Antivirus, firewall and IDS products

Storm rages again: Self-morphing Trojan uses blogs to spread rootkits

A new variant of the Storm Trojan that changes with each download is infecting blog sites with malicious URLs, intercepting traffic when visitors try to post comments. Continue Reading

By

• Bill Brenner

PatchLink acquires STAT Guardian tool

PatchLink says it will add more muscle to its vulnerability management portfolio by acquiring the STAT Guardian tool from IT vendor Harris Corp. Continue Reading

By

• Bill Brenner

Microsoft takes a blogosphere beating over Vista UAC

This week in Security Blog Log: Industry experts take Microsoft to task over a "very severe hole" in the design of Vista's User Account Controls (UAC) feature. Continue Reading

Cisco warns of IP phone flaws

Attackers could circumvent security restrictions by exploiting flaws in certain Cisco IP phones, the networking giant warned Wednesday. Continue Reading

By

• Bill Brenner

Data breach: If customers don't act, data will remain at risk

To make enterprises take data security seriously, customers must take control of their personally identifiable information and stop handing it out to businesses. Continue Reading

Mobile carriers admit to malware attacks

Eighty-three percent of mobile operators surveyed by McAfee Inc. say they've suffered malware infections, but two competing security vendors say the overall threat is still small. Continue Reading

By

• Bill Brenner

Cybersecurity czar signals government cooperation at RSA Conference

Cybersecurity chief, Greg Garcia told RSA Conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. Continue Reading

By

• Marcia Savage, Features Editor, Information Security Magazine

Cisco VoIP managment guide: Required management tasks

Comprehensive VoIP management includes the basic network management tasks, but also includes monitoring services such as dial tone delivery, call success rates, telephony delays and impairments, as well as call quality. VoIP telephony management is categorized here. Continue Reading

Roundup: Vista security, breakability touted at RSA Conference

At RSA Conference 2007, Microsoft extolled the security virtues of its new operating system, but others weren't afraid to demonstrate how Vista security is lacking. Continue Reading

By

• SearchSecurity.com Staff

EMC plans array-based encryption via PowerPath

EMC's next security move will be array-based encryption through PowerPath by 2008, according to internal documents obtained by SearchStorage. Continue Reading

By

• Beth Pariseau, Senior News Writer

Symantec chief: Consumer confidence in data protection is key to online growth

In his keynote at RSA Conference 2007, Symantec CEO John W. Thompson said Big Yellow is ready for the shifting dynamics in the information security market, and implied that Microsoft's growing presence in security is a conflict of interest for its customers. Continue Reading

By

• Rob Westervelt, News Editor

Coviello: In 3 years, no more stand-alone security

RSA President Art Coviello says today's patchwork of monolithic security devices will disappear in the next three years as security is integrated into the larger IT infrastructure. Continue Reading

By

• Bill Brenner

Vista exploitable, researcher says

Marc Maiffret, CTO and chief hacking officer of eEye Digital Security, said he has found a way to elevate system privileges by exploiting a flaw in Windows Vista. Continue Reading

By

• Bill Brenner

CISOs mastering 'softer' skills

Why CISOs can no longer rely on technology skills alone and what businesses are looking for when recruiting their next information security leader. Continue Reading

By

• Amber Plante, Assistant Managing Editor, Information Security magazine

Email security buying decisions

Email security can be a daunting task for SMBs -- how do you go about finding the right product? This tip delves into three approaches to email security and the products available. Continue Reading

By

• Joel Dubin, CISSP, Contributor

Dozens of Web sites spread malicious Trojan

Update: The same malicious JavaScript keylogger that compromised the Dolphin Stadium Web site last week was found over the weekend on dozens of other high-profile Web sites. Continue Reading

By

• Eric Parizo, Senior Analyst

Intrusion detection systems are alive and kicking

IPS hasn't overtaken intrusion detection systems just yet. Senior News Writer Bill Brenner reveals what customers want when they're shopping for IDS products. Continue Reading

