Hackers and cybercrime prevention

Critical fixes for Excel, Outlook and Windows

Microsoft starts the year with security updates for Excel, Outlook and Windows. Three of the fixes are rated critical. Continue Reading

By

• Bill Brenner

Attackers hide malicious code using new method

Attackers have designed a new way to thwart virus signatures from antivirus vendors, says a new report. Continue Reading

By

• Robert Westervelt, TechTarget

Bug Briefs: OpenOffice vulnerable to attack

Other flaws were reported in Apple QuickTime, Mac OS X, Adobe Flash Player, VideoLAN VLC, the Opera Web browser, and Cisco Access Control Server. Continue Reading

By

• SearchSecurity.com Staff

Adobe Reader users urged to upgrade

Adobe Reader 8 fixes serious flaws attackers could exploit for cross-site scripting and other attacks. Continue Reading

By

• Bill Brenner

Cisco bolsters security with IronPort buy

Cisco Systems agreed Thursday to buy Internet gateway security vendor IronPort Systems Inc. for $830 million. Continue Reading

By

• Robert Westervelt, TechTarget

Security pros grumble over spam increase

Spim and spam from unexpected sources is challenging enterprises in 2007. Some enterprises are taking action. Continue Reading

By

• Edmund X. DeJesus, Contributor

Security pros glean insight from '06

Corporate acquisitions, an abundance of spam, and the White House's take on cybersecurity mark 2006. Continue Reading

Looking back at information security in 2006

In this special edition of Security Wire Weekly, senior news writer Bill Brenner reviews his top interviews of 2006. Continue Reading

By

• SearchSecurity.com Staff

Review: Deep Security is a solid IPS

Third Brigade's Deep Security is a well-designed, effective product with strong configuration and policy control capabilities. Continue Reading

By

• Steven Weil, Point B

Employers to seek more security talent in '07

Learn what certifications are growing in demand and how employers are looking at the job market in 2007. Continue Reading

By

• Krissi Danielsson, Contributor

Review: Sky's the limit with Skybox View 3.0

Hot Pick: Skybox View 3.0 offers a unique and flexible approach for assessing and managing specific threats and overall risk to your digital assets. Continue Reading

By

• Brent Huston, Contributing Writer

Expert offers tips to bolster messaging security

In this edition of Security Wire Weekly, Burton Group analyst Diana Kelley explains how to lock down messaging programs as part of our three-day special report on the subject. Continue Reading

By

• SearchSecurity.com Staff

IT pros look for ways to lock down IM

Special Report: To control growing IM threats, administrators are trying to limit which programs can be used or ban the technology altogether. But that's not always possible. Continue Reading

By

• Bill Brenner

Zero-day tracker a hit, but IT shops need better strategy

This week in Security Blog Log: Reaction to eEye's new zero-day tracker is positive, but some experts say it won't help unless IT shops have a layered defense to start with. Continue Reading

Security Bytes: Phishing worm spreads through MySpace

Round up of security news Continue Reading

By

• SearchSecurity.com Staff

Oracle responds to security critics

Security Blog Log: Oracle takes on researchers who have criticised its security procedures in recent weeks. Meanwhile, Symantec warns of new zombie malware. Continue Reading

Multiple flaws in Adobe Reader, Acrobat

Multiple flaws in Adobe Reader and Acrobat could allow attackers to execute malicious commands on victims' computers. Continue Reading

By

• Bill Brenner

Active Directory security school: Management

Lesson two of the Active Directory security school. Continue Reading

Active Directory Security School

An improperly configured Active Directory can render the rest of your security measures useless. So how can you protect yourself from a hacker with their eyes on your AD? How can you recover from such an attack? Find the answers to all of your AD questions Continue Reading

Zango defying FTC agreement, researchers say

This week in Security Blog Log: Two researchers accuse Zango of unsavory adware tactics, despite the company's pledge to clean up its act. Continue Reading

Security Blog Log: Sailing a sea of spam

This week, bloggers struggle to purge their bloated inboxes. Their experiences lend weight to recent studies showing a breathtaking spike in spam. Continue Reading

