News

Hackers and cybercrime prevention

• September 12, 2006 12 Sep'06

  Big security fixes for QuickTime, Flash Player

  Apple and Adobe warned that attackers could exploit multiple flaws in QuickTime and Flash Player to run malicious code on targeted machines.

• August 27, 2006 27 Aug'06

  Third-party patching: Prudent or perilous?

  Security patches issued by third parties have become more prevalent in recent months, and while some security pros endorse them, others say they're more trouble than they're worth.

• August 14, 2006 14 Aug'06

  Mocbot update targets MS06-040 flaw

  Security experts raised the red flag Sunday as new malware targets the Windows flaw addressed in the MS06-040 patch. Attackers are using the flaw to expand IRC-controlled botnets.

• August 10, 2006 10 Aug'06

  Security Blog Log: Israeli-Hezbollah war spills into cyberspace

  This week blogosphere warily watches online attacks inspired by the Mideast conflict and rants over the latest security incidents at AOL and the VA.

• August 10, 2006 10 Aug'06

  Symantec fixes Backup Exec flaw

  Attackers could exploit flaws in Symantec Backup Exec 9.1 and 9.2 for NetWare Servers to cause a denial of service, launch malicious code and gain access to vulnerable machines.

• July 26, 2006 26 Jul'06

  Mozilla issues critical security updates

  New patches to fix 13 software security flaws, eight of which have been deemed critical.

• July 26, 2006 26 Jul'06

  DHS puts Zitz in charge of cybersecurity division

  American career intelligence officer Robert S. Zitz has taken over day-to-day operations of the US National Cyber Security Division, but his department still has numerous digital defence problems to remedy.

• July 24, 2006 24 Jul'06

  Security Bytes: New Microsoft exploits in the wild

  The exploits target issues Microsoft patched earlier this month. Meanwhile, flaws are reported in Oracle for OpenView and a Mozilla Firefox keystroke logger is on the loose.

• July 13, 2006 13 Jul'06

  Security Bytes: Investigators slam VA over data breach

  Meanwhile: Cisco patches a router application flaw, a Washington law firm sues IBM over a server attack; and spammers sucker Web surfers with fake Vladimir Putin death reports.

• July 13, 2006 13 Jul'06

  Trojan targets Microsoft PowerPoint flaw

  Update: The exploit might be tied to an older flaw in Excel. Attackers who exploit the serious flaw could launch arbitrary code. Microsoft says it is investigating.

• July 11, 2006 11 Jul'06

  Microsoft patches seven July security holes, five critical

  The software giant's monthly batch of fixes includes critical repairs for Internet Explorer and Windows' networking features, plus "important" bulletins for Internet Information Server.

• July 10, 2006 10 Jul'06

  Security Bytes: Data breach affects 100,000 military personnel

  Meanwhile: Phishers use a phone trick to dupe PayPal users; the PCI security standard will get more teeth and a survey illustrates an increase in security breaches

• June 30, 2006 30 Jun'06

  More from SearchSecurity -- July 2006

  Highlights from the July 2006 issue of Information Security magazine.

• June 26, 2006 26 Jun'06

  Dundee to teach ethical hacking BSc

  A degree in ethical hacking will be on offer at a Scottish university from the new academic year.

• June 13, 2006 13 Jun'06

  Fifa ready for cyber attack on World Cup

• April 06, 2006 06 Apr'06

  Adding 'fudge' to your passwords

  Safe passwords are integral to web application security. Unfortunately, recalling many complicated passwords is difficult. If you must write down your passwords to remember them, use this tip to create a safer password record.

• December 22, 2005 22 Dec'05

  Gaining access using application and operating system attacks

  In this excerpt from Chapter 7 of Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, Second Edition, authors Ed Skoudis and Tom Liston explain how security professionals can use exploit frameworks to their ...

• December 14, 2005 14 Dec'05

  Flaws reported in Trend Micro ServerProtect

  Storage and security managers should be wary of vulnerabilities in the AV product that could enable a denial-of-service and malicious code execution. Workarounds are available.

• December 12, 2005 12 Dec'05

  Titan Rain shows need for better training

  SANS says the Chinese-based attacks demonstrate the growing sophistication of hackers, and the need for IT admins who can articulate the dangers to execs.

• December 07, 2005 07 Dec'05

  Security pros gain ground in the board room

  Executives are paying more attention to their IT security managers and taking more responsibility for online threats against their companies, according to a new study.

• December 06, 2005 06 Dec'05

  Cybersecurity policy takes cooperation, trust, experts say

  At the Infosecurity confab, experts explain why sharing information -- even when it's embarrassing -- is vital to securing not only corporations, but also the national infrastructure.

• November 10, 2005 10 Nov'05

  Security Bytes: FTC cracks down on alleged spyware distributors

  Patches fix serious RealPlayer flaws, IM malcode launches phishing attacks; Microsoft warns of Macromedia Flash flaw; Liberty Alliance pushes stronger authentication; FEMA data security is in question; patches fix Veritas flaws and TransUnion ...

• November 09, 2005 09 Nov'05

  Trojans target Sony DRM and Windows

  Security researchers track two new Trojan horses. One exploits the Sony DRM program. The other could possibly take aim at the Windows flaw Microsoft patched this week.

• October 17, 2005 17 Oct'05

  How avian flu could threaten IT security

  Experts say a potential bird flu pandemic could have a disastrous effect on IT infrastructures. But if companies plan well, those infrastructures could also help minimize chaos.

