Security News


Orphaned Accounts Are a Growing Security Concern, Study Says

IT auditors examine accounts just like their financial auditing counterparts. Instead of trial balances, they look at system user accounts to determine who signed on when and who did what. But what about who's logging into what account and when? More important, do these people even work here anymore?

Vista Security Debate Continues with Follow-Up Study

Security software vendor PC Tools on Friday fired the latest salvo in the argument over whether Windows Vista is as secure as Microsoft says it is.

Vista Vulnerability Study Puts Microsoft on Defensive

Microsoft and some independent security researchers had the blogosphere buzzing Wednesday over a series of denunciations after one company claimed that Vista was more vulnerable to malware and other exploits than previous operating systems.

Study: Top Web Application Vulnerabilities Remain Unfixed

Most are easily exploitable, according to industry report.

Microsoft Releases 3 Critical Patches

On Tuesday, Redmond rolled out four patches for the month of May as expected, with three deemed "Critical" and one "Moderate."

Survey: IT Struggling Over Security, Compliance Issues

IT pros are having a hard time balancing security, software patch management and IT auditing with a host of other duties, says a Shavlik Technologies survey.

Four Patches Coming in May

Three patches will target critical remote code execution exploits in Microsoft Office, Publisher and the Jet Database Engine.

IM Attacks on the Rise

Just because you've deployed an enterprise-grade instant messaging (IM) solution from a well-known vendor, doesn't mean you've mitigated -- let alone completely licked -- the threat posed by rogue, unsanctioned or illicit IM use in your enterprise environment.

Spam More Creative, Better Targeted

Thirty years after the first unsolicited e-mail advertisement was sent, the phenomenon now known as spam is continuing to grow -- and becoming more sophisticated, creative and malicious.

Discovery of Crimeware Server Exposes Breadth of Data Theft

Last month researchers at online security company Finjan uncovered a 1.4 gigabyte cache of stolen data from North America, Europe, the Middle East and India on a Malaysian server that provided command and control functions for malware attacks in addition to being a drop site for data harvested from compromised computers.

In Search of Trust

Microsoft's end-to-end trust initiative is long on vision, but short on developer details.

Open Source Search Site Acquired by Black Duck

Koders.com is slated to become another asset in Black Duck's software compliance toolset.

Glitch Postpones Windows XP SP3 Availability

The availability of new service pack for the Windows XP operating system has been postponed until Microsoft fixes an application compatibility problem.

Web Developers Left Holding the Bag on SQL Injection Attacks

Poor security practices are to blame, Microsoft says.

Web Attacks on the Rise; E-mail Attacks Decline

According to a recent study from security and anti-virus specialist Sophos, servers in the U.S. and China host the lion's share of malware-infected Web sites. Meanwhile, Web attacks surged to an all-time high in the first quarter of this year, according to Sophos -- with no sign of dropping off any time soon.

Experts Focus on Future of U.S. Cybersecurity

Whoever becomes our next president will inherit a cyber infrastructure under almost constant attack and at greater risk than eight years ago, and a handful of experts and legislators have come together to ensure that cybersecurity has a high priority in his or her administration.

Bugs Are Up, Microsoft Security Report Says

Report, covering late 2007, found a 300 percent increase in Trojan bugs.

Q&A: Cyber Crime's Chief Investigator

Howard A. Schmidt has used technology to thwart crime since his early career as a policeman and pioneer in computer forensics.

Microsoft Investigating LocalSystem Access Bug

The bug reportedly allows authenticated users to elevate privileges on networks using some Windows operating systems.

Council Publishes Guidelines for Securing Customer Data Online

The PCI Security Standards Council this week announced plans to issue new guidelines that it hopes will give transaction application developers and security specialists a clear direction to the path of least resistance when it comes to assessing risks surrounding customer and vendor data -- most notably, credit card and payment information.