Microsoft eyes second zero-day threat in a week

This time, attackers are going after a zero-day flaw in Windows, and Microsoft has released some workarounds until a patch is available. Continue Reading

By

• Bill Brenner

Messaging Security School

SearchSecurity.com's Messaging Security School has brought together some of the most knowledgeable experts in the messaging security field to offer you personal instruction on how to secure the information handled by your organization's knowledge workers. Continue Reading

Countermeasures for malicious email code

Today's malware continues to raise the security stakes. Enterprises are now facing numerous evolving threats like targeted and blended attacks, zero-day exploits, botnets and phishing schemes. The attacks aren't the only things evolving; so are today's product sets. In this lesson, attendees will get an overview of the email threat landscape, tips for malware protection success and guidance on the future of email attacks. Continue Reading

By

• Tom Bowers

Information Security Decisions Session Downloads

Session Downloads from Information Security Decisions 2006 Conference. Continue Reading

Nmap Technical Manual

By now, most infosec pros have heard of Nmap, and most would agree that even though the popular freeware tool is invaluable, installing, configuring and running it in the enterprise is no easy task. With that in mind, SearchSecurity.com, in collaboration with security expert Michael Cobb, has produced an Nmap Tutorial, detailing how this free tool can help make your organization more secure. Continue Reading

Security Blog Log: Taking Google Code Search for a spin

This week, the blogosphere is buzzing about Google Code Search. Despite concerns that the tool will aid attackers, some see it as a boost for security. Continue Reading

Inside MSRC: Public vulnerability disclosures on the rise

Even though irresponsible publicly disclosed vulnerabilities seem to be on the rise, Microsoft's Christopher Budd discusses how the software giant was able to quickly release a fix for the recent VML flaw, plus offers best practices on how to make sure all of this month's software updates are installed correctly. Continue Reading

ZERT rekindles third-party patching debate

This week in Security Blog Log: IT security pros express more reservations about third-party patching, including the CEO of a company that released one a few months ago. Continue Reading

More from SearchSecurity September 2006

This month's round up weighs the pros and cons of security information management systems (SIMs) plus four case studies illustrating the different roadblocks security managers can encounter Continue Reading

Stration worm targets Windows machines

The worm uses several fake email messages, including one claiming to be a security update. Users are advised to avoid unsolicited email attachments. Continue Reading

By

• Bill Brenner

Symantec Dark Vision app monitors underground IRC servers

New research project keeps tabs on the hacker underground, providing new insight on activities like credit card theft and spamming. Continue Reading

By

• Dennis Fisher

Hijacked consumer machines target the enterprise

Attackers continue to strike gold by targeting consumers who lack the security savvy to address desktop application flaws, according to Symantec Corp. Enterprises ultimately pay the price. Continue Reading

By

• Bill Brenner

Big security fixes for QuickTime, Flash Player

Apple and Adobe warned that attackers could exploit multiple flaws in QuickTime and Flash Player to run malicious code on targeted machines. Continue Reading

By

• Bill Brenner

Security Blog Log: Word doc scam evades spam filters

Also this week: A researcher gets a harsh reward after flagging a University of Southern California Web site flaw, and more blogs are keeping an eye on the latest security breaches. Continue Reading

Third-party patching: Prudent or perilous?

Security patches issued by third parties have become more prevalent in recent months, and while some security pros endorse them, others say they're more trouble than they're worth. Continue Reading

By

• Bill Brenner

Security blog log: Fear and loathing in MS06-040's wake

This week, security bloggers wonder if some of the MS06-040 warnings have gone too far. Meanwhile, Symantec uses its blog to warn about the timed release of exploits. Continue Reading

Mocbot update targets MS06-040 flaw

Security experts raised the red flag Sunday as new malware targets the Windows flaw addressed in the MS06-040 patch. Attackers are using the flaw to expand IRC-controlled botnets. Continue Reading

By

• Bill Brenner

Security Blog Log: Israeli-Hezbollah war spills into cyberspace

This week blogosphere warily watches online attacks inspired by the Mideast conflict and rants over the latest security incidents at AOL and the VA. Continue Reading

