Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
The results of a recent survey show that organizations following best practices for protecting endpoints are protecting critical assets and information. However, when those protections fail, it’s still a costly situation.
Klocwork has released a new version of its flagship product that checks C/C++ code for security issues including input validation, injection issues, XSS, and banned APIs.
Oracle delivered its first Critical Patch Update of 2012, which included a total of 78 fixes across a wide range of Oracle products. The update also marked the first time the MySQL database software has been part of Oracle's CPU process.
Symantec announced on Monday that it has acquired LiveOffice, a provider of cloud-based email archiving, email compliance, email discovery and email continuity solutions, for approximately $115 million.
A lawsuit seeking class action status, Symantec is accused that its performance utility line is “Scareware”, and that the products are developed to report problems, even if none exist, with consumers being duped into purchasing software that does not function as advertised.
Microsoft and Adobe released several patches today to plug security holes in their products. Adobe also introduced new JavaScript whitelisting capability in Adobe Reader and Acrobat X.
Microsoft's January security update will include seven bulletins addressing eight vulnerabilities across Windows and Microsoft developer tools and software.
In a rare move, Microsoft is breaking its normal procedures and will issue an emergency out-of-band security update to address a recently disclosed hash collision vulnerability that affects various Web platforms industry-wide.
Several vendors are currently working to resolve a hash collision vulnerability, which if exploited can trigger a denial-of-service condition on multiple platforms.
McAfee has come forward with its list of 2012 threat predictions, part of a longstanding tradition in the InfoSec community, which outline what it sees as the largest obstacles to personal and organizational security in the coming year.
- 1 of 33
- ››
FEATURES, INSIGHTS // Virus & Threats
At a recent security conference, researchers demonstrated how they could spoof the energy usage reported from the meter to the utility. All of this is because the utility in question misconfigured its SSL.
Unfortunately, there is nothing new or novel against Point of Sale (POS) skimming attacks, only that they continue to happen in the age of smart embedded systems and PCI.
About 50 percent of all software piracy violations found at corporations happen from businesses that are already clients of the software they are accused of stealing. So, what steps should both the software vendor and their customers take to ensure the relationship avoids speed bumps such as software piracy?
While our attention is immediately drawn to the Internet when we think about the benign-turned-evil Matrix, a more interesting comparison can be made to the current Internet plague of botnets.
Utility companies are not used to thinking in terms of data security; they've been historically concerned with the protection of hardware like transformer stations, utility poles, and electric wires, as well as consumer fraud. But soon, they'll have to change their mindset.
Using parts that cost $10, researchers inserted custom hardware into the Diebold AccuVote TS that could read the touchscreen vote as well as alter the stored information.
Many security researchers are using open source Arduino boards for rapid prototyping of tools used in hardware analysis. Vendors who do not test their products before selling them into the field are doomed to be targets of future research and, perhaps, attacks.
Cars have become sophisticated mobile computers. And like all computers, automobiles can be hacked and compromised. Interconnectedness with other embedded systems and cellular networking or Internet connectivity can also introduce security flaws that may become exploitable.
A look at the four most prevalent attack techniques used by today's cyber attackers. These attack techniques include SQL Injection Attacks, Remote File Inclusion, Directory Traversal and Cross Site Scripting (XSS). Interestingly, three of the four techniques were used by LulzSec during their summer hacking rampage.
There’s been a lot of recent reflection on SCADA and Industrial Control Systems cyber security in the year following Stuxnet. Why is the current state of SCADA and ICS security the fault of Siemens, Alstom, Rockwell Automation, or any other control system vendor?
- 1 of 6
- ››
Subscribe to SecurityWeek
- With an IPO In Sight, Palo Alto Networks Names New CFO
- Google Adds New Layer to Android Security
- Study Analyzes Fake Facebook Profiles vs. Real Users
- VeriSign Attackers Swiped Data from Servers, Management Left in the Dark
- Half of Fortune 500 and Government Agencies Infected With DNSChanger Malware
- It's Time to Open Our Eyes to Advanced Malware Protection
- AVG Technologies Set for $128 Million IPO Thursday
- Wave Systems Launches Cloud-Based Encryption Service
- Threat Intelligence Market to Reach $905 Million by 2014, Says IDC
- BlackBerry 7 Gets Government Security Stamp
Copyright © 2011 Wired Business Media. All Rights Reserved. Privacy Policy | Terms of Use
