Security Bytes: Strategic shift at Symantec leads to 80 layoffs

FrSIRT noted that proof-of-concept exploits have been published.

These new IE flaw reports come only days after Microsoft and Symantec warned of flaws and exploits targeting Microsoft's Remote Access Connection Manager (RASMAN), which was patched in the MS06-025 security bulletin June 13; and Windows Live Messenger, the instant messaging client formerly called MSN Messenger.

Apple fixes Mac OS X flaws
Apple Computer Inc. has released Mac OS X version 10.4.7 to address multiple security holes in the operating system.

The update addresses the following problems:

The flaws do not affect Mac OS X versions prior to 10.4.0

New data security bill filed
Sen. Bob Bennett, R-Utah, and Sen. Tom Carper, D-Del., have added to the growing list of data security measures now pending before Congress. The proposed Data Security Act of 2006 would create a national data protection and breach notification standard, Computerworld reported.

"This bill would require all financial institutions, retailers and government agencies to maintain strong internal safety protections for the data they hold," Carper said in a statement. It would also require them to "quickly investigate" security breaches and to notify law enforcement, regulators and customers when there is a real risk of harm, he said.

The proposed bill would expand the reach of current laws that require only financial institutions to protect the security and confidentiality of customer information, Bennett said in a separate statement.

The Bennett-Carper legislation is modeled after the Gramm-Leach-Bliley Act and will require federal and state regulators to enforce compliance with the law and to make sure that data security procedures are uniformly applied, Computerworld noted.

F-Secure patches flaw in its antivirus products
Finnish antivirus firm F-Secure Corp. has addressed flaws that could allow attackers to push malware past the sensors of several antivirus products.

"Antivirus products for Windows client and server systems fail to detect malware under certain circumstances," F-Secure said in an advisory. "Failures of this kind may lead to malware infections on protected systems."

Linux, mobile and Windows-based gateway products are not affected by the vulnerability, F-Secure said.

The advisory and issued hotfixes address two separate scenarios that both can lead to malware bypass:

Both scenarios may lead to system infection as the real-time scanner may grant permission to execute program files even if they are infected. But the vulnerability cannot, to F-Secure's knowledge, be used for privilege escalation attacks or to gain remote access to affected systems.

Tags: Security Industry Market Trends, Predictions and Forecasts,  Alternative OS security: Mac, Linux, Unix, etc.,  Web Browser Security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Security Industry Market Trends, Predictions and Forecasts Cybersecurity czar candidate questions clout of new position Gartner sees better days ahead for security budgets Sophos CEO on Symantec, McAfee after Utimaco acquisition WH cybersecurity plan needs private sector guidance Obama announces creation of cybersecurity coordinator position Security budgets take hit in media, tech industry, survey finds Cybersecurity Act of 2009: Power grab, or necessary step? Opinion: Gartner gets NAC wrong, again Cloud computing security group releases report outlining trouble areas White House cybersecurity advisor calls for public-private cooperation Security Industry Market Trends, Predictions and Forecasts Research Alternative OS security: Mac, Linux, Unix, etc. Mac OS memory flaws pose challenges for enterprise endpoint protection Rootkit Hunter demo: Detect and remove Linux rootkits Oracle to buy Sun Microsystems for $7.4 billion How to harden Linux operating systems Serious holes in Mac OS X memory, researcher shows What is the best operating system for an FTP server implementation? Black Hat DC 2009: Mac OS attack method New hacking method stealthily attacks Macs with malware Apple fixes critical QuickTime flaws User provisioning and SSO for PeopleSoft- and Unix-based products Alternative OS security: Mac, Linux, Unix, etc. Research Web Browser Security Researchers to demonstrate new EV SSL man-in-the-middle hacks Security researchers develop browser-based darknet Microsoft cracks down on click fraud ring Mozilla patches 11 Firefox security flaws, JavaScript errors Microsoft patches WebDAV security vulnerability in bevy of updates IT pros can detect, prevent website vulnerabilities, thwart attacks Stolen FTP credentials likely in massive website attacks Trust eroding as social engineering attacks climb in 2009, says Kaspersky expert US-CERT warns of Gumblar, Martuz drive-by exploits Google study backs browser silent auto update feature Web Browser Security Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary backscatter body scanning  (SearchSecurity.com) marketecture  (SearchSecurity.com) NCSA  (SearchSecurity.com) Palladium  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary