Antivirus, firewall and IDS products
-
News
28 Mar 2024
UK plc going backwards on cyber maturity, Cisco report claims
Fewer UK organisations believe their cyber security postures have reached a mature level than did so 12 months ago, as they struggle to keep up with new challenges and a fast-evolving threat landscape Continue Reading
-
News
13 Feb 2024
Hunter-killer malware volumes seen surging
Latest Picus Security report on malware tactics, techniques and procedures reveals an increasing focus on disabling security defences Continue Reading
-
News
23 Jul 2007
Core Security CEO to step down
Paul Paget, the CEO of penetration testing software vendor Core Security Technologies said he is better-suited for start-ups Continue Reading
-
News
22 Jul 2007
Black Hat Las Vegas 2007: Special news coverage
SearchSecurity.com covers all the controversy at this year's show with news, features, podcasts, interviews, exploits and more direct from Las Vegas. Continue Reading
-
News
18 Jul 2007
For Boeing, data security, network access still hazy
Boeing is trying to reshape its network security architecture to better protect sensitive systems from threats without degrading employee productivity. Continue Reading
-
News
17 Jul 2007
CDP platform purchase considerations
Busy IT organizations are employing continuous data protection (CDP) technologies to guard data on the fly, essentially eliminating the backup window and allowing granular file and system restoration -- sometimes down to the individual disk write operation. Several CDP appliances are available, but many are implemented in software, and all require careful consideration before purchase. This article focuses on the specific purchase considerations for CDP products. Continue Reading
-
News
16 Jul 2007
Oracle's July 2007 CPU has 45 security fixes
Oracle stuffed 45 security updates into its July 2007 CPU, fixing flaws across its product line attackers could exploit remotely to compromise corporate databases. Continue Reading
-
News
13 Jul 2007
Symantec fixes flaws in AntiVirus, Backup Exec
Symantec fixed flaws attackers could exploit in AntiVirus Corporate Edition and Backup Exec to launch malicious code, gain elevated user privileges or cause a denial of service. Continue Reading
-
News
13 Jul 2007
Antispyware legislation gets tepid reviews
Congress is debating three different bills that would punish spyware pushers, but some IT professionals have their doubts about legislation as a solution to the problem. Continue Reading
-
News
12 Jul 2007
Web security gateways meet rising malware threats
Web security gateways combine layered defense against the rising tide of Web-based malware with URL filtering and application control. Continue Reading
-
News
05 Jul 2007
Security Metrics: Replacing Fear, Uncertainty, and Doubt
In this chapter excerpt from "Security Metrics: Replacing Fear, Uncertainty and Doubt," author Andrew Jaquith reveals ways to present security data in a clean and elegant manner. Continue Reading
-
News
05 Jul 2007
Zero-day auction site opened by Swiss lab
Swiss start-up WabiSabiLabi is offering zero-day findings for qualified buyers. The site could fuel new debate over flaw disclosure. Continue Reading
-
News
04 Jul 2007
Cisco users upbeat about security direction
Cisco customers say the vendor's security strategy is headed in the right direction, which is why they believe the networking giant's IronPort integration will be smooth sailing. Continue Reading
-
News
02 Jul 2007
Are PCI auditors pitching products?
Auditors shouldn't be pitching remediation services or products to bring a company into compliance with PCI DSS rules, but some merchants are reporting the practice Continue Reading
- News 01 Jul 2007
-
News
29 Jun 2007
Vendors admit more cooperation needed on security
Security leaders from large software vendors pledge to cooperate on embedding more security into their products. Continue Reading
-
News
27 Jun 2007
Cisco vows to maintain IronPort tech, talent
As it completes the purchase of IronPort Systems, Cisco vows to maintain IronPort's talent base and make investments to keep its newly-acquired technology fresh. Continue Reading
-
News
25 Jun 2007
PCI Council hears complaints, suggestions for changes
Companies with the most stringent security technologies endure hurdles to comply with PCI DSS. Some firms are turning to the upcoming Burton Group Catalyst Conference for answers. Continue Reading
-
News
19 Jun 2007
Endpoint fears drive PatchLink-SecureWave merger
Experts say the PatchLink-SecureWave merger makes sense since IT pros want a better way to protect their endpoint devices. But PatchLink's market supremacy is far from assured. Continue Reading
-
Feature
19 Jun 2007
Big Microsoft Vista concerns for Big Pharma
The second installment of an ongoing series examining the challenges of deploying Windows Vista and the considerations that go into the decision to roll out the new OS. Continue Reading
-
News
17 Jun 2007
VoIP security testing fundamentals
Testing your VoIP security system against all the threats that exist on the network can be a full time job. This guide documents how a VoIP system can be tested and suggest some of the available tools to use -- with a focus on fuzzing tools and methods. Continue Reading
-
Feature
14 Jun 2007
Why hacking contests, 'month-of' projects don't help
Ivan Arce, chief technology officer of Core Security Technologies explains why he thinks hacking contests and public vulnerability disclosure projects do little to improve IT security. Continue Reading
-
Feature
12 Jun 2007
The Art of Software Security Testing
Identifying software security flaws including the proper methods for examining file formats. Continue Reading
-
News
10 Jun 2007
Connecting for Health briefing claims much of NHS NPfIT complete
A confidential Connecting for Health briefing paper for the prime minister has claimed that much of the NHS's £12.4bn National Programme for IT (NPfIT) is complete - although an integrated national care record system has yet to materialise, and software delivered under the scheme has been criticised by some trusts as not yet fit for purpose. Continue Reading
-
Feature
08 Jun 2007
Data retrieval strategies: Document management software overview
The role of document management software in data storage and how it can mitigate risk for the enterprise. Continue Reading
-
News
01 Jun 2007
Top spammer indicted on email fraud, identity theft
The arrest may reduce the volume of spam in the short-term, say experts and analysts, but the real spam threat comes from criminal gangs based in Asia and Russia. Continue Reading
-
News
01 Jun 2007
Check Point promises more VoIP security, fewer slowdowns
Check Point's enhanced Open Performance Architecture is designed for deeper security of technologies like VoIP without the network performance problems that often come with it. Continue Reading
-
News
01 Jun 2007
Springing leaks: Getting smart about data loss prevention
Companies are showing increased interest in data loss prevention (DLP) products, but they won't work well unless the business needs are understood and well defined. Continue Reading
-
News
01 Jun 2007
HDS adds SAN muscle to archive
Hitachi Data Systems integrates its archive software across its product line and adds important new features, including replication, data deduplication and security. Continue Reading
-
Feature
25 May 2007
When Microsoft Vista and VPNs don't mix
Papa Gino's is ahead of many companies in deploying Windows Vista, thanks to its involvement in the Microsoft TAP program. But VPN compatibility has been a sticking point. Continue Reading
-
News
24 May 2007
Microsoft NAP-TNC compatibility won't speed adoption, users say
Users hail the new compatibility of Microsoft NAP and the Trusted Computing Group's TNC architecture. But they say it won't speed up their adoption timetables. Continue Reading
-
News
24 May 2007
Sourcefire, Nmap deal to open vulnerability scanning
Sourcefire and Insecure.org have inked an agreement to develop open source vulnerability scanning tools based on Insecure's Nmap scripting engine. Continue Reading
-
News
24 May 2007
IETF approves new weapon to fight spam, phish
DomainKeys Identified Mail specification (DKIM) gained approval as an official IETF standard. The approval is seen as a major step in the fight against spam and phishing attacks. Continue Reading
-
News
17 May 2007
VoIP security fundamentals
VoIP security is a challenge for IT staff because IP telephony brings with it not only the security problems of data networks but also new threats specific to VoIP. In this fundamentals guide, learn about network security threats and emerging IP telephony threats, and how to secure your VoIP systems and endpoints from them. Continue Reading
-
News
16 May 2007
When signature based antivirus isn't enough
Zero-day exploits, targeted attacks and increasing demands for endpoint application controls are driving the rapid metamorphosis from signature-based antivirus and antispyware to HIPS-based integrated products. Continue Reading
-
News
09 May 2007
Symantec fixes flaws in Norton, pcAnywhere
Attackers could exploit flaws in Symantec's Norton AntiVirus and pcAnywhere to launch malicious code or compromise a user's session credentials. Continue Reading
-
Feature
07 May 2007
The trouble with Google hacking techniques
Some IT security professionals say the threat posed by Google hacking techniques is overblown and that companies can easily avoid it with a layered security program. One skeptical expert is Ira Winkler, founder of the Internet Security Advisors Group (ISAG) and author of such books as "Spies Among Us." In this Q&A, he talks about how Google hacking is not new and why he thinks IT pros who aren't aware of it should go back to security school. Continue Reading
-
News
03 May 2007
Quiz: Enterprise strategies for protecting data at rest
A five-question multiple-choice quiz to test your understanding of the e-discovery content presented by expert Perry Carpenter in this lesson of SearchSecurity.com's Data Protection Security School. Continue Reading
-