By

• Bill Brenner

Symantec fixes Backup Exec flaw

Attackers could exploit flaws in Symantec Backup Exec 9.1 and 9.2 for NetWare Servers to cause a denial of service, launch malicious code and gain access to vulnerable machines. Continue Reading

By

• Bill Brenner

Inside MSRC: Time to rethink security workarounds

Christopher Budd of the Microsoft Security Response Center recommends implementing one of several security workarounds to ensure a secure infrastructure until this month's most important Windows update can be installed. Continue Reading

Countering attackers with NAC, IPS

Product review: Information Security magazine's Wayne Rash says ForeScout Technologies' flexible CounterACT appliance combines NAC with IPS and is worth the investment. Continue Reading

By

• Wayne Rash

Security event management, no strings attached

Product review: Information Security magazine's Joel Snyder says Check Point's vendor-agnostic Eventia Analyzer 2.0/Eventia Reporter is worth consideration despite limited BI options. Continue Reading

By

• Joel Snyder, Opus One

Endpoint security quiz answers

The answers to the Endpoint quiz Continue Reading

Mozilla issues critical security updates

New patches to fix 13 software security flaws, eight of which have been deemed critical. Continue Reading

By

• Eric Parizo, Senior Analyst

DHS puts Zitz in charge of cybersecurity division

American career intelligence officer Robert S. Zitz has taken over day-to-day operations of the US National Cyber Security Division, but his department still has numerous digital defence problems to remedy. Continue Reading

By

• Dennis Fisher

Security Bytes: New Microsoft exploits in the wild

The exploits target issues Microsoft patched earlier this month. Meanwhile, flaws are reported in Oracle for OpenView and a Mozilla Firefox keystroke logger is on the loose. Continue Reading

By

• SearchSecurity.com Staff

Endpoint security quiz

Take this five-question quiz to see how much you've learned about endpoint security. Continue Reading

Security Bytes: Investigators slam VA over data breach

Meanwhile: Cisco patches a router application flaw, a Washington law firm sues IBM over a server attack; and spammers sucker Web surfers with fake Vladimir Putin death reports. Continue Reading

By

• SearchSecurity.com Staff

Trojan targets Microsoft PowerPoint flaw

Update: The exploit might be tied to an older flaw in Excel. Attackers who exploit the serious flaw could launch arbitrary code. Microsoft says it is investigating. Continue Reading

By

• Bill Brenner

Microsoft patches seven July security holes, five critical

The software giant's monthly batch of fixes includes critical repairs for Internet Explorer and Windows' networking features, plus "important" bulletins for Internet Information Server. Continue Reading

By

• Bill Brenner

Security Bytes: Data breach affects 100,000 military personnel

Meanwhile: Phishers use a phone trick to dupe PayPal users; the PCI security standard will get more teeth and a survey illustrates an increase in security breaches Continue Reading

By

• SearchSecurity.com Staff

More from SearchSecurity -- July 2006

Highlights from the July 2006 issue of Information Security magazine. Continue Reading

Dundee to teach ethical hacking BSc

A degree in ethical hacking will be on offer at a Scottish university from the new academic year. Continue Reading

By

• Tash Shifrin

Fifa ready for cyber attack on World Cup

 Continue Reading

Adding 'fudge' to your passwords

Safe passwords are integral to web application security. Unfortunately, recalling many complicated passwords is difficult. If you must write down your passwords to remember them, use this tip to create a safer password record. Continue Reading

By

• T. Martin Brown

Industry chiefs to declare war on for-profit cyber criminals

IT industry leaders reaffirm the importance of security to a digital economy beset by money-driven cyber criminals. Continue Reading

By

• Brian McKenna, Senior Analyst, Business Applications

Gaining access using application and operating system attacks

In this excerpt from Chapter 7 of Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, Second Edition, authors Ed Skoudis and Tom Liston explain how security professionals can use exploit frameworks to their advantage. Continue Reading

Flaws reported in Trend Micro ServerProtect

Storage and security managers should be wary of vulnerabilities in the AV product that could enable a denial-of-service and malicious code execution. Workarounds are available. Continue Reading

