Latest security news

Security Central - Infoworld

'Unhackable' Android can be hacked

Once thought to be unhackable, the Android phone is anything but, according to researchers presenting at Black Hat 2010.

Stealthy, targeted attacks aren't just for defense agencies and high-tech giants like Google, according to researchers from managed security services firm TrustWave's Spider Labs research grou

Hackers appear to be increasingly counting on configuration problems and programming errors rather than software vulnerabilities in order to steal information from computer systems, according to a new study from Verizon.

China's rapid emergence as a hotspot for criminal hacking activities is enabled by the open and unfettered availability of sophisticated hacking tools, according to security researchers attending the Black Hat conference here this week.

Many of the hacking tools are inexpensive, highly customizable, and easy to use.

Even Microsoft can't move software makers to patch their products.

According to data released Wednesday by the company, third-party developers patched just 45 percent of the vulnerabilities that Microsoft's security team reported to them during the 12 months from July 2009 to June 2010.

As if IT admins weren't busy enough securing end-users' computers, servers, and the network, they now need to come up with ways to protect end-users' phones.

Dell on Wednesday beefed up its security offerings with new hardware and services, which could help the company to strike more long-term service engagements with customers.

The security offerings are part of a new product portfolio targeted at medium-sized businesses, Dell said. The portfolio brings together security management, deployment and vulnerability assessment tools to protect data and IT infrastructures.

When Jeremiah Grossman, CTO of WhiteHat Security, announced last week that he had found a security hole in the Safari browser, he certai

Adobe Systems and Microsoft are now working together to give security companies a direct line into their bug-fixing efforts.

AT&T says it won't interfere with a highly anticipated talk on intercepting cell phone calls at the Black Hat conference this week, even though rumors are circulating that it will do just that.

Google on Monday patched five vulnerabilities in Chrome by issuing a new "stable" build of the browser.

Last month, ICANN approved the .xxx top-level domain for adult websites. It's been a controversial subject for many years, with conservatives saying the domain legitimizes the porn industry and pornographers decrying digital segregation. Well, the domain is approved, but there is no law in place that will force adult websites to use it (at least, not yet).

Sourcefire, best known for its Snort intrusion-prevention technology, Tuesday is unveiling a new open source project called Razorback that's designed to spot malware and especially zero-day exploits.

"We want others to test it to see if our idea about this new protection framework is as innovative as we think it is," says Matt Watchinski, senior director on the Sourcefire vulnerability research team.

The German security company G Data released a tool on Tuesday that blocks attacks using Microsoft's shortcut vulnerability but also preserves shortcut icons unlike the hotfix released recently by Microsoft.

One important piece of a multilevel security defense for companies of almost any size is network access control (NAC), which lets you enforce policies for end-user machines.