News
03 May 2007
Quiz: Demystifying data encryption
A five-question multiple-choice quiz to test your understanding of the data encryption content presented by expert Tom Bowers in this lesson of SearchSecurity.com's Data Protection Security School. Continue Reading
-
News
03 May 2007
Microsoft users sticking with third-party security vendors
IT pros are pleased with Microsoft's security advances, including those found in Forefront. But don't expect them to drop their third-party security vendors. Continue Reading
-
News
26 Apr 2007
New image spam sneaks into inboxes
Researchers at Secure Computing Corp. have discovered a new form of image spam that is sneaking into corporate systems and clogging inboxes. Continue Reading
-
News
26 Apr 2007
Websense to acquire SurfControl
Websense says its planned $400 million acquisition of SurfControl will allow it to better compete in the global security market. Continue Reading
-
News
24 Apr 2007
Apple fixes 25 Mac OS X flaws
Attackers could exploit about two dozen flaws in Mac OS X to cause a denial of service, bypass security restrictions, disclose sensitive data and run malicious code. Continue Reading
-
News
15 Apr 2007
Malware outbreak 'largest in almost a year'
Security firm Postini and the SANS Internet Storm Center said they are tracking a significant malware outbreak. Postini calls it the biggest email attack in almost a year. Continue Reading
-
News
12 Apr 2007
Microsoft investigates DNS server flaw
Attackers could exploit a DNS flaw in Microsoft Windows 2000 Server and Windows Server 2003 and run malicious code on the system. A workaround is suggested until a patch is issued. Continue Reading
-
News
12 Apr 2007
Microsoft DNS server flaw called dangerous
UPDATE: Microsoft said Sunday that attacks are still limited, but a proof of concept code to exploit the vulnerability is publicly available. Continue Reading
-
News
08 Apr 2007
Spam campaign uses Storm-like attack technique
Spammers used an attack technique much like last January's "Storm" assault to dupe people into downloading malware over the weekend. This time, they used fake WWIII headlines. Continue Reading
-
News
08 Apr 2007
Symantec fixes 'high-risk' flaw in Enterprise Security Manager
Attackers could hijack machines from remote locations by exploiting a flaw in Symantec Enterprise Security Manager (ESM). Kaspersky Lab users also have a flaw to deal with. Continue Reading
-
News
04 Apr 2007
Data security breach at UCSF may have exposed thousands
The University of California at San Francisco (UCSF) acknowledged Wednesday that a security hole in a computer server may have exposed 46,000 people to potential identity fraud. Continue Reading
-
News
01 Apr 2007
Microsoft releases patch for Windows ANI flaw
Security companies are seeing massive attacks against the Windows ANI zero-day flaw, prompting Microsoft to rush out a fix a week before Patch Tuesday. Continue Reading
-
Feature
29 Mar 2007
Will data breach be the end of TJX?
This week in Security Blog Log: Industry experts say companies can learn from a data breach and even prosper from it. But is TJX following the right example? Continue Reading
-
Feature
21 Mar 2007
Symantec threat report under the microscope
This week in Security Blog Log: Infosec professionals dissect Symantec's latest threat report and express a range of views in the blogosphere. Continue Reading
-
News
21 Mar 2007
Hackers broaden reach of cross-site scripting attacks
An explosion of AJAX-based applications has increased the damage that cross-site scripting (XSS) attacks can inflict on machines. A new tool uses XSS flaws to create a botnet. Continue Reading
-
News
20 Mar 2007
NAC panel says technology may not add up
A panel discussing the potential of using network access control (NAC) says the technology may not be worth the price of deploying and maintaining it. Continue Reading
-
News
18 Mar 2007
Symantec: Data thieves thrive on zero-day flaws
According to Symantec's threat report for the second half of 2006, attackers exploited misplaced USB drives and zero-day flaws to steal vast amounts of data. Expect more of the same in 2007. Continue Reading
-
News
18 Mar 2007
Hacker techniques use Google to unearth sensitive data
Those who know where to look could use Google to dig up all sorts of sensitive company information, including intellectual property and passwords, one security expert warns. Continue Reading
-
News
08 Mar 2007
Review: eGuardPost a B+ overall
eGuardPost is a well-designed and highly capable product that meets an important need. It has strong security and great forensics capabilities. Continue Reading
-
News
04 Mar 2007
Expert: NAC not a network security cure-all
According to an expert at Black Hat DC, NAC success demands careful planning and a good understanding of the company network; otherwise, implementations can quickly go awry. Continue Reading
-
News
02 Mar 2007
Police force secures data with biometrics
Humberside Police has issued biometric USB drives among staff to maintain data security. Continue Reading
-
Feature
