News

Antivirus, firewall and IDS products

• September 25, 2007 25 Sep'07

  How to purchase a data encryption product

  Data security is now a critical problem for every company, regardless of size. This buying guide explores the factors involved in purchasing data encryption hardware and software products.

• September 24, 2007 24 Sep'07

  PCI council adds Pin security to remit

  The PCI Security Standards Council has added Pin Entry Device (PED) security technology to its payments industry testing portfolio to streamline standardisation.

• September 07, 2007 07 Sep'07

  Government warns of dangerous QuickBooks Online flaw

  Attackers could exploit two flaws in the popular Intuit QuickBooks Online Edition to cause buffer overflows and download or upload files in arbitrary locations, US-CERT warned.

• September 07, 2007 07 Sep'07

  Cybercriminals employ toolkits in rising numbers to steal data

  The market is increasing for crimeware toolkits that help cybercriminals avoid detection and exploit flaws, according to new research from security vendor, Finjan.

• September 05, 2007 05 Sep'07

  NAC switches, appliances help track users, malware

  Some vendors are offering switches and appliances to monitor traffic for malware and unauthorized access, as the NAC market including Cisco NAC and Microsoft NAP sorts itself out.

• September 05, 2007 05 Sep'07

  Firefox security issues persist despite update

  Despite Mozilla's recent Firefox security update, researchers say there's another way attackers could exploit the browser for malicious purposes.

• August 29, 2007 29 Aug'07

  Rootkit found in older Sony USB device

  F-Secure says it discovered rootkit technology in Sony's Micro Vault USM-F fingerprint reader software. The find comes two years after controversy over Sony's DRM technology.

• August 28, 2007 28 Aug'07

  SANS: Attackers may be attempting Trend Micro exploits

  The SANS Internet Storm Center (ISC) warns that attackers may be attempting to exploit flaws in Trend Micro products to hijack computer systems.

• August 22, 2007 22 Aug'07

  Trend Micro fixes flaws in ServerProtect, PC-cillin

  Attackers could tamper with servers and run malicious code by exploiting flaws in Trend Micro's ServerProtect, Anti-Spyware and PC-cillin products. But fixes are available.

• August 22, 2007 22 Aug'07

  Microsoft adds CA vets to anti-malware team

  Microsoft has hired Jakub Kaminski, one of CA's more talented and well-regarded antivirus researchers, and three of his colleagues from CA's Australian lab.

• August 20, 2007 20 Aug'07

  Sourcefire acquires open source ClamAV

  Sourcefire, maker of the popular Snort open source IDS tool, has acquired ClamAV, an open source email gateway scanning tool.

• August 20, 2007 20 Aug'07

  VMware acquires HIPS provider Determina

  VMware, the leader in virtualization software, has acquired Determina, a provider of host IPS technology.

• August 19, 2007 19 Aug'07

  College campuses prepare for Microsoft Vista challenges

  With new Vista machines coming to campus, the IT shops of academia have no choice but to embrace the latest Windows OS and its security implications.

• August 17, 2007 17 Aug'07

  Wal-Mart deploys new data security system

  Wal-Mart Stores has deployed a data security and encryption system to secure data going over its global network.

• August 16, 2007 16 Aug'07

  TJX profit takes hit over data breach

  TJX says it has spent $256 million responding to the massive data breach that exposed 45 million customers to identity fraud, and the bottom line has suffered as a result.

• August 14, 2007 14 Aug'07

  Novell to acquire Senforce for endpoint security

  Novell is acquiring Senforce, an early network access control supplier, to integrate its endpoint security features and develop an endpoint management suite.

• August 14, 2007 14 Aug'07

  Apple iPhone to provoke complex mobile attacks, expert warns

  Mikko Hypponen, director of antivirus research at F-Secure, said he expects mobile malware attacks to escalate thanks to interest in Apple's iPhone.

• August 09, 2007 09 Aug'07

  VoIP vulnerability threatens data

  VoIP vulnerabilities have now reached a level of sophistication that allows hackers to steal, view or delete data.

• August 09, 2007 09 Aug'07

  Immunity releases new exploit-writing tool

  Pen testing company says its Debugger tool offers researchers a new way to write exploits, analyse malware and reverse engineer binary files.

• August 08, 2007 08 Aug'07

  Wi-Fi simplicity edging out Wi-Fi security

  Experts say the standards are available to lock down Wi-Fi, but many network and security managers are taking an easier approach.

• August 08, 2007 08 Aug'07

  EMC's RSA to acquire Tablus for data loss prevention

  RSA, the security division of EMC Corp., said it planned to acquire Tablus, a maker of sensitive data scanning and classification tools and data protection software.

• August 07, 2007 07 Aug'07

  Subpar security compromises compliance

  Pressure to keep trading applications available has nudged security to the back of the development line.

• August 06, 2007 06 Aug'07

  Researchers wrangle petabytes of data storage with NAS, tape

  Scientists at Cern's LHC say dozens of petabytes require custom-built NAS systems and data migration software, but commercial tape drives are mostly up to snuff.

• August 03, 2007 03 Aug'07

  Discovery of malware cesspool triggers attack fears

  Trend Micro researchers say a malware-infested Web server in Russia, linked to several Italian Web sites, could lead to a large-scale attack.

• August 02, 2007 02 Aug'07

  Apple releases fixes for Mac OS X, iPhone vulnerabilities

  Apple Computer has released software patches fixing critical vulnerabilities in Mac OS X and its newly released iPhone.

