Welcome Guest. | Log In | Register | Membership Benefits


Threat Intelligence Tech Center

Threat Intelligence Becoming A Do-It-Yourself Project For Enterprises
Building your own threat data collection and analysis function needn't be complex or expensive

What A DDoS Can Cost
Around 65 percent of IT pros say a DDoS costs their organizations $240,000 in lost revenue per day of the attack, and one-fifth say it would mean a loss of $1.2 million per day, new survey finds

4 Ways To Identify The Real Threats To Your Organization
Companies looking for better ways of prioritizing their defensive efforts need to look beyond vulnerabilities. How to find the real threats to your business before they find you

MORE THREAT INTELLIGENCE TECH CENTER STORIES



Mobile Security Tech Center

Windows Gets Privacy Boost For DNS
New public-domain 'VPN For DNS' technology encrypts exposed link between Windows machines and DNS

6 Discoveries That Prove Mobile Malware's Mettle
Trojans, botnets, adware, and more are jumping from theoretical to practical

Making Mobile Banking Safe
Banks finding ways to balance security with convenience, but consumers have no way of determining what's safe to use

MORE MOBILE SECURITY TECH CENTER STORIES



Compliance Tech Center

Obama Cybersecurity Czar Schmidt Steps Down
Howard A. Schmidt, the first-ever U.S. cybersecurity coordinator, has resigned and will retire later this month to enter academia

10 Symptoms Of Check-Box Compliance
These telltale signs show you care more about what the auditors think than what the attackers do

How To Boost Enterprise Security Via FFIEC Compliance
The banking industry's security guidelines might be your ticket to building out your security strategy. Here's how

MORE COMPLIANCE TECH CENTER STORIES



Cloud Security Tech Center

Crypto In The Cloud Secures Data In Spite Of Providers
With companies increasingly worried about their data in the cloud, a number of providers have cropped up to offer various types of encryption

Microsoft Skype IP Leakage Not New, Report Contends
Microsoft says it is investigating a report of a vulnerability that can expose the IP addresses of Skype users

VMware Confirms Hacker Leaked Source Code For ESX Hypervisor
Officials at VMware have confirmed that source code posted on the Web by hacker is legitimate, but said customers may not necessarily be at risk

MORE CLOUD SECURITY TECH CENTER STORIES



Advanced Threats Tech Center

SCADA/Smart-Grid Vendor Adopts Microsoft's Secure Software Development Program
Meanwhile, utilities lag when it comes to cyberattack preparedness and risk management at the executive and board level

Cyberspies Target Victims Via 'Strategic' Drive-by Website Attacks
Cyberespionage attackers more and more are injecting specific, legitimate websites with malware in hopes of snaring victims with common interests -- most recently, human rights organizations

Targeted Attack Infiltrates At Least 20 Companies
Attackers conducted a sustained espionage campaign against a score of private- and public-sector targets with links to policies of interest to China

MORE ADVANCED THREATS TECH CENTER STORIES



Security Monitoring Tech Center

Security Index Marks A Year Of Doing Business Dangerously
The Index of Cyber Security has measured top security officers' sentiment on cyberthreats for more than a year. So what does the index's steady rise mean?

Logs Still Tough To Decipher, SANS Survey Says
More organizations employ log management and SIEM tools, but are still struggling to sort the bad traffic from the good

Dead And Dying Targeted In ID Theft
IDs of 2.5 million dead Americans abused annually, new study shows

MORE SECURITY MONITORING TECH CENTER STORIES



Authentication Tech Center

New .secure Internet Domain On Tap
'Safe neighborhood' top-level domain will require SSL, DNSSEC, and other security measures for websites

Trustworthy Internet Movement Builds SSL 'Avengers'
Industry's top names in SSL development agree to join task force

Tech Insight: How To Hack The Password Problem
Though they are often the weakest link, passwords aren't going anywhere anytime soon. Here's how to shore up and manage your organization's passwords

MORE AUTHENTICATION TECH CENTER STORIES



SMB Security Tech Center

Why Some SMBs Still Fear The Cloud
Blind study commissioned by Microsoft shows disparity between those small to midsize businesses that have adopted cloud computing and security-as-a-service and those that have not

Fake Caller ID Attacks On The Rise
"Vishing" attacks increased by 52 percent in the second half of last year

More Than Half Of Cyberattacks Come From Asia
DDoS attacks worldwide on the rise, report finds

MORE SMB SECURITY TECH CENTER STORIES



Vulnerability Management Tech Center

BeyondTrust Buys eEye
eEye co-founder Marc Maiffret now CTO of BeyondTrust

FBI Warns Travelers Using Hotel Networks About New Attack
The FBI says attackers are trying to trick users into installing malware with promises of software updates

Linux Users Beware: Patch New Samba Flaw 'Immediately'
Samba bug could spur targeted attacks or a worm -- but not all affected systems will get patched

MORE VULNERABILITY MANAGEMENT TECH CENTER STORIES



Database Security Tech Center

Delete Data To Delete Risk
Smart data-retention policies allow an organization to rid itself of risky data when there's no need to keep it in the database anymore

Mass SQL Injections Spike Again
Experts warn orgs to keep up with patches and sanitize input to mitigate risks

No Exploit Required: How Attackers Exploit Business Logic Flaws
NT Objectives lists the main vectors of attack that exploit not bugs, but weaknesses in an application

MORE DATABASE SECURITY TECH CENTER STORIES



Security Services Tech Center

Selling A Secure Internet Domain
PayPal among organizations invited to help shape protocol for .secure

