|
|
Free Newsletters
|
|
|
|
|
|
IT trainer offers master's degree for hackers In an effort to produce the next generation of chief security officers and IT systems defense experts, an online training company is offering a new master's degree program in security science. Security vendors bring zombie fighters to life Data leakage prevention might currently be the hottest IT security submarket, but vendors are also tuning up their product offerings to help customers ward off the presence of botnet-infected zombie computers.  October 4, 3:41 p.m. PDT Is Adobe vulnerable to an AIR attack? Adobe Systems' moves to support RIAs (rich Internet applications) are exposing the software vendor -- and its developers and users -- to the threat of more Web-based malware and efforts to take advantage of security holes in its products. October 3, 7:57 a.m. PDT Malware boom puts pressure on second-tier AV labs Over the first six months of 2007, anti-virus applications market leader Symantec found a total of 212,101 new malware variants, an astonishing 185 percent increase over the second half of 2006, totaling an average of well over 1,100 unique samples arriving per day. October 3, 7:08 a.m. PDT Malicious code infects Chinese security site The Web site of one of China's Internet security organizations has been laced with malicious code. October 3, 4:58 a.m. PDT StopBadware: Trusted Web sites are being hacked and don't even know it It's getting harder and harder to know who to trust on the World Wide Web, according to online safety advocates StopBadware.org. October 3, 4:14 a.m. PDT Security researchers look beyond Vista The improved security in Microsoft's newest software products may leave some security researchers looking elsewhere for work. October 2, 2:11 p.m. PDT Cool tools for hacker trackers If you want to keep up with the latest criminal exploits without having to collect malware yourself, take a look at SRI International's Cyber-Threat Analytics BotHunter Malware Analysis Web page. Reporting on information and statistics collected from a research honeynet, the BotHunter Malware Analysis page makes daily infection logs from high-interaction honeypots available for anyone to view. Although the scale of the project and information collected is fairly small, this is a useful site for gaining more insight into crimeware and the world of bots. September 28, 3:00 a.m. PDT Hacker bears bad news about PDF The hacker who discovered a recently patched QuickTime flaw affecting the Firefox browser says he has found an equally serious flaw in Adobe's PDF file format. September 20, 5:10 p.m. PDT PayPal claims gains against phishers PayPal security chief Michael Barrett isn't ready to claim a victory in the fight against phishing schemes, but he said that his company is slowly turning the tide using a set of new partnerships and technological means. September 20, 4:23 a.m. PDT AT&T: Network perimeter security should be virtual Enterprise companies will soon begin offloading many of their network security responsibilities to telecommunications and Internet service providers and save vast amounts of time and money doing so, if AT&T has its way. September 20, 4:05 a.m. PDT Security gurus look for better ways to classify malware Two senior security veterans from Trend Micro are trying to get the industry to change how it classifies malicious software. September 19, 9:15 a.m. PDT Fear of insider threats hits home The more money that companies spend on securing their IT operations from external attack, the more it seems they become aware that the potential threat posed by their own employees remains their most significant risk. September 18, 10:42 a.m. PDT Infrastructure threats: Botnets show DoS who's boss Malware-infected botnet PCs have overtaken DoS attacks as the top security issue facing Internet service providers and other Web infrastructure hosting players, according to a new survey of the organizations. September 18, 3:54 a.m. PDT Hacked GOP site infects visitors with malware A Republican Party Web site has been hacked, and for some time it has been spreading a variation of the long-running Storm Trojan horse to vulnerable visitors, a security researcher said Friday. September 14, 2:21 p.m. PDT Badware hunters tame wild Webmasters, hosts If hijacked sites and hosting companies that fail to police malware distribution sources represent two of the most serious threats to Internet security, there may be hope for improvement, according to researchers working with Harvard Law School's StopBadware.org. September 14, 3:45 a.m. PDT Trust key to Internet security A few of my previous columns discussed my vision of creating a more secure Internet. It involved replacing the Internet's default anonymity with pervasive authentication, from the hardware