|
|
Free Newsletters
|
|
|
|
|
|
IE 7 bug reopens debate over patch responsibilities Security researchers are again arguing over who is responsible -- Microsoft or third-party developers -- for protocol-handling bugs after a researcher on Friday said Internet Explorer 7 can be used to trick users into launching malware. IT trainer offers master's degree for hackers In an effort to produce the next generation of chief security officers and IT systems defense experts, an online training company is offering a new master's degree program in security science.  October 8, 10:47 a.m. PDT Sun patches critical Java bugs Sun patched 11 vulnerabilities in the Windows, Linux, and Solaris versions of its Java Runtime Environment and Java Web Start Wednesday, including several rated critical by outside researchers. October 4, 12:25 p.m. PDT Apple fixes year-old QuickTime flaw Apple updated the Windows version of QuickTime today to quash a 13-month-old bug that critics say it overlooked when it patched the media player in March. October 4, 10:20 a.m. PDT New update breaks hacked iPhones Users are reporting that a new update to Apple's iPhone is making previously unlocked iPhones unusable. September 27, 3:55 p.m. PDT Apple does major bug-fix for iPhone Apple has released its biggest iPhone security update yet, fixing bugs in the mobile phone's browser, mail client, and Bluetooth networking server. September 27, 1:07 p.m. PDT Microsoft's stealth updates stymie XP repairs The contentious stealth update that Microsoft delivered to customers this summer blocks 80 patches and fixes from installing after Windows XP is restored using its "repair" feature, researchers said Thursday. September 27, 8:48 a.m. PDT Five ways that software vendors can boost security Is your software vendor doing everything it can to secure its products? As Sun Microsystems learned this week, there is always room for improvement. September 26, 1:50 p.m. PDT Researchers say AIM vulnerable to worm attack A critical flaw in the way that the AOL's instant messaging client, AIM, displays Web-based graphics could be exploited by criminals to create a self-copying worm attack, security researchers are warning. September 25, 5:12 p.m. PDT After criticism, Sun changes Java updates Sun is taking a page from Microsoft's security group and changing the way it updates Java for the desktop. September 25, 12:39 p.m. PDT Critical vulnerability found in Ask.com toolbar for IE A vulnerability in Ask.com's toolbar for Internet Explorer could allow an attacker to take control of a person's computer, according to security advisories. September 25, 8:36 a.m. PDT Security outsourcing on the rise As one of the world's largest outsourcing providers, Wipro Technologies is ramping up its security services business in a big way. September 20, 2:30 p.m. PDT VMware bugs highlight virtualization security risks A set of newly discovered flaws in components of VMware's virtual machine software has called attention to some of the security risks associated with the practice of running virtual computers on a single system. September 20, 1:42 p.m. PDT PayPal claims gains against phishers PayPal security chief Michael Barrett isn't ready to claim a victory in the fight against phishing schemes, but he said that his company is slowly turning the tide using a set of new partnerships and technological means. September 20, 4:23 a.m. PDT Mozilla fixes QuickTime flaw in Firefox Mozilla has fixed a critical bug in the way the Firefox browser works with QuickTime media files. September 18, 3:55 p.m. PDT Microsoft releases Patch Tuesday security updates Microsoft has released its security patches for September, fixing known vulnerabilities in its MSN Messenger software and Unix services for Windows as well as a critical bug in Windows 2000. September 11, 3:19 p.m. PDT Cisco says acquisitions don't impede best-of-breed Cisco executives speaking at the ongoing Security Standard Conference claim that the networking giant hasn't sapped innovation in the security companies it has acquired in its efforts to add to its own expanse of IT systems-defense products, while some customers clearly feel otherwise. September 10, 4:38 p.m. PDT Microsoft drops SharePoint fix September's batch of Microsoft security patches was trimmed Friday as Microsoft announced that a planned update to its SharePoint collaboration software would not be released this month. September 7, 5:06 p.m. PDT Microsoft readies five September security updates Microsoft will release five sets of security patches next Tuesday, including a critical update for users of Windows 2000, the company said Thursday. September 6, 12:49 p.m. PDT Forrester security show stresses risk management Enterprise security decision makers have long been more likely to be swayed by flashy new technologies than by the notion of comprehensive IT restructuring to protect data and other corporate assets, but the situation is evolving rapidly, according to experts participating in Forrester Research's ongoing Security Forum. September 5, 11:33 a.m. PDT FBI: Enterprises need counterintelligence The Chinese government has denied involvement in a series of hacks carried out against IT systems at the Pentagon in June this week, but the threat of technology-driven espionage