April 2013

• April 16, 2013 16 Apr'13

  To nullify targeted attacks, limit out-of-office message security risk

  Expert Michael Cobb details how to reduce out-of-office message security risk --and thus targeted attacks -- by limiting personal info given.  Continue Reading

• April 15, 2013 15 Apr'13

  How to prevent SQL injection attacks by validating user input

  Expert Michael Cobb discusses how to prevent SQL injection attacks by validating user input and utilizing parameterized stored procedures.  Continue Reading

• April 15, 2013 15 Apr'13

  In 2013, Cisco network security product strategy to key on integration

  Video: Cisco SVP Chris Young details the vendor's 2013 network security product strategy, specifically combining more features into its line of ASA firewalls.  Continue Reading

• April 12, 2013 12 Apr'13

  April Patch Tuesday security update could cause system errors

  Microsoft has pulled a faulty security update in MS13-036, part of its April 2013 Patch Tuesday release. Those who had installed it should remove it.  Continue Reading

• April 12, 2013 12 Apr'13

  Opinion: The APT1 aftermath and information sharing

  Marcus Ranum says the Mandiant APT1 report must serve as a model for better information sharing within the information security industry.  Continue Reading

• April 12, 2013 12 Apr'13

  How to use RAT security flaws to turn the table on attackers

  Nick Lewis discusses how to learn from RAT security flaws not only for defense, but also to find out more about attackers via offensive security.  Continue Reading

• April 11, 2013 11 Apr'13

  With Windows XP security updates ending, enterprises must plan ahead

  With Windows XP security updates ending in 2014, organizations still running the venerable Microsoft OS should start making transition plans.  Continue Reading

• April 11, 2013 11 Apr'13

  MiniFlame malware: Assessing the threat to enterprises

  Expert Nick Lewis analyzes miniFlame, the plug-in for the Flame malware, to determine how it operates and whether enterprises should be concerned.  Continue Reading

• April 11, 2013 11 Apr'13

  Choosing security products: DLP technology

  Data leakage prevention tools offer undeniable value in helping enterprises develop a deeper understanding of their data. Learn the key capabilities to look for in winning DLP products.  Continue Reading

• April 11, 2013 11 Apr'13

  McGraw: Use VBSIMM software security model when buying software

  Video: Gary McGraw explains how JPMorgan Chase and others use the VBSIMM security model to vet software purchased from third-party vendors.  Continue Reading

• April 10, 2013 10 Apr'13

  DLP management tools and reporting: Key considerations

  When it comes to DLP management tools, installation and maintenance of a single centralized management console to house all rules and alerts are key.  Continue Reading

• April 10, 2013 10 Apr'13

  With DLP, encryption and integration strengthen security policies

  Encryption and DLP integration can be used to enhance and strengthen security policies for sensitive data, and for blocking and enforcement actions.  Continue Reading

• April 10, 2013 10 Apr'13

  Using DLP tools for data leakage alerting and preventive actions

  When evaluating DLP tools, it's important to determine data leakage alerting and preventive action needs for potential violations and blocking.  Continue Reading

• April 10, 2013 10 Apr'13

  DLP monitoring: Defining policies to monitor data

  DLP monitoring policies help define what data to evaluate, how data monitoring processes should occur, and what enforcement and alerting actions to take.  Continue Reading

• April 10, 2013 10 Apr'13

  Effective DLP products need data discovery and data fingerprinting

  Effective DLP products must be able to handle data discovery to identify and monitor sensitive data. Learn why these features matter.  Continue Reading

• April 10, 2013 10 Apr'13

  Veracode report highlights key problems in mobile app security

  Security testing vendor Veracode has released a report showing that mobile apps aren't getting their cryptography right.  Continue Reading

• April 10, 2013 10 Apr'13

  Block Windows Help files to help prevent social engineering attacks

  Expert Nick Lewis explains how to prevent social engineering attacks that utilize Windows Help files by blocking attachments with the .hlp extension.  Continue Reading

• April 10, 2013 10 Apr'13

  Sourcefire's Roesch: How Snort can normalize JavaScript, model rules

  Video: Snort creator Martin Roesch discusses new Snort features like JavaScript normalization and rule modeling, and looks ahead to Snort's future.  Continue Reading

• April 10, 2013 10 Apr'13

  Nick Lewis, SearchSecurity expert on enterprise threats

  Information security threats expert Nick Lewis is standing by to help you defend your organization from attacks. Submit your questions & check out his latest answers.  Continue Reading

• April 09, 2013 09 Apr'13

  For CISOs, California Right to Know Act would raise privacy emphasis

  The proposed California Right to Know Act may compel CISOs to develop additional privacy policies or create new privacy officer roles.  Continue Reading