initialization, through the OS and all applications, the user, and ending with a verifiable network stream. It is my strong belief that without a complete overhaul of default authentication, malicious hacking is going to continue indefinitely. September 14, 3:00 a.m. PDT St. Petersburg consulate Web site hacked Security vendors are warning that two U.S. Department of State Web sites based in Russia could contain malware and should be avoided. September 13, 1:37 p.m. PDT Exploit code appears for Microsoft Agent bug It took less than 24 hours for attackers to crank out proof-of-concept code targeting the one critical vulnerability disclosed -- and patched -- Tuesday morning by Microsoft, security researchers warned. September 13, 10:11 a.m. PDT Online thugs assault security help sites The good guys are taking a hit in the ongoing online war between the thugs who profit from phishing and malware, and those who work to stop them. September 12, 9:22 a.m. PDT Financially motivated malware thrives Financially motivated malware attacks are on the rise, with automated software packages making it easy for unskilled hackers to earn a living by sending out spam, researchers at messaging security vendor Secure Computing say. September 7, 9:19 a.m. PDT Forrester security show stresses risk management Enterprise security decision makers have long been more likely to be swayed by flashy new technologies than by the notion of comprehensive IT restructuring to protect data and other corporate assets, but the situation is evolving rapidly, according to experts participating in Forrester Research's ongoing Security Forum. September 5, 11:33 a.m. PDT Debate rages over German government spyware plan When it comes to who can and who can't be a hacker, the German government appears to want its cake and eat it, too. September 5, 8:14 a.m. PDT FBI: Enterprises need counterintelligence The Chinese government has denied involvement in a series of hacks carried out against IT systems at the Pentagon in June this week, but the threat of technology-driven espionage has forced the FBI to push businesses and academic institutions to better prepare for such attacks. September 4, 3:45 p.m. PDT Indian bank site restored after malware attack The web site of Bank of India, one of India's leading banks, was restored early Tuesday. The bank had closed the site on Friday after it found that the site had been hacked, and was dispensing malicious code. September 4, 4:22 a.m. PDT Malicious Web: Not just porn sites The New Zealand Honeynet Project, which produced Capture-HPC (mentioned here last week), also produced an excellent white paper about using Capture-HPC to identify malicious Web servers. On the group's Web site, you'll find that paper, the captured data, and the tools for anyone to inspect and replicate. August 31, 3:00 a.m. PDT Intel's vPro chips in more security for businesses With the introduction of its latest vPro microprocessors on Monday, Intel contends it is injecting a heavy dose of new security capabilities for the benefit of business customers and third-party technology providers alike. August 27, 8:00 a.m. PDT Get paranoid: Information brokers are bungling your data Anybody who requests a background or credit check on you -- or provides them to others -- has a ton of sensitive information about you that (a) may not be accurate and (b) is highly vulnerable to spills. That includes data brokers, credit bureaus, banks, insurance companies, cell carriers, and your employer. August 27, 3:00 a.m. PDT 10 reasons to be paranoid The truth is out there ... and so is your data. And just because there are no virtual black helicopters following you doesn't mean somebody somewhere doesn't have a bead on who you are and what you are doing. August 27, 3:00 a.m. PDT Get paranoid: There's a spook in your inbox Remember when the CIA was a dark, malevolent force lurking in the shadows of our lives, tapping our phones, reading our mail, and planting explosive devices in Castro's cigars? Well, they're baaaack. Only now it's the National Security Agency, and they're snooping into your e-mail, cell phone conversations, and Lord knows what else. August 27, 3:00 a.m. PDT Monster shuts down rogue server after data breach Monster Worldwide, whose job-hunting sites suffered a massive data breach caused by hackers, has shut down a rogue server that had been used to gather personal details of job seekers. August 23, 4:54 a.m. PDT Security SaaS maturing fast Security technologies delivered via the SaaS (software-as-a-service) business model may still be in their nascent stage, but some early adopters are already piecing together multiple offerings to outsource a significant portion of their IT systems defense infrastructure. August 22, 11:06 a.m. PDT Storm spam poses as site confirmation e-mail