By

• Bill Brenner

New security vendors take on sophisticated attackers

IT Security vendors are developing technologies that show promise in preventing unknown attacks and protecting machines with zero-day vulnerabilities. Continue Reading

Symantec unveils 'universal ID system'

Symantec said the goal is to create a universally accepted identity system across all Web sites -- from online financial institutions to retailers -- for millions of consumers. Continue Reading

By

• SearchSecurity.com Staff

Using IAM tools to improve compliance

Provisioning and password management tools can ease complexity, reduce help desk calls and save money. But they also have an added benefit: they can help with your compliance woes. Continue Reading

Entrust to sell cheaper hardware tokens

Security vendor Entrust Inc. will enter the hardware token market selling a $5 one-time password device. Experts say the move could reduce prices across the industry. Continue Reading

By

• Robert Westervelt, TechTarget

TJX faces lawsuit over data breach

A class action lawsuit against TJX accuses the retailer of negligence for not doing enough to secure customer data and for keeping quiet about the breach for a month. Continue Reading

By

• Bill Brenner

Balancing the cost and benefits of countermeasures

The final tip in our series, "How to assess and mitigate information security threats." Continue Reading

Malware: The ever-evolving threat

The first tip in our series, "How to assess and mitigate information security threats" Continue Reading

Network-based attacks

The second tip in our series, "How to assess and mitigate information security threats." Continue Reading

Information theft and cryptographic attacks

The third tip in our series, "How to assess and mitigate information security threats." Continue Reading

Apple fixes Mac Wi-Fi flaw

The Mac OS X Wi-Fi flaw Apple fixed on 24 Jan was first disclosed as part of the Month of Kernel Bugs in November. Attackers could exploit it to crash the targeted system. Continue Reading

By

• Bill Brenner

Quiz: Defending mobile devices from viruses, spyware and malware

A five-question multiple-choice quiz to test your understanding of the content presented in Defending mobile devices from viruses and malware lesson of SearchSecurity.com's Messaging Security School. Continue Reading

Microsoft investigates new Word zero-day

An unpatched memory-corruption flaw in Microsoft Word is the target of "limited" attacks in the wild, Microsoft confirmed Thursday. Continue Reading

By

• Bill Brenner

TJX data breach info used to make fraudulent purchases

Fraudulent purchases have been reported globally, according to a trade association that represents more than 200 banks in Massachusetts. Continue Reading

By

• Robert Westervelt, TechTarget

McAfee: Malware all about ID theft

The use of keylogger technology is surging and there's been a 100-fold rise in phishing attacks, according to a new report from McAfee. Continue Reading

By

• Bill Brenner, Senior News Writer

TJX breach: There's no excuse to skip data encryption

Companies complain that database encryption products are too expensive and difficult to manage, but customer loss and breach notification costs outweigh encryption expenses. Continue Reading

Fortify Software to acquire Secure Software

The acquisition of Secure Software will allow Fortify to expand into the requirements and design phases of the software development lifecycle, the company said. Continue Reading

By

• Bill Brenner

Sophos acquires Endforce to add NAC

Antivirus vendor Sophos is rounding out its email Web and desktop security software with Endforce's network access control (NAC) software. Continue Reading

By

• Robert Westervelt, TechTarget

Attackers hide malicious code using new method

Attackers have designed a new way to thwart virus signatures from antivirus vendors, says a new report. Continue Reading

By

• Robert Westervelt, TechTarget

Cisco bolsters security with IronPort buy

Cisco Systems agreed Thursday to buy Internet gateway security vendor IronPort Systems Inc. for $830 million. Continue Reading

By

• Robert Westervelt, TechTarget

Cisco software vulnerable to attack

Cisco's Clean Access software and Clean Access Manager are at risk to attack. A malicious user can access a database snapshot and download it without authentication. Continue Reading

By

• Robert Westervelt, TechTarget

Security pros grumble over spam increase

Spim and spam from unexpected sources is challenging enterprises in 2007. Some enterprises are taking action. Continue Reading

