Security News |
 |
| 05 Feb 2010 |
|
| |
Microsoft to fix 26 flaws in Windows, Office
The Microsoft Advance Notification warns of five critical bulletins across its product line. A total of 13 bulletins address 26 vulnerabilities. |
|
|
| 04 Feb 2010 |
|
| |
Microsoft warns that IE zero-day vulnerability causes data leakage
A new Microsoft advisory warns of a zero-day vulnerability that could result in information disclosure for users of Windows XP. |
|
|
| |
Torrent phishing scheme trips up Twitter users
(Security Bytes blog)
Latest attack prompts warning to change your passwords. Check out these popular password management programs now. |
|
|
| 03 Feb 2010 |
|
| |
Tripwire enters tumultuous SIEM market
With companies driven to SIEM by PCI and other compliance projects, Tripwire is the latest vendor to emerge. Analysts like SIEM technology, but predict vendor consolidation ahead. |
|
|
| 02 Feb 2010 |
|
| |
Customers risk online banking fraud by reusing bank credentials
(SearchFinancialSecurity.com)
Trusteer study shows many use their Internet banking password to login to other websites, opening the door to potential online banking fraud |
|
|
| |
Microsoft extends SDL program, adds Agile development template
Microsoft is adding support for Agile Development Methodologies to its Security Development Lifecycle program. A simplified SDL white paper is also being introduced. |
|
|
| |
Chinese hacker says most are not skilled coders
(Security Bytes blog)
Automated tools fuel rise in less savvy hackers. How much do they really profit? |
|
|
| 01 Feb 2010 |
|
| |
Google to pay for Chrome browser vulnerabilities
Google follows Mozilla's FireFox vulnerability reward program, offering a base reward of $500 for eligible browser bugs. |
|
|
| |
Browser exploit kit probe highlights need for patching, vigilance
(Security Bytes blog)
Eleonore exploit kit targets browser vulnerabilities and plug-in holes that have been patched by vendors. |
|
|
| 29 Jan 2010 |
|
| |
Phone call fraud made easy
(SearchFinancialSecurity.com)
RSA researchers say emerging phone call fraud services make it easy for criminals to victimize banking customers |
|
|
| 28 Jan 2010 |
|
| |
SCADA system, critical infrastructure security lacking, survey finds
IT and security executives at firms that own critical infrastructure facilities are concerned about the lack of security protecting underlying management systems from attack. |
|
|
| |
MA 201 CMR 17 enforcement less likely with prompt reporting, cooperation
The official charged with enforcing the MA 201 CMR 17 data protection law says early reporting of potential breaches and cooperation will help firms avoid enforcement action. |
|
|
| 27 Jan 2010 |
|
| |
No major PCI DSS revision expected in 2010
The next revision of PCI DSS will contain clarifications, but no major revisions, according to Bob Russo, general manager of the PCI Security Standards Council. |
|
|
| 26 Jan 2010 |
|
| |
PCI QSAs, certifications to get new scrutiny
The PCI Security Standards Council now has a team of five reviewing PCI assessments for inconsistencies and has increased funding for its QSA oversight program. |
|
|
| |
Malware in Google attacks uses spaghetti code
(Security Bytes blog)
Coding technique designed to tie up reverse engineers has been used in the past, Symantec says. |
|
|
| |
Attackers continue barrage of SEO attacks
(Security Bytes blog)
Popular search term exploited to funnel users to a rogue search engine. A variety of tactics continue to prey on search engine users. |
|
|
| 25 Jan 2010 |
|
| |
Data breach costs continue to rise in 2009, Ponemon study finds
A Ponemon Institute study of 45 businesses found data breach costs increased last year to $204 per compromised record, a rise of $2 per customer record over 2008 costs. |
|
|
 Security News Archive |
