghi for opening the door for more monetary stimulus in Europe, which would weaken the euro relative to the dollar.Marketsread more
Private equity billionaire David Rubenstein says he's spoken with U.S. and Chinese officials. "My view is both sides want a deal."Economyread more
The yoga-pants retailer is now selling such personal-care products as face moisturizer, dry shampoo, deodorant and lip balm.Retailread more
Hershey CEO Michele Buck said that the 125-year-old company is monitoring the trend but doesn't have any plans to add CBD to its food just yet.Food & Beverageread more
Netflix clarified the premise of its "Prank Encounters" show starring "Stranger Things" actor Gaten Matarazzo after massive internet backlash. The company said all...Entertainmentread more
The chipmaker crush could persist and investors should be selective, but Nvidia looks like a clear buy, one market watcher says.Trading Nationread more
"We painstakingly removed ourselves from governing this network," says Facebook's David Marcus.Technologyread more
One year after the massive security flaw, Heartbleed, was revealed to the public, a new study found that up to 74 percent of companies in the Global 2000 are still vulnerable to being hacked via the bug.
The flaw grabbed widespread media attention when it was revealed in 2014, and made countless businesses scramble to fix their servers. But a study released this week by Venafi, a Salt Lake City, Utah-based cybersecurity firm, shows those efforts were not always enough.
Cybercriminals can still exploit the vulnerability to gain usernames and passwords as well as sensitive business and financial data, the study found.
"Heartbleed is still prevalent," said Josh Abraham, vice president of services at Austin Texas- headquartered Praetorian, a cybersecurity company that helps organizations minimize risk. Heartbleed affects OpenSSL, a software which allows websites to communicate information securely over the Internet.
Venafi compared historical vulnerability scans for Global 2000 business over the past year and found that 1,223 companies in the Global 2000 were still potentially vulnerable to the virus. In addition, from August 2014 to April 2015, the scans found only 2 percent more companies (from 387 companies to 419 companies) had completed their Heartbleed fixes.
A separate study by researchers from Northeastern University, Stanford University and University of Maryland released in November also found that more needed to be done by businesses to fix the Heartbleed vulnerability.
In order to fix Heartbleed fully, companies need either to patch or install updated software to their servers, and then change their SSL certificates and private keys, according to Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. (An SSL certificate is a small data file that encrypts data sent over the Internet to keep it secure, and a private key is used to decrypt the data.)
Even once the updated software is installed, companies could be still vulnerable if hackers were able to access the SSL certificate and private key before the vulnerability was fixed.
Another danger of the stolen SSL certificates and private keys is that websites can be spoofed, according to Bocek. Hackers can use the information gained from the Heartbleed vulnerability to set up fake websites that appear to consumers to be real.
"[Full remediation] is taking more time because it's slow to do," said Bocek.
The full dangers of Heartbleed are unknown. While well-known companies have had sensitive information stolen, sometimes in high-profile attacks, determining that a breach was caused specifically by Heartbleed is difficult, said Praetorian's Abraham.
The larger lesson is that businesses need to be better at updating their servers, say cybersecurity experts
"Unfortunately, Heartbleed was just one example of a vulnerability that needs patching and remediation as soon as possible…organizations that don't manage vulnerabilities will fall victim to trivial attacks," said Erik Heidt, a research director for Gartner, a Stamford, Connecticut-based technology research and advisory company.