|
|
Free Newsletters
|
|
|
|
|
|
IT trainer offers master's degree for hackers In an effort to produce the next generation of chief security officers and IT systems defense experts, an online training company is offering a new master's degree program in security science. Security analysts closer to improved antivirus software test Antivirus vendors are closer to agreeing on a new way to test their software after widespread agreement that older antivirus tests can be misleading. October 5, 9:13 a.m. PDT Homeland Security e-mail server turns into spam cannon Subscribers to a U.S. Department of Homeland Security daily e-mail bulletin were inundated with dozens of e-mails on Wednesday due to a glitch with the mailing list. October 4, 5:44 a.m. PDT Malicious code infects Chinese security site The Web site of one of China's Internet security organizations has been laced with malicious code. October 3, 4:58 a.m. PDT Cool tools for hacker trackers If you want to keep up with the latest criminal exploits without having to collect malware yourself, take a look at SRI International's Cyber-Threat Analytics BotHunter Malware Analysis Web page. Reporting on information and statistics collected from a research honeynet, the BotHunter Malware Analysis page makes daily infection logs from high-interaction honeypots available for anyone to view. Although the scale of the project and information collected is fairly small, this is a useful site for gaining more insight into crimeware and the world of bots.  September 28, 3:00 a.m. PDT Microsoft developer: 'Fuzzing' key to Office security A wave of attacks targeting Microsoft's Office 2003 last year taught the company some tough security lessons it's now aggressively applying, a Microsoft software engineer said Friday. September 21, 12:07 p.m. PDT Analysts urge caution as consumer devices enter workplace IT security professionals need to take steps to properly manage how employee-owned consumer devices are used in the workplace, analysts warned at Gartner's IT security summit in London this week. September 20, 8:12 a.m. PDT PayPal claims gains against phishers PayPal security chief Michael Barrett isn't ready to claim a victory in the fight against phishing schemes, but he said that his company is slowly turning the tide using a set of new partnerships and technological means. September 20, 4:23 a.m. PDT Security gurus look for better ways to classify malware Two senior security veterans from Trend Micro are trying to get the industry to change how it classifies malicious software. September 19, 9:15 a.m. PDT Fear of insider threats hits home The more money that companies spend on securing their IT operations from external attack, the more it seems they become aware that the potential threat posed by their own employees remains their most significant risk. September 18, 10:42 a.m. PDT Symantec: Stolen bank account details fetch $400 online Stolen bank account numbers are commanding the highest price in an underground trade of personal details stolen by hackers, according to a survey released Monday by security vendor Symantec. September 17, 3:51 a.m. PDT Data explosion shakes up IT In just three years, the bytes of data generated by digital cameras, mobile phones, businesses IT systems, and devices will equal the number of grains of sand on the world's beaches. September 13, 7:54 a.m. PDT Fujitsu protects corporate PCs with Palm Secure log-in Fujitsu Ltd. is targeting corporate desktop computer access with new versions of its palm vein biometric scanner. September 11, 4:58 a.m. PDT Cisco says acquisitions don't impede best-of-breed Cisco executives speaking at the ongoing Security Standard Conference claim that the networking giant hasn't sapped innovation in the security companies it has acquired in its efforts to add to its own expanse of IT systems-defense products, while some customers clearly feel otherwise. September 10, 4:38 p.m. PDT Skype warns users of Windows worm Skype users are under attack from a new worm that spreads through the peer-to-peer Internet phone application's chat feature. September 10, 7:05 a.m. PDT Security researcher intercepts embassy passwords from Tor A security researcher who collected thousands of sensitive e-mails and passwords from the embassies of countries such as Russia and India blamed systems administrators on Monday for not using encryption to shield their traffic from snooping. September 10, 6:20 a.m. PDT Forrester security show stresses risk management Enterprise security decision makers have long been more likely to be swayed by flashy new technologies than by the notion of comprehensive IT restructuring to protect data and other corporate assets, but the situation is evolving rapidly, according to experts participating in Forrester Research's ongoing Security Forum. September 5, 11:33 a.m. PDT Germany implements