IT security
-
Opinion
02 May 2025
Security Think Tank: What CISOs can learn from Signalgate
A leak of information on American military operations caused a major political incident in March 2025. The Security Think Tank considers what can CISOs can learn from this potentially fatal error. Continue Reading
-
News
02 May 2025
Retail cyber crime spree a “wake-up call”, says NCSC CEO
The NCSC confirms it is providing assistance to M&S, Co-op and Harrods as concerns grow among UK retailers Continue Reading
-
News
12 Apr 2007
Microsoft DNS server flaw called dangerous
UPDATE: Microsoft said Sunday that attacks are still limited, but a proof of concept code to exploit the vulnerability is publicly available. Continue Reading
-
News
11 Apr 2007
Instant messaging threats become more sophisticated
Instant messaging faces greater threats as more enterprises begin to utilize it, making it a more appealing target to hackers. Continue Reading
-
News
11 Apr 2007
Architectural firm swaps online data backup service providers
As online data backup services take off, one early adopter slashed costs dramatically by switching to a newer service on the market. Continue Reading
-
News
10 Apr 2007
Capacity planning software specifications
Gauging storage needs over time is one of the biggest challenges faced by IT administrators, and a new generation of capacity planning tools is emerging to help forecast growth and utilisation of storage resources. Continue Reading
-
News
10 Apr 2007
The changing threat of email attacks
In this Messaging Security School lesson, expert Mike Rothman details the state of next-generation email threats, explores reputation systems and uncovers threats AV can't catch. Continue Reading
-
News
08 Apr 2007
How data deduplication eases storage requirements
Storage administrators are struggling to handle spiraling volumes of documents, audio, video, images and large email attachments. Adding storage is not always the best solution, and many companies are turning to data reduction technologies such as data deduplication. This article explains the basic principles of data deduplication, and looks at implementation issues. Continue Reading
-
News
08 Apr 2007
Spam campaign uses Storm-like attack technique
Spammers used an attack technique much like last January's "Storm" assault to dupe people into downloading malware over the weekend. This time, they used fake WWIII headlines. Continue Reading
-
News
08 Apr 2007
Symantec fixes 'high-risk' flaw in Enterprise Security Manager
Attackers could hijack machines from remote locations by exploiting a flaw in Symantec Enterprise Security Manager (ESM). Kaspersky Lab users also have a flaw to deal with. Continue Reading
-
News
04 Apr 2007
Data security breach at UCSF may have exposed thousands
The University of California at San Francisco (UCSF) acknowledged Wednesday that a security hole in a computer server may have exposed 46,000 people to potential identity fraud. Continue Reading
-
Feature
04 Apr 2007
When disaster recovery and data classification collide
Attendees at a disaster recovery seminar discussed the complex application dependencies when disaster recovery and data classification combine. Continue Reading
-
News
01 Apr 2007
Microsoft releases patch for Windows ANI flaw
Security companies are seeing massive attacks against the Windows ANI zero-day flaw, prompting Microsoft to rush out a fix a week before Patch Tuesday. Continue Reading
-
Feature
29 Mar 2007
Will data breach be the end of TJX?
This week in Security Blog Log: Industry experts say companies can learn from a data breach and even prosper from it. But is TJX following the right example? Continue Reading
-
Feature
27 Mar 2007
IT pros eye Windows Server 2003 SP2 with caution
Despite its security and stability enhancements, IT pros say they are in no rush to deploy Windows Server 2003 SP2 Continue Reading
-
News
26 Mar 2007
What are some of the best practices for managing the growth of unstructured data?
It starts with corporate policies around data management... Continue Reading
-
News
26 Mar 2007
Web 2.0: CIOs want it their way
A new study found CIOs want Web 2.0 technology, but they're a little insecure about getting it from emerging specialized vendors. Continue Reading
-
News
26 Mar 2007
Metasploit Framework 3.0 released
Brief: Metasploit Framework 3.0 contains 177 exploits, 104 payloads, 17 encoders and 30 auxiliary modules that perform such tasks as host discovery and protocol fuzzing. Continue Reading
-
News
26 Mar 2007
How can a company set retention policies with such a glut of unstructured data?
It depends; there are no easy answers to this. There are a number of initiatives that a company should undertake, including disaster recovery, business continuity planning, Sarbanes-Oxley compliance and data security... Continue Reading
-
News
26 Mar 2007
Are there regulatory compliance issues related to unstructured data?
