Antivirus, firewall and IDS products

TJX faces lawsuit over data breach

A class action lawsuit against TJX accuses the retailer of negligence for not doing enough to secure customer data and for keeping quiet about the breach for a month. Continue Reading

By

• Bill Brenner

Balancing the cost and benefits of countermeasures

The final tip in our series, "How to assess and mitigate information security threats." Continue Reading

Malware: The ever-evolving threat

The first tip in our series, "How to assess and mitigate information security threats" Continue Reading

Network-based attacks

The second tip in our series, "How to assess and mitigate information security threats." Continue Reading

Information theft and cryptographic attacks

The third tip in our series, "How to assess and mitigate information security threats." Continue Reading

Apple fixes Mac Wi-Fi flaw

The Mac OS X Wi-Fi flaw Apple fixed on 24 Jan was first disclosed as part of the Month of Kernel Bugs in November. Attackers could exploit it to crash the targeted system. Continue Reading

By

• Bill Brenner

Quiz: Defending mobile devices from viruses, spyware and malware

A five-question multiple-choice quiz to test your understanding of the content presented in Defending mobile devices from viruses and malware lesson of SearchSecurity.com's Messaging Security School. Continue Reading

Microsoft investigates new Word zero-day

An unpatched memory-corruption flaw in Microsoft Word is the target of "limited" attacks in the wild, Microsoft confirmed Thursday. Continue Reading

By

• Bill Brenner

TJX data breach info used to make fraudulent purchases

Fraudulent purchases have been reported globally, according to a trade association that represents more than 200 banks in Massachusetts. Continue Reading

By

• Robert Westervelt, TechTarget

McAfee: Malware all about ID theft

The use of keylogger technology is surging and there's been a 100-fold rise in phishing attacks, according to a new report from McAfee. Continue Reading

By

• Bill Brenner, Senior News Writer

TJX breach: There's no excuse to skip data encryption

Companies complain that database encryption products are too expensive and difficult to manage, but customer loss and breach notification costs outweigh encryption expenses. Continue Reading

Fortify Software to acquire Secure Software

The acquisition of Secure Software will allow Fortify to expand into the requirements and design phases of the software development lifecycle, the company said. Continue Reading

By

• Bill Brenner

Sophos acquires Endforce to add NAC

Antivirus vendor Sophos is rounding out its email Web and desktop security software with Endforce's network access control (NAC) software. Continue Reading

By

• Robert Westervelt, TechTarget

Attackers hide malicious code using new method

Attackers have designed a new way to thwart virus signatures from antivirus vendors, says a new report. Continue Reading

By

• Robert Westervelt, TechTarget

Cisco bolsters security with IronPort buy

Cisco Systems agreed Thursday to buy Internet gateway security vendor IronPort Systems Inc. for $830 million. Continue Reading

By

• Robert Westervelt, TechTarget

Cisco software vulnerable to attack

Cisco's Clean Access software and Clean Access Manager are at risk to attack. A malicious user can access a database snapshot and download it without authentication. Continue Reading

By

• Robert Westervelt, TechTarget

Security pros grumble over spam increase

Spim and spam from unexpected sources is challenging enterprises in 2007. Some enterprises are taking action. Continue Reading

By

• Edmund X. DeJesus, Contributor

Top Windows server hardening tips of 2006

Check out the top Windows server hardening tips of 2006 for helpful advice on domain controller penetration testing, security tips for the Windows Server 2003 OS and more. Continue Reading

Security pros glean insight from '06

Corporate acquisitions, an abundance of spam, and the White House's take on cybersecurity mark 2006. Continue Reading

Looking back at information security in 2006

In this special edition of Security Wire Weekly, senior news writer Bill Brenner reviews his top interviews of 2006. Continue Reading

By

• SearchSecurity.com Staff

Top client security tips of 2006

A network user without the proper know-how is a ticking time bomb when it comes to security. Check out our top five client hardening tips of 2006 to get a head start on protecting yourself from potentially dangerous users. Continue Reading