28 Feb 2007
PING with Mark Odiorne
Mark Odiorne, CISO at Scottish Re, provides insights on pen testing procedures, prioritising security for senior management and keeping compliant. Continue Reading
-
News
28 Feb 2007
RFID cloning presentation moves forward despite legal threats
Chris Paget, director of research and development at IOActive spoke mainly about the science behind RFID tags and readers and the inherent security issues of the technology. Continue Reading
-
Feature
28 Feb 2007
RFID dispute: Vendors still hostile toward full disclosure
Many vendors still believe that security by obscurity is still the best policy and make it a priority to silence vulnerability researchers. Continue Reading
-
News
27 Feb 2007
McAfee fixes flaw in Mac antivirus software
Attackers could exploit the hole in McAfee's Virex 7.7 antivirus program for Mac OS X to bypass the malware scanner, but a fix is available. Continue Reading
-
News
27 Feb 2007
Wireless security: IT pros warily watching mobile phone threats
Security experts have warned repeatedly that mobile phone attacks will grow as the devices become more sophisticated. IT administrators are starting to believe them. Continue Reading
-
News
26 Feb 2007
Storm rages again: Self-morphing Trojan uses blogs to spread rootkits
A new variant of the Storm Trojan that changes with each download is infecting blog sites with malicious URLs, intercepting traffic when visitors try to post comments. Continue Reading
-
News
25 Feb 2007
PatchLink acquires STAT Guardian tool
PatchLink says it will add more muscle to its vulnerability management portfolio by acquiring the STAT Guardian tool from IT vendor Harris Corp. Continue Reading
-
Feature
22 Feb 2007
Microsoft takes a blogosphere beating over Vista UAC
This week in Security Blog Log: Industry experts take Microsoft to task over a "very severe hole" in the design of Vista's User Account Controls (UAC) feature. Continue Reading
-
News
21 Feb 2007
Cisco warns of IP phone flaws
Attackers could circumvent security restrictions by exploiting flaws in certain Cisco IP phones, the networking giant warned Wednesday. Continue Reading
-
Feature
21 Feb 2007
Data breach: If customers don't act, data will remain at risk
To make enterprises take data security seriously, customers must take control of their personally identifiable information and stop handing it out to businesses. Continue Reading
-
News
12 Feb 2007
Mobile carriers admit to malware attacks
Eighty-three percent of mobile operators surveyed by McAfee Inc. say they've suffered malware infections, but two competing security vendors say the overall threat is still small. Continue Reading
-
News
11 Feb 2007
Cybersecurity czar signals government cooperation at RSA Conference
Cybersecurity chief, Greg Garcia told RSA Conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. Continue Reading
-
News
10 Feb 2007
Cisco VoIP managment guide: Required management tasks
Comprehensive VoIP management includes the basic network management tasks, but also includes monitoring services such as dial tone delivery, call success rates, telephony delays and impairments, as well as call quality. VoIP telephony management is categorized here. Continue Reading
-
News
08 Feb 2007
Roundup: Vista security, breakability touted at RSA Conference
At RSA Conference 2007, Microsoft extolled the security virtues of its new operating system, but others weren't afraid to demonstrate how Vista security is lacking. Continue Reading
-
News
07 Feb 2007
EMC plans array-based encryption via PowerPath
EMC's next security move will be array-based encryption through PowerPath by 2008, according to internal documents obtained by SearchStorage. Continue Reading
-
News
05 Feb 2007
Symantec chief: Consumer confidence in data protection is key to online growth
In his keynote at RSA Conference 2007, Symantec CEO John W. Thompson said Big Yellow is ready for the shifting dynamics in the information security market, and implied that Microsoft's growing presence in security is a conflict of interest for its customers. Continue Reading
-
News
05 Feb 2007
Coviello: In 3 years, no more stand-alone security
RSA President Art Coviello says today's patchwork of monolithic security devices will disappear in the next three years as security is integrated into the larger IT infrastructure. Continue Reading
-
News
04 Feb 2007
Vista exploitable, researcher says
Marc Maiffret, CTO and chief hacking officer of eEye Digital Security, said he has found a way to elevate system privileges by exploiting a flaw in Windows Vista. Continue Reading
-
News
04 Feb 2007
CISOs mastering 'softer' skills
Why CISOs can no longer rely on technology skills alone and what businesses are looking for when recruiting their next information security leader. Continue Reading
-
News
04 Feb 2007
Email security buying decisions
Email security can be a daunting task for SMBs -- how do you go about finding the right product? This tip delves into three approaches to email security and the products available. Continue Reading
-
News
04 Feb 2007