• July 31, 2007 31 Jul'07

  Cisco knocks out Avaya as IP PBX heavyweight

  IP PBX adoption is rising as Cisco and Avaya square off for market dominance.

• July 30, 2007 30 Jul'07

  Most antispam technologies get failing grade

  An independent study finds that many enterprises are not satisfied with traditional antispam technologies.

• July 24, 2007 24 Jul'07

  Apple iPhone crack discovered by security researchers

  Researchers have found a way to take complete control of the Apple iPhone by sending a user to a malicious Web site.

• July 23, 2007 23 Jul'07

  PCI compliance costs often underestimated, study finds

  Companies are moving forward with PCI DSS projects, but many are underestimating the costs associated with compliance.

• July 23, 2007 23 Jul'07

  Core Security CEO to step down

  Paul Paget, the CEO of penetration testing software vendor Core Security Technologies said he is better-suited for start-ups

• July 22, 2007 22 Jul'07

  Black Hat Las Vegas 2007: Special news coverage

  SearchSecurity.com covers all the controversy at this year's show with news, features, podcasts, interviews, exploits and more direct from Las Vegas.

• July 18, 2007 18 Jul'07

  For Boeing, data security, network access still hazy

  Boeing is trying to reshape its network security architecture to better protect sensitive systems from threats without degrading employee productivity.

• July 17, 2007 17 Jul'07

  CDP platform purchase considerations

  Busy IT organizations are employing continuous data protection (CDP) technologies to guard data on the fly, essentially eliminating the backup window and allowing granular file and system restoration -- sometimes down to the individual disk write ...

• July 16, 2007 16 Jul'07

  Oracle's July 2007 CPU has 45 security fixes

  Oracle stuffed 45 security updates into its July 2007 CPU, fixing flaws across its product line attackers could exploit remotely to compromise corporate databases.

• July 13, 2007 13 Jul'07

  Symantec fixes flaws in AntiVirus, Backup Exec

  Symantec fixed flaws attackers could exploit in AntiVirus Corporate Edition and Backup Exec to launch malicious code, gain elevated user privileges or cause a denial of service.

• July 13, 2007 13 Jul'07

  Antispyware legislation gets tepid reviews

  Congress is debating three different bills that would punish spyware pushers, but some IT professionals have their doubts about legislation as a solution to the problem.

• July 12, 2007 12 Jul'07

  Web security gateways meet rising malware threats

  Web security gateways combine layered defense against the rising tide of Web-based malware with URL filtering and application control.

• July 05, 2007 05 Jul'07

  Security Metrics: Replacing Fear, Uncertainty, and Doubt

  In this chapter excerpt from "Security Metrics: Replacing Fear, Uncertainty and Doubt," author Andrew Jaquith reveals ways to present security data in a clean and elegant manner.

• July 05, 2007 05 Jul'07

  Zero-day auction site opened by Swiss lab

  Swiss start-up WabiSabiLabi is offering zero-day findings for qualified buyers. The site could fuel new debate over flaw disclosure.

• July 04, 2007 04 Jul'07

  Cisco users upbeat about security direction

  Cisco customers say the vendor's security strategy is headed in the right direction, which is why they believe the networking giant's IronPort integration will be smooth sailing.

• July 02, 2007 02 Jul'07

  Are PCI auditors pitching products?

  Auditors shouldn't be pitching remediation services or products to bring a company into compliance with PCI DSS rules, but some merchants are reporting the practice

• July 01, 2007 01 Jul'07

  SearchSecurity.com Blogs

• June 29, 2007 29 Jun'07

  Vendors admit more cooperation needed on security

  Security leaders from large software vendors pledge to cooperate on embedding more security into their products.

• June 27, 2007 27 Jun'07

  Cisco vows to maintain IronPort tech, talent

  As it completes the purchase of IronPort Systems, Cisco vows to maintain IronPort's talent base and make investments to keep its newly-acquired technology fresh.

• June 25, 2007 25 Jun'07

  PCI Council hears complaints, suggestions for changes

  Companies with the most stringent security technologies endure hurdles to comply with PCI DSS. Some firms are turning to the upcoming Burton Group Catalyst Conference for answers.

• June 19, 2007 19 Jun'07

  Endpoint fears drive PatchLink-SecureWave merger

  Experts say the PatchLink-SecureWave merger makes sense since IT pros want a better way to protect their endpoint devices. But PatchLink's market supremacy is far from assured.

• June 17, 2007 17 Jun'07

  VoIP security testing fundamentals

  Testing your VoIP security system against all the threats that exist on the network can be a full time job. This guide documents how a VoIP system can be tested and suggest some of the available tools to use -- with a focus on fuzzing tools and ...

• June 10, 2007 10 Jun'07

  Connecting for Health briefing claims much of NHS NPfIT complete

  A confidential Connecting for Health briefing paper for the prime minister has claimed that much of the NHS's £12.4bn National Programme for IT (NPfIT) is complete - although an integrated national care record system has yet to materialise, and ...

• June 01, 2007 01 Jun'07

  Top spammer indicted on email fraud, identity theft

  The arrest may reduce the volume of spam in the short-term, say experts and analysts, but the real spam threat comes from criminal gangs based in Asia and Russia.

• June 01, 2007 01 Jun'07

  Check Point promises more VoIP security, fewer slowdowns

  Check Point's enhanced Open Performance Architecture is designed for deeper security of technologies like VoIP without the network performance problems that often come with it.