security plan to protect IT infrastructure with The German government has agreed to implement a sweeping set of security measures aimed at protecting critical IT infrastructure in the country. September 5, 9:35 a.m. PDT Bind 8 DNS server retired by serious security flaw A security researcher has found a serious vulnerability in an aging yet widely used software program used for the Internet's addressing system, prompting the software's maintainers to retire the affected version. September 5, 4:49 a.m. PDT FBI: Enterprises need counterintelligence The Chinese government has denied involvement in a series of hacks carried out against IT systems at the Pentagon in June this week, but the threat of technology-driven espionage has forced the FBI to push businesses and academic institutions to better prepare for such attacks. September 4, 3:45 p.m. PDT DOD: E-mail attack caused no damage A hacking attempt against the U.S. Department of Defense unclassified e-mail system earlier in the year caused minor administrative disruptions and personal inconveniences, but no adverse impact, a military spokesman said Tuesday. September 4, 8:46 a.m. PDT Free gift offers dupe users into giving personal data The personal details of thousands of mostly U.S.-based PC users have been discovered stashed on a server located in France, another indication of use of the Internet to collect personal data on a vast scale. September 4, 4:09 a.m. PDT Symantec unveils 2008 consumer security software Symantec launched new editions of its consumer Norton AntiVirus and Norton Internet Security (NIS) software Tuesday, adding new browser defenses for some users in both packages and wrapping features from its new identity initiative into the suite. August 29, 3:36 p.m. PDT Symantec CEO: Microsoft security ware pricing 'monopolistic' Symantec Chairman and CEO John Thompson blamed Microsoft on Tuesday for the current pricing competition his company faces in the consumer security market, suggesting Microsoft's pricing scheme for its first entry into the space is "monopolistic." August 28, 11:07 a.m. PDT Intel's vPro chips in more security for businesses With the introduction of its latest vPro microprocessors on Monday, Intel contends it is injecting a heavy dose of new security capabilities for the benefit of business customers and third-party technology providers alike. August 27, 8:00 a.m. PDT Intel adds desktop NAC to latest chips Intel's move to provide new integration with NAC (network access control) tools in its latest vPro desktop processors could provide interesting opportunities for use with the device authentication systems while further strengthening the technology standards it supports, according to industry watchers. August 27, 8:00 a.m. PDT German gov't PCs hacked, China offers to investigate Chinese premier Wen Jiabao described reports of Chinese hackers breaking into German computers as a matter of "grave concern" and said Monday that his country will cooperate with Germany to resolve the matter. August 27, 5:30 a.m. PDT 10 reasons to be paranoid The truth is out there ... and so is your data. And just because there are no virtual black helicopters following you doesn't mean somebody somewhere doesn't have a bead on who you are and what you are doing. August 27, 3:00 a.m. PDT Get paranoid: Your boss is watching Ever get the feeling your boss -- or your boss's IT department -- is lurking through the network, spying on you? Odds are quite good your instinct is right. And the bigger the organization, the more likely it monitors employees' e-mail, IM, or Web surfing. August 27, 3:00 a.m. PDT Security SaaS maturing fast Security technologies delivered via the SaaS (software-as-a-service) business model may still be in their nascent stage, but some early adopters are already piecing together multiple offerings to outsource a significant portion of their IT systems defense infrastructure. August 22, 11:06 a.m. PDT Sourcefire acquires ClamAV open-source anti-malware project Network security specialist Sourcefire announced Friday that it has acquired ClamAV, an open-source gateway anti-malware project whose technologies are used in the products of a number of other vendors. August 17, 8:58 a.m. PDT Vulnerability uncovered within Yahoo Messenger A new vulnerability in Yahoo's instant messenger program can potentially cause unwanted code to run on a PC, according to security researchers. August 15, 7:59 a.m. PDT Ten claims that scare security pros A child with a chocolate-smeared shirt says, "I didn't do it." The phone rings, and Mom assures you, "There's nothing to worry about." A systems administrator carrying a box of tapes says, "We'll have everything back up in a few minutes." Sometimes the first words you hear -- despite their distance from the truth -- tell you everything you need to know. August 14, 7:10 a.m. PDT