By

• Edmund X. DeJesus, Contributor

Top Windows server hardening tips of 2006

Check out the top Windows server hardening tips of 2006 for helpful advice on domain controller penetration testing, security tips for the Windows Server 2003 OS and more. Continue Reading

Security pros glean insight from '06

Corporate acquisitions, an abundance of spam, and the White House's take on cybersecurity mark 2006. Continue Reading

Looking back at information security in 2006

In this special edition of Security Wire Weekly, senior news writer Bill Brenner reviews his top interviews of 2006. Continue Reading

By

• SearchSecurity.com Staff

Top client security tips of 2006

A network user without the proper know-how is a ticking time bomb when it comes to security. Check out our top five client hardening tips of 2006 to get a head start on protecting yourself from potentially dangerous users. Continue Reading

Microsoft releases Vista APIs to security vendors

Microsoft released a draft set of programming interfaces allowing security vendors to develop software using the Windows kernel on 64-bit systems. Continue Reading

By

• Robert Westervelt, TechTarget

Top network security tips of 2006

The top Windows networking security tips of 2006 cover a range of topics, including network isolation, open source Windows security tools, VPN security and more. Continue Reading

VoIP hacking exposed in new book

VoIP hacking is a reality, and in a new book, two VoIP security experts outline the tools and tricks to avoid a system-crushing hack. Continue Reading

By

• Andrew R. Hickey, Senior News Writer

Criminals find safety in cyberspace

A new report from McAfee shows how criminals are enjoying a sense of safety and anonymity in cyberspace that they never had on the street. And they're making more money. Continue Reading

By

• Bill Brenner

Review: Deep Security is a solid IPS

Third Brigade's Deep Security is a well-designed, effective product with strong configuration and policy control capabilities. Continue Reading

By

• Steven Weil, Point B

Microsoft Vista could improve Internet security

Two new Microsoft Vista features -- Kernel Patch Protection and User Account Control -- could prove especially useful in preventing serious malware infections. Continue Reading

Review: Lancope StealthWatch 5.5 offers more than IDS

Hot Pick: StealthWatch goes far beyond traditional intrusion detection, with powerful network-monitoring features. The optional IDentity-1000 is an essential addition. Continue Reading

By

• Sandra Kay Miller, Contributing Writer

Review: Sky's the limit with Skybox View 3.0

Hot Pick: Skybox View 3.0 offers a unique and flexible approach for assessing and managing specific threats and overall risk to your digital assets. Continue Reading

By

• Brent Huston, Contributing Writer

Infrastructure security: Remote access DMZ

An excerpt from Chapter 7: Infrastructure security from "How to Cheat at Managing Information Security," by Mark Osborne. Continue Reading

Zero-day tracker a hit, but IT shops need better strategy

This week in Security Blog Log: Reaction to eEye's new zero-day tracker is positive, but some experts say it won't help unless IT shops have a layered defense to start with. Continue Reading

MP3 search site pushes spyware, watchdogs say

A Web site that gives users the ability to search for MP3s contains programs that behave like spyware, according to the Center for Democracy and Technology and StopBadware.org. Continue Reading

By

• Bill Brenner

Security Bytes: Phishing worm spreads through MySpace

Round up of security news Continue Reading

By

• SearchSecurity.com Staff

Oracle responds to security critics

Security Blog Log: Oracle takes on researchers who have criticised its security procedures in recent weeks. Meanwhile, Symantec warns of new zombie malware. Continue Reading

Symantec fixes NetBackup Puredisk flaw

An unauthorised user could launch malicious code by exploiting a flaw in Symantec's Veritas NetBackup PureDisk product. But a fix is available. Continue Reading

By

• Bill Brenner

Active Directory security school: Set up and configuration

An Active Directory security lesson. Continue Reading

Active Directory security school: Maintenance and testing

This is lesson three of our Active Directory security school. Continue Reading

Zango defying FTC agreement, researchers say

This week in Security Blog Log: Two researchers accuse Zango of unsavory adware tactics, despite the company's pledge to clean up its act. Continue Reading

