RSSComputer Security
IT Security Jobs & Careers
Find your next job in IT Security. Search IT Security jobs from thousands of job and career search sites.
A search engine for jobs with a different approach to job and career searches. In one simple search, job
seekers get free access to millions of employment opportunities from thousands of websites. Find your next
job in IT Security today.
Government Recruits Geeks to Blunt Cybersecurity Threats
Joshua Kucera
The potential threats against
Cyberwar Is the New Atomic Age
Mike McConnell Interview
A level of vulnerability has been introduced into our way of life that is unprecedented. We now have a smaller connected globe where information can be moved in seconds, where information managed by computer networks -- which runs our utilities, our transportation, our banking and communications -- can be exploited or attacked in seconds from a remote location overseas
Secrets to Saving Your Laptop and Data
David LaGesse
Consumers now buy more laptops than desktop PCs, relishing the power they pack in a portable package. Thieves relish laptops for the same reason. The overwhelming majority of lost or stolen notebooks don't make it back to their owners, according to FBI and analyst reports. But a few laptop-luggers take steps to protect their investments, or the even-more precious data they contain.
Video: A new workout for the Wii
Ubisoft's upcoming fitness game, YourShape, promises an experience a step up from Wii Fit. In the process, can it help revitalize the Nintendo console?
Microsoft to fix holes in Windows, Office
November's Patch Tuesday promises to be lighter than last month's record.
Google privacy controls: Most people won't care
Google Dashboard is putting personal data in the hands of users, but most of us won't care enough to exercise this control.
Zero-day flaw found in Web encryption
Flaw is found in the Transport Layer Security and Secure Sockets Layer protocols, which have typically been used online retailers and banks to provide security for Web transactions.
Mac Game: Art project or malware?
Is the Lose/Lose game a legitimate art project, or should it be flagged as malware because it deletes files?
Corporate bank accounts targeted in online fraud
Small and medium-size businesses, governments, and school districts are targets of online bank fraud involving malicious e-mails, key loggers, and money mules, FBI says.
Hacker breaks into jailbroken iPhones, asks for $7
A hacker asks victims to pay $7 to get instructions for fixing a security hole in their jailbroken iPhones.
Malwarebytes accuses rival of software theft
Anti-malware provider Malwarebytes says it will take legal action against China-based IObit, but IObit says it is all a mistake.
Security firm M86 acquires Finjan
M86 makes second acquisition in the past year, buying secure SaaS and Web gateway provider Finjan.
Spammy scams surfacing on Twitter, Facebook
Users of the microblogging service report spammy direct messages, while users of the social network report receiving links to a malware site.
New Trojan encrypts files but leaves no ransom note
Victims of the Ramvicrype Trojan horse must find tools to repair encrypted files.
CNET News.com - Security
Tech News First
Gumblar Malware's Home Domain is Active Again
ScanSafe researchers are seeing renewed activity regarding Gumblar, a multifunctional piece of malware that spreads by attacking PCs visiting hacked Web pages.
Developer Finds Major Coding Errors in Facebook, MySpace
Social-networking sites MySpace and Facebook have apparently fixed coding errors that could have allowed an attacker access to all of their users' data and photos.
Boston Celtics Clamp Down on Spam
Until recently, the Boston Celtics' e-mail infrastructure was outdated and badly in need of an overhaul.
Postini Technology to Spread Across Google Apps
The Postini technology that lets Google Apps Premier administrators control their e-mail environments by establishing and enforcing usage policies, rules and parameters will be extended to the other applications of the suite.
Federal Data Protection Law Inches Forward
A sweeping new bill that would implement a national standard for data protection and breach notification got a boost of support today from the Senate Judiciary Committee.
Microsoft Plans Six Patches Next Week, Ties November Record
Microsoft plans to will deliver six security updates on Tuesday, less than half the number it issued last month, to fix flaws in Windows and Office.
Six Steps to Pull App Security Back to the Future
OWASP will host its 2009 AppSec DC conference next week, hoping to arm IT security practitioners with knowledge to improve application security. For a taste of what to expect, organization member Matt Fisher discusses what's wrong with app security today and six ways to make it better.
