Security News


Careers: Strong Demand Continues for Information Security Jobs

With information security increasingly a boardroom-level concern, job prospects continue to be good, according to a new study. Training and certification are becoming increasingly important for candidates and companies alike.

WMF flaw provokes headaches, workarounds

Companies are racing to patch a WMF vulnerability in all versions of Microsoft Windows XP and Windows Server 2003.

Energy company puts juice into monitoring IM

Is your company's use of instant messaging secure? Does it meet regulatory requirements?

SAVVIS introduces managed security services

SAVVIS announced a portfolio of managed security utility services it calls the SAVVIS Security Utility.

Retailers' efforts to safeguard consumer data not enough, survey shows

A Retail Data Security Benchmarking Study based on 71 respondents from various retailers and merchandisers, shows greater vigilance is needed by retailers to protect consumer information.

Spyware hampers compliance initiatives

In the wake of multiple data-breach disclosures-and more state laws governing such breaches-many companies are surveying the conduits through which sensitive information can escape the enterprise.

New consortium sets out to establish app security guidelines

Security Innovation, Microsoft, Red Hat, Oracle and several other companies have formed Application Security Industry Consortium (AppSIC) with the intent of helping establish and define app security guidance and metrics.

Black hats increasingly target apps

A major shift in Internet attacks is under way. “For 5 years, the majority of attacks targeted operating systems like Unix and Windows, and Internet services like Web servers and mail systems,” notes a new study from SANS, a computer security education and information security training firm.

The fix is in for network identity access control apps

Several vendors offer network access control programs. Now Identity Engines, a start-up vendor with a Cisco-heavy pedigree, is launching its own variation on this theme.

TippingPoint Launches Intrusion Prevention System

TippingPoint, a division of 3Com, launched on Monday, TippingPoint X505, an integrated security platform built on intrusion prevention system technology. IPS combines a stateful inspection firewall, IPSec VPN, bandwidth management, Web content filtering and dynamic routing.

Network Appliance Intros a Security Initiative for Enterprise Storage

Network Appliance on Wednesday unveiled the Uncompromised Security Initiative, a program the company claims challenges the status quo of data security and promises to deliver industry-best solutions to the enterprise.

Mobile Security Driving Need for Security and Device Management

A survey on mobile security released on Monday by Good Technology, a handheld computing software and service provider, suggests enterprises are seeking new ways to address handheld device and security management.

Identity Engines Delivers Platform for Network ID Management

Identity Engines on Monday introduced an enterprise-grade platform designed to deliver highly reliable, centrally-managed network identity management services.

Scary Stories

Mitnick regales with hacker tales.

Sneaky, Sinister, Swindling Software

Spyware steals identities, invades privacy, compromises enterprise info-security, alters and destroys data, and replicates to a point where systems collapse under the weight. And that's just for starters.

Data Security Breaches and the Bottom Line Impact

Think the damage from security breaches can be contained? When it comes to consumer opinion, don’t count on it. According to a recent survey, only 8 percent of consumers who receive a security breach notification do not blame the organization that suffered the breach. In addition, 19 percent of consumers who received a notification took their business elsewhere, and 40 percent were considering doing so.

Modular Code and Bot Nets Target Enterprises

Symantec’s biannual Internet Security Threat Report highlights the degree to which computer systems attackers now rely on modular code. Although the number of new vulnerabilities is beginning to level off, the number of malware variants is increasing.

Trend Micro Study Reveals End-User Awareness of Spyware is High

Security software maker Trend Micro says the majority of corporate computer users is familiar with the risks of spyware, but half think IT should be doing a better job educating them to deepen their understanding of the threat.

Forum Systems Targets SOA, Web Services’ Security

Forum Systems recently introduced its Unified Policy Management application, which creates, manages, deploys and governs service-oriented architecture security policies and Web services.

Popularity of Enterprise IM Continues to Grow, with Hackers

Attacks on instant messaging systems used by enterprises and consumers are escalating dramatically, according to the third-quarter report from The IMlogic Threat Center, a consortium that provides threat detection and protection for IM and peer-to-peer (P2P) apps.