Security News


Microsoft Releases 3 Critical Patches

On Tuesday, Redmond rolled out four patches for the month of May as expected, with three deemed "Critical" and one "Moderate."

Study: Top Web Application Vulnerabilities Remain Unfixed

Most are easily exploitable, according to industry report.

Survey: IT Struggling Over Security, Compliance Issues

IT pros are having a hard time balancing security, software patch management and IT auditing with a host of other duties, says a Shavlik Technologies survey.

Four Patches Coming in May

Three patches will target critical remote code execution exploits in Microsoft Office, Publisher and the Jet Database Engine.

IM Attacks on the Rise

Just because you've deployed an enterprise-grade instant messaging (IM) solution from a well-known vendor, doesn't mean you've mitigated -- let alone completely licked -- the threat posed by rogue, unsanctioned or illicit IM use in your enterprise environment.

Spam More Creative, Better Targeted

Thirty years after the first unsolicited e-mail advertisement was sent, the phenomenon now known as spam is continuing to grow -- and becoming more sophisticated, creative and malicious.

Discovery of Crimeware Server Exposes Breadth of Data Theft

Last month researchers at online security company Finjan uncovered a 1.4 gigabyte cache of stolen data from North America, Europe, the Middle East and India on a Malaysian server that provided command and control functions for malware attacks in addition to being a drop site for data harvested from compromised computers.

In Search of Trust

Microsoft's end-to-end trust initiative is long on vision, but short on developer details.

Open Source Search Site Acquired by Black Duck

Koders.com is slated to become another asset in Black Duck's software compliance toolset.

Glitch Postpones Windows XP SP3 Availability

The availability of new service pack for the Windows XP operating system has been postponed until Microsoft fixes an application compatibility problem.

Web Developers Left Holding the Bag on SQL Injection Attacks

Poor security practices are to blame, Microsoft says.

Experts Focus on Future of U.S. Cybersecurity

Whoever becomes our next president will inherit a cyber infrastructure under almost constant attack and at greater risk than eight years ago, and a handful of experts and legislators have come together to ensure that cybersecurity has a high priority in his or her administration.

Web Attacks on the Rise; E-mail Attacks Decline

According to a recent study from security and anti-virus specialist Sophos, servers in the U.S. and China host the lion's share of malware-infected Web sites. Meanwhile, Web attacks surged to an all-time high in the first quarter of this year, according to Sophos -- with no sign of dropping off any time soon.

Bugs Are Up, Microsoft Security Report Says

Report, covering late 2007, found a 300 percent increase in Trojan bugs.

Q&A: Cyber Crime's Chief Investigator

Howard A. Schmidt has used technology to thwart crime since his early career as a policeman and pioneer in computer forensics.

Microsoft Investigating LocalSystem Access Bug

The bug reportedly allows authenticated users to elevate privileges on networks using some Windows operating systems.

Hoax Subpoena E-Mails Shine Light on 'Spearphishing'

Hundreds of executives at some of America's most well-known companies received e-mails that they probably didn't want to get -- even if those messages weren't a hoax.

Council Publishes Guidelines for Securing Customer Data Online

The PCI Security Standards Council this week announced plans to issue new guidelines that it hopes will give transaction application developers and security specialists a clear direction to the path of least resistance when it comes to assessing risks surrounding customer and vendor data -- most notably, credit card and payment information.

SQL Server 2005 SP3 Expected in Summer '08

Microsoft releases an incremental update in the mean time, Cumulative Update 7.

Vista SP1 Expands Language Support, but Hits USB Snag

Microsoft has rolled out Vista Service Pack 1 in all supported language versions, but some existing SP1 users have had problems with USB-based devices after applying a security patch.