The Storm malware, which first appeared in January of this year, is showing no signs of slowing down -- just this week reinventing itself as a Web site membership confirmation message. August 22, 7:15 a.m. PDT Clearswift makes a clean sweep of Web threats Mitigating network-borne threats has been an imperative to companies of all sizes and statures. As if malware and viral infestation weren’t enough, today’s corporations must contend with even bigger bugs, including regulatory compliance, information leaks, and intellectual property theft. August 22, 3:00 a.m. PDT Mobile workers still struggling with security A fair amount of business users remain oblivious or unconcerned about many of the security issues involved with mobile devices, according to a new study published by Cisco and the National Cyber Security Alliance. August 21, 3:08 p.m. PDT Mobile malware to pose significant threat Although concerns regarding handheld data security still trump fears of mobile viruses, security software vendors and researchers contend that greater numbers of attacks are on the horizon. August 21, 3:00 a.m. PDT Making a case for virtual patching The period during which businesses work to install security patches to protect IT systems from attack undeniably remains one of the most vulnerable timeframes for many companies -- but a recently-launched startup selling a virtual patching alternative claims to have found a solution to the problem. August 20, 2:20 p.m. PDT Sourcefire acquires ClamAV open-source anti-malware project Network security specialist Sourcefire announced Friday that it has acquired ClamAV, an open-source gateway anti-malware project whose technologies are used in the products of a number of other vendors. August 17, 8:58 a.m. PDT Record-breaking 'Storm' Trojan linked to spam surge Storm, the Trojan that Hoovers PCs into hacker-controlled botnets, roared back into life last month in several waves, security researchers said Monday, and has blown by 2005's Sober to become the most prolific e-mail-borne malware ever. August 14, 7:29 a.m. PDT Novell buys endpoint security firm Senforce Novell announced on Monday that it has acquired Senforce Technologies, a provider of endpoint and network security tools, for an undisclosed sum. August 13, 9:40 a.m. PDT German antihacker law could backfire, critics warn Germany's new antihacker law could open the door to more cybercrime and not less, security experts warn. August 13, 8:43 a.m. PDT SpyProxy takes Web apps security fight to 'virtual sandbox' Faced with volumes of browser vulnerabilities and Web-based exploits designed to take advantage of the flaws, security researchers presented a new process for protecting users with execution-based malware detection at the ongoing Usenix Security Symposium in Boston on Wednesday. August 8, 12:42 p.m. PDT Update: Dateline NBC 'mole' outed, booted at Defcon Dateline NBC Producer Michelle Madigan was publicly outed at the Defcon security conference in Las Vegas Friday after show organizers were tipped off that she was trying to film show attendees with a hidden camera. August 3, 6:00 p.m. PDT Mozilla shares scanning tool, Firefox 3 features Open source browser maker Mozilla has developed a wide array of secure coding analysis tools as part of its internal development process, and now it's beginning to share those programs with the outside world. August 3, 2:28 p.m. PDT Malignant JavaScript mutates to evade detection Hackers have hit on a new technique for invading desktop computers via compromised Web sites, while avoiding anti-virus detectors, according to the SANS Institute. August 3, 6:58 a.m. PDT Project WOMBAT looks to manage online threats Researchers are looking for formal European Union sponsorship of a new project that would keep an eye on malicious software and computer attacks around the world. August 2, 6:21 a.m. PDT Taunting the CIO The Wall Street Journal on Monday ran a special section whose lead article was headlined "Ten Things Your IT Department Won't Tell You." The image on the section cover showed a white-shirted IT guy clutching a keyboard and a tangle of Ethernet cables, looking straight at the reader, with duct tape over his mouth. August 2, 3:00 a.m. PDT Apps security to dominate Black Hat Black Hat kicks off this week in Las Vegas with a big shift in focus from Internet viruses to application security. July 31, 3:00 a.m. PDT McAfee sets Rootkit Detective free On July 26, McAfee will begin offering a new application called Rootkit Detective, designed to detect and remove dangerous rootkit attacks. The software will also help end-users ward off the threats, as well as funnel new intelligence into the company's ongoing research operations. July 25, 1:12 p.m. PDT Organized crime infiltrates financial IT In Martin Scorsese's hit movie "The Departed," actor Matt Damon plays the part of a mole -- someone who helps his connected mob friends stay a step ahead of the cops by becoming one of the very law enforcement officials assigned to stop them. July 23, 11:14 a.m. PDT Mac worm hacker vanishes from blogosphere Just days after claiming to have written a worm that could be used to attack Mac OS X systems, the anonymous blogger known as Infosecsellout has gone quiet. July 18, 2:40 p.m. PDT Government, contractors hit in targeted attack Computers belonging to the U.S. government, contractors, and companies in the transportation industry were hit by a targeted computer attack in July that yielded password information for hundreds of Internet and intranet Web sites, a computer security vendor said Tuesday. July 17, 4:29 p.m. PDT Report: 90 percent of companies fail compliance An overwhelming percentage of businesses still fall far short in their efforts to comply with industry data-handling regulations and reduce their likelihood of experiencing a serious leakage incident, according to a new survey. July 16, 1:51 p.m. PDT Anti-phishing techniques for the real world I need to expand my idea of a secure computing ecosystem into the real world. Let me explain. July 13, 3:00 a.m. PDT Mounting scrutiny for Google security Much as the ubiquity of Microsoft's Windows operating system and Office productivity tools has made the software giant a focal point of security research, search giant Google is facing new scrutiny as it diversifies its products and moves further into the business environment. July 12, 4:24 p.m. PDT Microsoft launches OneCare 2.0 beta Microsoft released a beta version of its next-generation Windows Live OneCare 2.0 desktop security and management package on July 11, touting a number of improvements made to the product, including the ability to monitor multiple PCs on a local network. July 11, 3:01 p.m. PDT Phishing tool constructs new sites in two seconds Software developers like to make installation of their programs simple and quick. So do hackers. July 10, 9:17 a.m. PDT Security company launches eBay for bugs Psst. Want to buy a zero-day? A Swiss startup called WabiSabiLabi has some for sale, but to qualified buyers only. July 6, 4:43 a.m. PDT Talking Trojan says 'bye bye' to victims' data A newly identified malicious program not only messes up its victims' computers, it taunts them too. July 5, 12:53 p.m. PDT Policy experts split on spyware laws CAMBRIDGE, Mass. -- Two of the agencies most actively involved in bringing cyber-criminals to justice in the United States have expressed opposing opinions over pending anti-spyware legislation. June 28, 5:45 a.m. PDT BeyondTrust keeps Windows users from abusing privileges Too many organizations are still allowing most of their end-users full-time administration privileges in Windows. If you ask why the taboo practice is continuing, administrators will respond that they must allow regular end-users to install software and to make basic system configuration changes. Yet these very tasks also put end-users at risk for malicious exploitation. June 28, 3:00 a.m. PDT Gonzales: DOJ committed to fighting cybercrime The U.S. Department of Justice and President George Bush are committed to fighting intellectual-property theft and cybercrime, Attorney General Alberto Gonzales told a small audience in Seattle on Wednesday morning. June 27, 12:10 p.m. PDT Mobile phone virus author arrested in Spain Spanish police have arrested a 28-year-old man on charges that he created variants of the CommWarrior and Cabir mobile phone viruses, according to published reports. June 25, 11:28 a.m. PDT Cisco pushes IronPort smarts to firewalls Cisco Systems will begin offering IronPort's security filtering tools to its firewall customers after the networking giant's acquisition of the company closes on June 25. June 22, 10:05 a.m. PDT HP-SPI deal underscores apps security integration Hewlett Packard's acquisition of Web applications security specialist SPI Dynamics on June 19 illustrates a growing demand among enterprise customers to have vulnerability-scanning tools integrated into their software development platforms. June 19, 12:07 p.m. PDT Analysts: Microsoft flaw opened door to scammers Microsoft on Tuesday fixed a bug in its Windows Live ID registration that let users deceptively register a false e-mail address. June 19, 8:43 a.m. PDT 'Italian job' Web attack hits more than 10,000 sites Online criminals have launched a widespread Web attack that has turned tens of thousands of legitimate Web sites into weapons, security vendors said Monday. June 18, 2:36 p.m. PDT Homeland Security to detail IT attacks Officials from the U.S. Department of Homeland Security will hold a hearing on Capitol Hill on June 20 to discuss the findings of an