Microsoft releases Vista APIs to security vendors

Microsoft released a draft set of programming interfaces allowing security vendors to develop software using the Windows kernel on 64-bit systems. Continue Reading

By

• Robert Westervelt, TechTarget

Top network security tips of 2006

The top Windows networking security tips of 2006 cover a range of topics, including network isolation, open source Windows security tools, VPN security and more. Continue Reading

VoIP hacking exposed in new book

VoIP hacking is a reality, and in a new book, two VoIP security experts outline the tools and tricks to avoid a system-crushing hack. Continue Reading

By

• Andrew R. Hickey, Senior News Writer

Criminals find safety in cyberspace

A new report from McAfee shows how criminals are enjoying a sense of safety and anonymity in cyberspace that they never had on the street. And they're making more money. Continue Reading

By

• Bill Brenner

Review: Deep Security is a solid IPS

Third Brigade's Deep Security is a well-designed, effective product with strong configuration and policy control capabilities. Continue Reading

By

• Steven Weil, Point B

Microsoft Vista could improve Internet security

Two new Microsoft Vista features -- Kernel Patch Protection and User Account Control -- could prove especially useful in preventing serious malware infections. Continue Reading

Review: Lancope StealthWatch 5.5 offers more than IDS

Hot Pick: StealthWatch goes far beyond traditional intrusion detection, with powerful network-monitoring features. The optional IDentity-1000 is an essential addition. Continue Reading

By

• Sandra Kay Miller, Contributing Writer

Review: Sky's the limit with Skybox View 3.0

Hot Pick: Skybox View 3.0 offers a unique and flexible approach for assessing and managing specific threats and overall risk to your digital assets. Continue Reading

By

• Brent Huston, Contributing Writer

Infrastructure security: Remote access DMZ

An excerpt from Chapter 7: Infrastructure security from "How to Cheat at Managing Information Security," by Mark Osborne. Continue Reading

Zero-day tracker a hit, but IT shops need better strategy

This week in Security Blog Log: Reaction to eEye's new zero-day tracker is positive, but some experts say it won't help unless IT shops have a layered defense to start with. Continue Reading

MP3 search site pushes spyware, watchdogs say

A Web site that gives users the ability to search for MP3s contains programs that behave like spyware, according to the Center for Democracy and Technology and StopBadware.org. Continue Reading

By

• Bill Brenner

Security Bytes: Phishing worm spreads through MySpace

Round up of security news Continue Reading

By

• SearchSecurity.com Staff

Oracle responds to security critics

Security Blog Log: Oracle takes on researchers who have criticised its security procedures in recent weeks. Meanwhile, Symantec warns of new zombie malware. Continue Reading

Symantec fixes NetBackup Puredisk flaw

An unauthorised user could launch malicious code by exploiting a flaw in Symantec's Veritas NetBackup PureDisk product. But a fix is available. Continue Reading

By

• Bill Brenner

Active Directory security school: Set up and configuration

An Active Directory security lesson. Continue Reading

Active Directory security school: Maintenance and testing

This is lesson three of our Active Directory security school. Continue Reading

Zango defying FTC agreement, researchers say

This week in Security Blog Log: Two researchers accuse Zango of unsavory adware tactics, despite the company's pledge to clean up its act. Continue Reading

BakBone brushes up replication software

BakBone's NetVault Replicator version 5.0 includes automatic configuration of replication for remote sites, a capacity planning tool and a higher performance data movement engine. Continue Reading

By

• Beth Pariseau, Senior News Writer

Trojan poses as Adobe software update

The Trojan keylogger comes in an email that asks users to download the latest version of Adobe Reader. It then tries to steal the user's confidential information. Continue Reading

By

• SearchSecurity.com Staff

Security Blog Log: Sailing a sea of spam

This week, bloggers struggle to purge their bloated inboxes. Their experiences lend weight to recent studies showing a breathtaking spike in spam. Continue Reading