• October 12, 2005 12 Oct'05

  Symantec fixes 'critical' Veritas flaw

  Attackers could launch malicious code by exploiting a security hole in Veritas NetBackup servers and clients. But Symantec has released a fix.

• September 27, 2005 27 Sep'05

  Secure your extended enterprise

  How do you achieve the fine balance between ensuring that there is truly free access to sensitive information, without sacrificing security?

• September 22, 2005 22 Sep'05

  Telework key to surviving security disaster, expert says

  Cybersecurity Industry Alliance Executive Director Paul Kurtz explains why telework may be crucial to surviving The Big One.

• September 21, 2005 21 Sep'05

  Leave no trace: Understanding attackers' motives

  This excerpt from Chapter 1 of "Rootkits: Subverting the Windows Kernel," explains the purpose of back doors and how hackers use them, as well as how stealth plays a major role in most successful attacks.

• September 21, 2005 21 Sep'05

  IT infrastructure risks key to averting major cyberattack

  Predictions of a cataclysmic disaster have been around for awhile. But one security officer cites reasons why the Internet can never be brought down.

• September 21, 2005 21 Sep'05

  Catastrophic cyberattack unlikely, experts say

  Predictions of a cataclysmic disaster have been around for awhile. But one security officer cites reasons why the Internet can never be brought down.

• July 31, 2005 31 Jul'05

  Attack: USB could be the death of me

  Seemingly innocent Universal Serial Bus driver bugs may allow device attacks that many won't see coming, according to Black Hat presenters.

• July 26, 2005 26 Jul'05

  VeriSign raises stakes in battle for threat intelligence

  Not to be outdone by 3Com's "Zero-Day Initiative," VeriSign says it'll shell out more cash for hackers who provide vulnerability intelligence.

• July 26, 2005 26 Jul'05

  Experts weigh in on spyware's defining moment

  We asked IT professionals to review the spyware definitions proposed by a coalition of tech firms and security organizations. They found plenty of room for improvement.

• July 21, 2005 21 Jul'05

  Can alcohol mix with your key personnel?

  I persuaded our MD to hire a dedicated IT security expert. I am pleased with his work, but on several occasions he has smelled strongly of drink. How do I nip this in the bud?

• July 06, 2005 06 Jul'05

  This is not your father's hacker

  While Sasser author Sven Jaschan awaits the outcome of his trial this week in Germany, a new cybercrime report explains why the teenager is becoming an anachronism.

• June 07, 2005 07 Jun'05

  Latest Mytob worms phish for trouble

  Mytob's data-drumming tactics and the appearance of new Trojan horse programs add to concern that the underground is perfecting ingredients for a major attack.

• June 06, 2005 06 Jun'05

  Know your enemy: Why your Web site is at risk

  In this Lesson 1 technical paper from Web Security School, guest instructor Michael Cobb outlines the threats to Web sites and who is behind them.

• June 05, 2005 05 Jun'05

  Quiz: Secure Web directories and development

  Evaluate your knowledge of Web threats and how to defeat them. Questions cover security risks of dynamically created content and proper security management.

• June 04, 2005 04 Jun'05

  Top tools for testing your online security, part 2

  Michael Cobb explains what tools are helpful in maintaining Web security, including security scanners, benchmarking tools, monitoring services and online resources.

• June 04, 2005 04 Jun'05

  Top tools for testing your online security

  Learn a structured approach for Web security that can make your security management tasks easier and increase your chances of success.

• June 03, 2005 03 Jun'05

  Quiz: Identify and analyze Web server attacks, answer No. 5

  Quiz: Identify and analyze Web server attacks, answer No. 5

• June 03, 2005 03 Jun'05

  Quiz: Identify and analyze Web server attacks, answer No. 3

  Quiz: Identify and analyze Web server attacks, answer No. 3

• May 23, 2005 23 May'05

  Pre-CISSP: Options for the security newbie

  Shon Harris advises novice security practitioners on the value of entry-level certifications -- and good, old-fashioned experience -- in preparation for the CISSP®.

• March 14, 2005 14 Mar'05

  HIPAA security rules set hurdles for struggling hospitals

  Most healthcare organizations have one more month to meet the security requirements of the Health Insurance Portability and Accountability Act (HIPAA). Will they make it?

• March 09, 2005 09 Mar'05

  Exploit code targets critical CA flaws

  Anyone who ever evaluated CA software is potentially at risk. The good news is patches are available and a free scanner is out now to identify systems vulnerable to attack.

• March 08, 2005 08 Mar'05

  Passwords still the weakest link

  Businesses are still struggling to convince their staff of the importance of password security, according to a survey of 67,000...

• February 24, 2005 24 Feb'05

  Security Bytes: Cisco patch available for ACNS flaws

  Workaround outlined for new php exploit. IBM issues patch for DB2 flaw. Payroll service goes offline to investigate security claims , and BoA loses personal data on customers.

• February 15, 2005 15 Feb'05

  Federal agency security still poor, but improving

  Report cards give federal security a D-plus average, but the Homeland Security Department is still failing.

• February 02, 2005 02 Feb'05

  Compressed files strike another blow to AV

  The "alternative" .rar files are picking up where popular .zip files left off as attack vectors.

• January 11, 2005 11 Jan'05

  A 'critical' Patch Tuesday

  Microsoft issues three security bulletins for January, two of them critical. Attackers have already exploited some of the vulnerabilities.