The most important issue is legal discovery. You may not know what you have or how to find it, so it can be very difficult to find the files that may be required by a court of law... Continue Reading
-
News
25 Mar 2007
Microsoft investigates Windows Vista Mail flaw
Attackers could exploit a flaw in Windows Vista Mail to compromise PCs by tricking the user into opening a malicious email attachment. Microsoft is investigating. Continue Reading
-
News
22 Mar 2007
Flaws haunt protocol tied to national infrastructure
Also: A weakness is found in Windows settings, Microsoft investigates a new Vista flaw, and flaws are addressed in OpenOffice.org and Firefox. Continue Reading
-
News
22 Mar 2007
Mozilla releases Firefox fix
One newly-discovered flaw and several glitches introduced in the last update have been fixed with Mozilla's release of Firefox 2.0.0.3 and 1.5.0.11. Continue Reading
-
News
22 Mar 2007
Midrange storage array specifications
Product snapshots highlighting key specifications for a cross section of midrange storage array products. Continue Reading
-
Feature
21 Mar 2007
Symantec threat report under the microscope
This week in Security Blog Log: Infosec professionals dissect Symantec's latest threat report and express a range of views in the blogosphere. Continue Reading
-
News
21 Mar 2007
Hackers broaden reach of cross-site scripting attacks
An explosion of AJAX-based applications has increased the damage that cross-site scripting (XSS) attacks can inflict on machines. A new tool uses XSS flaws to create a botnet. Continue Reading
-
Feature
21 Mar 2007
Measuring Vista's true security muscle will take time
Researchers are digging through the Windows Vista code right now, and when they find flaws we'll hear about it. But it's the ones we don't hear about that should keep us up at night. Continue Reading
-
News
20 Mar 2007
NAC panel says technology may not add up
A panel discussing the potential of using network access control (NAC) says the technology may not be worth the price of deploying and maintaining it. Continue Reading
-
News
19 Mar 2007
Internet complexity, insecurity could stifle innovation, expert says
Security threats are driving vendors to produce software and devices that automatically update and run only proprietary software with no effort from the end user. The result could be less flexibility and innovation, one expert says. Continue Reading
-
News
18 Mar 2007
Symantec: Data thieves thrive on zero-day flaws
According to Symantec's threat report for the second half of 2006, attackers exploited misplaced USB drives and zero-day flaws to steal vast amounts of data. Expect more of the same in 2007. Continue Reading
-
News
18 Mar 2007
Hacker techniques use Google to unearth sensitive data
Those who know where to look could use Google to dig up all sorts of sensitive company information, including intellectual property and passwords, one security expert warns. Continue Reading
-
Feature
14 Mar 2007
LexisNexis fights crime with storage
The document search company is offering a new data forensics service staffed by former federal agents and powered by commodity NAS. Continue Reading
-
News
13 Mar 2007
NEC reveals HydraStor grid storage
NEC announces its HydraStor array for secondary storage, touting its grid storage architecture, automated policies for data management and scalable deduplication. Continue Reading
-
News
13 Mar 2007
What are some best practices for retaining data in a highly regulated business environment?
Have a good information retention policy. I see a lot of organizations where they retain backups or copies of databases, but they don't know why they're retaining it or for how long... Continue Reading
-
News
08 Mar 2007
Review: eGuardPost a B+ overall
eGuardPost is a well-designed and highly capable product that meets an important need. It has strong security and great forensics capabilities. Continue Reading
-
News
08 Mar 2007
Review: Sun Java System Identity Manager 7.0 'impressive'
Hot Pick: Sun Java System Identity Manager 7.0 excels with agentless connectors, scalability and amazing auditing. Continue Reading
-
News
07 Mar 2007
Microsoft cancels Patch Tuesday as DST looms
IT administrators who are struggling to apply all their daylight-saving time (DST) patches will get a break from Microsoft next week, as no new security fixes will be released. Continue Reading
-
News
07 Mar 2007
Symantec acquires automated risk assessment firm
Symantec has acquired Reston, Va.-based 4FrontSecurity, a maker of automated risk analysis and security management tools. An expert says it's the latest sign that the security risk assessment market is heating up. Continue Reading
-
News
06 Mar 2007
Tape restoration firm accelerates restores
National Data Conversion uses Index Engines technology to speed up tape restores for litigation. Continue Reading
-
News
06 Mar 2007
Unified communications translates to intelligent communications