Novell buys endpoint security firm Senforce Novell announced on Monday that it has acquired Senforce Technologies, a provider of endpoint and network security tools, for an undisclosed sum. August 13, 9:40 a.m. PDT UK report questions role of ISPs in online safety A new report on Internet safety has concluded ISPs (Internet service providers) should take more responsibility for online security since end users are often lax. August 10, 7:13 a.m. PDT Web scam: Pssst... wanna buy a house? Web scammers are turning to online property forums to collect personal information about users for later attempts to swindle them out of money, according to a security researcher. August 7, 7:21 a.m. PDT Mozilla shares scanning tool, Firefox 3 features Open source browser maker Mozilla has developed a wide array of secure coding analysis tools as part of its internal development process, and now it's beginning to share those programs with the outside world. August 3, 2:28 p.m. PDT Data leak products have security risks Companies looking to clamp down on data leaks may be introducing a whole new set of security problems to their corporate networks, researchers from Matasano Security said at the Black Hat conference Thursday. August 3, 2:11 p.m. PDT IBM to bury BlackIce by next year IBM will stop selling the BlackIce PC Protection security suite, a product that came under its wing after buying Internet Security Systems (ISS) a year ago for $1.3 billion. August 3, 8:54 a.m. PDT W32.Deletemusic worm hunts down and deletes MP3 files Security experts have discovered a worm that might just be the recording industry's dream application: it hunts down and deletes MP3s on infected PCs. August 2, 4:30 a.m. PDT Taunting the CIO The Wall Street Journal on Monday ran a special section whose lead article was headlined "Ten Things Your IT Department Won't Tell You." The image on the section cover showed a white-shirted IT guy clutching a keyboard and a tangle of Ethernet cables, looking straight at the reader, with duct tape over his mouth. August 2, 3:00 a.m. PDT Researchers: Web apps over Wi-Fi puts data at risk Users who access Google's Gmail or the Facebook social-networking site over Wi-Fi could put their accounts at risk of being hijacked, according to research from Errata Security, a computer security company. August 1, 7:12 a.m. PDT Adware company is accused of violating FTC pact An advertising software maker criticized last year by the U.S. Federal Trade Commission (FTC) is under fire again for allegedly not clearly labeling its software and informing consumers what it does on their PCs. August 1, 6:01 a.m. PDT Symantec to deliver messaging, Web filtering services Symantec will follow up the release of its Symantec Protection Network backup service with a range of new SaaS (software as a service) offerings in 2008 and beyond, company executives said Monday. July 31, 12:37 p.m. PDT Apps security to dominate Black Hat Black Hat kicks off this week in Las Vegas with a big shift in focus from Internet viruses to application security. July 31, 3:00 a.m. PDT New 'Glamour' Trojan demands ransom The two most prominent ransomware Trojans of recent times could be the work of the same people, or a related group of criminals, an analysis has suggested. July 30, 7:09 a.m. PDT McAfee sets Rootkit Detective free On July 26, McAfee will begin offering a new application called Rootkit Detective, designed to detect and remove dangerous rootkit attacks. The software will also help end-users ward off the threats, as well as funnel new intelligence into the company's ongoing research operations. July 25, 1:12 p.m. PDT Secunia Personal Software Inspector ferrets out unpatched software A Danish security vendor is offering a free tool designed to inform users when their applications need patching. July 24, 9:31 a.m. PDT Organized crime infiltrates financial IT In Martin Scorsese's hit movie "The Departed," actor Matt Damon plays the part of a mole -- someone who helps his connected mob friends stay a step ahead of the cops by becoming one of the very law enforcement officials assigned to stop them. July 23, 11:14 a.m. PDT Anonymous researcher boasts of building Mac worm An anonymous security researcher claimed this weekend to have created a worm that exploits a vulnerability in the Mac OS X operating system which Apple missed in a May round of patches. July 17, 7:58 a.m. PDT Symantec declares Chinese compensation offer a success Symantec declared its compensation offer for Chinese users who saw their computers damaged by a bad software update a success Sunday, but declined to say how many users had accepted the deal. July 16, 5:13 a.m. PDT Mounting scrutiny for Google security Much as the ubiquity of Microsoft's Windows operating system and Office productivity tools has made the software giant a focal point of security research, search