Security News

• 09 Feb 2012 Survey: Types of DDoS attacks on the rise due to hacktivist groups (SearchSecurityUK.com)

  New DDoS statistics suggest hactivist groups are to blame for an increase in the number and types of DDoS attacks across the Internet.

• 08 Feb 2012 Marty Roesch pushes collective analysis, underscores cyberthreat intelligence

  Sourcefire CTO Marty Roesch introduced cloud-based analysis for threat intelligence gathering. Network security monitoring platforms like RSA NetWitness may be headed in a similar direction.

• Web application vulnerability statistics show security losing ground (SearchSecurityUK.com)

  New Web application vulnerability statistics show the number of vulnerabilities is rising, despite the use of Web application development frameworks.

• 07 Feb 2012 Longstanding security problems plague enterprises, Trustwave finds

  While organizations focus on mobile security and other emerging threats, an analysis of more than 2,000 penetration tests conducted by Trustwave found older threats often overlooked.

• Survey results: VARs report customers’ IT spending 2012 expectations (SearchSecurityChannel.com)

  VARs expect customers to increase spending on security more than any other IT area in 2012. See which security segments will grow the most.

• 06 Feb 2012 Adobe issues support for Flash Player sandboxing in Firefox

  Adobe has launched the pubic beta of a new Flash Player sandbox feature for Firefox users, making attacks more difficult for cybercriminals.

• Nothing funny about SCADA and ICS security

  A researcher calls the state of industrial control system security “laughable” and warns of the consequences of unpatched critical infrastructure that is reachable over the Internet.

• 03 Feb 2012 Adobe makes pitch for defensive security research to cripple exploit writing

  Adobe security and privacy director Brad Arkin urges the security industry to develop technologies that make exploit writing costly.

• Microsoft spurs Browsium to rewrite tool for running IE6 on Windows 7 (SearchSecurityUK.com)

  Microsoft has spurred Browsium to rewrite its tool for running IE6 on Windows 7, limiting the security threat posed by continued use of IE6.

• 02 Feb 2012 SEC filing: VeriSign security breach in 2010 was limited, execs say

  In an October 2011 regulatory filing, VeriSign said its corporate network was breached in 2010, exposing data on a “small portion” of its systems.

• 01 Feb 2012 Symantec issues new pcAnywhere security guide following flaw resolution

  Organizations that have applied the latest patches should follow more stringent security best practices to guard against external attacks.

• 31 Jan 2012 Cridex Trojan breaks CAPTCHA, targets Facebook, Twitter users

  The banking Trojan variant Cridex can break CAPTCHA tests in just a few attempts, allowing it to create malicious email accounts used for spamming and propagating the virus.

• IBM enters mobile device management market via BigFix integration

  Beta version of IBM Endpoint Manager for Mobile Devices supports Apple iOS, Google Android, Symbian and Microsoft Windows Phone devices.

• 30 Jan 2012 Email providers push DMARC email authentication to combat phishing

  DMARC creates an authentication loop that could help people determine the legitimacy of an email.

• Phoenix Exploit Kit responsible for mass WordPress compromises

  Security firm M86 Security has discovered hundreds of WordPress websites compromised by Phoenix.

• 27 Jan 2012 Fake Firefox update delivers malware, exploit kits

  Malicious webpages masquerading as browser updates are being used by attackers as launch pads for Trojan viruses and exploit kits.

• Malicious Android applications may have infected millions, Symantec warns

  More than a dozen malicious Android applications on the Android Market contain a hidden Trojan that can steal information, download more files and display advertisements on the device.

• McAfee adds SMS filtering, smartphone threat intelligence to Android security app

  Mobile application supports Android smartphones and tablets with virus scanning and protection from Web threats and SMS attacks.

• Panel debates cloud computing governance issues (SearchCloudSecurity.com)

  Problems with data governance in the cloud aren’t much different than traditional outsourcing.

• Time to ban dangerous apps? Exploring third-party app security

  Column: Third-party applications are notoriously hard to patch and often easy to exploit. Is it time to ban applications, or can they be secured with a new approach?

• 26 Jan 2012 European Commission data protection proposals draw hostile reaction (SearchSecurityUK.com)

  Reaction to the European Commission data protection proposals has been largely negative, as many believe the new rules are costly and misdirected.

• Understanding data security breaches eclipses preventing them

  Companies are spending more time investigating the source of data breaches and their impacts to reduce expenses, says a survey.

• 25 Jan 2012 Kelihos botnet operator named in Microsoft botnet lawsuit

  Microsoft has named a Russian programmer as the one who wrote the malicious Kelihos code used to create a small botnet that peddled spam and child pornography.

• New Epsilon CISO to expand security team, assess security practices

  Newly appointed Epsilon CISO Chris Ray said he will take a step back and get a better understanding of the business before trying to address gaps.

• Symantec pulls pcAnywhere, man-in-the-middle attacks are possible

  Source code theft from Symantec’s systems in 2006 places pcAnywhere software at risk of being attacked. Company says software is bundled with many of its products.

Security News Archive