Welcome Guest. | Log In| Register | Membership Benefits


Vulnerability Management Tech Center

GAO Report: NASA Still Facing Weaknesses In IT Security
Sensitive information, systems at space agency continue to be at risk, testimony says

Test: Most Web Application Scanners Missed Nearly Half Of Vulnerabilities
Tools were scanning their own test Websites

Researcher Cracks Security Of Widely Used Computer Chip
Electron microscopy could enable criminals to develop counterfeit chips, Tarnovsky says at Black Hat DC

MORE VULNERABILTY MANAGEMENT TECH CENTER STORIES



Database Security Tech Center

Product Watch: New Tool Automatically Examines Suspicious Code In Memory
HBGary Responder Professional 2.0 analyzed malware behavior in the Operation Aurora in five minutes

Database Account-Provisioning Errors A Major Cause Of Breaches
Database accounts are often managed manually -- if at all

Hospitality Industry Hit Hardest By Hacks
Trustwave report on data breach investigations shows hotels were breached more than financial institutions last year, and nearly all attacks were after payment-card data

MORE DATABASE SECURITY TECH CENTER STORIES



Security Services Tech Center

Hacker Unleashes BlackBerry Spyware Source Code
Proof-of-concept demonstrates ease at which mobile spyware can be created to pilfer text messages and email, eavesdrop, and track victim's physical location via smartphone's GPS

Product Watch: Security Scoreboard Goes Live
New site brings security vendors and products under one roof, along with customer reviews

Identity Thieves Successfully Targeting Wealthy Victims, Study Says
Affluent individuals who live 'the good life' are 43 percent more likely to be victims, according to Experian

MORE SECURITY SERVICES TECH CENTER STORIES



Insider Threat Tech Center

'Rugged' Initiative Brings Secure Software Development To The Masses
Rugged Software Development initiative an 'on-ramp' for all types of programmers to write resilient code

IBM ISS Researcher Exposes Holes In Cisco's Internet Surveillance Architecture
Wiretapping architecture could be abused by individuals under surveillance and outside attackers; Cisco reviews recommended fixes

Majority Of Online Banking Customers Use Same Credentials On Other Less-Secure Websites
Trusteer data finds that 73 percent use the same password for their online banking account on at least one nonfinancial Website

MORE INSIDER THREAT TECH CENTER STORIES





Best Of The Web

CHINA DAILY
Biggest Hacker Training Site Shut Down
FEBRUARY 8, 2010  | Chinese state-run news agency says the country's biggest hacker training site was shut down and three hackers arrested

ZDNET
Oracle Releases Out-Of-Band Patch For Server Hole
FEBRUARY 8, 2010  | Oracle has released a patch for a flaw in its WebLogic Server that can be exploited over a network without the use of a username or password

THE REGISTER
Fugitive VoIP Hacker Admits 10 Million Minute Spree
FEBRUARY 8, 2010  | Miami hacker made more than $1 million selling millions of minutes of voice over IP calls and routing them through the networks of telecommunications companies

NETWORK WORLD
ShmooCon: P2P Snoopers Know What's In Your Wallet
FEBRUARY 8, 2010  | Researchers say they found driver's licenses, passports, tax return forms with Social Security numbers, a last will and testament, and other sensitive information being sent over peer-to-peer networks

BERNAMA
Cyber Attack In Malaysia Still Under Control
FEBRUARY 8, 2010  | An attack on Malaysian Websites is "under control," officials said today

COMPUTERWORLD
Symantec Hit With Class-Action Lawsuit Over Auto-Renewals
FEBRUARY 8, 2010  | N.Y. man alleges Symantec automatically charged his credit card and renewed his subscription to Norton Antivirus without notifying him

KREBS ON SECURITY
Zeus Attack Spoofs NSA, Targets .gov And .mil
FEBRUARY 8, 2010  | Emails spoofing the National Security Agency and loaded with the Zeus banking Trojan are being sent to government emails, and initial reports say a large number of government systems may have been compromised by the phishing attacks

HELPNET SECURITY
Zero-Day Vulnerabilities On The Market
FEBRUARY 8, 2010  | TippingPoint researchers say when governments are involved, a vulnerability discovery can sometimes yield as much as $1 million

More Best Of Web




Free Vulnerability Management Trial
Qualys is offering a free 14-day trial of its vulnerability management solution, which helps enterprises identify, fix, and report on network security threats.