How to manage encryption keys

Encryption is an effective way to secure data, but the encryption keys used must be carefully managed to ensure data remains protected and accessible when needed. Continue Reading

Review: Network Intelligence's enVision

enVision offers excellent value and is highly configurable, though typically that means you have to put a lot into it to get the most out of it. Continue Reading

By

• Brent Huston, Contributing Writer

Tor network privacy could be cracked

The Tor network is used by those who want to keep their IP addresses private. But new research shows that it's possible to compromise the system and unmask the user. Continue Reading

By

• Bill Brenner

Achieving compliance: a real-world roadmap

A security manager's responsibilities extend beyond the technical aspects of the job. These days, effective governance and compliance are just as essential. Continue Reading

What storage managers are buying and why, page 7

What storage managers are buying and why Continue Reading

Enhanced Identity and Access Management

From consolidating directories to automating provisioning and rolling out single sign-on, these sessions identify how leading organizations are strengthening authorization and enforcing access controls. Continue Reading

Snyder On Security: An insider's guide to the essentials

Joel Snyder, senior partner with consultancy Opus One, provides an in-depth look at information security trends and technologies. Continue Reading

Microsoft caves to pressure over Vista security

To accommodate third-party security vendors and appease antitrust regulators in Europe, Microsoft will make some final tweaks to Windows Vista. Continue Reading

By

• Bill Brenner

Microsoft to fold security into Windows division

The software giant said the move would make future Windows development efforts more efficient. The changes take effect after Microsoft releases Vista. Continue Reading

By

• SearchSecurity.com Staff

Security Blog Log: Taking Google Code Search for a spin

This week, the blogosphere is buzzing about Google Code Search. Despite concerns that the tool will aid attackers, some see it as a boost for security. Continue Reading

Brief: Malicious Web site poses as Google

A malicious Web site poses as Google's Italian site, but attempts to install malicious ActiveX controls on victim's machines and ultimately redirect them to adult content. Continue Reading

By

• SearchSecurity.com Staff

Inside MSRC: Public vulnerability disclosures on the rise

Even though irresponsible publicly disclosed vulnerabilities seem to be on the rise, Microsoft's Christopher Budd discusses how the software giant was able to quickly release a fix for the recent VML flaw, plus offers best practices on how to make sure all of this month's software updates are installed correctly. Continue Reading

Banking on the future

As the banking landscape changes and global competition takes hold, IT offers banks a way of differentiating themselves from the competition, so how do they balance innovation and imitation in this tough market sector? Continue Reading

ZERT rekindles third-party patching debate

This week in Security Blog Log: IT security pros express more reservations about third-party patching, including the CEO of a company that released one a few months ago. Continue Reading

On privacy laws, every state is one of confusion

It's getting increasingly difficult for US firms to comply with regulations . David A. Meunier feels that it's time to develop safeguards and processes for this ever-changing regulatory environment. Continue Reading

By

• David A. Meunier

Top 5 free Windows security downloads

The place where you can find free tools that help you crack passwords, remove troublesome spyware and enhance network security. Check out our five most popular tools and find out what you've been missing. Continue Reading

Voice over IP Fundamentals: Chapter 9, 'Billing and Mediation Services'

Voice over IP Fundamentals: Chapter 9, 'Billing and Mediation Services' Continue Reading

Stration worm targets Windows machines

The worm uses several fake email messages, including one claiming to be a security update. Users are advised to avoid unsolicited email attachments. Continue Reading

By

• Bill Brenner

Secure network perimeter to result from Symantec-Juniper deal

Juniper and Symantec announced a deal to integrate Symantec's client security software with Juniper's security hardware. The result will allow endpoint compliance and access control platforms to secure the enterprise perimeter. Continue Reading

By

• Amanda Mitchell, News Editor

Security Bytes: Hackers target the Terminator

In other news, Symantec upgrades its Norton product line and the Anti-Phishing Working Group says phishing activity soared this summer. Continue Reading

