IT security

Microsoft update to patch critical Windows flaw

Microsoft plans to patch a critical flaw in Windows and plug holes in MSN Messenger, Visual Studio, and Windows services for Unix. Continue Reading

By

• SearchSecurity.com Staff

Government warns of dangerous QuickBooks Online flaw

Attackers could exploit two flaws in the popular Intuit QuickBooks Online Edition to cause buffer overflows and download or upload files in arbitrary locations, US-CERT warned. Continue Reading

By

• Bill Brenner

Cybercriminals employ toolkits in rising numbers to steal data

The market is increasing for crimeware toolkits that help cybercriminals avoid detection and exploit flaws, according to new research from security vendor, Finjan. Continue Reading

By

• Robert Westervelt, TechTarget

Understanding VoWLAN

Like VoIP, VoWLAN contributes to cost efficiency. Because calls can be routed over the data network internally or over the Internet externally, mobile telephony costs can be eliminated or decreased significantly. In the long term, VoWLAN deployment is a significant step toward interoperability and seamless mobile connectivity between private WLANs and public wireless and cellular networks. Continue Reading

Data security breach at Pfizer affects thousands

A Pfizer employee removed files exposing 34,000 people to potential identity fraud, according to the company. It was the third data breach at the company in three months. Continue Reading

By

• SearchSecurity.com Staff

NAC switches, appliances help track users, malware

Some vendors are offering switches and appliances to monitor traffic for malware and unauthorized access, as the NAC market including Cisco NAC and Microsoft NAP sorts itself out. Continue Reading

By

• Neil Roiter, TechTarget

Firefox security issues persist despite update

Despite Mozilla's recent Firefox security update, researchers say there's another way attackers could exploit the browser for malicious purposes. Continue Reading

By

• Bill Brenner

Now the dust has settled on pornography filtering...

Andrew Collins looks at the controversial topic of Internet porn filtering in Australia, now that the federal government has enacted its hotly debated plans. Continue Reading

By

• Andrew Collins

User performs data storage U-turn

U-Store-It, a national self-storage company, decentralized its data centers, migrated data from SAN to DAS and de-clustered Exchange to simplify storage management. Continue Reading

By

• Beth Pariseau, Senior News Writer

Network access control vendors: Attraction vs. retention

Network access control (NAC) vendors were evaluated based on attractiveness and customer retention in a recent survey by Current Analysis. Continue Reading

By

• Andrew R. Hickey

Rootkit found in older Sony USB device

F-Secure says it discovered rootkit technology in Sony's Micro Vault USM-F fingerprint reader software. The find comes two years after controversy over Sony's DRM technology. Continue Reading

By

• Bill Brenner

SaaS apps being deployed by business units, not IT

When it comes to deploying applications via SaaS, IT is still behind the curve. What's preventing IT from getting control over the programs business units want? Continue Reading

By

• Shamus McGillicuddy, Enterprise Management Associates

Unified communications slow to change U.S. work culture

Unified communications implementation is still high, but many enterprises have yet to allow users all its advantages. Continue Reading

By

• Kate Dostart, Associate Editor

Data archives overview

When a file is lost due to user error, or data is corrupted because of system problems, the affected data can be restored from a backup. An archive is different from a backup because the data may not be used for months, even years, but must be accessed quickly when needed. There is simply no time to search through burgeoning volumes of tape or optical media to locate important files. Traditional backup platforms are poorly suited for archival data storage, and users are relying on disk storage systems for a mix of performance and reliability. Files can be archived to any disk storage system, but content-addressed storage (CAS) technology has appeared to support archiving efforts. Continue Reading

By

• Stephen J. Bigelow, Senior Technology Editor

SANS: Attackers may be attempting Trend Micro exploits

The SANS Internet Storm Center (ISC) warns that attackers may be attempting to exploit flaws in Trend Micro products to hijack computer systems. Continue Reading

By

• Bill Brenner

Nokia Intellisync boosts device management

Nokia Intellisync has released updates to its Mobile Suite to enhance remote device support, loss and theft protection, and management capabilities. Continue Reading

By

• Andrew R. Hickey, News Editor

Experts: IDS is here to stay

IDS technology has survived predictions that it would be replaced by IPS. One expert says it will remain a separate product while IPS is folded into firewalls. Continue Reading

By

• Bill Brenner

Trend Micro fixes flaws in ServerProtect, PC-cillin

Attackers could tamper with servers and run malicious code by exploiting flaws in Trend Micro's ServerProtect, Anti-Spyware and PC-cillin products. But fixes are available. Continue Reading

