High Tech

T-Mobile confirms hack but doubts crooks have the goods

Dan Kaplan June 09, 2009

T-Mobile has confirmed that hackers were able to swipe data from its systems, but the wireless carrier is downplaying the threat to customers.
 

McAfee acquires Solidcore

Angela Moscaritolo May 15, 2009

McAfee today announced the acquisition of dynamic whitelisting vendor Solidcore for approximately $33 million. The acquisition advances McAfee's endpoint security and risk management portfolio. Specifically, Solidcore enables McAfee to now provide security for automated teller machines (ATMs), point-of-sale (POS) systems, multifunction printers (MFPs), supervisory control and data acquisition (SCADA) systems, as well as mobile and other embedded devices. In addition, it will strengthen McAfee's virtualization solutions, the company said in a news release. — AM
 

Cloud computing providers require strong audits

Angela Moscaritolo May 11, 2009

Companies must develop better ways of evaluating the security and privacy practices of the cloud services they utilize, according to a report by Forrester released Friday.
 

NERC president: Emergency cybersecurity help needed

Angela Moscaritolo May 08, 2009

Efforts of the North American Electric Reliability Corp. (NERC) to secure the nation's power grid against cyberthreats cannot substitute for additional emergency authority at the federal level, urged Richard Sergel, president and CEO of NERC, in testimony during a Senate hearing on cybersecurity Tuesday.
 

U.S. missile defense information found in disk bought on eBay

Angela Moscaritolo May 07, 2009

A hard disk containing the launch procedures for a U.S. military missile defense system was recently purchased on eBay.
 

How the recession is affecting IT spending

Angela Moscaritolo April 20, 2009

Despite the financial crisis, companies are still putting forth money for IT security efforts while overall IT spending is less of a priority, according to a new survey conducted by strategy and business advisory firm MetroSITE Group, and Pacific Crest Securities, a technology investment bank.
 

ActiveX flaw detector released

Dan Kaplan April 16, 2009

The CERT Coordination Center at the Carnegie Mellon Software Engineering Institute in Pittsburgh on Thursday released a free, open-source tool that software developers can use to detect ActiveX vulnerabilities. Dubbed Dranzer, the tool was tested on 22,000 ActiveX controls produced by more than 5,000 organizations. Dranzer is designed for use during the quality assurance phase of software creation and can help prevent flaws, such as buffer overflows, from being shipped in software to the public. — DK
 

VMware patches new critical security vulnerability

Chuck Miller April 10, 2009

VMware has issued patches for a critical security vulnerability in its ESX and ESXi virtualization products.
 

OWASP releases code guide

Dan Kaplan April 03, 2009

The Open Web Application Security Project (OWASP), an open-source project, has announced a free, 216-page guide for how to review code for application vulnerabilities. The book complements the already released "OWASP Security Developer Guide" and the "Security Testing Guide." The latest publication is "part of OWASP's strategy to make application security visible and enable the market to support the development of secure application software," according to the organization. — DK
 

Microsoft denies code flaw

Chuck Miller March 27, 2009

On its TechNet blog, Microsoft denied that a recently uncovered GDI+ EMF buffer overflow problem will result in a crash that is "exploitable for code execution." The flaw had been reported Tuesday by SecurityFocus. Microsoft said it was continuing its investigation, but that mitigating defenses already in place effectively counteract the threat, even when the flaw causes termination of an application. — CAM
 

Firefox flaw fixed

Chuck Miller March 27, 2009

Mozilla has addressed a notorious zero-day vulnerability discovered Wednesday that could have caused execution of malicious code if exploited. With the flaw, attackers could have modified Firefox source code. In its release notes for version 3.0.8, Mozilla identified the problem as an XSL parsing "root" XML tag remote memory corruption vulnerability, and lists the bug as "Resolved." — CAM
 

Cisco releases security updates for IOS

Chuck Miller March 25, 2009

Security updates for Cisco Internetwork Operating System were released Wednesday to shield against a number of vulnerabilities.
 

Internet Explorer 8 "critical" flaw in final version

Chuck Miller March 24, 2009

The Internet Explorer 8 vulnerability demonstrated at the CanSecWest hacker conference on the beta version of the browser also exists in the final version.
 

Solving the hacking problem

Andrew McLennan, founder and CEO, Metaforic March 23, 2009

To avoid hacking and malicious alteration of the application, software companies are turning to new anti-tamper solutions that will protect the entire application, as well as maintain code integrity.
 

