- February 27, 2009
Bank uses email encryption to securely exchange confidential information with commercial customers.
- February 18, 2009
CVS pharmacy employees allegedly committed a HIPAA violiation when tossing pill bottle labels with patient information into the trash.
- February 18, 2009
Moxie Marlinspike explains how his hacking technique fools Web users into thinking they are on an SSL-protected site, leaving them feeling quite safe, but pwned all the same.
- December 09, 2008
Start-up DataGuise enters the data masking market fueled by regulatory compliance pressures. One analyst says companies prefer masking over other techniques.
- October 24, 2008
There are reports emerging Friday morning of a new Trojan exploiting the MS08-067 RPC vulnerability in Windows that Microsoft patched with an emergency fix yesterday. Known as Gimmiv.A, the Trojan ...
Sponsored by Forcepoint - Organizations of all sizes have been called upon to swiftly support remote work in order to safeguard the health of their workforce and local communities. As businesses are called upon to scale up remote work procedures for the physical safety of employees, IT teams must accelerate the adoption of technology that ensures their people and data are secure—without hurting productivity or morale. See More
Sponsored by Forcepoint - As security teams are tasked with the duty of rapidly scaling up protections for remote workers, one of the key considerations they must keep in mind is how to safeguard data no matter where it resides or travels. This is hardly a new problem. However, the vastly broadened scope of remote work today requires security teams to revisit policies and technologies. Some solutions that may have been sufficient for isolated use cases don't adequately protect a completely distributed workforce. See More
Sponsored by Forcepoint - In response to the rapid rise in remote work, cybersecurity teams have increased their efforts to protect their dispersed team’s cyber hygiene. The rapid rise in remote work to protect the health of employees has required cybersecurity teams to scale their efforts to similarly protect the cyber hygiene of these workers as they operate in new conditions. One of the key directives for cybersecurity departments looking to safeguard the people and data within a distributed enterprise is the implementation of cyber defenses that can move with employees and protect them—regardless of their location or device. See More
- June 12, 2008
Small businesses are turning to managed security service providers. The industry is growing and Perimeter eSecurity's aggressive acquisition spree is shaping the market.
- June 06, 2008
Email security vendor Tumbleweed will merge with Axway, in a deal that one analyst calls a death knell for the vendor.
- April 21, 2008
A researcher has discovered a new hacking technique that exploits a programming vulnerability common in many applications.
- April 02, 2008
Kerberos is one of the most-widely used authentication methods today, but experts explain that it comes with some weaknesses.
- March 19, 2008
Hannaford takes heat from officials who believe the supermarket chain was slow in disclosing its breach. Meanwhile, one of Hannaford's security vendors gets defensive.
- March 19, 2008
The security incident at the Hannaford supermarket chain and elsewhere have some wondering if it's time to purchase data breach insurance. But experts say there are drawbacks.
- March 18, 2008
The Hannaford Bros. Co. supermarket chain is the latest company to suffer a data breach. It illustrates the need for companies to have a survival plan tucked away, experts say.
- March 05, 2008
Security experts say IT pros should be more concerned about the risks created by misconfigured networks than all the flaws and exploit code they read about.
- February 27, 2008
IT shops are looking at virtualization as a way to improve data security and make patch deployments more efficient. But IT pros and analysts say there are security risks as well.
- February 01, 2008
Windows Server 2008, expected to release Feb. 27, is first server product built from scratch since the advent Trustworthy Computing at Microsoft. Bill Laing, general manager of the Windows Server Division at Microsoft, says security in this product ...
- January 14, 2008
Expert Michael Cobb explains how to keep malicious hackers out of enterprise databases.
- December 10, 2007
Companies that identify, monitor, report and investigate audit trails and conduct risk analytics are taking the right steps to protect critical data, according to one expert.
- December 05, 2007
Cisco Systems Inc. is adding role-based access control into its switches to carry role information to every enforcement point in the network.
- November 13, 2007
To better serve customers preoccupied with regulatory compliance and identity management, Sun has agreed to acquire enterprise role-management vendor Vaau.
- November 05, 2007
In a move that was widely expected, Symantec announced Monday that it will acquire data loss prevention (DLP) vendor Vontu for $350 million.