BakBone brushes up replication software

BakBone's NetVault Replicator version 5.0 includes automatic configuration of replication for remote sites, a capacity planning tool and a higher performance data movement engine. Continue Reading

By

• Beth Pariseau, Senior News Writer

Trojan poses as Adobe software update

The Trojan keylogger comes in an email that asks users to download the latest version of Adobe Reader. It then tries to steal the user's confidential information. Continue Reading

By

• SearchSecurity.com Staff

Security Blog Log: Sailing a sea of spam

This week, bloggers struggle to purge their bloated inboxes. Their experiences lend weight to recent studies showing a breathtaking spike in spam. Continue Reading

How to manage encryption keys

Encryption is an effective way to secure data, but the encryption keys used must be carefully managed to ensure data remains protected and accessible when needed. Continue Reading

Review: Network Intelligence's enVision

enVision offers excellent value and is highly configurable, though typically that means you have to put a lot into it to get the most out of it. Continue Reading

By

• Brent Huston, Contributing Writer

Tor network privacy could be cracked

The Tor network is used by those who want to keep their IP addresses private. But new research shows that it's possible to compromise the system and unmask the user. Continue Reading

By

• Bill Brenner

Achieving compliance: a real-world roadmap

A security manager's responsibilities extend beyond the technical aspects of the job. These days, effective governance and compliance are just as essential. Continue Reading

What storage managers are buying and why, page 7

What storage managers are buying and why Continue Reading

Enhanced Identity and Access Management

From consolidating directories to automating provisioning and rolling out single sign-on, these sessions identify how leading organizations are strengthening authorization and enforcing access controls. Continue Reading

Snyder On Security: An insider's guide to the essentials

Joel Snyder, senior partner with consultancy Opus One, provides an in-depth look at information security trends and technologies. Continue Reading

Microsoft caves to pressure over Vista security

To accommodate third-party security vendors and appease antitrust regulators in Europe, Microsoft will make some final tweaks to Windows Vista. Continue Reading

By

• Bill Brenner

Microsoft to fold security into Windows division

The software giant said the move would make future Windows development efforts more efficient. The changes take effect after Microsoft releases Vista. Continue Reading

By

• SearchSecurity.com Staff

Security Blog Log: Taking Google Code Search for a spin

This week, the blogosphere is buzzing about Google Code Search. Despite concerns that the tool will aid attackers, some see it as a boost for security. Continue Reading

Brief: Malicious Web site poses as Google

A malicious Web site poses as Google's Italian site, but attempts to install malicious ActiveX controls on victim's machines and ultimately redirect them to adult content. Continue Reading

By

• SearchSecurity.com Staff

Inside MSRC: Public vulnerability disclosures on the rise

Even though irresponsible publicly disclosed vulnerabilities seem to be on the rise, Microsoft's Christopher Budd discusses how the software giant was able to quickly release a fix for the recent VML flaw, plus offers best practices on how to make sure all of this month's software updates are installed correctly. Continue Reading

Banking on the future

As the banking landscape changes and global competition takes hold, IT offers banks a way of differentiating themselves from the competition, so how do they balance innovation and imitation in this tough market sector? Continue Reading

ZERT rekindles third-party patching debate

This week in Security Blog Log: IT security pros express more reservations about third-party patching, including the CEO of a company that released one a few months ago. Continue Reading

On privacy laws, every state is one of confusion

It's getting increasingly difficult for US firms to comply with regulations . David A. Meunier feels that it's time to develop safeguards and processes for this ever-changing regulatory environment. Continue Reading

By

• David A. Meunier

Top 5 free Windows security downloads

The place where you can find free tools that help you crack passwords, remove troublesome spyware and enhance network security. Check out our five most popular tools and find out what you've been missing. Continue Reading

Voice over IP Fundamentals: Chapter 9, 'Billing and Mediation Services'

Voice over IP Fundamentals: Chapter 9, 'Billing and Mediation Services' Continue Reading

Stration worm targets Windows machines

The worm uses several fake email messages, including one claiming to be a security update. Users are advised to avoid unsolicited email attachments. Continue Reading