By

• Bill Brenner

Microsoft adds CA vets to anti-malware team

Microsoft has hired Jakub Kaminski, one of CA's more talented and well-regarded antivirus researchers, and three of his colleagues from CA's Australian lab. Continue Reading

By

• Dennis Fisher

Attackers target two Microsoft security flaws

Symantec warned customers about attacks targeting two Microsoft security flaws -- an unpatched DirectX Media vulnerability and the XML Core Services flaw patched in MS07-042. Continue Reading

By

• Bill Brenner

Backup reporting expands to add capacity planning

Aptare adds capacity planning for primary data storage to its product line, joining Symantec in recent attempts to broaden the appeal of reporting software. Continue Reading

By

• Beth Pariseau, Senior News Writer

Nigel Phair, author of 'Cybercrime: The Reality of the Threat', on Australia's response

In the first instalment of a three part interview, TechTarget Australia's Patrick Gray interviews Australian Federal Police Agent Nigel Phair about his new book: Cybercrime: The Reality of the Threat. Until recently, Phair was the Team Leader of Investigations at the Australian High Tech Crime Centre (AHTCC) in Canberra. Continue Reading

By

• Patrick Gray

Sourcefire acquires open source ClamAV

Sourcefire, maker of the popular Snort open source IDS tool, has acquired ClamAV, an open source email gateway scanning tool. Continue Reading

By

• Bill Brenner

VMware acquires HIPS provider Determina

VMware, the leader in virtualization software, has acquired Determina, a provider of host IPS technology. Continue Reading

By

• Dennis Fisher

College campuses prepare for Microsoft Vista challenges

With new Vista machines coming to campus, the IT shops of academia have no choice but to embrace the latest Windows OS and its security implications. Continue Reading

By

• Bill Brenner

Wal-Mart deploys new data security system

Wal-Mart Stores has deployed a data security and encryption system to secure data going over its global network. Continue Reading

By

• Antony Savvas

Network analysis -- Enhancing security assessments

Network security assessment doesn't have to rely on expensive automated tools. In this tip, learn how to use data from freely available tools to produce a comprehensive view of network security. Continue Reading

By

• Dave Piscitello

TJX profit takes hit over data breach

TJX says it has spent $256 million responding to the massive data breach that exposed 45 million customers to identity fraud, and the bottom line has suffered as a result. Continue Reading

By

• SearchSecurity.com Staff

Firewall deployment options increase for enterprises

With a growing number firewall configuration options, companies need to spend more time and put more effort into determining how to design and deploy firewalls. Continue Reading

By

• Paul Korzeniowski

Latest Microsoft flaws affect Windows, IE, Excel

Microsoft released nine security updates Tuesday -- six of them critical -- for flaws in Internet Explorer, Excel and other programs within the Windows OS. Continue Reading

By

• Bill Brenner

How to test Snort

VARs should test Snort to ensure the open source IDS is detecting malicious activity. Continue Reading

By

• Richard Bejtlich

Novell to acquire Senforce for endpoint security

Novell is acquiring Senforce, an early network access control supplier, to integrate its endpoint security features and develop an endpoint management suite. Continue Reading

By

• Robert Westervelt, TechTarget

Apple iPhone to provoke complex mobile attacks, expert warns

Mikko Hypponen, director of antivirus research at F-Secure, said he expects mobile malware attacks to escalate thanks to interest in Apple's iPhone. Continue Reading

By

• Bill Brenner

Telstra network build spurs new security plan

Telstra's experience constructing the Next G and Next IP networks has seen the telco evolve a new security strategy. Continue Reading

By

• Simon Sharwood

VoIP vulnerability threatens data

VoIP vulnerabilities have now reached a level of sophistication that allows hackers to steal, view or delete data. Continue Reading

By

• Andrew R. Hickey

Gartner security summit outlines 'Security 3.0'

Gartner has opened its Sydney Security Summit with a definition of Security 3.0. Continue Reading

By

• Simon Sharwood with Andrew Collins

VoIP models and services: Complete guide

With clear, concise explanations of existing VoIP business models and deployment methodologies, this guide will enable you to weigh the pros and cons of each based on your needs. Continue Reading

NAS appliance purchase considerations

NAS appliances are frequently touted for bringing convenience and simplicity to network storage. Appliances include their own dedicated disks for storage and RAID, and most NAS appliances can be upgraded with more or larger disks for additional storage space. However, NAS appliances do pose some disadvantages. Consequently, the choice of NAS appliance requires careful evaluation. Now that you've reviewed the essential issues involved in any NAS product, this guide focuses on specific considerations for dedicated NAS appliances. You'll also find a series of specifications to help make on-the-spot product comparisons between vendors. Continue Reading

