News
Antivirus, firewall and IDS products
-
April 12, 2007
12
Apr'07
Microsoft DNS server flaw called dangerous
UPDATE: Microsoft said Sunday that attacks are still limited, but a proof of concept code to exploit the vulnerability is publicly available.
-
April 08, 2007
08
Apr'07
Spam campaign uses Storm-like attack technique
Spammers used an attack technique much like last January's "Storm" assault to dupe people into downloading malware over the weekend. This time, they used fake WWIII headlines.
-
April 08, 2007
08
Apr'07
Symantec fixes 'high-risk' flaw in Enterprise Security Manager
Attackers could hijack machines from remote locations by exploiting a flaw in Symantec Enterprise Security Manager (ESM). Kaspersky Lab users also have a flaw to deal with.
-
April 04, 2007
04
Apr'07
Data security breach at UCSF may have exposed thousands
The University of California at San Francisco (UCSF) acknowledged Wednesday that a security hole in a computer server may have exposed 46,000 people to potential identity fraud.
-
April 01, 2007
01
Apr'07
Microsoft releases patch for Windows ANI flaw
Security companies are seeing massive attacks against the Windows ANI zero-day flaw, prompting Microsoft to rush out a fix a week before Patch Tuesday.
-
March 21, 2007
21
Mar'07
Hackers broaden reach of cross-site scripting attacks
An explosion of AJAX-based applications has increased the damage that cross-site scripting (XSS) attacks can inflict on machines. A new tool uses XSS flaws to create a botnet.
-
March 20, 2007
20
Mar'07
NAC panel says technology may not add up
A panel discussing the potential of using network access control (NAC) says the technology may not be worth the price of deploying and maintaining it.
-
March 18, 2007
18
Mar'07
Symantec: Data thieves thrive on zero-day flaws
According to Symantec's threat report for the second half of 2006, attackers exploited misplaced USB drives and zero-day flaws to steal vast amounts of data. Expect more of the same in 2007.
-
March 18, 2007
18
Mar'07
Hacker techniques use Google to unearth sensitive data
Those who know where to look could use Google to dig up all sorts of sensitive company information, including intellectual property and passwords, one security expert warns.
-
March 08, 2007
08
Mar'07
Review: eGuardPost a B+ overall
eGuardPost is a well-designed and highly capable product that meets an important need. It has strong security and great forensics capabilities.
-
March 04, 2007
04
Mar'07
Expert: NAC not a network security cure-all
According to an expert at Black Hat DC, NAC success demands careful planning and a good understanding of the company network; otherwise, implementations can quickly go awry.
-
March 02, 2007
02
Mar'07
Police force secures data with biometrics
Humberside Police has issued biometric USB drives among staff to maintain data security.
-
February 28, 2007
28
Feb'07
RFID cloning presentation moves forward despite legal threats
Chris Paget, director of research and development at IOActive spoke mainly about the science behind RFID tags and readers and the inherent security issues of the technology.
-
February 27, 2007
27
Feb'07
McAfee fixes flaw in Mac antivirus software
Attackers could exploit the hole in McAfee's Virex 7.7 antivirus program for Mac OS X to bypass the malware scanner, but a fix is available.
-
February 27, 2007
27
Feb'07
Wireless security: IT pros warily watching mobile phone threats
Security experts have warned repeatedly that mobile phone attacks will grow as the devices become more sophisticated. IT administrators are starting to believe them.
-
February 26, 2007
26
Feb'07
Storm rages again: Self-morphing Trojan uses blogs to spread rootkits
A new variant of the Storm Trojan that changes with each download is infecting blog sites with malicious URLs, intercepting traffic when visitors try to post comments.
-
February 25, 2007
25
Feb'07
PatchLink acquires STAT Guardian tool
PatchLink says it will add more muscle to its vulnerability management portfolio by acquiring the STAT Guardian tool from IT vendor Harris Corp.
-
February 21, 2007
21
Feb'07
Cisco warns of IP phone flaws
Attackers could circumvent security restrictions by exploiting flaws in certain Cisco IP phones, the networking giant warned Wednesday.
-
February 12, 2007
12
Feb'07
Mobile carriers admit to malware attacks
Eighty-three percent of mobile operators surveyed by McAfee Inc. say they've suffered malware infections, but two competing security vendors say the overall threat is still small.
-
February 11, 2007
11
Feb'07
Cybersecurity czar signals government cooperation at RSA Conference
Cybersecurity chief, Greg Garcia told RSA Conference attendees that government, enterprises and academia need to work together to fight growing Internet threats.
-
February 10, 2007
10
Feb'07
Cisco VoIP managment guide: Required management tasks
Comprehensive VoIP management includes the basic network management tasks, but also includes monitoring services such as dial tone delivery, call success rates, telephony delays and impairments, as well as call quality. VoIP telephony management is ...
-
February 08, 2007
08
Feb'07
Roundup: Vista security, breakability touted at RSA Conference
At RSA Conference 2007, Microsoft extolled the security virtues of its new operating system, but others weren't afraid to demonstrate how Vista security is lacking.
-
February 07, 2007
07
Feb'07
EMC plans array-based encryption via PowerPath
EMC's next security move will be array-based encryption through PowerPath by 2008, according to internal documents obtained by SearchStorage.
