Security News |
 |
| 08 May 2008 |
 |
| |
Virtualization vendors not in the security business, says Citrix CTO
Simon Crosby, chief technology officer of Citrix Systems explains why virtualization security should be the job of security vendors. |
 |
 |
| 06 May 2008 |
 |
| |
Microsoft releases Windows XP SP3 with NAP, security updates
(Security Bytes)
Service Pack 3 for Windows XP includes Network Access Protection (NAP) capabilities used in Windows Vista. |
 |
 |
| |
Hacker server contains thousands of sensitive business, healthcare files
A rogue server controlled by an unsophisticated hacker contained email and web-based data stolen from thousands of personal and business computers. |
 |
 |
| |
Yahoo, McAfee to warn users of dangerous websites
Websites suspected of spreading malicious programs or spamming and phishing campaigns will be highlighted in search results. |
 |
 |
| 05 May 2008 |
 |
| |
Verizon issues PCI self-assessment, support docs
Verizon Business is issuing a PCI self-assessment questionnaire and support documentation as part of its Partner Security Program (PSP). |
 |
 |
| |
Security pros focused on internal threat, training
A recent survey shows organizations are worried about risks posed by employees and increasingly interested in training as the network perimeter continues to crumble. |
 |
 |
| 01 May 2008 |
 |
| |
PCI group addresses assessor issues, vendor challenges
David Taylor of the PCI Security Vendor Alliance, discusses the challenges PCI presents, the newly created PCI Knowledge Base and how the group can help both vendors and companies. |
 |
 |
| |
Forrester: NAC ready for wider deployments
With vendor consolidation subsiding, NAC technologies are maturing and ready for full scale deployments. |
 |
 |
| 30 Apr 2008 |
 |
| |
SQL injection attack infects hundreds of thousands of websites
Security experts are watching massive numbers of automated SQL injection attacks from Chinese domains. Attackers use simple search engine queries to build a list of targets. |
 |
 |
| 29 Apr 2008 |
 |
| |
Botnet disruption raises ethical concerns among researchers
Researchers studying the Kraken and Storm botnets have the ability to issue commands to zombie PCs shutting down the armies, but they may not be justified to issue those commands. |
 |
 |
| |
Credit card thieves target small merchants, flawed POS systems, study finds
PCI assessment firm, Trustwave says the report debunks some popular perceptions but others cite flaws in the study. |
 |
 |
| |
HP customers vulnerable to software update tool flaw
Several flaws in HP Software Update could allow an attacker to read system information or gain access to a machine. |
 |
 |
| 28 Apr 2008 |
 |
| |
IBM makes push into virtualization security with Phantom
Big Blue said its research teams would contribute to development of technologies and best practices to secure virtual environments. |
 |
 |
| 24 Apr 2008 |
 |
| |
New SQL injection technique threatens Oracle databases
A technique called lateral SQL injection exploits PL/SQL procedures to compromise Oracle databases remotely. |
 |
 |
| |
Hannaford to add encryption, bolster systems in wake of breach
Ron Hodge, the grocer's president and CEO, said the company would spend millions to align the company's security processes with the ISO 27001 security standard. |
 |
 |
| |
PCI forces companies to seek log management help
Hard-pressed corporations are turning to service providers as well as product vendors to bring log data together and make management easier. |
 |
 |
| 23 Apr 2008 |
 |
| |
Trojan downloaders, droppers skyrocket, Microsoft says
The spread of Trojan horses via downloaders and droppers is multiplying rapidly, infecting nearly 19 million computer users in the second half of 2007. |
 |
 |
| 22 Apr 2008 |
 |
| |
PCI Council issues clarification on Web application security
The PCI Security Standards Council released documentation hoping to reduce a tide of confusion over enforcement of application firewalls and code reviews. |
 |
 |
| |
Former LendingTree employees pilfer firm's customer database
(SearchFinancialSecurity.com)
The online mortgage lending exchange site said several of its former employees shared their passwords with unapproved lenders to access customer records. |
 |
 |
| |
New phishing, Zeus Trojan technique spreads crimeware
Researchers are tracking new phishing methods that steal a victim's information and spread a Trojan designed to pilfer even more data. |
 |
 |
Security News Archive |