Flashback Botnet Click-Fraud Operation Could Have Been More Profitable
The massive botnet of Mac computers left millions of dollars in potential profits on the table, researchers at Symantec say

Websites Select Security Services To Suppress DDoS, Other Attacks
Web application firewalls are a popular way to protect sites, but cloud and managed security services offer strong benefits to protect against denial-of-service attacks and compromise

MORE SECURITY SERVICES TECH CENTER STORIES



Insider Threat Tech Center

5 Ways To Lose A Malicious Insider Lawsuit
Making the case against an insider takes preparation and proactive work with HR and legal

UNC Charlotte Breach Affected More Than 350,000
Data compromise at university is much larger than initially thought, report says

Microsoft Fingers Chinese Firewall/IPS Vendor In Windows Exploit Leak
Chinese firewall and IPS vendor Hangzhou DPTech Technologies kicked out of Microsoft Active Protections Program (MAPP) for its role in disclosure of Windows Remote Desktop (RDP) flaw earlier this year

MORE INSIDER THREAT TECH CENTER STORIES





Best Of The Web

SECURITY WEEK
Utah's IT Boss Resigns After Massive Data Breach And Policy Failure
MAY 16, 2012  | The executive director of the state of Utah Department of Technology Services has now resigned in the wake of the recent widespread data breach that exposed information on close to 1 million people, including children

THREAT POST
DHS Warns About Threat Of Mobile Devices In Healthcare
MAY 16, 2012  | The Department of Homeland Security (DHS) issued a warning to healthcare organizations on the danger of insecure, network-attached medical devices and the use of smartphones, tablet PCs, and other mobile devices in healthcare settings

SCHNEIER ON SECURITY
Security Vulnerabilities In Airport Full-Body Scanners
MAY 16, 2012  | The DHS Office of Inspector General has found "vulnerabilities in the screening process" at U.S. airports using full body scanners, a classified internal Department of Homeland Security report says

NAKED SECURITY BLOG
Global Payments Breach Continues To Bewilder, Accusations Abound
MAY 16, 2012  | Global Payments insists the affected cards total 1.5 million, but it may be closer to 7 million as Vons supermarket have reported a large volume of prepaid credit card fraud and Union Savings Bank has seen similar scams of late

BANK INFOSECURITY
Key Phish Phry Player Sentenced
MAY 16, 2012  | A U.S. District Court has sentenced Nichole Michelle Merzi, a key member of an international cybercrime ring that between 2008-2009 stole thousands of dollars from U.S. bank accounts, to more than five years in prison

FORBES
Antivirus Firm: 75% Of Phone-Based Malware Now Targets Android
MAY 16, 2012  | F-Secure found that 37 of the 49 variants of smartphone malware in the last quarter targeted the Android, up from 10 out of the 16 malware found in the same quarter last year

MICROSOFT TECHNET BLOG
Introducing EMET v3
MAY 16, 2012  | Microsoft has released a new version of its freebie Enhanced Mitigation Experience Toolkit, EMET 3.0, that comes with more enterprise configuration, deployment, and reporting options

COMPUTERWORLD
Google Releases Chrome 19, Adds Tab Sync And Patches 20 Bugs
MAY 16, 2012  | New Chrome 19 update fixes 20 vulnerabilities in the browser, and Google awarded $16,500 in bug bounties and rewards to independent researchers who discovered flaws in the browser

More Best Of Web




Take The Value of Information Security Certifications Survey
Just what value information security certifications really provide the security professional is a widely debated topic. Information Security Leaders, an independent security career website, wants to hear from you, the information security pro, on whether these certifications are meaningless or valuable to your career. Take the anonymous survey on how security pros feel about this topic here. You can also receive the final results via email.

Free Vulnerability Management Trial
Qualys is offering a free 14-day trial of its vulnerability management solution, which helps enterprises identify, fix, and report on network security threats.

Free Security Tools from Sophos
Scan for security risks, threats, rootkits and unauthorized applications.

Info-Tech Research Group
A specialist in small and medium-sized businesses, Info-Tech offers a different perspective than research houses that focus on the Fortune 1000.






             

Current Issue

In this issue:

  • Close The Door On Data Leaks: Stop insider theft and accidental disclosure with network and host controls--and don't forget to keep employees on their toes.
  • Make Security Everyone's Business: Even the best data leak prevention tools will fail if employees don't make security a priority.
  • Lessons From The Global Payments Breach: Recent attack underscores problems with knowledge-based authentication and perimeter defense.
  • FTC Proposes "Privacy By Design": The agency's privacy guidelines could raise issues for e-commerce and online advertising.
            

Video


Featured Webcasts
Featured Whitepapers
Featured Reports

CSI Report
14th Annual CSI Survey
Security pros generally happy with products; not so much with awareness programs
MORE

Tech Insight
03.23.2011
HTTPS Is Evil
MORE





Briefing Centers
POWERFUL INFORMATION
AT YOUR FINGERTIPS
(SPONSORED LINKS)


Bugs
ENTERPRISE VULNERABILITIES
Vulnerability:ssl-vpn end-point interrogator/installer activex control
Published:2010-11-03
Severity:High
Description:Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method.
Vulnerability:gvim
Published:2010-11-03
Severity:High
Description:Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information.
Vulnerability:cforms
Published:2010-11-03
Severity:Medium
Description:Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.
Vulnerability:links, wsn links, wsn links
Published:2010-11-03
Severity:High
Description:Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.
Vulnerability:deluxebb
Published:2010-11-03
Severity:Medium
Description:SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033.