By

• Bill Brenner

Secure network perimeter to result from Symantec-Juniper deal

Juniper and Symantec announced a deal to integrate Symantec's client security software with Juniper's security hardware. The result will allow endpoint compliance and access control platforms to secure the enterprise perimeter. Continue Reading

By

• Amanda Mitchell, News Editor

Security Bytes: Hackers target the Terminator

In other news, Symantec upgrades its Norton product line and the Anti-Phishing Working Group says phishing activity soared this summer. Continue Reading

By

• SearchSecurity.com Staff

Fast Guide: VoIP encryption

A guide to encryption within VoIP networks Continue Reading

Security Blog Log: Word doc scam evades spam filters

Also this week: A researcher gets a harsh reward after flagging a University of Southern California Web site flaw, and more blogs are keeping an eye on the latest security breaches. Continue Reading

Proofpoint delivers strong messaging security

Proofpoint Messaging Security Gateway is a highly recommended, affordable solution for big enterprises that need protection from email-based attacks. Continue Reading

By

• Phoram Mehta, Contributing Writer

Protecting wireless networks: Step 3

Security testing expert Kevin Beaver covers the tools and techniques needed to find and exploit insecure wireless networks. Continue Reading

Protecting wireless networks: Step 2

Security testing expert Kevin Beaver covers the tools and techniques you'll need to find and exploit insecure wireless networks. Continue Reading

Wireless network security testing

Attack your own wireless networks to find vulnerabilities before malicious hackers do. Continue Reading

Attacks against MS06-040 on the rise

Six pieces of malware are now going after the Windows Server Service flaw outlined in MS06-040, and a spike in attacks has led Symantec to raise its ThreatCon to Level 2. Continue Reading

By

• Bill Brenner

Identity and Access Management Security School

This Security School explores critical topics related to helping security practitioners establish and maintain an effective identity and access management plan. Continue Reading

Survey: Data breaches difficult to spot, prevent

IT pros worry that false positives and a lack of resources are preventing them from blocking data breaches Continue Reading

By

• Bill Brenner

Symantec CIO vies with virtualization, device policy

Symantec CIO David Thompson says virtualization is a big part of the security giant's future and it has developed a policy to mitigate virtualization security risks. Continue Reading

By

• Dennis Fisher

Malware database access sparks debate

Should an emerging database of more than 300,000 malware samples remain a walled community for trusted users, or is open access the best way to fight off digital desperados? Continue Reading

By

• Bill Brenner

AT&T breach affects 19,000 customers

Online outlaws hacked into an AT&T computer system and stole credit card data on thousands of customers. AT&T has offered to pay for credit monitoring services for those affected. Continue Reading

By

• Bill Brenner

Third-party patching: Prudent or perilous?

Security patches issued by third parties have become more prevalent in recent months, and while some security pros endorse them, others say they're more trouble than they're worth. Continue Reading

By

• Bill Brenner

Security Blog Log: Opinions abound on IBM/ISS deal

Bloggers ponder what IBM's acquisition of ISS says about the industry as a whole. Is the end in sight for independent security vendors? Continue Reading

Briefs: VoiceCon in the news

This week at VoiceCon we saw everything from managed VoIP services to IP phones made to make mobile workers right at home, wherever they are. Continue Reading

By

• Amanda Mitchell, News Editor

Apple fixes Xsan security flaw

Attackers could exploit a security flaw in Apple's Xsan file system to launch malicious code and crash vulnerable machines, but a fix is available. Continue Reading

By

• Bill Brenner

Security blog log: Fear and loathing in MS06-040's wake

This week, security bloggers wonder if some of the MS06-040 warnings have gone too far. Meanwhile, Symantec uses its blog to warn about the timed release of exploits. Continue Reading

Cisco says it can't reproduce PIX flaw

Ever since a researcher at Black Hat outlined a flaw in the PIX firewall, Cisco has been trying to reproduce the security hole. So far, the company has been unsuccessful. Continue Reading

By

• Bill Brenner