giant Google is facing new scrutiny as it diversifies its products and moves further into the business environment. July 12, 4:24 p.m. PDT Reap the rewards of hardware recycling In late 2000, Union Bank of California concluded that it was time to refresh its desktop PCs every four years, based on findings from a PC Total Cost of Ownership Study. This meant that 200 PCs would have to be retired every month. Unfortunately, there was no strategy in place for the task, or even a designated person or department to manage the systems. July 12, 3:00 a.m. PDT Who's to blame for browser bug? IE or Firefox? A security researcher has found a security bug that could be attacked in Internet Explorer. Mozilla said it plans to patch the problem in its next Firefox software update. July 11, 4:56 a.m. PDT Average zero-day bug has 348-day lifespan, exec says The average zero-day bug has a lifespan of 348 days before it is discovered or patched, but some vulnerabilities live on for much longer, according to security vendor Immunity's chief executive officer. July 9, 5:10 a.m. PDT Security company launches eBay for bugs Psst. Want to buy a zero-day? A Swiss startup called WabiSabiLabi has some for sale, but to qualified buyers only. July 6, 4:43 a.m. PDT E-mail worms rarer in 2007 E-mail worms, not long ago the scourge of the Internet, have declined sharply in 2007, a security company has revealed. July 5, 7:54 a.m. PDT Printers get smarter but less secure If you've seen my column photo, you know I like the occasional spoon of sugar in my coffee. (OK, four spoons, so bite me.) Point is, since Brian Chee keeps me well stocked in Hawaiian Kona coffee, I make sure to keep a box of Domino instant-dissolve sugar in the kitchen. Tear off plastic, open little metal spout on side of box, pour sugar, reactivate synaptic functionality — simple. Then some product marketing management wizard apparently decided to fix it. Now the spout is cardboard, no longer firmly attached to the box, and inexplicably blocked by another slab of cardboard that serves no discernable purpose, yet must somehow be removed without dislodging the spout. July 3, 5:50 p.m. PDT Beijing scores number one spot for malware China is proving to be a mighty force not only economically, but also as the launching point for malicious software and spam. July 3, 4:54 a.m. PDT Hackers target execs and their families Hackers appear to have stepped up their efforts to trick corporate executives into downloading malicious software programs that can steal company data over the past year, according to new data released Monday. July 2, 4:47 a.m. PDT Homeland Security to host closed-door security forum The U.S. Department of Homeland Security will host a invite-only conference two months from now that will bring together security experts from law enforcement, Internet service providers, and the technology industry. June 29, 7:16 a.m. PDT RealPlayer, Helix Player vulnerable to attack Users are being advised to upgrade to newer versions of the RealPlayer and Helix Player multimedia products because of a critical security flaw. June 28, 5:39 a.m. PDT Security vendors question accuracy of AV tests Antivirus software is frequently tested for performance, so picking a top product should be straightforward: Select the No. 1 vendor whose software kills off all of the evil things circulating on the Internet. You're good to go then, right? Not necessarily. June 26, 7:56 a.m. PDT Symantec takes heat over Chinese compensation offer Symantec's attempt to make amends with Chinese users who saw their computers crippled by its antivirus software is off to a rocky start, with critics saying the company's compensation offer isn't good enough. June 26, 5:12 a.m. PDT Quickly discover sensitive content Monitoring systems on the central LAN for personal and proprietary data – something industry analysts estimate 86 percent of companies must do to comply with one or more regulations, such as GLBA, HIPAA, and Sarbanes-Oxley – is already an enormous challenge. Then consider the extra complexities introduced as this content sprawls to remote offices and partner locations. June 26, 3:00 a.m. PDT Update: Symantec compensates for bad software update More than a month after Symantec knocked out 50,000 Chinese PCs with a bad software update, the company is ready to offer compensation. But Chinese users eligible for the offer have to act fast; it's only good for a couple of weeks. June 25, 4:33 a.m. PDT The struggle to protect enterprise data Long ago, when businesses kept sensitive information locked away in file cabinets and safes, it was relatively cheap and easy to store valuable data and control who had access to it. Today, enterprises invest millions in security, storage, and compliance technologies -- all in the name of increasing visibility into where vital electronic information