News

News

• April 27, 2012 27 Apr'12

  Reverse engineering tools for mobile apps emerging, expert says

  Reverse engineering mobile apps help pen testers find weaknesses and hidden malware, but the various mobile platforms and different versions make automation difficult, according to one expert.

• April 27, 2012 27 Apr'12

  CISPA threat intelligence bill passes House

  The Cyber Intelligence Sharing and Protection Act (CISPA), clears security vendors of any liability for sharing customer attack data with federal officials.

• April 24, 2012 24 Apr'12

  Spam filter gets better of Microsoft SDL—almost

  Two program managers at SOURCE Boston shared how a serious vulnerability reported to the MSRC fell into a spam filter and caused an out-of-band patch.

• April 19, 2012 19 Apr'12

  Experts differ on European ‘cookie law’ advice

  U.S. firms with European customers are wondering about the new “cookie law.” Experts have different advice for European cookie law compliance.

• April 12, 2012 12 Apr'12

  Defining a full security threat

  How would you define a security threat? The correct answer could score the funding you need for your next security project.

• Sponsored News

  • It’s Time to Modernize Your SOC

    Sponsored by Microsoft - With the shift to remote work caused by COVID-19, Security Operations Centers (SOCs) are under more pressure than ever, particularly with many SOC workers also working from home. Today’s reality is that SOCs have to embrace a new way of working in order to keep their analysts and admins effective and to ensure that morale doesn’t collapse under the weight of too much work and pressure. See More

  • 6 Factors to Consider in Building Resilience Now

    Sponsored by Microsoft - COVID-19 has been, and continues to be, a stark reminder of the importance of business resilience. Organizations of all types and sizes have had to adjust to rapidly changing and unpredictable circumstances: A shift to remote work, supply chain disruptions, new digitally driven business models and an environment where uncertainty is the rule, not the exception. See More

  • Why Zero Trust, Why Now

    Sponsored by Microsoft - The concept of a Zero Trust cybersecurity architecture has been around for more than a decade, but adoption didn’t really begin to take hold until the past couple of years. As with many technology innovations, it hasn’t always been clear just what Zero Trust is all about and, more important, how to implement it easily and cost effectively. See More

  • 5 Best Practices To Secure Remote Workers

    Sponsored by Microsoft - The impact of COVID-19 has changed the dynamics and landscape of remote work for at least the foreseeable future and, probably, forever. All of a sudden, organizations across all industries had to scale remote workers at unprecedented intensity and speed. See More

  View All Sponsored News
• April 11, 2012 11 Apr'12

  Azure boosts CSA’s STAR

  Cloud Security Alliance transparency effort expands with addition of Windows Azure.

• April 09, 2012 09 Apr'12

  Gary McGraw on software security assurance: Build it in, build it right

  If the field of computer security is to be fixed, the only hope we have is building security in, says software security expert Gary McGraw.

• April 09, 2012 09 Apr'12

  Gary McGraw: Build security in from start

  If the field of computer security is to be fixed, the only hope we have is building security in, says software security expert Gary McGraw.

• April 09, 2012 09 Apr'12

  Business and IT security alignment is off

  Aligning IT security with business goals is nice, but is it always realistic? Mandates from management often clash with the industry’s ideal characterization of an IT security leader.

• April 04, 2012 04 Apr'12

  TIBCO to acquire SIEM vendor LogLogic

  TIBCO, an integration software company with little security experience, will purchase one of the few remaining viable standalone SIEM vendors. Terms were not disclosed.

• April 03, 2012 03 Apr'12

  Experts say it's time for a mobile security review

  There are many mobile device management (MDM) platforms, but they may be unnecessary if you can use the security features native to the devices.

• April 03, 2012 03 Apr'12

  Global Payments breach exposes PCI shortcomings

  Payment processor Global Payment is the latest poster child for PCI shortcomings and shoddy data security.

• March 30, 2012 30 Mar'12

  Secure remote access? Security-related remote access problems abound

  Is there really such a thing as secure remote access? Editor Eric B. Parizo says there are too many security-related remote access problems to ignore.

• March 28, 2012 28 Mar'12

  Verizon sheds some light on cloud breaches

  Verizon says cloud breaches are more about giving up control of assets rather than technology vulnerabilities.

