- May 24, 2012
The number of computer security laws in the U.S. can be daunting. One bold lawyer suggests a way to prioritize the laws and avoid most legal battles.
- May 24, 2012
Lookingglass shines a light on the security posture of an enterprise’s partners, clients and third-party providers.
- May 17, 2012
Venture capital firms are funding security technologies after a quiet period. The investments are a silver lining in a still bleak overall outlook.
- May 17, 2012
CISO responsibilities can be overwhelming, according to a new IBM survey. One solution may be to divide the role into two jobs.
- May 02, 2012
Oracle's refusal to patch a zero-day in its flagship database management system is another example of how it carelessly exposes customers to risk.
Sponsored by Akamai - Visiting a website today, users gain access to a rich, interactive experience that is often customized to their preferences and enhanced for their convenience. See More
Sponsored by Forcepoint - Organizations of all sizes have been called upon to swiftly support remote work in order to safeguard the health of their workforce and local communities. As businesses are called upon to scale up remote work procedures for the physical safety of employees, IT teams must accelerate the adoption of technology that ensures their people and data are secure—without hurting productivity or morale. See More
Sponsored by Akamai - At a time when many businesses have their resources stretched to the limit, the scourge of distributed denial-of-service (DDoS) attacks has continued unabated and added to the difficulties faced by many during this ongoing pandemic. See More
Sponsored by Forcepoint - As security teams are tasked with the duty of rapidly scaling up protections for remote workers, one of the key considerations they must keep in mind is how to safeguard data no matter where it resides or travels. This is hardly a new problem. However, the vastly broadened scope of remote work today requires security teams to revisit policies and technologies. Some solutions that may have been sufficient for isolated use cases don't adequately protect a completely distributed workforce. See More
- April 27, 2012
Reverse engineering mobile apps help pen testers find weaknesses and hidden malware, but the various mobile platforms and different versions make automation difficult, according to one expert.
- April 27, 2012
The Cyber Intelligence Sharing and Protection Act (CISPA), clears security vendors of any liability for sharing customer attack data with federal officials.
- April 24, 2012
Two program managers at SOURCE Boston shared how a serious vulnerability reported to the MSRC fell into a spam filter and caused an out-of-band patch.
- April 19, 2012
U.S. firms with European customers are wondering about the new “cookie law.” Experts have different advice for European cookie law compliance.
- April 12, 2012
How would you define a security threat? The correct answer could score the funding you need for your next security project.
- April 11, 2012
Cloud Security Alliance transparency effort expands with addition of Windows Azure.
- April 09, 2012
Aligning IT security with business goals is nice, but is it always realistic? Mandates from management often clash with the industry’s ideal characterization of an IT security leader.
- April 04, 2012
TIBCO, an integration software company with little security experience, will purchase one of the few remaining viable standalone SIEM vendors. Terms were not disclosed.
- April 03, 2012
Payment processor Global Payment is the latest poster child for PCI shortcomings and shoddy data security.
- April 03, 2012
There are many mobile device management (MDM) platforms, but they may be unnecessary if you can use the security features native to the devices.
- March 30, 2012
Is there really such a thing as secure remote access? Editor Eric B. Parizo says there are too many security-related remote access problems to ignore.
- March 28, 2012
Verizon says cloud breaches are more about giving up control of assets rather than technology vulnerabilities.
- March 27, 2012
Stolen Facebook account credentials could potentially give attackers access to the victim’s corporate network.
- March 26, 2012
Leading ISPs sign the U.S. Anti-Bot Code of Conduct, which stops short of demanding ISPs provide a clean pipe to customers.
- March 19, 2012
The Duqu Trojan’s communications module was written in a custom version of C—indicating a sophisticated professional development team at work.
- March 15, 2012
Vendors and government call for security pros from different organizations to work together, but will our competitive nature stand in our way?
- March 15, 2012
Tight controls over the mobile device and the use of VPN tunnels could be employed in enterprise mobile security plans.
- March 12, 2012
Vulnerability research is at a crossroads as bug hunters in pursuit of zero-day vulnerabilities and exploits feel pressure from the security community.
- March 08, 2012
Changes to the data protection regulations are on the way for the European Union, and the fallout in Europe serves as a good case study for U.S. businesses.
- March 02, 2012
DNS provider said it plans a big move into enterprise security market.
- March 01, 2012
Luminary Dan Kaminsky, known for his DNS research, pushed RSA Conference 2012 attendees toward security innovation by upending conventional wisdom.
- February 22, 2012
Big Blue unveils integration of its Q1 Labs acquisition giving IT security pros the ability to add rule-based alerts using threat intelligence feeds.
- February 06, 2012
A researcher calls the state of industrial control system security “laughable” and warns of the consequences of unpatched critical infrastructure that is reachable over the Internet.
- January 23, 2012
For all the enterprise information security news that matters, visit our news page on SearchSecurity.
- December 30, 2011
Malware toolkits are being programmed with attacks that make the most business sense, say security experts. Automated toolkit users will have new capabilities to target specific groups and organizations.
- December 20, 2011
Legislation is aimed at stopping piracy, but security professionals and industry groups say it could weaken security, hamper innovation and limit competition among small businesses and startups.