lives and how it is being defended. June 25, 3:00 a.m. PDT Microsoft better at patching XP than Vista A Microsoft security executive released data Thursday showing that, six months after shipping Windows Vista, his company has left more publicly disclosed Vista bugs unpatched than it did with Windows XP. June 22, 4:12 a.m. PDT Symantec outgrows underground nuclear bunker Symantec has emerged from its bunker in the British countryside, moving its malware-fighting operations from a former U.K. military nuclear shelter to a more conventional office in Reading. June 20, 10:23 a.m. PDT McAfee puts Total Protection 2.0 into beta McAfee has released beta version of its next-generation Total Protection 2.0 consumer security software. June 20, 4:23 a.m. PDT Homeland Security to detail IT attacks Officials from the U.S. Department of Homeland Security will hold a hearing on Capitol Hill on June 20 to discuss the findings of an investigation into the agency's own problems in battling electronic attacks and IT systems intrusions. June 15, 11:26 a.m. PDT Symantec releases beta of new enterprise product Symantec Corp. Wednesday released a beta of its new enterprise security product, formerly code-named Hamlet, that melds technology from several of the company's acquisitions over the last few years. June 13, 10:18 a.m. PDT Symantec tests revamp of corporate anti-virus client Symantec will kick off its annual Symantec Vision conference next week with the first public release of its next-generation corporate anti-virus software, Symantec Endpoint Protection 11.0. June 7, 12:56 p.m. PDT Europe launches portal for IT security standards The web of IT security specifications and standards organizations in Europe may become a bit clearer with a new portal that provides a one-stop source for standards information. June 7, 8:35 a.m. PDT Experts: Botnets add fault tolerance Security experts contend that a growing number of operators of compromised computer networks (or "botnets") are finding new ways to grow their networks and make them immune to potential shutdowns, including sophisticated fault-tolerance planning to help ensure that their networks can't be easily wiped out. June 7, 12:00 a.m. PDT Europe crafts computer security alert system for SMBs The creation of a pan-European system to notify small and medium-size businesses of IT security threats came a step closer Tuesday, as security experts from industry and academia refined plans for the European Information Sharing and Alert System (EISAS) at a conference in Berlin. June 5, 8:31 a.m. PDT Microsoft unveils integrated security Microsoft shared details of its long-term security product strategy as part of its ongoing TechEd 2007 training conference on June 4, lifting the lid on plans to deliver an integrated suite of its software by mid-2009. June 4, 7:24 a.m. PDT Stealthy attack method causes concern A new hacking method is causing concern for the lengths it goes to avoid detection by security software and researchers. June 4, 6:40 a.m. PDT Google Desktop vulnerable to new attack Just one day after a security researcher showed how Google's Firefox toolbar could be exploited in an online attack, a similar flaw has been discovered in the Google Desktop. June 1, 4:16 a.m. PDT Spammers' use of AI only just begun Though security industry experts were openly referring to the death of spam several years ago, the arrival of image-based attacks has resulted in a stunning renaissance in the volumes of unwanted e-mail reaching end-users' inboxes. May 31, 5:03 p.m. PDT Google digs in against malware Google's acquisition of security company GreenBorder Technologies is a sign the search giant wants to bolster confidence in its browser-delivered applications amid growing threats from malicious software on the Internet. May 30, 10:16 a.m. PDT Google buys into security, acquires GreenBorder Google has jumped into the anti-malware market, snatching up browser-based security software maker GreenBorder Technologies for an undisclosed amount of money. May 29, 9:32 a.m. PDT Malicious software plays on legal fears Hackers are trying to play on business' fear of legal action from customers to trick them into downloading a harmful program distributed through e-mail. May 25, 6:40 a.m. PDT Password-cracking challenge update: second password revealed The password hacking contest I started 10 months ago is two-thirds over. We have a winner for the second of three hash challenges…I just don’t know who they are. May 25, 3:00 a.m. PDT Researcher: RSA 1024-bit encryption not enough The strength of the encryption used now to protect banking and e-commerce transactions on many Web sites may not be effective in as few as five years, a cryptography expert has warned after completing a new distributing-computing achievement. May 23, 11:11 a.m. PDT Companies open wallets for secure data