By

• SearchSecurity.com Staff

Fast Guide: VoIP encryption

A guide to encryption within VoIP networks Continue Reading

Security Blog Log: Word doc scam evades spam filters

Also this week: A researcher gets a harsh reward after flagging a University of Southern California Web site flaw, and more blogs are keeping an eye on the latest security breaches. Continue Reading

Proofpoint delivers strong messaging security

Proofpoint Messaging Security Gateway is a highly recommended, affordable solution for big enterprises that need protection from email-based attacks. Continue Reading

By

• Phoram Mehta, Contributing Writer

Protecting wireless networks: Step 3

Security testing expert Kevin Beaver covers the tools and techniques needed to find and exploit insecure wireless networks. Continue Reading

Protecting wireless networks: Step 2

Security testing expert Kevin Beaver covers the tools and techniques you'll need to find and exploit insecure wireless networks. Continue Reading

Wireless network security testing

Attack your own wireless networks to find vulnerabilities before malicious hackers do. Continue Reading

Attacks against MS06-040 on the rise

Six pieces of malware are now going after the Windows Server Service flaw outlined in MS06-040, and a spike in attacks has led Symantec to raise its ThreatCon to Level 2. Continue Reading

By

• Bill Brenner

Identity and Access Management Security School

This Security School explores critical topics related to helping security practitioners establish and maintain an effective identity and access management plan. Continue Reading

Survey: Data breaches difficult to spot, prevent

IT pros worry that false positives and a lack of resources are preventing them from blocking data breaches Continue Reading

By

• Bill Brenner

Symantec CIO vies with virtualization, device policy

Symantec CIO David Thompson says virtualization is a big part of the security giant's future and it has developed a policy to mitigate virtualization security risks. Continue Reading

By

• Dennis Fisher

Malware database access sparks debate

Should an emerging database of more than 300,000 malware samples remain a walled community for trusted users, or is open access the best way to fight off digital desperados? Continue Reading

By

• Bill Brenner

AT&T breach affects 19,000 customers

Online outlaws hacked into an AT&T computer system and stole credit card data on thousands of customers. AT&T has offered to pay for credit monitoring services for those affected. Continue Reading

By

• Bill Brenner

Third-party patching: Prudent or perilous?

Security patches issued by third parties have become more prevalent in recent months, and while some security pros endorse them, others say they're more trouble than they're worth. Continue Reading

By

• Bill Brenner

Security Blog Log: Opinions abound on IBM/ISS deal

Bloggers ponder what IBM's acquisition of ISS says about the industry as a whole. Is the end in sight for independent security vendors? Continue Reading

Briefs: VoiceCon in the news

This week at VoiceCon we saw everything from managed VoIP services to IP phones made to make mobile workers right at home, wherever they are. Continue Reading

By

• Amanda Mitchell, News Editor

Apple fixes Xsan security flaw

Attackers could exploit a security flaw in Apple's Xsan file system to launch malicious code and crash vulnerable machines, but a fix is available. Continue Reading

By

• Bill Brenner

Security blog log: Fear and loathing in MS06-040's wake

This week, security bloggers wonder if some of the MS06-040 warnings have gone too far. Meanwhile, Symantec uses its blog to warn about the timed release of exploits. Continue Reading

Cisco says it can't reproduce PIX flaw

Ever since a researcher at Black Hat outlined a flaw in the PIX firewall, Cisco has been trying to reproduce the security hole. So far, the company has been unsuccessful. Continue Reading

By

• Bill Brenner

Cisco boosts VoIP certification

The upgraded CCNP midlevel Cisco certification now incorporates VoIP, security and wireless to boost converged network skills among enterprise professionals. Continue Reading

By

• Amanda Mitchell, News Editor

EMC sheds light on RSA integration plans

As the dust begins to settle on EMC's $2.1 billion acquisition of RSA Security, the hard work of integration begins. What's EMC strategy here? Continue Reading

By

• Jo Maitland, TechTarget

Mocbot update targets MS06-040 flaw

Security experts raised the red flag Sunday as new malware targets the Windows flaw addressed in the MS06-040 patch. Attackers are using the flaw to expand IRC-controlled botnets. Continue Reading