Unified communications and its business benefits were the underlying themes of the keynote presentations yesterday at VoiceCon Spring 2007. Continue Reading
-
News
04 Mar 2007
Expert: NAC not a network security cure-all
According to an expert at Black Hat DC, NAC success demands careful planning and a good understanding of the company network; otherwise, implementations can quickly go awry. Continue Reading
-
News
02 Mar 2007
Police force secures data with biometrics
Humberside Police has issued biometric USB drives among staff to maintain data security. Continue Reading
-
News
01 Mar 2007
Linksys, Gateway launch low-end NAS
Cisco subsidiary Linksys and PC maker Gateway launch new NAS products for small businesses and consumers. Continue Reading
-
Feature
28 Feb 2007
PING with Mark Odiorne
Mark Odiorne, CISO at Scottish Re, provides insights on pen testing procedures, prioritising security for senior management and keeping compliant. Continue Reading
-
News
28 Feb 2007
RFID cloning presentation moves forward despite legal threats
Chris Paget, director of research and development at IOActive spoke mainly about the science behind RFID tags and readers and the inherent security issues of the technology. Continue Reading
-
Feature
28 Feb 2007
RFID dispute: Vendors still hostile toward full disclosure
Many vendors still believe that security by obscurity is still the best policy and make it a priority to silence vulnerability researchers. Continue Reading
-
News
27 Feb 2007
McAfee fixes flaw in Mac antivirus software
Attackers could exploit the hole in McAfee's Virex 7.7 antivirus program for Mac OS X to bypass the malware scanner, but a fix is available. Continue Reading
-
News
27 Feb 2007
'Worm' targets Sun Solaris Telnet flaw
Security researchers have found evidence that a worm is trying to exploit the recently patched Telnet flaw in Sun Solaris. Experts say it's another reason to stay away from Telnet. Continue Reading
-
News
27 Feb 2007
Wireless security: IT pros warily watching mobile phone threats
Security experts have warned repeatedly that mobile phone attacks will grow as the devices become more sophisticated. IT administrators are starting to believe them. Continue Reading
-
Feature
26 Feb 2007
RFID privacy, security should start with design
Companies planning to deploy radio frequency identification technology (RFID) must demand that privacy and security issues are addressed early. Continue Reading
-
News
26 Feb 2007
Storm rages again: Self-morphing Trojan uses blogs to spread rootkits
A new variant of the Storm Trojan that changes with each download is infecting blog sites with malicious URLs, intercepting traffic when visitors try to post comments. Continue Reading
-
News
25 Feb 2007
HP announces iSCSI VTL for SMBs
HP's new iSCSI VTL devices include automated backup capabilities for users with fewer than four servers. Continue Reading
-
News
25 Feb 2007
PatchLink acquires STAT Guardian tool
PatchLink says it will add more muscle to its vulnerability management portfolio by acquiring the STAT Guardian tool from IT vendor Harris Corp. Continue Reading
-
Feature
22 Feb 2007
Microsoft takes a blogosphere beating over Vista UAC
This week in Security Blog Log: Industry experts take Microsoft to task over a "very severe hole" in the design of Vista's User Account Controls (UAC) feature. Continue Reading
-
News
22 Feb 2007
Google offers 10 GB inbox
The search engine giant is offering an email application on a subscription basis with five times the storage capacity of the free version. Continue Reading
-
Feature
22 Feb 2007
Flaws haunt Symantec, IBM, Cisco and IE
Bug Briefs: Security holes plague Symantec Norton products, IBM DB2; Mozilla Firefox; Trend Micro ServerProtect; Cisco IP phones; Google Desktop; IE and Snort. Continue Reading
-
News
21 Feb 2007
Cisco warns of IP phone flaws
Attackers could circumvent security restrictions by exploiting flaws in certain Cisco IP phones, the networking giant warned Wednesday. Continue Reading
-
Feature
21 Feb 2007
Data breach: If customers don't act, data will remain at risk
To make enterprises take data security seriously, customers must take control of their personally identifiable information and stop handing it out to businesses. Continue Reading
-
News
20 Feb 2007
Cisco routers threatened by drive-by pharming
Millions of Cisco routers in circulation could be compromised by a newly-discovered attack technique Symantec calls drive-by pharming, the networking giant warned in an advisory. Continue Reading
-
News
20 Feb 2007
Microsoft confirms new IE flaw
Attackers could exploit a new flaw in Internet Explorer (IE) to access local files on targeted systems, Microsoft confirmed Tuesday. Continue Reading
-
News
20 Feb 2007
TJX data breach worse than initially feared
Hackers had access to a larger amount of customer data, TJX executives said in a statement. Continue Reading
-
News
19 Feb 2007