Sun adds virtual tape library to Thumper

Analysts say the combo of FalconStor's software, Solaris and Thumper is a good sign of integration from Sun after a disorganised year, but it's unclear if users will be convinced. Continue Reading

By

• Beth Pariseau, Senior News Writer

Cisco warns of critical IOS flaws

Attackers could exploit multiple flaws in Cisco's IOS to cause a denial of service or remotely execute arbitrary code. Continue Reading

By

• SearchSecurity ANZ Staff

VeriSign employee data exposed in laptop theft

Current and former employees of VeriSign were exposed to potential data fraud when a laptop housing their information was stolen from the car of a former employee. Continue Reading

By

• Bill Brenner

VoIP vulnerability threatens data

VoIP vulnerabilities have now reached a level of sophistication that allows hackers to steal, view or delete data. Continue Reading

By

• Andrew R. Hickey, News Editor

Immunity releases new exploit-writing tool

Pen testing company says its Debugger tool offers researchers a new way to write exploits, analyse malware and reverse engineer binary files. Continue Reading

By

• Bill Brenner

NAS appliance specifications

NAS appliances are noted for their convenience, offering dedicated internal storage that is relatively straightforward to identify and manage. The biggest issue for NAS appliances is avoiding network bottlenecks and supporting expansion without having to proliferate additional appliances across the network. The product snapshots in this chapter highlight key specifications for a cross section of major NAS appliance products. Continue Reading

Cisco warns of critical IOS flaws

Attackers could exploit multiple flaws in Cisco's IOS to cause a denial of service or remotely execute arbitrary code. Continue Reading

By

• SearchSecurity.com Staff

Wi-Fi simplicity edging out Wi-Fi security

Experts say the standards are available to lock down Wi-Fi, but many network and security managers are taking an easier approach. Continue Reading

By

• Eric Parizo, Senior Analyst

EMC's RSA to acquire Tablus for data loss prevention

RSA, the security division of EMC Corp., said it planned to acquire Tablus, a maker of sensitive data scanning and classification tools and data protection software. Continue Reading

By

• Dennis Fisher

How to cheat at VoIP Security

Securing a VoIP infrastructure requires planning, analysis, and detailed knowledge about the specifics of the implementation you choose to use. Continue Reading

Subpar security compromises compliance

Pressure to keep trading applications available has nudged security to the back of the development line. Continue Reading

Does compliance make encryption always necessary?

Many organisations look to encryption to protect sensitive data. Yet hundreds of millions of people who use the Internet also use encryption, yet most of them don't even know it. Continue Reading

Researchers wrangle petabytes of data storage with NAS, tape

Scientists at Cern's LHC say dozens of petabytes require custom-built NAS systems and data migration software, but commercial tape drives are mostly up to snuff. Continue Reading

By

• Beth Pariseau, Senior News Writer

Discovery of malware cesspool triggers attack fears

Trend Micro researchers say a malware-infested Web server in Russia, linked to several Italian Web sites, could lead to a large-scale attack. Continue Reading

By

• SearchSecurity.com Staff

Apple releases fixes for Mac OS X, iPhone vulnerabilities

Apple Computer has released software patches fixing critical vulnerabilities in Mac OS X and its newly released iPhone. Continue Reading

By

• Edmund X. DeJesus, Contributor

Users make iSCSI Sans with USB keys

Users say that Open-E's iSCSI San software, which is delivered on a USB stick, is more affordable than prepackaged systems and has more support than free iSCSI target products. Continue Reading

By

• Beth Pariseau, Senior News Writer

Black Hat 2007: Researchers highlight new database attack method

At this week's hacker confab, expert penetration testers will demonstrate how cyberthieves can reach into corporate databases -- without exploiting a specific software flaw -- to steal credit card and Social Security numbers. Continue Reading

By

• Bill Brenner

Attackers ultimately drive security market, analyst says

The security market is being driven by spam gangs, cyberthieves and other criminals bent on hacking into company and government databases to steal sensitive information. Continue Reading

By

• Robert Westervelt, TechTarget

Security update fixes Yahoo Widgets flaw

Attackers could exploit a Yahoo Widgets flaw to run malicious code on compromised Windows computers, but a security update is available. Continue Reading

By

• Bill Brenner

Cisco knocks out Avaya as IP PBX heavyweight

IP PBX adoption is rising as Cisco and Avaya square off for market dominance. Continue Reading

By

• Andrew R. Hickey

Most antispam technologies get failing grade

An independent study finds that many enterprises are not satisfied with traditional antispam technologies. Continue Reading