investigation into the agency's own problems in battling electronic attacks and IT systems intrusions. June 15, 11:26 a.m. PDT Global co-op feeds FBI's botnet fight Officials with the FBI claim that global law enforcement partnerships are playing a significant role in its ongoing efforts to stomp out botnets and other computer-borne crimes. June 14, 3:09 p.m. PDT After hacker dissection, Safari beta is patched Three days after releasing Safari 3.0, Apple has issued its first patch of the beta software. June 14, 11:46 a.m. PDT Stupid hacker tricks The annals of crime are rife with tales of heists pulled off by enterprising criminal minds. But for every caper carried out with style and smarts, there are hundreds of imprisoned examples of the boneheaded desperado -- guys too greedy, too hasty, or just too brain dead to pull off their nefarious deeds without getting caught. June 11, 3:00 a.m. PDT Some say spyware bill too broad, others say too weak An antispyware bill that passed the U.S. House of Representatives this week faces opposition from several groups with one side saying it's too strong and the other saying it's too weak. June 8, 11:33 a.m. PDT 2007 InfoWorld CTO 25: Aristotle Balogh Here in San Francisco, where the San Andreas fault shifts the ground beneath our feet, most of us try to ignore the fact that the Big One is coming. At VeriSign offices down the road in Mountain View, they worry about a different kind of Big One -- namely, a cataclysm that wipes out the Internet. Not only that, they pin all the responsibility for survival on a single guy: CTO Ari Balogh. June 8, 3:00 a.m. PDT Experts: Botnets add fault tolerance Security experts contend that a growing number of operators of compromised computer networks (or "botnets") are finding new ways to grow their networks and make them immune to potential shutdowns, including sophisticated fault-tolerance planning to help ensure that their networks can't be easily wiped out. June 7, 12:00 a.m. PDT App developers finally securing code On Aug. 14, IT security training and research authority SANS Institute will convene its inaugural set of exams for software developers seeking to attain its new secure coding certifications. The rise of such initiatives -- and increasing adoption of source code vulnerability scanning tools among internal software development teams -- are finally making a difference in overall applications security, some end users and industry experts contend. June 6, 4:14 a.m. PDT 2007 InfoWorld CTO 25: Paul Judge When online technology evangelists began chatting up Dr. Paul Judge about the promise of e-commerce in the late 1990s, he couldn't get one thought out of his head: With all that money trading hands, criminals were sure to come knocking. June 6, 3:00 a.m. PDT Google: Attack code more likely on Microsoft IIS Web sites running Microsoft's Web server software are twice as likely to be hosting malicious code as other Web sites, according to research from Google. June 5, 12:50 p.m. PDT Microsoft unveils integrated security Microsoft shared details of its long-term security product strategy as part of its ongoing TechEd 2007 training conference on June 4, lifting the lid on plans to deliver an integrated suite of its software by mid-2009. June 4, 7:24 a.m. PDT Ever-evolving malware is getting nastier Malware evolves in trends. Yesterday’s boot virus is today’s Web server exploit program. Malware follows popularity, and it morphs to get past ubiquitous defenses. Understanding the growing trends in malware will help you plan better defenses. June 1, 3:00 a.m. PDT Spammers' use of AI only just begun Though security industry experts were openly referring to the death of spam several years ago, the arrival of image-based attacks has resulted in a stunning renaissance in the volumes of unwanted e-mail reaching end-users' inboxes. May 31, 5:03 p.m. PDT Attackers get chatty on VoIP The recent spate of malware attacks propagating throughout the user base of the Skype Internet calling system illustrates a broader trend toward cyber-criminals moving to take advantage of VoIP platforms as they become increasingly popular. May 30, 12:18 p.m. PDT Google buys into security, acquires GreenBorder Google has jumped into the anti-malware market, snatching up browser-based security software maker GreenBorder Technologies for an undisclosed amount of money. May 29, 9:32 a.m. PDT Germany passes antihacking law Hackers may want to avoid Germany, after the approval of a law that makes their activity a punishable crime. May 25, 6:58 a.m. PDT Malicious software plays on legal fears Hackers are trying to play on business' fear of legal action from customers to trick them into downloading a harmful program distributed through e-mail. May 25, 6:40 a.m. PDT Symantec: Heavy price for