Sourcefire fixes Snort flaw
Attackers could exploit a flaw in the popular open source Snort IDS tool to cause a denial of service or launch malicious code. Continue Reading
-
News
19 Feb 2007
When security firms merge, some users are losers
Some users see their services improve when IT security vendors merge with other companies or get acquired. Others say they've been left out in the cold. Continue Reading
-
News
19 Feb 2007
Quiz: Compliance improvement -- Get better as you go forward
A five-question multiple-choice quiz to test your understanding of the content presented by expert Richard Mackey in this lesson of SearchSecurity.com's Compliance School. Continue Reading
-
News
14 Feb 2007
New attack technique threatens broadband users
Millions of broadband users across the globe are threatened by a new attack technique called drive-by pharming Continue Reading
-
News
13 Feb 2007
Fortune 500 firm takes a crack at data classification
A life sciences company undertakes a data classification project with Abrevity and discovers the job is never done. Continue Reading
-
News
12 Feb 2007
Mobile carriers admit to malware attacks
Eighty-three percent of mobile operators surveyed by McAfee Inc. say they've suffered malware infections, but two competing security vendors say the overall threat is still small. Continue Reading
-
News
12 Feb 2007
Microsoft fixes zero-day flaws in Word, Office
Twelve security updates from Microsoft fix a range of problems, including a flaw in the Malware Protection Engine and previously-exploited zero-days glitches in Word and Office. Continue Reading
-
News
12 Feb 2007
Skype makes more enterprise inroads
Skype has teamed with FaceTime Communications to give companies more control over Skype use within the enterprise. Continue Reading
-
News
11 Feb 2007
Cybersecurity czar signals government cooperation at RSA Conference
Cybersecurity chief, Greg Garcia told RSA Conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. Continue Reading
-
News
11 Feb 2007
Solaris 10 has zero-day Telnet flaw
Attackers could exploit a zero-day flaw in Solaris 10's Telnet daemon to bypass authentication and gain unauthorized system access, security experts warn. Continue Reading
-
News
10 Feb 2007
Cisco VoIP managment guide: Required management tasks
Comprehensive VoIP management includes the basic network management tasks, but also includes monitoring services such as dial tone delivery, call success rates, telephony delays and impairments, as well as call quality. VoIP telephony management is categorized here. Continue Reading
-
News
08 Feb 2007
Roundup: Vista security, breakability touted at RSA Conference
At RSA Conference 2007, Microsoft extolled the security virtues of its new operating system, but others weren't afraid to demonstrate how Vista security is lacking. Continue Reading
-
News
08 Feb 2007
New storage IPOs report losses
Of the 2006 "graduating class" of storage IPOs, two reported losses this week in their first quarter as public companies. Continue Reading
-
News
07 Feb 2007
Briefs: Vulnerabilities found in Trend Micro, Firefox browser
This week, Trend Micro released a fix for a flaw in its antivirus engine, while no fixes are available for two newly discovered Mozilla Firefox browser flaws. Continue Reading
-
News
07 Feb 2007
EMC plans array-based encryption via PowerPath
EMC's next security move will be array-based encryption through PowerPath by 2008, according to internal documents obtained by SearchStorage. Continue Reading
-
News
07 Feb 2007
OSI: Securing the stack, Layer 2 -- Understanding the role of ARP
Part two of our series on securing the OSI stack looks at the perils of Address Resolution Protocol. Continue Reading
-
News
05 Feb 2007
CA backup bug exploitable on Vista
In what appears to be the first exploit for a third-party app running on Vista, a previously patched buffer overflow vulnerability in CA BrightStor ARCserve Backup has been exploited. One security firm says ISVs aren't taking advantage of Vista's new security features. Continue Reading
-
News
05 Feb 2007
Acopia hypes heterogeneous snapshot
The file virtualisation startup is blustering about a demonstration of heterogeneous snapshot technology, but is being coy about releasing a product. Continue Reading
-
News
05 Feb 2007
Symantec chief: Consumer confidence in data protection is key to online growth
In his keynote at RSA Conference 2007, Symantec CEO John W. Thompson said Big Yellow is ready for the shifting dynamics in the information security market, and implied that Microsoft's growing presence in security is a conflict of interest for its customers. Continue Reading
-
News
05 Feb 2007
Rootkit dangers at an 'all-time high'
Industry experts at RSA Conference 2007 say not only have rootkits become the weapon of choice for malicious hackers, but they've also emerged as useful tools for legitimate businesses trying to exert control over users. Continue Reading