has forced the FBI to push businesses and academic institutions to better prepare for such attacks. September 4, 3:45 p.m. PDT Microsoft closes third party Windows update app Microsoft forced a popular alternative to Windows Update off the Internet today, sending the maker of AutoPatcher cease-and-desist e-mail. The free utility has been removed from its download site. August 29, 3:56 p.m. PDT Intel's vPro chips in more security for businesses With the introduction of its latest vPro microprocessors on Monday, Intel contends it is injecting a heavy dose of new security capabilities for the benefit of business customers and third-party technology providers alike. August 27, 8:00 a.m. PDT Mobile workers still struggling with security A fair amount of business users remain oblivious or unconcerned about many of the security issues involved with mobile devices, according to a new study published by Cisco and the National Cyber Security Alliance. August 21, 3:08 p.m. PDT Making a case for virtual patching The period during which businesses work to install security patches to protect IT systems from attack undeniably remains one of the most vulnerable timeframes for many companies -- but a recently-launched startup selling a virtual patching alternative claims to have found a solution to the problem. August 20, 2:20 p.m. PDT Pundits on parade: What’s next in tech You’ve heard of Christmas in July, that classic advertising gimmick designed to lure shoppers into stores despite the oppressive heat and humidity. We’ll, we’ve got New Year’s in August, which invites you to stay indoors and read “The next big things in IT” -- 15 predictions about the future of technology. August 20, 3:00 a.m. PDT Old apps, new vulnerabilities One of the best security defenses you can have is a fully patched computer. Not just the OS, but all applications -- large and small -- should be completely up to date. But making sure you have the latest patches isn't enough. You have to check and see if the older, vulnerable versions of the software you patched aren't still installed and available. Unfortunately, many well-known applications, when patched, do not remove the older versions. Malicious Web sites can often choose which version your client runs, so while you think you're safe with the latest patches, the older versions of your software can be called, instead, to execute a known vulnerability you had long ago stopped worrying about. August 17, 3:00 a.m. PDT Microsoft releases super bundle of security patches Microsoft has released what security experts are calling one of it most significant security fixes this year. August 14, 11:43 a.m. PDT Novell buys endpoint security firm Senforce Novell announced on Monday that it has acquired Senforce Technologies, a provider of endpoint and network security tools, for an undisclosed sum. August 13, 9:40 a.m. PDT Symantec patches critical Norton flaw A bug in the way Norton AntiVirus software uses the ActiveX programming language could cause serious problems for users of Symantec's products. August 9, 1:03 p.m. PDT Microsoft plans nine security updates for next week Microsoft will release nine sets of security patches next week, including six critical updates for Windows, Office, Internet Explorer, and its Visual Basic development software. August 9, 12:16 p.m. PDT Mozilla vows to patch any critical flaws in 10 days A Mozilla executive has vowed that his company can patch any critical vulnerability in its software within 10 days, a sign that Mozilla may intend to step up its efforts to improve security. August 6, 5:13 a.m. PDT Mozilla shares scanning tool, Firefox 3 features Open source browser maker Mozilla has developed a wide array of secure coding analysis tools as part of its internal development process, and now it's beginning to share those programs with the outside world. August 3, 2:28 p.m. PDT Mozilla rushes out second Firefox patch this month Mozilla has patched a pair of nasty flaws in its Firefox browser, two weeks after security researchers first started posting code that showed how the flaws could be exploited in attacks. July 31, 4:15 a.m. PDT Apps security to dominate Black Hat Black Hat kicks off this week in Las Vegas with a big shift in focus from Internet viruses to application security. July 31, 3:00 a.m. PDT Mozilla flaw attack code published Mozilla is working on patching its Firefox browser after a hacker posted details of a flaw that could let criminals run unauthorized software on a victim's machine. July 25, 3:18 p.m. PDT McAfee sets Rootkit Detective free On July 26, McAfee will begin offering a new application called Rootkit Detective, designed to detect and remove dangerous rootkit attacks. The software will also help end-users ward off the threats, as well as funnel new intelligence into the company's ongoing research operations. July 25, 1:12 p.m. PDT Users urged to patch serious hole in BIND 9 DNS server A security researcher has reported a serious vulnerability in BIND 9, the software widely used in the Internet's DNS addressing system. July 25, 4:31 a.m. PDT Secunia Personal Software Inspector ferrets out unpatched software A Danish security vendor is offering a free tool designed to inform users when their applications need patching. July 24, 9:31 a.m. PDT