By

• Robert Westervelt, TechTarget

Stop simultaneous connections to corporate LANs and external Wi-Fi networks

How can you stop simultaneous connections to corporate LANs and external Wi-Fi networks? Find out from expert Lisa Phifer. Continue Reading

By

• Lisa Phifer, Core Competence

EMC reports Clariion surge, data archiving slump

EMC's revenues are up this quarter, attributed in part to a big boost in Clariion sales, but CEO Joe Tucci is critical of the company's execution in data archiving. Continue Reading

By

• Beth Pariseau, Senior News Writer

Cisco issues warning for wireless LAN controller flaws

Cisco Systems is warning customers of flaws in its wireless LAN controllers that initially crippled a wireless network at Duke University. Continue Reading

By

• Robert Westervelt, TechTarget

Apple iPhone crack discovered by security researchers

Researchers have found a way to take complete control of the Apple iPhone by sending a user to a malicious Web site. Continue Reading

By

• Dennis Fisher

New hacking technique exploits common programming error

Researchers at Watchfire Inc. say they discovered a new technique that exploits a common dangling pointer error. Continue Reading

By

• Dennis Fisher

PCI compliance costs often underestimated, study finds

Companies are moving forward with PCI DSS projects, but many are underestimating the costs associated with compliance. Continue Reading

By

• Robert Westervelt, TechTarget

Core Security CEO to step down

Paul Paget, the CEO of penetration testing software vendor Core Security Technologies said he is better-suited for start-ups Continue Reading

By

• Dennis Fisher

Black Hat Las Vegas 2007: Special news coverage

SearchSecurity.com covers all the controversy at this year's show with news, features, podcasts, interviews, exploits and more direct from Las Vegas. Continue Reading

NAC growth sluggish as companies consider network security options

Companies are taking a wait-and-see approach, hoping the technology's maturity will make it more cost effective. Continue Reading

By

• Dennis Fisher

For Boeing, data security, network access still hazy

Boeing is trying to reshape its network security architecture to better protect sensitive systems from threats without degrading employee productivity. Continue Reading

By

• Robert Westervelt, TechTarget

CDP platform purchase considerations

Busy IT organizations are employing continuous data protection (CDP) technologies to guard data on the fly, essentially eliminating the backup window and allowing granular file and system restoration -- sometimes down to the individual disk write operation. Several CDP appliances are available, but many are implemented in software, and all require careful consideration before purchase. This article focuses on the specific purchase considerations for CDP products. Continue Reading

Zero-day auction site complicates security efforts, IT pros say

WabiSabiLabi, the eBay-like marketplace for zero-day flaws, will make it tougher for companies to ward off attackers, some IT security professionals say. Continue Reading

By

• Bill Brenner

Oracle plans 46 security updates for database, software

Attackers could tamper with database servers and host operating systems by exploiting flaws across Oracle's product line. Continue Reading

By

• Bill Brenner

CDP platform specifications

Continuous data protection (CDP) products track changes to files and data -- typically in real time -- recording activity and allowing recovery to an extremely granular level. This effectively reduces backup windows and restore points, allowing busy transactional data centers to protect mission-critical applications without significant downtime for backups or restorations. In most cases, CDP is implemented as software running on a server with internal or network storage access. The following product snapshots highlight key specifications for a cross-section of CDP systems/appliances currently available. Continue Reading

Oracle's July 2007 CPU has 45 security fixes

Oracle stuffed 45 security updates into its July 2007 CPU, fixing flaws across its product line attackers could exploit remotely to compromise corporate databases. Continue Reading

By

• Bill Brenner

ISO 27001 could bridge the regulatory divide, expert says

Karen Worstell, former CISO at Microsoft and AT&T Wireless, now on the advisory board of Neupart A/S, explains how ISO 27001 can be used to help companies comply with a variety of regulations and standards Continue Reading

By

• Bill Brenner

Symantec fixes flaws in AntiVirus, Backup Exec

Symantec fixed flaws attackers could exploit in AntiVirus Corporate Edition and Backup Exec to launch malicious code, gain elevated user privileges or cause a denial of service. Continue Reading

By

• Bill Brenner

Antispyware legislation gets tepid reviews

Congress is debating three different bills that would punish spyware pushers, but some IT professionals have their doubts about legislation as a solution to the problem. Continue Reading

By

• Bill Brenner

Web security gateways meet rising malware threats

Web security gateways combine layered defense against the rising tide of Web-based malware with URL filtering and application control. Continue Reading

By

• Neil Roiter, TechTarget

Zero-day auction site highlights ethical debate

A new auction site plans to cash in on flaw research. Executive Editor Dennis Fisher explores if it's a viable business model and if research should be sold to the highest bidder. Continue Reading

United in threat management part three: how scared are you?