By

• Bill Brenner

Security Blog Log: Israeli-Hezbollah war spills into cyberspace

This week blogosphere warily watches online attacks inspired by the Mideast conflict and rants over the latest security incidents at AOL and the VA. Continue Reading

By

• Bill Brenner

Vista kernel limits have security vendors on edge

Microsoft's PatchGuard feature will prevent extension of Windows Vista kernel, and antivirus vendors say it'll make it harder for them to produce good security products. Continue Reading

By

• Dennis Fisher

Security Bytes: CA fixes eTrust Antivirus flaws

Online thieves steal $700,000 from personal accounts, researchers expose e-passport vulnerability; and arrests are made in the VA security breach case. Continue Reading

By

• SearchSecurity.com Staff

Vendors reject preferential knowledge sharing

While Cisco continues to investigate a potential PIX firewall flaw, it and other vendors say sharing security information quickly and indiscriminately is always the best policy. Continue Reading

By

• Michael Mimoso, TechTarget

Security event management, no strings attached

Product review: Information Security magazine's Joel Snyder says Check Point's vendor-agnostic Eventia Analyzer 2.0/Eventia Reporter is worth consideration despite limited BI options. Continue Reading

By

• Joel Snyder, Opus One

Mobile security begins with policy

Mobile security can no longer be an afterthought. Mobile experts say security starts, but doesn't end, with policy. Continue Reading

By

• Andrew R. Hickey, News Writer

Possible Cisco zero-day exploit revealed at Black Hat

Details of an alleged flaw related to SIP and PIX appliances, briefly mentioned in a Wednesday Black Hat presentation, are being kept under wraps as Cisco and US-CERT investigate. Continue Reading

By

• Michael Mimoso, TechTarget

PING with Heidi Kujawa

Heidi Kujawa, director of enterprise architecture services for Sony Pictures Entertainment, explains how combatting piracy takes more than just keeping bootleggers out of the theatres Continue Reading

Security Bytes: ISS warns of new Microsoft Windows flaw

Attackers could exploit the latest Microsoft Windows flaw to crash vulnerable machines and Symantec fixes a Brightmail AntiSpam flaw. Continue Reading

By

• SearchSecurity.com Staff

DHS puts Zitz in charge of cybersecurity division

American career intelligence officer Robert S. Zitz has taken over day-to-day operations of the US National Cyber Security Division, but his department still has numerous digital defence problems to remedy. Continue Reading

By

• Dennis Fisher

Blue Cross bears burden of 'no wireless' policy

Blue Cross of Idaho had a "no wireless" policy on paper but never really enforced it. That is, until a team of auditors said the company had better do something. Continue Reading

By

• Andrew R. Hickey, News Writer

Answers: VPN and remote access know-how quiz

the crucial questions answered Continue Reading

VPNs and remote access quiz

Take this five-question quiz to see how much you've learned about VPNs and remote access. Continue Reading

CSI survey: Data breaches still being swept under the rug

The annual CSI/FBI Computer Crime and Security Survey shows companies are reporting fewer financial losses from data breaches. That doesn't mean the good guys are winning. Continue Reading

By

• Bill Brenner

Critical flaws found in Excel, Flash Player

FrSIRT says holes in Microsoft's spreadsheet program and Adobe's media player could allow attackers to take control of affected machines and initiate malicious commands. Continue Reading

By

• Bill Brenner

Security Bytes: Data breach affects 100,000 military personnel

Meanwhile: Phishers use a phone trick to dupe PayPal users; the PCI security standard will get more teeth and a survey illustrates an increase in security breaches Continue Reading

By

• SearchSecurity.com Staff

Dundee to teach ethical hacking BSc

A degree in ethical hacking will be on offer at a Scottish university from the new academic year. Continue Reading

By

• Tash Shifrin

Fifa ready for cyber attack on World Cup

 Continue Reading