Mozilla: Security remains on front burner With the release of its latest Firefox 2.0.0.5 browser, open-source software maker Mozilla claims to have fixed a number of potentially serious vulnerabilities in its flagship product. July 18, 3:26 p.m. PDT After criticism, Sun fixes Java flaw Just days after a security researcher blasted its Java patching system, Sun Microsystems has issued a critical update to the consumer version of its Java software. July 13, 1:22 p.m. PDT Oracle to release 46 patches next week Oracle will release 46 patches on Tuesday for products including its Oracle Database 10g, Application Server, and E-Business Suite. July 13, 4:14 a.m. PDT Mounting scrutiny for Google security Much as the ubiquity of Microsoft's Windows operating system and Office productivity tools has made the software giant a focal point of security research, search giant Google is facing new scrutiny as it diversifies its products and moves further into the business environment. July 12, 4:24 p.m. PDT Apple fixes serious QuickTime flaws Apple has patched a number of critical flaws in its QuickTime media player. July 11, 4:06 p.m. PDT Microsoft patches 11 bugs Microsoft on Tuesday issued six security updates for Windows, Office, and .Net Framework, patching a total of 11 vulnerabilities -- five of them rated critical. July 11, 4:39 a.m. PDT eEye: Sun update system exposes users Sun is putting millions of Java users at risk by staggering the release of security patches for the software, security vendor eEye Digital Security said Monday. July 10, 3:19 p.m. PDT Microsoft patches Active Directory flaw Microsoft released six sets of security patches Tuesday that address critical flaws in its products, including a bug in Active Directory software. July 10, 12:34 p.m. PDT Microsoft to release six security updates next week Microsoft will release six groups of security patches next week, including three critical updates for Windows and Excel users. July 5, 11:44 a.m. PDT Apple patches Safari a second time Apple Friday issued security updates to patch four vulnerabilities in Mac OS X and the Safari beta, marking the second time in eight days that the company has had to fix its newest browser, which runs on both Mac and Windows XP and Vista machines. June 25, 8:14 a.m. PDT Microsoft better at patching XP than Vista A Microsoft security executive released data Thursday showing that, six months after shipping Windows Vista, his company has left more publicly disclosed Vista bugs unpatched than it did with Windows XP. June 22, 4:12 a.m. PDT Homeland Security to detail IT attacks Officials from the U.S. Department of Homeland Security will hold a hearing on Capitol Hill on June 20 to discuss the findings of an investigation into the agency's own problems in battling electronic attacks and IT systems intrusions. June 15, 11:26 a.m. PDT Global co-op feeds FBI's botnet fight Officials with the FBI claim that global law enforcement partnerships are playing a significant role in its ongoing efforts to stomp out botnets and other computer-borne crimes. June 14, 3:09 p.m. PDT After hacker dissection, Safari beta is patched Three days after releasing Safari 3.0, Apple has issued its first patch of the beta software. June 14, 11:46 a.m. PDT SSL bug fixed in latest Microsoft security patches Microsoft has released its monthly set of security patches , fixing problems in Windows, Internet Explorer and in the SSL (Secure Sockets Layer) software used for secure Web browsing. June 12, 11:40 a.m. PDT Beware of fake Microsoft security alerts With Microsoft's monthly patch release expected on Tuesday, scammers are sending out fake security bulletins that attempt to install malicious software on victim's computers. June 8, 4:14 p.m. PDT With attack code out, Yahoo fixes IM flaw Yahoo has fixed a serious vulnerability in its Messenger instant messaging client. June 8, 11:00 a.m. PDT Four critical Windows fixes coming next week Microsoft will release six sets of security patches next Tuesday, four of which will fix critical flaws in the Windows operating system. June 7, 1:13 p.m. PDT Experts: Botnets add fault tolerance Security experts contend that a growing number of operators of compromised computer networks (or "botnets") are finding new ways to grow their networks and make them immune to potential shutdowns, including sophisticated fault-tolerance planning to help ensure that their networks can't be easily wiped out. June 7, 12:00 a.m. PDT App developers finally securing code On Aug. 14, IT security training and research authority SANS Institute will convene its inaugural set of exams for software developers seeking to attain its new secure coding certifications. The rise of such initiatives -- and increasing adoption of source code vulnerability scanning tools among internal software development teams -- are finally making a difference in overall applications security, some end users and industry experts contend. June 6, 4:14 a.m. PDT Software more art than science, says Microsoft's Mundie Ever wondered why Microsoft software needs continually to be patched and updated? Microsoft's Chief Research and Strategy Officer Craig Mundie believes it's because software development is still more an art than a science. June 5, 5:58 a.m. PDT Microsoft unveils