Welcome Guest. | Log In | Register | Membership Benefits

All News

How (And Why) Attackers Choose Their Targets February 07, 2012
To build a sure defense, you need to know what makes you a juicy target. Here are some tips

Can Glass-Box Scanning Find Your Real Bugs? February 03, 2012
When it works, hybrid -- or 'glass-box' scanning -- combines dynamic, black-box analysis with static, white-box code analysis to find bugs and cut down on false positives

Adobe Calls For Defensive Approach In Security Research February 02, 2012
Mitigation methods the emphasis at Adobe

FDIC Warns Of 'High Risk' Payment Processors February 01, 2012
Some third-party payment processing services may not be secure, commission says

Financial Services Industry Employs Microsoft SDL In New Secure Software Model February 01, 2012
Microsoft meanwhile releases new data showing major drop in bugs and exploitable vulnerabilities in its software over the past year and a half

Famed Hacking Contest Gets Facelift January 23, 2012
‘Pwn2Own’ will up the ante with more prolonged contest, fewer targets, more payout for first-, second-, third-place winners -- plus an extra Google bounty for cracking Chrome

Third-Party Vulnerability Counts Down? Not Quite January 19, 2012
Trend data from Frost & Sullivan shows that vulnerabilities reported by third parties were lower in 2011, but companies such as Secunia and TippingPoint are seeing greater demand

New Version Of Carberp Trojan Targets Facebook Users January 19, 2012
Malware attempts to steal money by duping the user into divulging an e-cash voucher

Possible New Zero-Day Windows 7 Flaw Under Investigation December 22, 2011
Specially crafted webpage viewed with Safari causes 'blue screen of death,' remote execution

Security Holes In Software Decreased This Year, Early Data Shows December 20, 2011
The number of vulnerabilities disclosed to the public fell in 2011, as did the proportion of flaws that were exploited -- is secure development paying off?

Zero Day Initiative: One Year After Throwing Down The Disclosure Gauntlet December 19, 2011
Vulnerabilities reported mostly in big-name software vendors' products, and SCADA zero-day flaws on the rise, according to ZDI's annual report

Exploited Apps Depend On Attack Vector December 06, 2011
While some data shows Java to be the most attacked software application, other software gives the program a run for the title

The Dark Side Of Java December 01, 2011
Metasploit adds new module for latest Java attack as the application is rapidly being targeted by cybercriminals

Firms Slow To Secure Flaws In Embedded Devices November 22, 2011
While operating systems and PC applications have evolved fast patch mechanisms, the proliferation of slow-to-patch embedded devices leaves companies vulnerable.

Windows 8 To Streamline Patching Reboots November 17, 2011
Only one restart per month to coincide with Patch Tuesday

Zero-Day BIND Flaw Crashes DNS Servers November 16, 2011
ISC issues temporary patch to stop more DNS BIND server crashes, but no details yet on the actual flaw

Product Watch: New RedSeal App Lets Enterprises Benchmark Security Risk, Attack Surface November 09, 2011
New RedSeal 5 application offers a way to deliver dashboards on enterprise security posture, company says

The Curious Case Of Unpatchable Vulnerabilities November 08, 2011
The annual Verizon breach investigations report has consistently shown that fewer -- and in the most recent edition, only five of 381 -- attacks exploit vulnerabilities that could have been patched. Should companies re-evaluate their priorities?

A Security Pro's Guide To Patch Management November 03, 2011
With so many applications and vulnerabilities in the enterprise, the question is which patches to deploy first -- and which ones don't need to be deployed at all, experts say

Time To Automate Web Defenses? October 25, 2011
Tying vulnerability scanners and Web application firewalls together can help tighten up Web security without developer pain, but trust is still a problem.

Metasploit For The Masses October 21, 2011
New version of free Metasploit tool aimed at newbie penetration testers

More Exploits For Sale Means Better Security October 11, 2011
Selling exploits can help companies test their systems, but is there room for an independent market?

Flaw In HTC Android Phone Exposes User Data, Researcher Says October 04, 2011
Android flaw could enable attackers to steal smartphone users' GPS location, SMS data, and phone numbers; manufacturer says it is looking into the issue

Study: Mobile Exploit Releases On Track To Double This Year September 30, 2011
Mobile exploits, critical vulnerabilities on track to skyrocket by the end of 2011, IBM X-Force study says

In-House Malware Analysis: Why You Need It, How To Do It September 29, 2011
In-depth malware analysis can be part of a comprehensive vulnerability management strategy. Here's how to get started

Microsoft Claims Another Botnet Takedown September 28, 2011
After taking down Rustock botnet, software giant says it has neutralized Kelihos

Outdated Browsers Leave Many Enterprises Vulnerable To Attack September 27, 2011
Despite efforts to get users to update browsers, the search for better security only begins with a patch.