By

• Bill Brenner

Titan Rain shows need for better training

SANS says the Chinese-based attacks demonstrate the growing sophistication of hackers, and the need for IT admins who can articulate the dangers to execs. Continue Reading

By

• Bill Brenner

Security pros gain ground in the board room

Executives are paying more attention to their IT security managers and taking more responsibility for online threats against their companies, according to a new study. Continue Reading

By

• Bill Brenner

Cybersecurity policy takes cooperation, trust, experts say

At the Infosecurity confab, experts explain why sharing information -- even when it's embarrassing -- is vital to securing not only corporations, but also the national infrastructure. Continue Reading

By

• Bill Brenner

Security Bytes: FTC cracks down on alleged spyware distributors

Patches fix serious RealPlayer flaws, IM malcode launches phishing attacks; Microsoft warns of Macromedia Flash flaw; Liberty Alliance pushes stronger authentication; FEMA data security is in question; patches fix Veritas flaws and TransUnion suffers a security breach. Continue Reading

By

• SearchSecurity.com Staff

Trojans target Sony DRM and Windows

Security researchers track two new Trojan horses. One exploits the Sony DRM program. The other could possibly take aim at the Windows flaw Microsoft patched this week. Continue Reading

By

• Bill Brenner

How avian flu could threaten IT security

Experts say a potential bird flu pandemic could have a disastrous effect on IT infrastructures. But if companies plan well, those infrastructures could also help minimize chaos. Continue Reading

By

• Bill Brenner

Symantec fixes 'critical' Veritas flaw

Attackers could launch malicious code by exploiting a security hole in Veritas NetBackup servers and clients. But Symantec has released a fix. Continue Reading

By

• Bill Brenner

Secure your extended enterprise

How do you achieve the fine balance between ensuring that there is truly free access to sensitive information, without sacrificing security? Continue Reading

Telework key to surviving security disaster, expert says

Cybersecurity Industry Alliance Executive Director Paul Kurtz explains why telework may be crucial to surviving The Big One. Continue Reading

By

• Bill Brenner

Leave no trace: Understanding attackers' motives

This excerpt from Chapter 1 of "Rootkits: Subverting the Windows Kernel," explains the purpose of back doors and how hackers use them, as well as how stealth plays a major role in most successful attacks. Continue Reading

IT infrastructure risks key to averting major cyberattack

Predictions of a cataclysmic disaster have been around for awhile. But one security officer cites reasons why the Internet can never be brought down. Continue Reading

By

• Bill Brenner

Catastrophic cyberattack unlikely, experts say

Predictions of a cataclysmic disaster have been around for awhile. But one security officer cites reasons why the Internet can never be brought down. Continue Reading

By

• Bill Brenner

Attack: USB could be the death of me

Seemingly innocent Universal Serial Bus driver bugs may allow device attacks that many won't see coming, according to Black Hat presenters. Continue Reading

By

• Victor R. Garza, Contributor

Lost at sea: securing the channel

As attacks seem to proliferate almost unabated, it’s worrying to think that of the three interested parties in the security technology market — the technology makers, the technology sellers and the technology users—not everyone shares a common view on the importance of the technology. Continue Reading

VeriSign raises stakes in battle for threat intelligence

Not to be outdone by 3Com's "Zero-Day Initiative," VeriSign says it'll shell out more cash for hackers who provide vulnerability intelligence. Continue Reading

By

• Bill Brenner

Experts weigh in on spyware's defining moment

We asked IT professionals to review the spyware definitions proposed by a coalition of tech firms and security organizations. They found plenty of room for improvement. Continue Reading

By

• Bill Brenner

Can alcohol mix with your key personnel?