-
News
05 Feb 2007
Coviello: In 3 years, no more stand-alone security
RSA President Art Coviello says today's patchwork of monolithic security devices will disappear in the next three years as security is integrated into the larger IT infrastructure. Continue Reading
-
News
05 Feb 2007
VoIP security, unified communications need questioned
VoIP security issues and questions about the business need for unified communications have stalled adoption of both technologies, according to CompTIA's recent survey. Continue Reading
-
News
05 Feb 2007
Gates touts secure access anywhere
Microsoft's chairman tells RSA Conference 2007 attendees that a combination of authentication and access management strategies is what it takes to protect corporate data, but information security pros are willing to wait for the proof. Continue Reading
-
News
05 Feb 2007
RSA Conference 2007: Product announcements
RSA Conference 2007: Product announcements Continue Reading
-
News
04 Feb 2007
RSA Conference 2007: Special news coverage
Check out news, interviews, product announcements, podcasts and more live from the RSA Conference 2007 in San Francisco. Continue Reading
-
News
04 Feb 2007
Vista exploitable, researcher says
Marc Maiffret, CTO and chief hacking officer of eEye Digital Security, said he has found a way to elevate system privileges by exploiting a flaw in Windows Vista. Continue Reading
-
News
04 Feb 2007
CISOs mastering 'softer' skills
Why CISOs can no longer rely on technology skills alone and what businesses are looking for when recruiting their next information security leader. Continue Reading
-
News
04 Feb 2007
Email security buying decisions
Email security can be a daunting task for SMBs -- how do you go about finding the right product? This tip delves into three approaches to email security and the products available. Continue Reading
-
News
04 Feb 2007
Dozens of Web sites spread malicious Trojan
Update: The same malicious JavaScript keylogger that compromised the Dolphin Stadium Web site last week was found over the weekend on dozens of other high-profile Web sites. Continue Reading
-
News
04 Feb 2007
New zero-day attack targets Microsoft Excel
Microsoft says maliciously crafted Excel files may permit the execution of arbitrary code. Other Microsoft Office applications may be at risk. Continue Reading
-
News
04 Feb 2007
HDS to acquire Archivas for up to $120M
HDS will acquire archiving software partner, Archivas for close to $120 million stepping up its effort to compete with EMC in this market. Continue Reading
-
News
04 Feb 2007
HP fills in gaps with product updates
HP announced updates to several of its products, but analysts are wondering what its ultimate strategy will be for storage virtualisation. Continue Reading
-
News
04 Feb 2007
Intrusion detection systems are alive and kicking
IPS hasn't overtaken intrusion detection systems just yet. Senior News Writer Bill Brenner reveals what customers want when they're shopping for IDS products. Continue Reading
-
Feature
31 Jan 2007
New security vendors take on sophisticated attackers
IT Security vendors are developing technologies that show promise in preventing unknown attacks and protecting machines with zero-day vulnerabilities. Continue Reading
-
Feature
30 Jan 2007
Quiz: Using IAM tools to improve compliance
A five-question multiple-choice quiz to test your understanding of the content presented by expert Tom Bowers in this lesson of SearchSecurity.com's Identity and Access Management Security School. Continue Reading
-
News
30 Jan 2007
Microsoft disputes Word zero-day report
Symantec is warning of a new zero-day vulnerability in Microsoft Word. But Microsoft doesn't believe the flaw is new. Continue Reading
-
News
30 Jan 2007
Lawyers discuss e-discovery gotchas
During panel sessions at Legal Tech, lawyers provided their insights into the e-discovery process, retention policies and helping judges get up to speed. Continue Reading
-
News
30 Jan 2007
Symantec unveils 'universal ID system'
Symantec said the goal is to create a universally accepted identity system across all Web sites -- from online financial institutions to retailers -- for millions of consumers. Continue Reading
-
News
30 Jan 2007
Using IAM tools to improve compliance
Provisioning and password management tools can ease complexity, reduce help desk calls and save money. But they also have an added benefit: they can help with your compliance woes. Continue Reading
-
News
29 Jan 2007
Entrust to sell cheaper hardware tokens
Security vendor Entrust Inc. will enter the hardware token market selling a $5 one-time password device. Experts say the move could reduce prices across the industry. Continue Reading
-
News
29 Jan 2007
TJX faces lawsuit over data breach
A class action lawsuit against TJX accuses the retailer of negligence for not doing enough to secure customer data and for keeping quiet about the breach for a month. Continue Reading