IE 8 coming today

Chuck Miller March 19, 2009

The official release of Internet Explorer 8 is scheduled to be available at noon EST on Thursday. The new browser "offers leading-edge security features," including a cross-site scripting filter, clickjacking prevention, and per-site ActiveX, which enables users and administrators to manage where an ActiveX Control can run, Microsoft said. The download, in 25 languages, is at http://www.microsoft.com/ie8. — CAM
 

March Madness nearing, but cyberthreats already here

Angela Moscaritolo March 17, 2009

Sports fans might be eager for March Madness to begin on Thursday, but for cybercriminals, the games have already begun, security researchers said.
 

Time Warner confirms DDoS

Dan Kaplan February 26, 2009

Time Warner Cable confirmed Thursday that distributed denial-of-service (DDoS) attacks against its DNS servers are to blame for the slower-than-normal service affecting its broadband customers, particularly those living in Southern California, for about the past week. The company said in a statement that the culprits likely are using botnets to deliver their traffic because the attacks are "larger and more difficult to contain than similar attacks in the past." — DK
 

Another vendor threat

Chuck Miller February 19, 2009

A fourth security vendor website has been found to be insecure. In a post on hackersblog.org, a Romanian hacker, whose alias is "Unu," describes an insecure parameter in the Symantec Document Download Center that is vulnerable to SQL injection. The flaw supposedly exists on an SSL login page and permits access to company databases. According to the hacker, Symantec has been contacted but has not yet responded. The same hacker claimed to gain access to Kaspersky, F-Secure and BitDefender websites. — CAM
 

BitDefender hit again

Chuck Miller February 17, 2009

A Romanian hacker claims to have found a hole in the website for security firm BitDefender. According to a post by someone using the alias Unu on hackersblog.org, an SQL injection vulnerability persists in the site's news section. Recently websites belonging to security firms F-Secure and Kaspersky Lab were compromised. And a Portuguese partner site belonging to BitDefender also was hit. All three companies deny that any personal information was exposed to the attackers. — CAM
 

No Kaspersky compromise

Dan Kaplan February 13, 2009

A forensic exam has confirmed Kaspersky Lab's initial findings that Romanian hackers did not compromise any personal data when they launched an SQL injection attack against the anti-virus company's U.S. support site. David Litchfield of Next Generation Security Software said in a Thursday report that other attackers, upon learning of the vulnerable site at usa.kaspersky.com, attempted to access data but also were unable. — DK
 

Businesses detecting ID fraud faster, absorbing more costs

Angela Moscaritolo February 09, 2009

Identity fraud increased by 22 percent last year, but the burden on consumers is lessening, according to a new study.
 

Intruders put virus on government security contractor network

Dan Kaplan February 04, 2009

A security services provider for the federal government is notifying employees, former employees and customers that its network was compromised by malware.
 

Research In Motion outbids VeriSign for Certicom

Dan Kaplan February 03, 2009

On Tuesday, a bid from Research In Motion bested VeriSign's offer for control of cryptography technology firm Certicom.
 

To Facebook or not to Facebook?

Angela Moscaritolo February 03, 2009

More than half the respondents of a recent poll said their organization does not have a policy on using Facebook.
 

Google Video searches lead to malicious site

Angela Moscaritolo February 02, 2009

Cybercriminals have begun using Google Video to help deliver victims to their doorstep.
 

Google working on fix for clickjacking vulnerability in Chrome

Angela Moscaritolo January 30, 2009

A researcher has shown that the Google Chrome web browser also can succumb to clickjacking.
 

Data Privacy Day celebrates the safeguarding of information

Angela Moscaritolo January 28, 2009

Companies around the globe are recognizing the second annual Data Privacy Day on Wednesday with seminars and other events aimed at educating users and generating discussion around the topic.
 

Email worm spreads under guise of Valentine's Day greetings

Angela Moscaritolo January 27, 2009

The criminal group behind the Waledac email worm, distributed last week in inauguration-related phishing attacks, is now leveraging Valentine's Day to distribute malware and expand a botnet.
 

Barack Obama site hosting trojan

Angela Moscaritolo January 27, 2009

The assault continues on the new president's popularity -- this time, fraudsters are trying to lure users from an online community devoted to Obama supporters.
 

CASE STUDY: Support execs in their use of Apple iPhones

Charles Moore, director of operations, RingCube Technologies January 27, 2009

A growing Silicon Valley virtualization company needed to free up bandwidth and support its employees' use of iPhones.
 

Latest News

« Previous
Next »
Popular Topics
Analyst Reports & Industry Surveys Anti Spam Anti Spyware Anti Virus Apple Threats Application Security Breaches & Exposures Browser Flaws Browsers And Security CAN-SPAM Act Data Loss Prevention Endpoint Protection Facebook Government Industry Surveys Lawbreakers & Cybercrime Malware Mobile Endpoint Security Privacy Privacy Regulation Social Networks Spam Spam Techniques Trojans Vulnerabilities & Flaws