I persuaded our MD to hire a dedicated IT security expert. I am pleased with his work, but on several occasions he has smelled strongly of drink. How do I nip this in the bud? Continue Reading

Phishing for the missing piece of the CardSystems puzzle

A banking insider examines the ties between customized phishing attacks this spring and the CardSystems breach announced soon after. Don't miss his revelations on how they're linked and what the phishers really needed. Continue Reading

This is not your father's hacker

While Sasser author Sven Jaschan awaits the outcome of his trial this week in Germany, a new cybercrime report explains why the teenager is becoming an anachronism. Continue Reading

By

• Anne Saita, TechTarget

Latest Mytob worms phish for trouble

Mytob's data-drumming tactics and the appearance of new Trojan horse programs add to concern that the underground is perfecting ingredients for a major attack. Continue Reading

By

• Bill Brenner

Know your enemy: Why your Web site is at risk

In this Lesson 1 technical paper from Web Security School, guest instructor Michael Cobb outlines the threats to Web sites and who is behind them. Continue Reading

Quiz: Secure Web directories and development

Evaluate your knowledge of Web threats and how to defeat them. Questions cover security risks of dynamically created content and proper security management. Continue Reading

Top tools for testing your online security, part 2

Michael Cobb explains what tools are helpful in maintaining Web security, including security scanners, benchmarking tools, monitoring services and online resources. Continue Reading

Top tools for testing your online security

Learn a structured approach for Web security that can make your security management tasks easier and increase your chances of success. Continue Reading

Quiz: Identify and analyze Web server attacks, answer No. 5

Quiz: Identify and analyze Web server attacks, answer No. 5 Continue Reading

Quiz: Identify and analyze Web server attacks, answer No. 3

Quiz: Identify and analyze Web server attacks, answer No. 3 Continue Reading

Pre-CISSP: Options for the security newbie

Shon Harris advises novice security practitioners on the value of entry-level certifications -- and good, old-fashioned experience -- in preparation for the CISSP®. Continue Reading

Your shout: Security and skills

Have your say at computerweekly.com Continue Reading

HIPAA security rules set hurdles for struggling hospitals

Most healthcare organizations have one more month to meet the security requirements of the Health Insurance Portability and Accountability Act (HIPAA). Will they make it? Continue Reading

By

• Bill Brenner

Exploit code targets critical CA flaws

Anyone who ever evaluated CA software is potentially at risk. The good news is patches are available and a free scanner is out now to identify systems vulnerable to attack. Continue Reading

By

• Bill Brenner

Passwords still the weakest link

Businesses are still struggling to convince their staff of the importance of password security, according to a survey of 67,000... Continue Reading

By

• Antony Savvas

SMBs' real risk of being online

Stuart King CISSP, is responsible for online security and risk assessment for the Reed Elsevier Group. Continue Reading

Security Bytes: Cisco patch available for ACNS flaws

Workaround outlined for new php exploit. IBM issues patch for DB2 flaw. Payroll service goes offline to investigate security claims , and BoA loses personal data on customers. Continue Reading

By

• SearchSecurity.com Staff

Federal agency security still poor, but improving

Report cards give federal security a D-plus average, but the Homeland Security Department is still failing. Continue Reading

By

• Keith Regan, Contributing Writer

Compressed files strike another blow to AV

The "alternative" .rar files are picking up where popular .zip files left off as attack vectors. Continue Reading

By

• Shawna McAlearney, News Editor

A 'critical' Patch Tuesday

Microsoft issues three security bulletins for January, two of them critical. Attackers have already exploited some of the vulnerabilities. Continue Reading

By

• Bill Brenner

Security on a Shoestring: Creating Internet policies on the cheap

No matter how small the organization, it's impractical to stand over employees and make sure they properly use the Internet. So here's how to write a decent acceptable use policy, and make sure everyone abides by it. Continue Reading

By

• Mathew Schwartz, Contributor

Transforming the cybersecurity culture

Eleven New Year's resolutions can help employees at all levels empower the security function at their organization. Continue Reading

By

• Shawna McAlearney, News Editor

The security lingo of 2004

This was the year of botnets, zombie PC armies and phishying online schemes. Continue Reading

By

• Bill Brenner

Training for CISSP Certification: SearchSecurity.com's Security School

Study guides for each of the ten domains of the CBK for those preparing to take the CISSP exam or expanding their knowledge of security concepts and practices. Continue Reading

Authorize.Net says it has 'learned' from attack

The credit card processing service was unprepared for the kind of attack it suffered last week, but it will use the experience to improve security. Continue Reading

By

• Bill Brenner