integrated security Microsoft shared details of its long-term security product strategy as part of its ongoing TechEd 2007 training conference on June 4, lifting the lid on plans to deliver an integrated suite of its software by mid-2009. June 4, 7:24 a.m. PDT Mozilla patches six Firefox bugs Mozilla patched its flagship Firefox browser Thursday with fixes for six vulnerabilities, one of which was stamped "critical" by the open-source developer. This was the third time Mozilla has updated Firefox in 2007. May 31, 10:56 a.m. PDT F-Secure hit with anti-virus vulnerabilities F-Secure has patched several vulnerabilities in its security products, the most critical of which could be used to run unauthorized software on a victim's computer. May 30, 12:02 p.m. PDT Apple fixes serious QuickTime bug One week after updating its Mac OS X operating system, Apple has patched a serious flaw it its QuickTime media player. May 29, 2:36 p.m. PDT Companies open wallets for secure data An annual VanDyke Software-sponsored survey of IT network and systems administrators finds that businesses have increased their spending on secure data communications technologies and also have undertaken significant work to improve their internal processes to benefit security. May 22, 11:42 a.m. PDT QuickTime copies go unpatched, pose risks Although browsers are notoriously juicy targets for hackers, Apple's QuickTime is actually three times more likely to pose a threat than Internet Explorer 6 -- and six times more likely to be a threat than Firefox, Danish vulnerability tracker Secunia ApS said this week. May 18, 2:10 p.m. PDT Secunia: Firefox users more likely to install patches Firefox users have something new to brag about. Security vendor Secunia reports that users of the open-source browser are more likely to have installed the latest security updates than Web surfers running Internet Explorer or Opera. May 17, 4:22 a.m. PDT Microsoft tweaks Patch Tuesday advance notification Microsoft is changing the way it documents its monthly security patches. May 16, 3:27 p.m. PDT Samba developers quash serious bug Users of the open-source Samba software are being urged to patch their code following the discovery of a critical bug in the file-and-print software. May 15, 4:28 a.m. PDT Symantec pitches rootkit tech as Veritas validation Some industry watchers may still question why Symantec moved to acquire storage software maker Veritas for $10.2 billion in 2004, but the fruits of the companies' combined labors are already proving the deal as a winner, according to executives with the massive security firm. May 9, 4:26 p.m. PDT Update: Microsoft fixes nasty DNS server, Exchange flaws Microsoft has released its May set of security patches, fixing critical bugs in Windows, Office, and Exchange. May 8, 10:18 p.m. PDT Microsoft promises DNS patch Tuesday Microsoft Corp.'s security center has confirmed that a patch for the already exploited DNS server bug in Windows will be among the seven updates scheduled to release next Tuesday. May 4, 1:11 p.m. PDT Document shell code attacks loom large Targeted attacks that utilize vulnerabilities in popular document file formats and execute via hard-to-find shell code are becoming an increasingly popular menace, according to researchers at IBM's Internet Security Systems division. May 2, 12:37 p.m. PDT Microsoft: No patch yet for DNS Server bug Microsoft's security team Sunday said it is still working on a patch for a critical bug in the company's server software. April 23, 2:32 p.m. PDT Oracle releases delayed Windows database patch Oracle probably worried some DBAs earlier this week when it released its Critical Patch Update but neglected its most critical database flaw of the quarter for 9.2.0.8 users on the Windows platform. At the time, Oracle said this fix would come on April 30, but now it looks like Oracle has found a way to get the patch out. April 20, 5:21 p.m. PDT Apple releases large set of Mac security updates Apple has released a major set of security patches for its Mac OS X operating system. April 19, 3:16 p.m. PDT Microsoft: DNS patch to come by May 8... maybe Microsoft hopes to fix by May 8 a critical flaw in Windows Domain Name System (DNS) servers that is being exploited by online criminals, the company said late Tuesday. April 18, 8:18 a.m. PDT Oracle updates leave critical Windows flaw Some Oracle customers using the Windows operating system will have to wait another two weeks to receive a critical software update to their database software, thanks to a glitch that came up in testing the company's latest patches. April 18, 4:14 a.m. PDT Large enterprises still serving up spam Well-known enterprise companies are still having their IT systems hijacked by spammers despite investing in many different types of technologies aimed at stopping the problem. April 17, 3:04 p.m. PDT Bottom line impact of data breaches unclear Despite the fact that unwanted exposure of consumer data has become a hot-button issue in the media and among legislators nationwide, experts admit that it remains unclear just how much damage the events will cause to the finances and reputations of companies that experience major incidents. April 13, 3:01 p.m. PDT Cisco fixes wireless security holes Cisco has patched a number of