• March 27, 2012 27 Mar'12

  Facebook attacks illustrate need for education

  Stolen Facebook account credentials could potentially give attackers access to the victim’s corporate network.

• March 26, 2012 26 Mar'12

  ISP’s anti-botnet code of conduct accomplishes little

  Leading ISPs sign the U.S. Anti-Bot Code of Conduct, which stops short of demanding ISPs provide a clean pipe to customers.

• March 19, 2012 19 Mar'12

  Professional developers behind Duqu Trojan

  The Duqu Trojan’s communications module was written in a custom version of C—indicating a sophisticated professional development team at work.

• March 15, 2012 15 Mar'12

  Can a security association bring us all together?

  Vendors and government call for security pros from different organizations to work together, but will our competitive nature stand in our way?

• March 15, 2012 15 Mar'12

  NSA mobile security plan could be industry roadmap

  Tight controls over the mobile device and the use of VPN tunnels could be employed in enterprise mobile security plans.

• March 12, 2012 12 Mar'12

  Do we need zero-day research?

  Vulnerability research is at a crossroads as bug hunters in pursuit of zero-day vulnerabilities and exploits feel pressure from the security community.

• March 08, 2012 08 Mar'12

  Changes to European privacy laws foreshadow serious business impact

  Changes to the data protection regulations are on the way for the European Union, and the fallout in Europe serves as a good case study for U.S. businesses.

• March 02, 2012 02 Mar'12

  OpenDNS hires Websense CTO, readies enterprise strategy

  DNS provider said it plans a big move into enterprise security market.

• March 01, 2012 01 Mar'12

  Dan Kaminsky offers unconventional wisdom on security innovation

  Luminary Dan Kaminsky, known for his DNS research, pushed RSA Conference 2012 attendees toward security innovation by upending conventional wisdom.

• February 06, 2012 06 Feb'12

  Nothing funny about SCADA and ICS security

  A researcher calls the state of industrial control system security “laughable” and warns of the consequences of unpatched critical infrastructure that is reachable over the Internet.

• January 27, 2012 27 Jan'12

  Time to ban dangerous apps? Exploring third-party app security

  Column: Third-party applications are notoriously hard to patch and often easy to exploit. Is it time to ban applications, or can they be secured with a new approach?

• January 23, 2012 23 Jan'12

  More information security news from SearchSecurity

  For all the enterprise information security news that matters, visit our news page on SearchSecurity.

• December 14, 2011 14 Dec'11

  Nitro attackers use Symantec report

  Those responsible for the Nitro attacks earlier this year are targeting chemical companies with malicious emails claiming to be from Symantec.

• December 09, 2011 09 Dec'11

  Special report: 'Eye On' mobile security

  SearchSecurity.com's news team explores the challenges and technologies enterprises must know to successfully manage mobile security.

• September 22, 2011 22 Sep'11

  (ISC)2 at a crossroads: CISSP value vs. security industry growth

  Should the (ISC)2 look to grow the pool of CISSPs to meet demand, or boost CISSP value for those who already have it? Eric B. Parizo looks at both sides.

• September 21, 2011 21 Sep'11

  NIST guidelines seek to minimize risk of BIOS attacks

  Amid emerging attack methods and the rollout of a new generation of BIOS, NIST offers guidelines to help enterprises reduce the risk of BIOS attacks.

• May 05, 2011 05 May'11

  Maiffret: Configuration changes, attack mitigation can reduce attack surface

  A new report produced by noted security researcher Marc Maiffret outlines free steps companies can take to greatly reduce the attack surface.

• April 26, 2011 26 Apr'11

  Software remediation can get caught in organizational issues

  Running an application security program requires more than a solid budget. It needs a person with deep knowledge of the organization and its engineering processes.

• April 04, 2011 04 Apr'11

  RSA SecurID breach began with spear phishing attack

  Two waves of email attacks targeted small groups of RSA employees, the company said in a blog post last week revealing the first details of the attack since the breach was announced March 22.

