SecurityWeek

I recently found two great security articles from 2000 from a well-respected Microsoft security guru, Scott Culp. Culp provided two sets of Immutable Laws of Security - one on the consumer side, and the other on the admin side.

Microsoft has released a workaround to address the zero-day bug exploited in the Duqu attacks while it continues to work on a fix.

Microsoft is slated to release four security bulletins as part of November’s Patch Tuesday, but the company is staying silent on when it will patch a Windows zero-day at the center of the Duqu attacks.

IBM has announced enhancements to its security services portfolio, including improved analytics and new services to provide deeper, real-time analysis of security threats.

A few months ago, I was at a round table luncheon with a few senior-level security and IT folks. I casually asked them what they were doing to secure their Web applications. They replied with full confidence, “We have SSL.” When I described, in detail, how hackers attack via Web applications, and how SSL doesn’t protect them against those attacks, they were shocked. I can understand that small website owners might not have an in-depth knowledge of security issues. But,...

It is no secret malware kits have been the source of many of the infections plaguing users in recent years. This trend is epitomized by Poison Ivy, a remote administration tool (RAT) at the heart of the Nitro attacks targeting the chemical and defense industries.In a new research paper, Microsoft chronicled how Poison Ivy works and why it continues to be utilized by attackers. For one thing, the tool is available for free.

Visibility and Context-awareness are Critical to Staying Ahead of ThreatsThe term “Next-Generation” is frequently used in the industry to signal that a new technology has made a sufficient leap forward, delivering efficiencies or effectiveness previously considered impossible for a product.

In an effort to combat the growing threat of financial loss through ATM Skimming, ATM maker Diebold has re-engineered components in some of its ATMs, including a re-engineered bezel and has launched a service to detect and prevent skimming activity.

In the third quarter of 2011, PandaLabs, Panda Security's malware research laboratory, said five million new malware samples were created, which, according to my math, breaks down to about 55,000 per day. It’s not news new to report that malware continues to be cranked out and an alarming rate. 

The European Network and Information Security Agency (ENISA), Europe’s cyber security agency, and the U.S. Department of Homeland Security are conducting the first ever joint cyber security exercise today in Brussels.

Secunia has rolled out the “Secunia Vulnerability Coordination Reward Program” (SVCRP), a new program that aims to benefit both the IT community and end-users by uncovering and helping to resolve previously unreported bugs.

Quarri Technologies, a firm that focuses on secure browsing sessions, has received $3M in Series B funding from the Houston Angel Network (HAN) which it will use to expand it’s presence in the North American market.

The U.S. Navy has continued to push forward on plans to secure remote access and identity management mandates, by purchasing more MobiKEY Fusion devices and TruOFFICE licenses from Route1.

New data from Internet Identity (IID), taken from its quarterly eCrime report, says that the jump in the number of websites hosting malware, as well as a stronger focus on targeted phishing attacks, is causing cybercriminals to shift gears.

EMC today announced the availability of EMC SourceOne eDiscovery – Kazeon 4.6, the company’s eDiscovery solution that helps corporations, legal service providers, law firms and consultants provide eDiscovery, litigation support and other investigations.