- October 09, 2007
McAfee is acquiring endpoint encryption vendor SafeBoot Corp. in a $350 million deal to bolster the antivirus vendor's mobile device security software.
- September 06, 2007
Attackers could exploit two flaws in the popular Intuit QuickBooks Online Edition to cause buffer overflows and download or upload files in arbitrary locations, US-CERT warned.
- August 17, 2007
VMware, the leader in virtualization software, has acquired Determina, a provider of host IPS technology.
- May 18, 2007
Distributed denial-of-service attacks against Estonian computer systems probably originated from smaller groups in control of botnets rather than the Russian government, experts say.
- May 07, 2007
The TJX hackers started their assault two years ago by attacking security holes in the retail giant's wireless system outside a Minnesota Marshalls.
- March 01, 2007
Following the recent TJX data breach, several PCI Data Security Standard auditors say the retailer violated basic requirements of the PCI DSS. But they say there are lessons to be learned from TJX's mistakes.
- January 18, 2007
Security experts are mixed on whether TJX acted properly following a massive data breach last month. One expert says potential victims should have been notified sooner.
- November 15, 2006
Fiber optic networks aren't hack-proof: A savvy attacker can crack them with ease.
- October 13, 2006
This week, the blogosphere is buzzing about Google Code Search. Despite concerns that the tool will aid attackers, some see it as a boost for security.
- October 11, 2006
The new search tool from Google can help developers find useful code examples. But security experts worry that it also will make attackers' jobs that much easier.
- June 29, 2006
EMC confirms that it will buy RSA Security for just under $2.1 billion. Observers say RSA faced a choice of either selling out at its peak or carrying on with a questionable strategy dependant on acquisitions.
- June 05, 2006
The San Diego Supercomputer Center has had only one compromise in nearly six years, without using a firewall. The SDSC's security manager explains how.
- May 18, 2006
The problem with information security certifications isn't that they're being offered to those without experience, writes Pete Herzog. The real issue is that security pros are often measured by their test-taking skills, not their ability to apply ...
- January 06, 2006
If SSH Communications Security makes it easier to deploy and use, SSH Tectia will step up as a robust enterprise product.
- January 05, 2006
The Santa Clara, Calif.-based network security provider agrees to a cash penalty to be distributed to harmed investors, per the Sarbanes-Oxley Act.
- November 28, 2005
A trial attorney with the Department of Justice offers an inside look at Operation Firewall, the 18-month investigation that nabbed a network of thieves responsible for 1.7 million credit card thefts.
- October 19, 2005
Attackers have new tools to launch faster, more powerful attacks. Contributor Ed Skoudis offers up some examples, some of which are very clever and very evil.
- August 31, 2005
LURHQ researchers say the Myfip worm is a good example of the malcode Chinese hackers are using in the so-called Titan Rain attacks against U.S. government networks.
- August 29, 2005
Its creator says the newer certification aims to complement, not compete with, the better known CISSP. Others aren't convinced the distinction is clear.
- August 01, 2005
The security vendor creates new opportunity to show skills with its 3D System and the popular open source IDS.
- July 15, 2005
The IT director for the National Center for Missing & Exploited Children had a severe spyware problem that couldn't be cured by keeping his employees away from child pornography. Find out what he did instead.
- May 09, 2005
Attackers could use this "very significant" flaw to read plaintext communications.
- May 06, 2005
Want to move up the security career ladder but can't decide between CSO or CISO? First, you might consider whether either title will still exist when you're ready to assume it.
- May 03, 2005
XML security vendors are shoring up their products to protect Web services against viruses, worms and malware.
- March 08, 2005
Security researchers say this type of attack leaves enterprise customers of popular Windows products open to a denial of service. There is good news, though.
- January 31, 2005
Home-grown apps are susceptible to buffer overflows as are Windows and Linux apps; the conclusion of this two-part series will detail how to protect applications from attack.
- January 27, 2005
Who has the best shot at high-paying jobs requiring security clearances?
- December 20, 2004
Guidelines for good online behavior.
- December 16, 2004
Developers of the popular open-source tool are starting to charge commercial customers who bring nothing to the project's development.