• March 23, 2011 23 Mar'11

  Comodo warns of serious SSL certificate breach

  A breach at a registration authority caused Comodo to issue nine fraudulent certificates, enabling an attacker to impersonate some major websites and servers.

• September 15, 2010 15 Sep'10

  IBM to acquire OpenPages for GRC, operational risk management

  OpenPages will be integrated with IBM's business analytics software portfolio.

• August 30, 2010 30 Aug'10

  Opinion: Security information sharing is a shared responsibility

  Senior Site Editor Eric B. Parizo says infosec pros need to participate in the public dialog for the good of the industry and offers harsh words for companies who silence their own security talent.

• June 22, 2010 22 Jun'10

  Gartner: Companies shouldn't bother banning Facebook, social networking

  The research firm argues social networking isn't the responsibility of enterprise information security, but social media governance policies and monitoring practices are important.

• May 11, 2010 11 May'10

  Aite Group: Take action now to manage remote deposit capture risks

  Fraud losses involving RDC technology have the potential to skyrocket if banks don't work proactively to deal with the risks, research firm says.

• March 24, 2010 24 Mar'10

  Apple iPhone, Microsoft IE 8 get hacked in Pwn2Own contest

  Hackers also exploited zero-day vulnerabilities in Apple Safari and Mozilla Firefox browsers in the first day of TippingPoint's Pwn2Own contest Wednesday.

• March 23, 2010 23 Mar'10

  Insurance company finds relief with Forefront user provisioning tool

  First American Title Insurance Company cuts identity management user provisioning time from days to seconds with Microsoft Forefront Identity Manager 2010.

• March 12, 2010 12 Mar'10

  MD5 hash vulnerability is expert's top Web security flaw

  Jeremiah Grossman told RSA Conference 2010 attendees that a successful defense against Web-based flaws requires both a secure browser and a secure website infrastructure.

• October 13, 2009 13 Oct'09

  Five mistakes banks make in pandemic planning

  Experts cite five areas where financial institutions could improve their planning for a potential H1N1 outbreak

• September 15, 2009 15 Sep'09

  Brute force attacks target Yahoo email accounts

  Attackers target a background Web services authentication application used by ISPs and Web applications to authenticate users.

• July 30, 2009 30 Jul'09

  Machiavelli Mac OS X rootkit unveiled at Black Hat

  Researcher Dino Dai Zovi presented details on a rootkit called Machiavelli, a proof-of-concept Mac OS X rootkit that seeks to dent what many Mac enthusiasts believe is an impervious OS.

• July 30, 2009 30 Jul'09

  MMS messaging spoof hack could have global ramifications

  Researchers have figured out a way to spoof sender numbers, bypass carrier protections and trick mobile devices to pull content from an attacker's server. This would leave users vulnerable to phishing attacks and other scams.

• June 24, 2009 24 Jun'09

  TJX to pay $9.75 million for data breach investigations

  The company agrees to pay legal expenses related to investigations conducted by 41 Attorneys Generals and establish a data security fund for states.

• April 28, 2009 28 Apr'09

  Forensic accounting success depends on information security support

  There's no room for error in forensic accounting – the process of gathering financial-related information for legal review and potential use in a court of law – as "every mistake will be put under a magnifying glass and made much worse ...

• April 08, 2009 08 Apr'09

  PCI DSS Q&A: Answering your questions

  Payment Card Industry Data Security Standard (PCI DSS) expert Ed Moyle of CTG recently joined SearchSecurity.com for a live Q&A to address your ...

• February 27, 2009 27 Feb'09

  Wells Fargo deploys Voltage for secure email

  Bank uses email encryption to securely exchange confidential information with commercial customers.

• February 18, 2009 18 Feb'09

  CVS pays $2.25 million HIPAA violation settlement

  CVS pharmacy employees allegedly committed a HIPAA violiation when tossing pill bottle labels with patient information into the trash.

• February 18, 2009 18 Feb'09

  SSLstrip hacking tool bypasses SSL to trick users, steal passwords

  Moxie Marlinspike explains how his hacking technique fools Web users into thinking they are on an SSL-protected site, leaving them feeling quite safe, but pwned all the same.

• December 09, 2008 09 Dec'08

  Data masking hides information from testers

  Start-up DataGuise enters the data masking market fueled by regulatory compliance pressures. One analyst says companies prefer masking over other techniques.