smartphone security inaction It may have taken enterprise customers years to get proper security tools in place to defend their PCs, but if large businesses drag their feet in aligning the applications necessary to protect their smartphones, they will pay a heavy price, says Symantec. May 24, 2:10 p.m. PDT Skype worm jumps to ICQ, MSN A new variant of the Stration worm, which has been plaguing Windows users for the past year, has made the jump from Skype to the ICQ and MSN Messenger networks. May 24, 1:40 p.m. PDT Code Green gives red light to data leaks Reports of corporate data leaks, lost laptops, and misplaced backup tapes are so commonplace that many no longer warrant a mention in the press. So common are corporate data leaks of one form or another that only the multimegaton events -- TJX, the Veterans Administration, or DuPont -- get covered. May 24, 3:00 a.m. PDT Spyware bill passes House The U.S. House of Representatives passed an antispyware bill Tuesday on a voice vote. May 22, 3:00 p.m. PDT Companies open wallets for secure data An annual VanDyke Software-sponsored survey of IT network and systems administrators finds that businesses have increased their spending on secure data communications technologies and also have undertaken significant work to improve their internal processes to benefit security. May 22, 11:42 a.m. PDT Microsoft tools keep bad Office files at bay Microsoft released a pair of tools on Monday that help protect computers from Office 2003 files containing malicious software code. May 22, 4:09 a.m. PDT Microsoft, TCG get closer on NAC The Trusted Computing Group (TCG) is tying its authentication software standard to Microsoft's proprietary network access protection platform -- a move that leaders in the network access control (NAC) segment tout as a major step toward getting products made by different vendors to work together. May 21, 8:20 a.m. PDT Symantec: Chinese hackers grow in number, skills China's hacking scene appears poised for growth, as the number of Internet users rise with a commensurate interest in criminal hacking and government spying, according to a new Symantec study. May 18, 5:15 a.m. PDT Spyware hunter probes larger market flaws Ben Edelman made a name for himself while still a graduate student by digging into the shady dealings that spawned what most people considered an innocuous problem: pop-up Web advertising. May 16, 3:00 a.m. PDT Scammers gaming YouTube ratings for profit The half-minute-long commercial for energy drink IRN-BRU on YouTube isn't all that original or really very funny. All the same, the clip "R0049_TDAU8" garnered 113 million hits and received a five-star review, with more than 70,000 visitors giving the clip the popular video site's highest content approval rating. (Editor's note: the file has since been removed from YouTube.) May 16, 3:00 a.m. PDT IBM pitches risk management strategy IBM unveiled a new IT governance and risk management strategy on May 15 that it will market to enterprise customers as a means to weave together security and compliance projects to ease planning and help drive down related expenses. May 15, 12:42 p.m. PDT Social Security, spyware bills go to House vote The House Energy and Commerce Committee unanimously approved a pair of bills on May 10 that aim to bolster consumers' protection against misuse of their social security numbers and computer-borne spyware. May 11, 11:23 a.m. PDT Building trust in downloads no simple feat The Truste group's goal of creating an online ecosystem through which software makers are held accountable for the functions of their programs and end users are given the power to keep unwanted applications off their devices won't be achieved easily, according to security researchers and participants in the nonprofit's Trusted Downloads project. May 10, 5:04 p.m. PDT Microsoft invites hackers back for Blue Hat Microsoft is once again inviting members of the hacking community into its Redmond, Washington, campus to show the software giant where it's gone wrong. May 10, 4:19 a.m. PDT Symantec pitches rootkit tech as Veritas validation Some industry watchers may still question why Symantec moved to acquire storage software maker Veritas for $10.2 billion in 2004, but the fruits of the companies' combined labors are already proving the deal as a winner, according to executives with the massive security firm. May 9, 4:26 p.m. PDT Infrastructure security powers up He may not have known it at the time, but Lonnie Charles Denison helped prove the need for tighter security at many infrastructure businesses when he launched a multifaceted attack against California Independent System Operator, a quasi-governmental agency responsible for management of the state's power grid. May 9, 4:17 a.m. PDT > Security |
|
|
|||||||||||||||||||||