Wrapping up his look at unified threat management, Ian Yates wonders if the technique will help you sleep better at night. Continue Reading

By

• Ian Yates

Microsoft July updates for critical Excel, Windows and .NET flaws

Of the six security updates Microsoft released Tuesday, experts expressed the most concern about a critical glitch in the .NET Framework that could leave client machines and Web servers open to attack. Continue Reading

By

• Bill Brenner

Data breaches, compliance drive intellectual property protection

Recent high profile data breaches and compliance pressures are forcing companies to spend more on technology to protect intellectual property, according to a new study. Continue Reading

By

• Robert Westervelt, TechTarget

Google buy shakes up email archiving

Google's acquisition of Postini will boost adoption of Gmail, pushing email archiving players to add support for hosted applications. Continue Reading

By

• Beth Pariseau, Senior News Writer

Microsoft preps six security updates for Windows, Office

Microsoft will release six security updates on Tuesday 10 July to address flaws attackers could exploit to launch malicious code and access sensitive information on victims' machines. Continue Reading

By

• SearchSecurity.com Staff

Security Metrics: Replacing Fear, Uncertainty, and Doubt

In this chapter excerpt from "Security Metrics: Replacing Fear, Uncertainty and Doubt," author Andrew Jaquith reveals ways to present security data in a clean and elegant manner. Continue Reading

Zero-day auction site opened by Swiss lab

Swiss start-up WabiSabiLabi is offering zero-day findings for qualified buyers. The site could fuel new debate over flaw disclosure. Continue Reading

By

• Bill Brenner

Wireless security -- Defending Wi-Fi clients

In this tip, Lisa Phifer examines how host-resident wireless IPS agents can help you safeguard Wi-Fi client devices to ensure strong wireless security. Continue Reading

By

• Lisa Phifer, Core Competence

Cisco users upbeat about security direction

Cisco customers say the vendor's security strategy is headed in the right direction, which is why they believe the networking giant's IronPort integration will be smooth sailing. Continue Reading

By

• Bill Brenner

Data migration product specifications

Part of the Tiered Storage Buying guide focusing on product specifications for data migration tools. Continue Reading

Data storage startups emerge from stealth

Three new storage firms have come out of stealth mode this June. Analysts predict the next new crop of startups will focus on wireless storage, reporting and alternatives to RAID. Continue Reading

By

• Beth Pariseau, Senior News Writer

Are PCI auditors pitching products?

Auditors shouldn't be pitching remediation services or products to bring a company into compliance with PCI DSS rules, but some merchants are reporting the practice Continue Reading

By

• Robert Westervelt, TechTarget

SearchSecurity.com Blogs

 Continue Reading

CIOs get solutions to meet governance regulations

CIOs facing a rising bills to meet governance, risk and compliance regulations may be able to control their costs better if they turn to new purpose-built software. Continue Reading

Software to help CIOs meet governance regulations

CIOs facing a rising bills to meet governance, risk and compliance regulations may be able to control their costs better if they turn to new purpose-built software. Continue Reading

By

• Ian Grant

Vendors admit more cooperation needed on security

Security leaders from large software vendors pledge to cooperate on embedding more security into their products. Continue Reading

By

• Robert Westervelt, TechTarget

Network security: Overlay versus perimeter security model debated at Catalyst

Traditional network perimeter security -- firewalls, and even network access control -- may soon be pushed out in favour of using VPNs for network security, which could ease the security burden for networking staff, according to Dave Passmore. The Research Director at Burton Group pointed out that there is a growing disagreement about where security controls should reside and how those controls should be implemented. Continue Reading

By

• Amy Kucharik, TechTarget

Corporate Mergers and Acquisitions Security Learning Guide

A panel of experts breaks down M&A security priorities and explains the best ways to manage disparate security staffs, technologies and policies. Continue Reading

Cisco vows to maintain IronPort tech, talent

As it completes the purchase of IronPort Systems, Cisco vows to maintain IronPort's talent base and make investments to keep its newly-acquired technology fresh. Continue Reading

By

• Bill Brenner

Richard Granger's departure may jeopardise NHS IT programme

Richard Granger's departure from Connecting for Health may jeopardise the stability and success of the politically driven NHS National Programme for IT. Continue Reading

By

• Tony Collins

PCI Council hears complaints, suggestions for changes

Companies with the most stringent security technologies endure hurdles to comply with PCI DSS. Some firms are turning to the upcoming Burton Group Catalyst Conference for answers. Continue Reading

By

• Robert Westervelt, TechTarget