- December 14, 2011
Those responsible for the Nitro attacks earlier this year are targeting chemical companies with malicious emails claiming to be from Symantec.
- December 09, 2011
SearchSecurity.com's news team explores the challenges and technologies enterprises must know to successfully manage mobile security.
- November 15, 2011
Enterprises swayed by vendor marketing and a lack of understanding still fail to adequately counter advanced persistent threats (APT).
- October 05, 2011
Using private cloud at separate data centers has allowed the Department of Homeland Security to strike a balance between security and cost savings.
- September 22, 2011
Should the (ISC)2 look to grow the pool of CISSPs to meet demand, or boost CISSP value for those who already have it? Eric B. Parizo looks at both sides.
- September 21, 2011
Amid emerging attack methods and the rollout of a new generation of BIOS, NIST offers guidelines to help enterprises reduce the risk of BIOS attacks.
- May 05, 2011
A new report produced by noted security researcher Marc Maiffret outlines free steps companies can take to greatly reduce the attack surface.
- May 03, 2011
Sony executives said an attack on its PlayStation Network systems, also exposed the data of 24.6 million users at its Online Entertainment division.
- April 26, 2011
Running an application security program requires more than a solid budget. It needs a person with deep knowledge of the organization and its engineering processes.
- April 04, 2011
Two waves of email attacks targeted small groups of RSA employees, the company said in a blog post last week revealing the first details of the attack since the breach was announced March 22.
- March 23, 2011
A breach at a registration authority caused Comodo to issue nine fraudulent certificates, enabling an attacker to impersonate some major websites and servers.
- February 10, 2011
Security vendors at RSA Conference 2011 need to be more specific about the security technologies they are aiming at the cloud, industry analysts say.
- January 31, 2011
A study by the Ponemon Institute found that the average total cost of compliance is more than $3.5 million.
- September 15, 2010
OpenPages will be integrated with IBM's business analytics software portfolio.
- August 30, 2010
Senior Site Editor Eric B. Parizo says infosec pros need to participate in the public dialog for the good of the industry and offers harsh words for companies who silence their own security talent.
- June 22, 2010
The research firm argues social networking isn't the responsibility of enterprise information security, but social media governance policies and monitoring practices are important.
- May 11, 2010
Fraud losses involving RDC technology have the potential to skyrocket if banks don't work proactively to deal with the risks, research firm says.
- March 23, 2010
First American Title Insurance Company cuts identity management user provisioning time from days to seconds with Microsoft Forefront Identity Manager 2010.
- March 12, 2010
Jeremiah Grossman told RSA Conference 2010 attendees that a successful defense against Web-based flaws requires both a secure browser and a secure website infrastructure.
- October 13, 2009
Experts cite five areas where financial institutions could improve their planning for a potential H1N1 outbreak
- September 22, 2009
The encryption-token service could compete against vendors offering format preserving encryption to secure payment transactions.
- September 15, 2009
Attackers target a background Web services authentication application used by ISPs and Web applications to authenticate users.
- July 30, 2009
Researcher Dino Dai Zovi presented details on a rootkit called Machiavelli, a proof-of-concept Mac OS X rootkit that seeks to dent what many Mac enthusiasts believe is an impervious OS.
- July 30, 2009
Researchers have figured out a way to spoof sender numbers, bypass carrier protections and trick mobile devices to pull content from an attacker's server. This would leave users vulnerable to phishing attacks and other scams.
- June 24, 2009
The company agrees to pay legal expenses related to investigations conducted by 41 Attorneys Generals and establish a data security fund for states.
- April 28, 2009
There's no room for error in forensic accounting – the process of gathering financial-related information for legal review and potential use in a court of law – as "every mistake will be put under a magnifying glass and made much worse ...
- April 08, 2009
Payment Card Industry Data Security Standard (PCI DSS) expert Ed Moyle of CTG recently joined SearchSecurity.com for a live Q&A to address your ...
- February 27, 2009
Bank uses email encryption to securely exchange confidential information with commercial customers.
- February 18, 2009
CVS pharmacy employees allegedly committed a HIPAA violiation when tossing pill bottle labels with patient information into the trash.
- February 18, 2009
Moxie Marlinspike explains how his hacking technique fools Web users into thinking they are on an SSL-protected site, leaving them feeling quite safe, but pwned all the same.
- December 09, 2008
Start-up DataGuise enters the data masking market fueled by regulatory compliance pressures. One analyst says companies prefer masking over other techniques.
- October 24, 2008
There are reports emerging Friday morning of a new Trojan exploiting the MS08-067 RPC vulnerability in Windows that Microsoft patched with an emergency fix yesterday. Known as Gimmiv.A, the Trojan ...
- June 12, 2008
Small businesses are turning to managed security service providers. The industry is growing and Perimeter eSecurity's aggressive acquisition spree is shaping the market.
- June 06, 2008
Email security vendor Tumbleweed will merge with Axway, in a deal that one analyst calls a death knell for the vendor.
- April 21, 2008
A researcher has discovered a new hacking technique that exploits a programming vulnerability common in many applications.