Dozens of Web sites spread malicious Trojan
Update: The same malicious JavaScript keylogger that compromised the Dolphin Stadium Web site last week was found over the weekend on dozens of other high-profile Web sites. Continue Reading
-
News
04 Feb 2007
Intrusion detection systems are alive and kicking
IPS hasn't overtaken intrusion detection systems just yet. Senior News Writer Bill Brenner reveals what customers want when they're shopping for IDS products. Continue Reading
-
Feature
31 Jan 2007
New security vendors take on sophisticated attackers
IT Security vendors are developing technologies that show promise in preventing unknown attacks and protecting machines with zero-day vulnerabilities. Continue Reading
-
News
30 Jan 2007
Symantec unveils 'universal ID system'
Symantec said the goal is to create a universally accepted identity system across all Web sites -- from online financial institutions to retailers -- for millions of consumers. Continue Reading
-
News
30 Jan 2007
Using IAM tools to improve compliance
Provisioning and password management tools can ease complexity, reduce help desk calls and save money. But they also have an added benefit: they can help with your compliance woes. Continue Reading
-
News
29 Jan 2007
Entrust to sell cheaper hardware tokens
Security vendor Entrust Inc. will enter the hardware token market selling a $5 one-time password device. Experts say the move could reduce prices across the industry. Continue Reading
-
News
29 Jan 2007
TJX faces lawsuit over data breach
A class action lawsuit against TJX accuses the retailer of negligence for not doing enough to secure customer data and for keeping quiet about the breach for a month. Continue Reading
-
News
25 Jan 2007
Balancing the cost and benefits of countermeasures
The final tip in our series, "How to assess and mitigate information security threats." Continue Reading
-
News
25 Jan 2007
Malware: The ever-evolving threat
The first tip in our series, "How to assess and mitigate information security threats" Continue Reading
-
News
25 Jan 2007
Network-based attacks
The second tip in our series, "How to assess and mitigate information security threats." Continue Reading
-
News
25 Jan 2007
Information theft and cryptographic attacks
The third tip in our series, "How to assess and mitigate information security threats." Continue Reading
-
News
25 Jan 2007
Apple fixes Mac Wi-Fi flaw
The Mac OS X Wi-Fi flaw Apple fixed on 24 Jan was first disclosed as part of the Month of Kernel Bugs in November. Attackers could exploit it to crash the targeted system. Continue Reading
-
Feature
24 Jan 2007
Quiz: Defending mobile devices from viruses, spyware and malware
A five-question multiple-choice quiz to test your understanding of the content presented in Defending mobile devices from viruses and malware lesson of SearchSecurity.com's Messaging Security School. Continue Reading
-
News
24 Jan 2007
Microsoft investigates new Word zero-day
An unpatched memory-corruption flaw in Microsoft Word is the target of "limited" attacks in the wild, Microsoft confirmed Thursday. Continue Reading
-
News
24 Jan 2007
TJX data breach info used to make fraudulent purchases
Fraudulent purchases have been reported globally, according to a trade association that represents more than 200 banks in Massachusetts. Continue Reading
-
News
23 Jan 2007
McAfee: Malware all about ID theft
The use of keylogger technology is surging and there's been a 100-fold rise in phishing attacks, according to a new report from McAfee. Continue Reading
-
Feature
17 Jan 2007
TJX breach: There's no excuse to skip data encryption
Companies complain that database encryption products are too expensive and difficult to manage, but customer loss and breach notification costs outweigh encryption expenses. Continue Reading
-
News
16 Jan 2007
Fortify Software to acquire Secure Software
The acquisition of Secure Software will allow Fortify to expand into the requirements and design phases of the software development lifecycle, the company said. Continue Reading
-
News
10 Jan 2007
Sophos acquires Endforce to add NAC
Antivirus vendor Sophos is rounding out its email Web and desktop security software with Endforce's network access control (NAC) software. Continue Reading
-
News
08 Jan 2007
Attackers hide malicious code using new method
Attackers have designed a new way to thwart virus signatures from antivirus vendors, says a new report. Continue Reading
-
News
03 Jan 2007
Cisco bolsters security with IronPort buy
Cisco Systems agreed Thursday to buy Internet gateway security vendor IronPort Systems Inc. for $830 million. Continue Reading
-
News
03 Jan 2007
Cisco software vulnerable to attack
Cisco's Clean Access software and Clean Access Manager are at risk to attack. A malicious user can access a database snapshot and download it without authentication. Continue Reading
-
News
02 Jan 2007
Security pros grumble over spam increase
Spim and spam from unexpected sources is challenging enterprises in 2007. Some enterprises are taking action. Continue Reading