• October 24, 2008 24 Oct'08

  Trojan exploiting MS08-067 RPC vulnerability

  There are reports emerging Friday morning of a new Trojan exploiting the MS08-067 RPC vulnerability in Windows that Microsoft patched with an emergency fix yesterday. Known as Gimmiv.A, the Trojan ...

• June 06, 2008 06 Jun'08

  Tumbleweed merger seen as a negative for email security customers

  Email security vendor Tumbleweed will merge with Axway, in a deal that one analyst calls a death knell for the vendor.

• April 21, 2008 21 Apr'08

  New hacking technique exploits common NULL programming error

  A researcher has discovered a new hacking technique that exploits a programming vulnerability common in many applications.

• April 02, 2008 02 Apr'08

  Kerberos: Authentication with some drawbacks

  Kerberos is one of the most-widely used authentication methods today, but experts explain that it comes with some weaknesses.

• March 19, 2008 19 Mar'08

  Misconfiguration issues could have contributed to Hannaford breach

  Hannaford takes heat from officials who believe the supermarket chain was slow in disclosing its breach. Meanwhile, one of Hannaford's security vendors gets defensive.

• March 19, 2008 19 Mar'08

  The pros and cons of data breach insurance

  The security incident at the Hannaford supermarket chain and elsewhere have some wondering if it's time to purchase data breach insurance. But experts say there are drawbacks.

• March 05, 2008 05 Mar'08

  Misconfigured networks create huge security risks

  Security experts say IT pros should be more concerned about the risks created by misconfigured networks than all the flaws and exploit code they read about.

• February 27, 2008 27 Feb'08

  The security benefits and risks of virtualization

  IT shops are looking at virtualization as a way to improve data security and make patch deployments more efficient. But IT pros and analysts say there are security risks as well.

• February 01, 2008 01 Feb'08

  Microsoft touts security in Windows Server 2008

  Windows Server 2008, expected to release Feb. 27, is first server product built from scratch since the advent Trustworthy Computing at Microsoft. Bill Laing, general manager of the Windows Server Division at Microsoft, says security in this product ...

• January 14, 2008 14 Jan'08

  How to protect and harden a database server

  Expert Michael Cobb explains how to keep malicious hackers out of enterprise databases.

• November 13, 2007 13 Nov'07

  Sun acquiring Vaau for identity management

  To better serve customers preoccupied with regulatory compliance and identity management, Sun has agreed to acquire enterprise role-management vendor Vaau.

• November 05, 2007 05 Nov'07

  Symantec acquires Vontu for DLP know-how

  In a move that was widely expected, Symantec announced Monday that it will acquire data loss prevention (DLP) vendor Vontu for $350 million.

• October 09, 2007 09 Oct'07

  McAfee acquires SafeBoot for endpoint encryption

  McAfee is acquiring endpoint encryption vendor SafeBoot Corp. in a $350 million deal to bolster the antivirus vendor's mobile device security software.

• September 06, 2007 06 Sep'07

  Government warns of dangerous QuickBooks Online flaw

  Attackers could exploit two flaws in the popular Intuit QuickBooks Online Edition to cause buffer overflows and download or upload files in arbitrary locations, US-CERT warned.

• August 17, 2007 17 Aug'07

  VMware acquires HIPS provider Determina

  VMware, the leader in virtualization software, has acquired Determina, a provider of host IPS technology.

• May 18, 2007 18 May'07

  Experts doubt Russian government launched DDoS attacks

  Distributed denial-of-service attacks against Estonian computer systems probably originated from smaller groups in control of botnets rather than the Russian government, experts say.

• May 07, 2007 07 May'07

  TJX breach tied to Wi-Fi exploits

  The TJX hackers started their assault two years ago by attacking security holes in the retail giant's wireless system outside a Minnesota Marshalls.

• March 01, 2007 01 Mar'07

  PCI DSS auditors see lessons in TJX data breach

  Following the recent TJX data breach, several PCI Data Security Standard auditors say the retailer violated basic requirements of the PCI DSS. But they say there are lessons to be learned from TJX's mistakes.