News

IT risk management

• September 09, 2007 09 Sep'07

  Virtual appliance lets users convert DAS to iSCSI San

  LeftHand Networks has released an edition of its SaniQ iSCSI San software that will convert locally attached disc to networked storage.

• September 07, 2007 07 Sep'07

  Microsoft update to patch critical Windows flaw

  Microsoft plans to patch a critical flaw in Windows and plug holes in MSN Messenger, Visual Studio, and Windows services for Unix.

• September 07, 2007 07 Sep'07

  Government warns of dangerous QuickBooks Online flaw

  Attackers could exploit two flaws in the popular Intuit QuickBooks Online Edition to cause buffer overflows and download or upload files in arbitrary locations, US-CERT warned.

• September 07, 2007 07 Sep'07

  Cybercriminals employ toolkits in rising numbers to steal data

  The market is increasing for crimeware toolkits that help cybercriminals avoid detection and exploit flaws, according to new research from security vendor, Finjan.

• September 06, 2007 06 Sep'07

  Data security breach at Pfizer affects thousands

  A Pfizer employee removed files exposing 34,000 people to potential identity fraud, according to the company. It was the third data breach at the company in three months.

• September 05, 2007 05 Sep'07

  NAC switches, appliances help track users, malware

  Some vendors are offering switches and appliances to monitor traffic for malware and unauthorized access, as the NAC market including Cisco NAC and Microsoft NAP sorts itself out.

• September 05, 2007 05 Sep'07

  Firefox security issues persist despite update

  Despite Mozilla's recent Firefox security update, researchers say there's another way attackers could exploit the browser for malicious purposes.

• August 29, 2007 29 Aug'07

  Rootkit found in older Sony USB device

  F-Secure says it discovered rootkit technology in Sony's Micro Vault USM-F fingerprint reader software. The find comes two years after controversy over Sony's DRM technology.

• August 28, 2007 28 Aug'07

  Unified communications slow to change U.S. work culture

  Unified communications implementation is still high, but many enterprises have yet to allow users all its advantages.

• August 28, 2007 28 Aug'07

  Data archives overview

  When a file is lost due to user error, or data is corrupted because of system problems, the affected data can be restored from a backup. An archive is different from a backup because the data may not be used for months, even years, but must be ...

• August 28, 2007 28 Aug'07

  SANS: Attackers may be attempting Trend Micro exploits

  The SANS Internet Storm Center (ISC) warns that attackers may be attempting to exploit flaws in Trend Micro products to hijack computer systems.

• August 23, 2007 23 Aug'07

  Nokia Intellisync boosts device management

  Nokia Intellisync has released updates to its Mobile Suite to enhance remote device support, loss and theft protection, and management capabilities.

• August 22, 2007 22 Aug'07

  Trend Micro fixes flaws in ServerProtect, PC-cillin

  Attackers could tamper with servers and run malicious code by exploiting flaws in Trend Micro's ServerProtect, Anti-Spyware and PC-cillin products. But fixes are available.

• August 22, 2007 22 Aug'07

  Attackers target two Microsoft security flaws

  Symantec warned customers about attacks targeting two Microsoft security flaws -- an unpatched DirectX Media vulnerability and the XML Core Services flaw patched in MS07-042.

• August 20, 2007 20 Aug'07

  Sourcefire acquires open source ClamAV

  Sourcefire, maker of the popular Snort open source IDS tool, has acquired ClamAV, an open source email gateway scanning tool.

• August 20, 2007 20 Aug'07

  VMware acquires HIPS provider Determina

  VMware, the leader in virtualization software, has acquired Determina, a provider of host IPS technology.

• August 19, 2007 19 Aug'07

  College campuses prepare for Microsoft Vista challenges

  With new Vista machines coming to campus, the IT shops of academia have no choice but to embrace the latest Windows OS and its security implications.

• August 17, 2007 17 Aug'07

  Wal-Mart deploys new data security system

  Wal-Mart Stores has deployed a data security and encryption system to secure data going over its global network.

• August 16, 2007 16 Aug'07

  TJX profit takes hit over data breach

  TJX says it has spent $256 million responding to the massive data breach that exposed 45 million customers to identity fraud, and the bottom line has suffered as a result.

• August 15, 2007 15 Aug'07

  Latest Microsoft flaws affect Windows, IE, Excel

  Microsoft released nine security updates Tuesday -- six of them critical -- for flaws in Internet Explorer, Excel and other programs within the Windows OS.

• August 14, 2007 14 Aug'07

  Novell to acquire Senforce for endpoint security

  Novell is acquiring Senforce, an early network access control supplier, to integrate its endpoint security features and develop an endpoint management suite.

• August 14, 2007 14 Aug'07

  Apple iPhone to provoke complex mobile attacks, expert warns

  Mikko Hypponen, director of antivirus research at F-Secure, said he expects mobile malware attacks to escalate thanks to interest in Apple's iPhone.

• August 13, 2007 13 Aug'07

  Gartner security summit outlines 'Security 3.0'

  Gartner has opened its Sydney Security Summit with a definition of Security 3.0.

• August 09, 2007 09 Aug'07

  NAS appliance purchase considerations

  NAS appliances are frequently touted for bringing convenience and simplicity to network storage. Appliances include their own dedicated disks for storage and RAID, and most NAS appliances can be upgraded with more or larger disks for additional ...