security flaws in the software used to manage its wireless networking products. April 12, 5:03 p.m. PDT 37 Oracle security fixes coming next week Oracle will fix a number of products, including the Oracle Database, Application Server, and E-Business Suite, next week as it releases its quarterly batch of security patches. April 11, 4:14 a.m. PDT Update: Microsoft patches critical Windows, server flaws Microsoft has released its regularly scheduled batch of security patches, fixing critical flaws in Windows and the Microsoft Content Management Server. April 10, 10:53 p.m. PDT McAfee: Cyber-crime will continue to pay The latest research report from McAfee's Avert Labs paints a frightening picture for enterprise IT administrators and end-users, predicting continued maturation of cyber-crime and the technological means being used to carry out external attacks. April 10, 9:00 p.m. PDT Apple offers AirPort Base Station security fix Apple has published a firmware update for its Airport Extreme Base Station that fixes two security flaws in the Wi-Fi router. April 9, 4:48 p.m. PDT Microsoft patching five flaws, two critical Microsoft announced in its monthly Patch Tuesday preview that it plans next week to release security updates for five individual product vulnerabilities, including two critical issues. April 6, 10:28 a.m. PDT After emergency fix, more Microsoft patches ahead Microsoft isn't finished with its security fixes for the month. Next week, the software maker plans to release five more sets of patches fixing critical flaws in Windows and the Microsoft Content Management Server. April 5, 11:17 a.m. PDT Debate lingers over federal data-handling laws Even as the federal government appears poised to create new consumer data protection laws in 2007, businesses and privacy advocates in the United States remain at odds over the parameters of such legislation and its potential impact. April 3, 6:59 p.m. PDT Microsoft issues emergency Windows patch With attackers finding more ways to exploit a critical flaw in its Windows operating system, Microsoft has published an emergency software patch. April 3, 12:06 p.m. PDT ShmooCon hacker event gets under way The third annual ShmooCon convention kicked off in Washington, D.C., on March 23 and will run throughout the weekend with a series of lectures and presentations covering a wide range of enterprise security issues. March 23, 2:12 p.m. PST Firefox takes new tack on testing bug fixes Mozilla is changing the way it publishes security fixes for its Firefox browser. March 16, 1:51 p.m. PST GoDaddy tells client its servers don't need DST fix A GoDaddy.com customer is seriously concerned that this domain registrar and hosting company may not be ready for the switch to DST (Daylight Saving Time) on Sunday. March 9, 4:26 p.m. PST DB administration simplification As organizations grow, their application and database scenarios can become more complex, and it becomes increasingly important for IT to standardize the deployments of these environments. Standardization not only reduces mistakes by ensuring that each deployment is done exactly the same way, but it decreases deployment time. Fortunately, solutions are available to assist with the process, such as GridApp’s database automation management solution, Clarity 3.5, aimed at companies running Oracle, Oracle RAC (Real Application Clusters), and to a lesser degree, SQL Server. March 9, 3:00 a.m. PST No Microsoft security updates coming next week Microsoft is not planning to release any security updates on Tuesday, one of only a handful of times the company won't have security patches available since its monthly security updates began in 2003, Microsoft said Thursday. March 8, 12:41 p.m. PST Update: Mozilla issues fix for critical flaw The Mozilla Foundation has published a fix for a "critical" JavaScript vulnerability in the Firefox browser and the SeaMonkey application suite. March 6, 1:21 p.m. PST More IT war stories Off the Record, the real-world slice of life that graces the last page of InfoWorld, is one of our most popular columns. I know this from reader surveys and from all the e-mail I receive about it. As reader Roland Sickenberger put it recently, “It’s my favorite part of the magazine, kind of like a ‘Dilbert come to life’ thing.” March 5, 3:00 a.m. PST Mozilla fixes Firefox bugs Mozilla has released an update to its Firefox browser, fixing a number of security flaws in the product. February 23, 1:55 p.m. PST Microsoft patches include a surprise There was a little surprise buried in Microsoft's monthly security bulletins Tuesday. It turns out that Microsoft had quietly slipped out one of the February fixes just days before its Jan. 30 Vista launch. February 15, 12:58 p.m. PST Update: Microsoft fixes critical flaw in security products Microsoft released its February set of security updates Tuesday, including critical fixes for bugs in Office and the scanning engine used by the company's security products. February 14, 4:27 a.m. PST Big set of Microsoft security patches coming Tuesday Microsoft plans to release 12 sets of security patches next Tuesday fixing critical vulnerabilities in a number of its products, including the company's new security software. February 8, 10:52 a.m. PST > Security |
|
|
||||||||||||||||||
