August 2007 | Archive by Month |

August 2007

  • Cisco issues CallManager security update

    Security flaws in Cisco CallManager and Unified Communications Manager could be exploited for cross-site scripting and SQL injection attacks, but a security update is available.

  • Cybercrime forensics lab cinches high-profile cases

    The Silicon Valley Regional Computer Forensics Laboratory pulls together evidence necessary to make a case in court.

  • Verizon completes Cybertrust integration

    Verizon says Cybertrust has been assimilated into its Business Security Solutions group. The telecom giant is now playing up its ownership of Cybertrust's popular SMP program.

  • Laptop theft exposes data of 106,000 taxpayers

    Connecticut state officials acknowledged the theft of an employee laptop containing thousands of taxpayer names and Social Security numbers.

  • Critical flaw found in Oracle developer tool

    A popular tool used by Oracle developers contains a critical flaw that could be used by an attacker to compromise a system.

  • Independent security vendors struggle for stability, viability

    With more security firms getting acquired, the staying power of the remaining independent vendors has been called into question. Some, like eEye, insist they're still viable.

  • Flaw found in MSN Messenger

    Attackers could exploit a flaw in MSN Messenger to run malicious code on targeted machines, according to Danish vulnerability clearinghouse Secunia.

  • Microsoft Windows Vista challenges, pitfalls

    This series highlights the setbacks and successes of those who are at various stages of deployment of Microsoft Vista.

  • BotHunter

    BotHunter is a type of bot application that looks for other bots by tracking two-way communication flows between active software inside a private network and external entities... (Continued)

  • Patch Tuesday

    Patch Tuesday, also known as Black Tuesday, is the second Tuesday of each month, when Microsoft releases the newest fixes for its Windows operating system and related software applications.

  • iPhone not ready for the enterprise

    While the Apple iPhone won't be the first choice of many enterprises, a group of industry analysts say it could have a positive impact on future devices.

  • Rootkit found in older Sony USB device

    F-Secure says it discovered rootkit technology in Sony's Micro Vault USM-F fingerprint reader software. The find comes two years after controversy over Sony's DRM technology.

  • Vendor IT shops also feel Windows Vista pain

    Vendors don't like to hear it when their customers complain they were too slow in preparing their products for Vista compatibility.

  • Screencast: Google hacking, infosec style

    In this exclusive screencast step-by-step demo, Tom Bowers explains how to ensure an organization's intellectual property doesn't fall into the wrong hands.

  • No good way to measure HIPAA compliance

    It's been two years since HIPAA took effect. But for many IT pros in the healthcare sector, measuring actual compliance is still a tricky task.

  • Perfect HIPAA security impossible, experts say

    Two years after HIPAA security rules took effect, IT pros in the healthcare sector have found that constant security improvements are necessary for compliance.

  • SANS: Attackers may be attempting Trend Micro exploits

    The SANS Internet Storm Center (ISC) warns that attackers may be attempting to exploit flaws in Trend Micro products to hijack computer systems.

  • Shining a spotlight on rootkits

    In this tip, contributor Scott Sidel discusses rootkit attacks, and unveils several free software tools that can help to assist security professionals in the rootkit detection process.

  • Trend Micro fixes flaws in ServerProtect, PC-cillin

    Attackers could tamper with servers and run malicious code by exploiting flaws in Trend Micro's ServerProtect, Anti-Spyware and PC-cillin products. But fixes are available.

  • Can Snort be configured with a FreeBSD router?

    Just because you can use Snort, it doesn't necessarily mean that you always should. In this expert Q&A, Mike Chapple explains which network configuration scenarios call for the intrusion...