Free 'HoneySink' Tool Captures Botnet Traffic September 15, 2011
First open-source 'sinkhole' tool released by Honeynet Project

Microsoft Still Spots Lots Of Zeus Infections September 15, 2011
Rumors of Zeus' merger into SpyEye may have been exaggerated -- for now, anyway

Windows 8 To Come With AV Baked In September 14, 2011
Microsoft will knit its Microsoft Security Essentials into the next-generation Windows OS

Managing The Risk Of Flaws In Third-Party Software September 13, 2011
Companies need to focus on finding and resolving vulnerabilities in software libraries on which their own products rely, say experts.

Tech Insight: Three Hardware Tools For Physical Penetration Testing September 02, 2011
How to hack yourself like a social engineer would do

Breached CA Underscores Need To Examine Who You Trust September 02, 2011
Who do you trust? Most companies don't know, but they need that information to close vulnerabilities

New Free Tools Simplify Analysis Of Android Malware August 31, 2011
What did you do over your summer break? Two graduate students wrote tools that address heightened concern over eventual attacks against the Android platform

Workarounds Issued For 'Apache Killer' Attack August 25, 2011
Apache team spells out mitigation strategies, patch expected within 24 hours

Researcher To Release Free 'Slow HTTP Attack' Tool August 25, 2011
'Slowhttptest' could be expanded to test for so-called "ApacheKiller" hack

Botnets And Google Dorks: A New Recipe For Hacking August 16, 2011
Attackers finding new ways to automate the use of Google search engine to hunt for vulnerabilities, Imperva researchers say

'Willysy' osCommerce Injection Attack Affects More Than 8 Million Pages August 09, 2011
Malware exploits vulnerability in popular online merchant platform, Armorize says

Researchers Launch Tool To Close The Development-Testing Gap August 01, 2011
A cautious semi-automated approach the way to go, Black Hat researchers sCurrent vulnerability scanning tools aren't keeping pace with Web app development technology, Black Hat speakers say

Metasploit Pro Gets SIEM, Cloud Integration July 26, 2011
Rapid7's new Metasploit Pro release, 4.0, automates more workflow tasks

Most IT Security Pros Disabling Security Functions In Favor Of Network Speed July 21, 2011
New survey shows dilemma faced by organizations over performance tradeoffs with network security products

Researchers Prepare Google Hacking Tools For Black Hat -- Hot Diggity! July 20, 2011
Family of search tools to be launched at Black Hat conference will help security teams and pen testers find searchable flaws before bad guys, Stach & Liu researchers say

More Windows Kernel Vulnerabilities May Yet Emerge, Researcher Says July 19, 2011
After issuing dozens of patches this year to shore up security vulnerabilities in the Windows kernel, Microsoft may still have more work to do, Black Hat speaker warns

New Research Names Top 10 Malware Delivery Networks July 09, 2011
Malware delivery networks are an emerging category of malicious networks that are distinct from botnets, Blue Coat study says

Enterprises Should Patch For Vuln Criticality, Not App Popularity, Researchers Say July 01, 2011
Organizations could reduce risk significantly by changing patching priorities, according to Secunia

Researchers Report New, 'Indestructible' Botnet June 30, 2011
TDL-4 botnet features new defenses, Kaspersky researchers say; other experts not so sure about the "indestructible" part

LulzSec Takes Credit For CIA Site Takedown June 16, 2011
After cracking a Senate website and exposing 26,000 porn users, hacker group LulzSec targets CIA

Enterprises Skimp On Testing Third-Party Code May 12, 2011
70 percent run security, vulnerability assessments on internal code, but only 35 percent do the same for third-party code they bring in-house, Forrester/Coverity report finds

Disabling Features Make Some Microsoft Bugs Unexploitable May 05, 2011
eEye study finds that disabling two well-known features in Microsoft products would prevent attackers from exploiting 12 percent of vulnerabilities

Another Researcher Hit With Threat Of German Anti-Hacking Law April 27, 2011
German software firm warns researcher who disclosed a vulnerability in its software and offered to help

Vulnerability Management Reports

How (and Why) Attackers Choose Their Targets
To protect company and customer data, we need to determine what makes it so vulnerable and appealing. We also need to understand how hackers operate, and what tools and processes they rely on. In this report, we explain how to ensure the best defense by thinking like an attacker and identifying the weakest link in your own corporate data chain.

Security Pro's Guide to Patch Management
It's no longer sufficient to patch just Windows, Office and IE. With the massive array of applications now residing on enterprise PCs, and the proliferation of mobile and cloud-based applications, your business is far too vulnerable to exploitation unless you have a solid strategy for patch prioritization, deployment and quality assurance. Follow these steps to put your plan in place.

In-House Malware Analysis: Why You Need It, How to Do It
Vulnerability management identifies and closes exploitable holes in your enterprise network. But some systems remain vulnerable, and traditional antivirus and perimeter defenses are proving less effective against sophisticated malware, targeted attacks and zero-day exploits. In this report, we show you how malware analysis, tied closely to incident response, is an essential complement to enterprise vulnerability management programs.