- December 14, 2004
The nation's IT landscape is loaded with antiquated software ripe for attack. But a new study suggests most companies don't plan to address the problem.
- November 15, 2004
Free tool can gauge effectiveness, performance of IPS devices.
- October 06, 2004
SOX is mandatory for most public corporations and focuses on regulating corporate behavior to protect financial audit records. Read about the three main areas of SOX that affect IT: Sections 302, 404 and 802.
- October 06, 2004
Sarbanes-Oxley contains many features, but there are two that stand out from an IT security perspective.
- October 06, 2004
What rights and responsibilities do employers and employees have when monitoring others' use of company systems?
- August 18, 2004
The proliferation of data and devices is making more enterprises consider graphics-based authentication, from which arises a greater pool of possibilities -- and problems.
- June 17, 2004
When purchasing software, asking tough questions and other steps can help you to determine application security -- a major component of the total cost of ownership.
- June 01, 2004
Log analysis is the most under-appreciated, unsexy aspect of infosecurity, yet Marcus Ranum says it's one of the most important.
- May 27, 2004
Los Angeles County Department of Health Services bioterrorism IT coordinator David Cardenas fields and distributes about a dozen serious health alerts to physicians, hospitals and response agencies and must ensure the flow of such sensitive ...
- April 01, 2004
The depreciation of capital assets, such as security hardware and software, is a tax benefit that every infosec manager should take into consideration.
- April 01, 2004
Marcus Ranum explains why the whole notion of cyberwarfare is a scam.
- April 01, 2004
An emerging breed of database security tools is helping security teams spot attackers' favorite techniques, like SQL injection.
- March 04, 2004
Reader inquiries about security issues surrounding .zip files prompted a Q&A with Wild List moderator Bruce Hughes, who cites more than 40 worms since 1999 that have taken advantage of the compressed file format to spread.
- March 01, 2004
Stateful packet-filtering firewalls account for more than 90% of the market, but the proxy firewall folks haven't rolled up their tents yet. In this firewall comparision you will discover which is better for your enterprise?
- January 05, 2004
SearchSecurity.com editors Crystal Ferraro and Mia Shopis take up the debate of whether enterprises should hire reformed hackers.
- October 14, 2003
In this interview, the security officer for Terminal 4 at JFK International Airport talks about the integration of logical and physical security, and the role biometrics can play.
- August 19, 2003
The Nachi worm, which tries to delete the Lovsan worm and patch infected systems, is clogging internal networks with trash traffic.
- August 03, 2003
Combining device-based authentication technology with existing user-based authentication would be appealing for many organizations, but technical details remain unclear.
- June 02, 2003
When considering how to learn IT security, never underestimate the power of a few minutes of downtime.
- April 01, 2003
Marcus Ranum explains how network packet analyzers offer a worm's-eye view of what's traversing an enterprise network.
- January 22, 2003
Smell a RAT? Some security experts predict you will at some point during 2003. Remote access Trojans often leave backdoors wide open for attackers to prowl through your company's networks or systems.
- December 20, 2002
If you're a virus writer, don't expect to have your nefarious work named after your favorite dog, diet drink or exotic dancer. Antivirus researchers have first dibs on virus names.
- November 27, 2002
- October 24, 2002
SearchSecurity recently invited networking expert Lisa Phifer to speak about troubleshooting IPSec VPNs. We ran out of time during the Webcast for her to answer several questions from the audience, but, she answers those questions here. Phifer is ...
- October 03, 2002
SANS, FBI identify top 20 Windows, Unix vulnerabilities
- September 13, 2002
Here are the answers to the intrusion detection basics test based on the tutorial Webcast.
- July 23, 2002
PHP flaw could crash, burn Web servers
- July 23, 2002
Quick Takes: Major vendors throw support at SAML
- March 29, 2002
SearchSecurity recently invited networking expert Lisa Phifer to speak about understanding IPSec VPN crypto. We ran out of time during the Webcast for her to answer several questions from the audience, but, she answers those questions here. If you ...
- March 18, 2002
SearchSecurity invited author and security expert Dr. Richard Smith to speak about authentication and his recently published book on the subject last month. We ran out of time during the Webcast for him to answer several questions from the audience,...
- December 13, 2000 13 Dec'00