Security News Archive |
 |
| 24 Apr 2008 |
|
| |
New SQL injection technique threatens Oracle databases
A technique called lateral SQL injection exploits PL/SQL procedures to compromise Oracle databases remotely. |
|
|
| |
Hannaford to add encryption, bolster systems in wake of breach
Ron Hodge, the grocer's president and CEO, said the company would spend millions to align the company's security processes with the ISO 27001 security standard. |
|
|
| |
PCI forces companies to seek log management help
Hard-pressed corporations are turning to service providers as well as product vendors to bring log data together and make management easier. |
|
|
| 23 Apr 2008 |
|
| |
Trojan downloaders, droppers skyrocket, Microsoft says
The spread of Trojan horses via downloaders and droppers is multiplying rapidly, infecting nearly 19 million computer users in the second half of 2007. |
|
|
| 22 Apr 2008 |
|
| |
PCI Council issues clarification on Web application security
The PCI Security Standards Council released documentation hoping to reduce a tide of confusion over enforcement of application firewalls and code reviews. |
|
|
| |
Former LendingTree employees pilfer firm's customer database
(SearchFinancialSecurity.com)
The online mortgage lending exchange site said several of its former employees shared their passwords with unapproved lenders to access customer records. |
|
|
| |
New phishing, Zeus Trojan technique spreads crimeware
Researchers are tracking new phishing methods that steal a victim's information and spread a Trojan designed to pilfer even more data. |
|
|
| 21 Apr 2008 |
|
| |
New hacking technique exploits common NULL programming error
A researcher has discovered a new hacking technique that exploits a programming vulnerability common in many applications. |
|
|
| |
Keystroke recognition aids online authentication at credit union
(SearchFinancialSecurity.com)
Some banks and financial firms are turning to keystroke recognition as a weapon against online fraud. |
|
|
| 18 Apr 2008 |
|
| |
Microsoft investigates new Windows zero-day flaw
Microsoft is investigating reports of a new zero-day vulnerability attackers could exploit to gain extra user privileges and launch malicious code. |
|
|
| 16 Apr 2008 |
|
| |
Researchers uncover tool used to infect websites, spread malware
An analysis conducted by the SANS Institute's Internet Storm Center uncovered a utility designed to perform automated SQL injection attacks against websites and spread malware. |
|
|
| |
Researchers warily watch for Microsoft GDI exploits
Symantec, US-CERT and other security organizations are tracking attempts to exploit the GDI flaw Microsoft addressed last week in its MS08-021 patch bulletin. |
|
|
| |
Oracle fixes 41 flaws in April CPU
Attackers could exploit several Oracle flaws to compromise the confidentiality and integrity of targeted systems, Symantec said hours after Oracle's April 2008 CPU was released. |
|
|
| 14 Apr 2008 |
|
| |
Video: Telecom carriers bolster security services
Kerry Bailey of Verizon and Stan Quintana of AT&T explain their companies' expanding role as security service providers, now and in the near future. |
|
|
| |
Fraudsters exploiting multiple financial services channels
(SearchFinancialSecurity.com)
Crooks are using a combination of Web, phone and other means to carry out fraudulent transactions, say a panel of financial services executives at RSA Conference 2008. |
|
|
| 11 Apr 2008 |
|
| |
RSA 2008: Sourcefire founder Roesch previews Snort 3
(SearchSecurity.com)
In this video interview, Sourcefire founder and Snort creater Martin Roesch talks about the sudden departure of the company's CEO and the future of intrusion defense. |
|
|
| |
Microsoft eyes less obtrusive security
During an RSA Conference 2008 appearance, Microsoft product unit manager David Cross said the software giant wants to make its security more automated and less invasive. |
|
|
| |
Oracle preps CPU for 41 flaws
(Security Bytes)
Oracle said Thursday that it is prepping a Critical Patch Bulletin (CPU) to address 41 security holes across its product line. |
|
|
| 10 Apr 2008 |
|
| |
Inside MSRC: Microsoft gives guidance on security updates
Microsoft's Bill Sisk takes the reader through the software giant's April 2008 security bulletins. |
|
|
| |
Panel: Firms can't manage DLP with products alone
(SearchFinancialSecurity.com)
Data protection is about fixing broken business practices rather than bolting on DLP products, three security officers said during an RSA Conference 2008 panel discussion. |
|
|
| |
Next version of PCI DSS due in September
PCI Security Standards Council GM Bob Russo says tweaks and clarifications are expected in the areas of wireless and application security. |
|
|
| |
RSA attendees see data classification, rights management projects stumble
Companies are starting data classification projects to minimize data leakage, but it's hard to find successful projects. In this Q&A an expert shares some effective strategies. |
|
|
| 09 Apr 2008 |
|
| |
RSA 2008: Defeating botnets
(SearchSecurity.com)
Ron Teixeira, executive director of the National Cybersecurity Alliance talks about how a mixture of education and technology could defeat the botnet threat. |
|
|
| |
RSA 2008: Financial industry security challenges
(SearchSecurity.com)
(ISC)2 Executive Director Ed Zeitler talks about the unique security challenges facing the financial industry. |
|
|
| |
RSA 2008: Hacking techniques
(SearchSecurity.com)
In this video from RSA Conference 2008, security expert Yuval Ben-Itzhak talks about the tools and techniques hackers are using to conduct attacks and some of the latest threats. |
|
|