- April 02, 2008
Kerberos is one of the most-widely used authentication methods today, but experts explain that it comes with some weaknesses.
- March 19, 2008
Hannaford takes heat from officials who believe the supermarket chain was slow in disclosing its breach. Meanwhile, one of Hannaford's security vendors gets defensive.
- March 19, 2008
The security incident at the Hannaford supermarket chain and elsewhere have some wondering if it's time to purchase data breach insurance. But experts say there are drawbacks.
- March 18, 2008
The Hannaford Bros. Co. supermarket chain is the latest company to suffer a data breach. It illustrates the need for companies to have a survival plan tucked away, experts say.
- March 05, 2008
Security experts say IT pros should be more concerned about the risks created by misconfigured networks than all the flaws and exploit code they read about.
- February 27, 2008
IT shops are looking at virtualization as a way to improve data security and make patch deployments more efficient. But IT pros and analysts say there are security risks as well.
- February 01, 2008
Windows Server 2008, expected to release Feb. 27, is first server product built from scratch since the advent Trustworthy Computing at Microsoft. Bill Laing, general manager of the Windows Server Division at Microsoft, says security in this product ...
- January 14, 2008
Expert Michael Cobb explains how to keep malicious hackers out of enterprise databases.
- December 10, 2007
Companies that identify, monitor, report and investigate audit trails and conduct risk analytics are taking the right steps to protect critical data, according to one expert.
- December 05, 2007
Cisco Systems Inc. is adding role-based access control into its switches to carry role information to every enforcement point in the network.
- November 13, 2007
To better serve customers preoccupied with regulatory compliance and identity management, Sun has agreed to acquire enterprise role-management vendor Vaau.
- November 05, 2007
In a move that was widely expected, Symantec announced Monday that it will acquire data loss prevention (DLP) vendor Vontu for $350 million.
- October 09, 2007
McAfee is acquiring endpoint encryption vendor SafeBoot Corp. in a $350 million deal to bolster the antivirus vendor's mobile device security software.
- September 06, 2007
Attackers could exploit two flaws in the popular Intuit QuickBooks Online Edition to cause buffer overflows and download or upload files in arbitrary locations, US-CERT warned.
- August 17, 2007
VMware, the leader in virtualization software, has acquired Determina, a provider of host IPS technology.
- May 18, 2007
Distributed denial-of-service attacks against Estonian computer systems probably originated from smaller groups in control of botnets rather than the Russian government, experts say.
- May 07, 2007
The TJX hackers started their assault two years ago by attacking security holes in the retail giant's wireless system outside a Minnesota Marshalls.
- March 01, 2007
Following the recent TJX data breach, several PCI Data Security Standard auditors say the retailer violated basic requirements of the PCI DSS. But they say there are lessons to be learned from TJX's mistakes.
- January 18, 2007
Security experts are mixed on whether TJX acted properly following a massive data breach last month. One expert says potential victims should have been notified sooner.
- November 15, 2006
Fiber optic networks aren't hack-proof: A savvy attacker can crack them with ease.
- October 13, 2006
This week, the blogosphere is buzzing about Google Code Search. Despite concerns that the tool will aid attackers, some see it as a boost for security.
- October 11, 2006
The new search tool from Google can help developers find useful code examples. But security experts worry that it also will make attackers' jobs that much easier.
- June 29, 2006
EMC confirms that it will buy RSA Security for just under $2.1 billion. Observers say RSA faced a choice of either selling out at its peak or carrying on with a questionable strategy dependant on acquisitions.
- June 05, 2006
The San Diego Supercomputer Center has had only one compromise in nearly six years, without using a firewall. The SDSC's security manager explains how.
- May 18, 2006
The problem with information security certifications isn't that they're being offered to those without experience, writes Pete Herzog. The real issue is that security pros are often measured by their test-taking skills, not their ability to apply ...
- January 06, 2006
If SSH Communications Security makes it easier to deploy and use, SSH Tectia will step up as a robust enterprise product.
- January 05, 2006
The Santa Clara, Calif.-based network security provider agrees to a cash penalty to be distributed to harmed investors, per the Sarbanes-Oxley Act.
- November 28, 2005
A trial attorney with the Department of Justice offers an inside look at Operation Firewall, the 18-month investigation that nabbed a network of thieves responsible for 1.7 million credit card thefts.
- October 19, 2005
Attackers have new tools to launch faster, more powerful attacks. Contributor Ed Skoudis offers up some examples, some of which are very clever and very evil.
- August 31, 2005
LURHQ researchers say the Myfip worm is a good example of the malcode Chinese hackers are using in the so-called Titan Rain attacks against U.S. government networks.
- August 29, 2005
Its creator says the newer certification aims to complement, not compete with, the better known CISSP. Others aren't convinced the distinction is clear.
- August 01, 2005
The security vendor creates new opportunity to show skills with its 3D System and the popular open source IDS.
- July 15, 2005
The IT director for the National Center for Missing & Exploited Children had a severe spyware problem that couldn't be cured by keeping his employees away from child pornography. Find out what he did instead.
- May 09, 2005
Attackers could use this "very significant" flaw to read plaintext communications.