An annual VanDyke Software-sponsored survey of IT network and systems administrators finds that businesses have increased their spending on secure data communications technologies and also have undertaken significant work to improve their internal processes to benefit security. May 22, 11:42 a.m. PDT Microsoft, TCG get closer on NAC The Trusted Computing Group (TCG) is tying its authentication software standard to Microsoft's proprietary network access protection platform -- a move that leaders in the network access control (NAC) segment tout as a major step toward getting products made by different vendors to work together. May 21, 8:20 a.m. PDT Symantec: Chinese hackers grow in number, skills China's hacking scene appears poised for growth, as the number of Internet users rise with a commensurate interest in criminal hacking and government spying, according to a new Symantec study. May 18, 5:15 a.m. PDT Estonia recovers from massive denial-of-service attack A spree of denial-of-service (DOS) attacks against Web sites in Estonia appears to be subsiding, as the government calls for greater response mechanisms to cyber attacks within the European Union. May 17, 7:42 a.m. PDT IBM pitches risk management strategy IBM unveiled a new IT governance and risk management strategy on May 15 that it will market to enterprise customers as a means to weave together security and compliance projects to ease planning and help drive down related expenses. May 15, 12:42 p.m. PDT IBM criticizes TippingPoint over hacking contest IBM's ISS division has torn into rival TippingPoint for sponsoring the hacking contest that led to the disclosure of a QuickTime vulnerability in Apple's Safari browser. May 11, 9:31 a.m. PDT Symantec pitches rootkit tech as Veritas validation Some industry watchers may still question why Symantec moved to acquire storage software maker Veritas for $10.2 billion in 2004, but the fruits of the companies' combined labors are already proving the deal as a winner, according to executives with the massive security firm. May 9, 4:26 p.m. PDT Proventia Desktop firewall stymies malware In the days of overcomplicated security tools, it's satisfying to review a feature-rich product that intentionally keeps it simple. Internet Security Systems (ISS) Proventia Desktop (also known as IBM Proventia Desktop Endpoint Protection) offers a host-based firewall core supplemented by anti-virus, anti-malware, buffer overflow exploit protection, intrusion prevention, and it can function as a Cisco Network Admission Control agent. I was eager to test version 9.0.226.0, released after the IBM buyout of ISS, to see how the product is holding out against the competition. May 3, 3:00 a.m. PDT Document shell code attacks loom large Targeted attacks that utilize vulnerabilities in popular document file formats and execute via hard-to-find shell code are becoming an increasingly popular menace, according to researchers at IBM's Internet Security Systems division. May 2, 12:37 p.m. PDT Symantec closes in on delivery of major AV update Symantec is slipping on its target delivery time for the next major upgrade of its security product for enterprises, code-named Hamlet, while it irons out final code wrinkles during beta testing. May 2, 9:42 a.m. PDT Unpatched flaws found in Photoshop CS2, CS3 A pair of security vulnerabilities found in certain versions of Adobe Systems Inc.'s popular Photoshop products could put users' computers at risk, according to security researchers. Neither flaw has been patched yet. May 1, 8:29 a.m. PDT Rootkits: The next big enterprise threat? Late at night, a system administrator performed a routine check of a crashed server, one of 48 systems comprising a major online infrastructure that generated about $4 million per month in revenue. He was a bit surprised that the system had gone down, as it had been humming for months without any indication of being prone to crashing. The check uncovered three encrypted files. The administrator called on MANDIANT to analyze them. April 30, 3:00 a.m. PDT Disgruntled employees may seek IT revenge Of all the security vendors exhibiting at InfoSecurity in London this week, none claim they can detect a major threat to enterprises: unhappiness. April 26, 5:13 a.m. PDT Startup pitches smarter AV With a name like Robot Genius you wouldn't expect the company's leaders to be modest, but the more you hear the firm's Chairman Stephen Hsu talk about his startup's new approach to anti-malware, the more you believe the name might fit. April 25, 9:12 a.m. PDT Microsoft ups security stance with new labs In a move to strengthen its response to security threats, Microsoft is opening two labs to study the growing amount of malicious software circulating on the Internet, security executives announced Wednesday. April 25, 7:40 a.m. PDT > Security |
|
|
||||||||||||||||||
