Latest security news
Security Central - Infoworld Once thought to be unhackable, the Android phone is anything but, according to researchers presenting at Black Hat 2010. Targeted malware attacks: The new normal Stealthy, targeted attacks aren't just for defense agencies and high-tech giants like Google, according to researchers from managed security services firm TrustWave's Spider Labs research grou Data breaches exploit configuration errors, not software vulnerabilities Hackers appear to be increasingly counting on configuration problems and programming errors rather than software vulnerabilities in order to steal information from computer systems, according to a new study from Verizon. Malware tools openly available in China, security researchers say China's rapid emergence as a hotspot for criminal hacking activities is enabled by the open and unfettered availability of sophisticated hacking tools, according to security researchers attending the Black Hat conference here this week. Many of the hacking tools are inexpensive, highly customizable, and easy to use. Microsoft's bug reports fail to produce prompt patches Even Microsoft can't move software makers to patch their products. According to data released Wednesday by the company, third-party developers patched just 45 percent of the vulnerabilities that Microsoft's security team reported to them during the 12 months from July 2009 to June 2010. Free mobile apps can cost users their privacy As if IT admins weren't busy enough securing end-users' computers, servers, and the network, they now need to come up with ways to protect end-users' phones. Dell angles for service contracts with new security offerings Dell on Wednesday beefed up its security offerings with new hardware and services, which could help the company to strike more long-term service engagements with customers. The security offerings are part of a new product portfolio targeted at medium-sized businesses, Dell said. The portfolio brings together security management, deployment and vulnerability assessment tools to protect data and IT infrastructures. Apple patches up Safari and rolls out extensions When Jeremiah Grossman, CTO of WhiteHat Security, announced last week that he had found a security hole in the Safari browser, he certai Adobe joins Microsoft's patch-reporting program Adobe Systems and Microsoft are now working together to give security companies a direct line into their bug-fixing efforts. AT&T won't stop Black Hat demo of cell phone eavesdropping AT&T says it won't interfere with a highly anticipated talk on intercepting cell phone calls at the Black Hat conference this week, even though rumors are circulating that it will do just that. Google patches Chrome, sidesteps Windows kernel bug Google on Monday patched five vulnerabilities in Chrome by issuing a new "stable" build of the browser. Web filtering and reporting tools for the small business Last month, ICANN approved the .xxx top-level domain for adult websites. It's been a controversial subject for many years, with conservatives saying the domain legitimizes the porn industry and pornographers decrying digital segregation. Well, the domain is approved, but there is no law in place that will force adult websites to use it (at least, not yet). Open source Razorback project targets malware, zero-day exploits Sourcefire, best known for its Snort intrusion-prevention technology, Tuesday is unveiling a new open source project called Razorback that's designed to spot malware and especially zero-day exploits. "We want others to test it to see if our idea about this new protection framework is as innovative as we think it is," says Matt Watchinski, senior director on the Sourcefire vulnerability research team. G Data releases tool to block Windows shortcut attacks The German security company G Data released a tool on Tuesday that blocks attacks using Microsoft's shortcut vulnerability but also preserves shortcut icons unlike the hotfix released recently by Microsoft. NAC decisions you need to make now to secure your network One important piece of a multilevel security defense for companies of almost any size is network access control (NAC), which lets you enforce policies for end-user machines. |