SecurityWeek

Secure Conference Calling for Mobile Devices - New service delivers encrypted calls and authenticates participants

Imperva, a California based data security company, this week announced a research initiative focused on providing deeper insight on how cybercriminals conduct large scale cyber attacks as well as shedding light on the evolution of the underground business of cybercrime.

Qualys today announced that its QualysGuard Vulnerability Management (VM) now includes correlated exploitability information from real-time feeds to provide customers with up-to-date references to exploits and related security resources.

Fifty-six percent of companies that have deployed interactive Web 2.0 applications have taken steps to prevent hacking, and the other 46 percent should, according to a new report released yesterday by InformationWeek Analytics. To make its point, the research firm deployed a sample Web 2.0 employee management application on its web site. The report’s author, Tivo security director Adam Ely, easily hacked it.

Several of the world’s largest ISPs, along with major enterprises, realize the need for a centralized clearing-house capable of alerting the world about major DNS problems

Last week Dell notified customers that certain Dell PowerEdge Server replacement motherboards had been infected with malware. The W32.Spybot worm (originally discovered in 2003) was found in flash storage (NOT firmware) on the motherboard during Dell testing.This issue does not affect systems as shipped from Dell and is limited to replacement motherboards in four servers - Dell PowerEdge R310, PowerEdge R410, PowerEdge R510 and PowerEdge T410.

In a trend that mirrors the invasion of the corporate world in the 1980’s by personal computers, today’s employees are beginning to use consumer-oriented technology like the iPhone and Facebook to do business – and this means stress and trouble for IT security professionals.

How to Avoid Being a DNS Hijack Victim

IT security firm Sophos this week issued new guidance on a Windows Zero Day vulnerability that is already being used to target critical infrastructure systems, including power grids. Exploit code for what Sophos terms the "CPLINK" vulnerability is widely available. In response to the situation, the SANS Institute has taken the uncommon step of raising its industry Infocon vulnerability alert level.

Microsoft today announced the availability of Forefront Endpoint Protection 2010 (FEP) public beta which now available to customers.The successor of Forefront Client Security, FEP 2010 is built on System Center Configuration Manager (SCCM) 2007 R2, allowing customers to use their existing client management infrastructure to deploy and manage endpoint protection.

Malware prevention provider FireEye and network forensics company Solera have announced a technology partnership to deliver an integrated security solution that will not only block an attack, but also help IT security professionals figure out exactly what happened after the fact.

McAfee today announced a Risk Management solution the company claims will help organizations maximize their IT security spending by correlating actual risks with current security efforts.

The anti-malware industry sometimes sees more complicated problems than you might imagine, and they can’t all be fixed by tweaking detection algorithms or giving the marketing team a productivity bonus.

Virtualization Security Risks - Government Agencies Worrying LessWorries about the security risks of virtualization – the number two barrier to adoption for Federal IT organizations last year – have fallen to seventh place, far behind more mundane concerns such as lack of staff and budget. According to a survey conducted by CDW Government LLC, state and local IT groups ranked even lower, in eighth place.

Qualys BrowserCheck - Scans Web Browsers To Help Identify Security Flaws with Browsers and Plug-InsCybercriminals love exploiting security flaws in web browsers and their associated plug-ins to conduct attacks.