Free Security Tools from Sophos
Scan for security risks, threats, rootkits and unauthorized applications.

Info-Tech Research Group
A specialist in small and medium-sized businesses, Info-Tech offers a different perspective than research houses that focus on the Fortune 1000.





                         

Video


Heartland Breach: Lessons Learned

Security Experts Roundtable

Whiteboard: Privileged Identity ...
View All Security Videos
Previous Page First Page Second Page Third Page Next Page
            
Blogs

Evil Bytes
BY John H. Sawyer
Updated Tool Targets Facebook Security
 February 3, 2010
02:15 PM -- Security issues surrounding social networking sites make me cringe. I understand their practical applications, but they are also the platform for easy delivery of exploits through social engineering. I've seen many systems compromised by the unconscious click on a Facebook link that users' nonchalance on similar sites and their trust in the Interne ...

SophosLabs Insights
BY Graham Cluley
70% Rise In Malware: Time To Block Facebook?
 February 1, 2010
11:19 AM -- New research published by Sophos today reveals a 70 percent increase in the number of companies reporting spam and malware attacks via social networks.

Hacked Off
BY Gadi Evron
'Brand' Your Employees
 February 5, 2010
06:14 AM -- You might want your product to be in the news every day, and for your PR to create miracles for you. But if you want attention, then your company must speak out on big security issues and news.

Security Views
BY Adrian Lane
Amazon's SimpleDB Not Your Typical Database
 February 6, 2010
04:08 PM -- Several cloud providers offer databases specifically designed for cloud deployment. Amazon's SimpleDB, while technically a database, deviates from what most of us recognize as a database platform. Although SimpleDB is still in prerelease beta format, developers have begun designing applications for it.

Dark Dominion
BY Kelly Jackson Higgins
Litchfield's Last Hurrah
 February 3, 2010
05:44 PM -- Yesterday was David Litchfield's last day at NGS Software, and he commemorated the milestone by dropping a zero-day vulnerability in Oracle's 11g database at Black Hat DC. He also surprised the audience -- and possibly himself -- by awarding Oracle a "B+" final grade for security in 11g, after nearly 10 years of keeping Oracle on its toes by callin ...

CS Island
BY Robert Richardson
New Flaws Pry Lid Off Cloud Frameworks
 February 5, 2010
12:21 PM -- A new set of vulnerabilities came to light this week at Black Hat DC, and its appearance provides a good look at our bleak "next-gen" security future.

MORE BLOGS



Salary

CSI Report
13th Annual CSI Survey
 Targeted attacks, DNS exploits are on the rise, according to the 2008 CSI Computer Crime and Security Survey
 MORE


Jobs
Position: Software Developer
 Company: Beyond.com
 Location: King of Prussia, PA
 Posting Date: Posted 07/17/09
 MORE INFO
Position: Assistant Director of IT
 Company: Univ of Maryland
 Location: Adelphi, MD
 Posting Date: Posted 07/17/09
 MORE INFO
Position: Asst Manager for Recruiting
 Company: US Census Bureau
 Location: Freehold, NJ
 Posting Date: Posted 07/17/09
 MORE INFO
Position: Network Administrator
 Company: BAE Systems
 Location: Washington, DC
 Posting Date: Posted 07/17/09
 MORE INFO
Position: Senior Java Developer
 Company: BAE Systems
 Location: Mclean, VA
 Posting Date: Posted 07/17/09
 MORE INFO


Briefing Centers
POWERFUL INFORMATION
AT YOUR FINGERTIPS
(SPONSORED LINKS)


Bugs
ENTERPRISE VULNERABILITIES
Vulnerability:suse linux
Published:2010-01-22
Severity:High
Description:SUSE Linux Enterprise 10 SP3 (SLE10-SP3) configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions.
Vulnerability:ie
Published:2010-01-22
Severity:High
Description:The URL validation functionality in Microsoft Internet Explorer 7 and 8 does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
Vulnerability:bind
Published:2010-01-22
Severity:Medium
Description:ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.
Vulnerability:ie
Published:2010-01-22
Severity:High
Description:Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531.
Vulnerability:ie
Published:2010-01-22
Severity:High
Description:Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0246.