• August 09, 2007 09 Aug'07

  Sun adds virtual tape library to Thumper

  Analysts say the combo of FalconStor's software, Solaris and Thumper is a good sign of integration from Sun after a disorganised year, but it's unclear if users will be convinced.

• August 09, 2007 09 Aug'07

  VeriSign employee data exposed in laptop theft

  Current and former employees of VeriSign were exposed to potential data fraud when a laptop housing their information was stolen from the car of a former employee.

• August 09, 2007 09 Aug'07

  VoIP vulnerability threatens data

  VoIP vulnerabilities have now reached a level of sophistication that allows hackers to steal, view or delete data.

• August 08, 2007 08 Aug'07

  NAS appliance specifications

  NAS appliances are noted for their convenience, offering dedicated internal storage that is relatively straightforward to identify and manage. The biggest issue for NAS appliances is avoiding network bottlenecks and supporting expansion without ...

• August 08, 2007 08 Aug'07

  Cisco warns of critical IOS flaws

  Attackers could exploit multiple flaws in Cisco's IOS to cause a denial of service or remotely execute arbitrary code.

• August 07, 2007 07 Aug'07

  Subpar security compromises compliance

  Pressure to keep trading applications available has nudged security to the back of the development line.

• August 03, 2007 03 Aug'07

  Discovery of malware cesspool triggers attack fears

  Trend Micro researchers say a malware-infested Web server in Russia, linked to several Italian Web sites, could lead to a large-scale attack.

• August 02, 2007 02 Aug'07

  Apple releases fixes for Mac OS X, iPhone vulnerabilities

  Apple Computer has released software patches fixing critical vulnerabilities in Mac OS X and its newly released iPhone.

• August 01, 2007 01 Aug'07

  Users make iSCSI Sans with USB keys

  Users say that Open-E's iSCSI San software, which is delivered on a USB stick, is more affordable than prepackaged systems and has more support than free iSCSI target products.

• July 31, 2007 31 Jul'07

  Security update fixes Yahoo Widgets flaw

  Attackers could exploit a Yahoo Widgets flaw to run malicious code on compromised Windows computers, but a security update is available.

• July 30, 2007 30 Jul'07

  Most antispam technologies get failing grade

  An independent study finds that many enterprises are not satisfied with traditional antispam technologies.

• July 25, 2007 25 Jul'07

  EMC reports Clariion surge, data archiving slump

  EMC's revenues are up this quarter, attributed in part to a big boost in Clariion sales, but CEO Joe Tucci is critical of the company's execution in data archiving.

• July 25, 2007 25 Jul'07

  Cisco issues warning for wireless LAN controller flaws

  Cisco Systems is warning customers of flaws in its wireless LAN controllers that initially crippled a wireless network at Duke University.

• July 24, 2007 24 Jul'07

  Apple iPhone crack discovered by security researchers

  Researchers have found a way to take complete control of the Apple iPhone by sending a user to a malicious Web site.

• July 24, 2007 24 Jul'07

  New hacking technique exploits common programming error

  Researchers at Watchfire Inc. say they discovered a new technique that exploits a common dangling pointer error.

• July 23, 2007 23 Jul'07

  PCI compliance costs often underestimated, study finds

  Companies are moving forward with PCI DSS projects, but many are underestimating the costs associated with compliance.

• July 23, 2007 23 Jul'07

  Core Security CEO to step down

  Paul Paget, the CEO of penetration testing software vendor Core Security Technologies said he is better-suited for start-ups

• July 22, 2007 22 Jul'07

  Black Hat Las Vegas 2007: Special news coverage

  SearchSecurity.com covers all the controversy at this year's show with news, features, podcasts, interviews, exploits and more direct from Las Vegas.

• July 18, 2007 18 Jul'07

  For Boeing, data security, network access still hazy

  Boeing is trying to reshape its network security architecture to better protect sensitive systems from threats without degrading employee productivity.

• July 17, 2007 17 Jul'07

  CDP platform purchase considerations

  Busy IT organizations are employing continuous data protection (CDP) technologies to guard data on the fly, essentially eliminating the backup window and allowing granular file and system restoration -- sometimes down to the individual disk write ...

• July 17, 2007 17 Jul'07

  Zero-day auction site complicates security efforts, IT pros say

  WabiSabiLabi, the eBay-like marketplace for zero-day flaws, will make it tougher for companies to ward off attackers, some IT security professionals say.

• July 17, 2007 17 Jul'07

  Oracle plans 46 security updates for database, software

  Attackers could tamper with database servers and host operating systems by exploiting flaws across Oracle's product line.

• July 17, 2007 17 Jul'07

  CDP platform specifications

  Continuous data protection (CDP) products track changes to files and data -- typically in real time -- recording activity and allowing recovery to an extremely granular level. This effectively reduces backup windows and restore points, allowing busy...

• July 16, 2007 16 Jul'07

  Oracle's July 2007 CPU has 45 security fixes

  Oracle stuffed 45 security updates into its July 2007 CPU, fixing flaws across its product line attackers could exploit remotely to compromise corporate databases.

• July 13, 2007 13 Jul'07

  Antispyware legislation gets tepid reviews

  Congress is debating three different bills that would punish spyware pushers, but some IT professionals have their doubts about legislation as a solution to the problem.

• July 12, 2007 12 Jul'07

  Zero-day auction site highlights ethical debate

  A new auction site plans to cash in on flaw research. Executive Editor Dennis Fisher explores if it's a viable business model and if research should be sold to the highest bidder.