-
February 05, 2007
05
Feb'07
Symantec chief: Consumer confidence in data protection is key to online growth
In his keynote at RSA Conference 2007, Symantec CEO John W. Thompson said Big Yellow is ready for the shifting dynamics in the information security market, and implied that Microsoft's growing presence in security is a conflict of interest for its ...
-
February 05, 2007
05
Feb'07
Coviello: In 3 years, no more stand-alone security
RSA President Art Coviello says today's patchwork of monolithic security devices will disappear in the next three years as security is integrated into the larger IT infrastructure.
-
February 04, 2007
04
Feb'07
Vista exploitable, researcher says
Marc Maiffret, CTO and chief hacking officer of eEye Digital Security, said he has found a way to elevate system privileges by exploiting a flaw in Windows Vista.
-
February 04, 2007
04
Feb'07
CISOs mastering 'softer' skills
Why CISOs can no longer rely on technology skills alone and what businesses are looking for when recruiting their next information security leader.
-
February 04, 2007
04
Feb'07
Email security buying decisions
Email security can be a daunting task for SMBs -- how do you go about finding the right product? This tip delves into three approaches to email security and the products available.
-
February 04, 2007
04
Feb'07
Dozens of Web sites spread malicious Trojan
Update: The same malicious JavaScript keylogger that compromised the Dolphin Stadium Web site last week was found over the weekend on dozens of other high-profile Web sites.
-
February 04, 2007
04
Feb'07
Intrusion detection systems are alive and kicking
IPS hasn't overtaken intrusion detection systems just yet. Senior News Writer Bill Brenner reveals what customers want when they're shopping for IDS products.
-
January 30, 2007
30
Jan'07
Symantec unveils 'universal ID system'
Symantec said the goal is to create a universally accepted identity system across all Web sites -- from online financial institutions to retailers -- for millions of consumers.
-
January 30, 2007
30
Jan'07
Using IAM tools to improve compliance
Provisioning and password management tools can ease complexity, reduce help desk calls and save money. But they also have an added benefit: they can help with your compliance woes.
-
January 29, 2007
29
Jan'07
Entrust to sell cheaper hardware tokens
Security vendor Entrust Inc. will enter the hardware token market selling a $5 one-time password device. Experts say the move could reduce prices across the industry.
-
January 29, 2007
29
Jan'07
TJX faces lawsuit over data breach
A class action lawsuit against TJX accuses the retailer of negligence for not doing enough to secure customer data and for keeping quiet about the breach for a month.
-
January 25, 2007
25
Jan'07
Balancing the cost and benefits of countermeasures
The final tip in our series, "How to assess and mitigate information security threats."
-
January 25, 2007
25
Jan'07
Malware: The ever-evolving threat
The first tip in our series, "How to assess and mitigate information security threats"
-
January 25, 2007
25
Jan'07
Network-based attacks
The second tip in our series, "How to assess and mitigate information security threats."
-
January 25, 2007
25
Jan'07
Information theft and cryptographic attacks
The third tip in our series, "How to assess and mitigate information security threats."
-
January 25, 2007
25
Jan'07
Apple fixes Mac Wi-Fi flaw
The Mac OS X Wi-Fi flaw Apple fixed on 24 Jan was first disclosed as part of the Month of Kernel Bugs in November. Attackers could exploit it to crash the targeted system.
-
January 24, 2007
24
Jan'07
Microsoft investigates new Word zero-day
An unpatched memory-corruption flaw in Microsoft Word is the target of "limited" attacks in the wild, Microsoft confirmed Thursday.
-
January 24, 2007
24
Jan'07
TJX data breach info used to make fraudulent purchases
Fraudulent purchases have been reported globally, according to a trade association that represents more than 200 banks in Massachusetts.
-
January 23, 2007
23
Jan'07
McAfee: Malware all about ID theft
The use of keylogger technology is surging and there's been a 100-fold rise in phishing attacks, according to a new report from McAfee.
-
January 16, 2007
16
Jan'07
Fortify Software to acquire Secure Software
The acquisition of Secure Software will allow Fortify to expand into the requirements and design phases of the software development lifecycle, the company said.
-
January 10, 2007
10
Jan'07
Sophos acquires Endforce to add NAC
Antivirus vendor Sophos is rounding out its email Web and desktop security software with Endforce's network access control (NAC) software.
-
January 08, 2007
08
Jan'07
Attackers hide malicious code using new method
Attackers have designed a new way to thwart virus signatures from antivirus vendors, says a new report.
-
January 03, 2007
03
Jan'07
Cisco bolsters security with IronPort buy
Cisco Systems agreed Thursday to buy Internet gateway security vendor IronPort Systems Inc. for $830 million.
-
January 03, 2007
03
Jan'07
Cisco software vulnerable to attack
Cisco's Clean Access software and Clean Access Manager are at risk to attack. A malicious user can access a database snapshot and download it without authentication.
-
January 02, 2007
02
Jan'07
Security pros grumble over spam increase
Spim and spam from unexpected sources is challenging enterprises in 2007. Some enterprises are taking action.
-
December 26, 2006
26
Dec'06
Looking back at information security in 2006
In this special edition of Security Wire Weekly, senior news writer Bill Brenner reviews his top interviews of 2006.
-
December 19, 2006
19
Dec'06
Microsoft releases Vista APIs to security vendors
Microsoft released a draft set of programming interfaces allowing security vendors to develop software using the Windows kernel on 64-bit systems.