Blue Coat Slashes Staff, Buys S7 Services Company
Security-appliance vendor Blue Coat Systems is laying off of close to 20 percent of its staff and restructuring its business in a drive to increase profitability.
Developer Finds Major Coding Errors in Facebook, MySpace
Social-networking sites MySpace and Facebook have apparently fixed coding errors that could have allowed an attacker access to all of their users' data and photos.
Apple Seeks New Sheriff to Lock Up IPhones
Just as a new hack, blacksn0w, promises to unlock iPhones with the latest Apple software from AT&T's wireless network, Apple is looking for a sheriff to lock the smartphones back up again, permanently.
Survey: Security Certifications Hot Among IT Pros
CompTIA finds IT pros value and seek new security-related certifications above all other areas.
Developer Finds Major Coding Errors in Facebook, MySpace
Social-networking sites MySpace and Facebook have apparently fixed coding errors that could have allowed an attacker access to all of their users' data and photos.
Spoof Apple Trojan Upsets Symantec
Symantec has discovered a file-deleting 'Trojan' targeting Mac users. But is it really a piece of malware or a valid but hazardous example of online art?
EU Breaks Deadlock in Debate Over Right to Internet Access
After months of often bitter debate, European Union lawmakers reached agreement on how to preserve citizen's rights to Internet access in a meeting that ended in the early hours of Thursday morning.
Vendors Scrambling to Fix Bug in Net's Security
Software makers around the world are scrambling to fix a serious bug in the technology used to transfer information securely on the Internet.
CIO.com - Security
10 Essential Third Party Security Apps for Windows 7
Now that users have their hands on Windows 7, it's time to secure it. They could always use solutions from Microsoft, like Security Essentials, but in many cases, third-party applications do a much better job of ensuring a system is kept secure.
Third-party security apps for Windows 7 can be free or paid. In either case, users can find effective security applications to keep their data more secure. However, it's important to remember that some apps are more effective than others and that in no way can all of these applications keep the user's data totally secure. But the first step is to find the security app that works best for the users needs. This eWEEK slide show looks at ten third-party applications that will make Windows 7 more secure.
- ...
Senate Committee Passes Data Breach Laws
The U.S. Senate Judiciary Committee passes two bills that establish federal guidelines for data breach notifications.
- Two sweeping bills that would set new standards for data
breach notifications made their way out of the Senate Judiciary Committee
Nov. 5.
The committee voted yes on the Personal Data Privacy and Security Act of
2009 (S.1490) and the Data Breach Notification Act (S.139). The vote means the
bill...
Critical Windows Security Bulletins on Tap for Patch Tuesday
Microsoft is releasing six security bulletins next week as part of Patch Tuesday. Three of the bulletins address Windows security issues Microsoft has rated critical.
- Microsoft will release six bulletins next week for Patch Tuesday, including three critical bulletins focused on Windows security.
All
totaled, 15 security vulnerabilities will be fixed in this release.
Besides the critical Windows bulletins are three others rated
quot;important. quot; Among t...
House Panel Approves Cyber-security Awareness Act
Legislation would mandate that National Institute of Standards and Technology develop a plan to ensure cyber-security coordination within the U.S. government.
-
A U.S. House subcommittee approved
Nov. 4 the Cybersecurity Coordination and Awareness Act, legislation that would
require NIST (National Institute of Standards and Technology) to develop and
implement a plan to ensure coordination within the U.S. government with regard to the
development of i...
FBI: Online Banking Attacks Reach $100 Million Mark
In an intelligence note, FBI officials say a mix of banking Trojans and phishing attacks has plagued victims - mainly public institutions and small and midsize businesses - to the tune of $100 million in attempted losses as of October.
- Malware and phishing schemes
targeting online bankers have spurred a jump in Automated Clearing
House (ACH) fraud that has led to $100 million in attempted losses as
of October, according to the FBI.
In an intelligence note released earlier this week by the Internet
Crime Complaint Center (IC3)...
Botnets Tighten Defenses Year After McColo Shutdown
In the roughly 12 months since the McColo shutdown caused a short but dramatic drop in spam, botnet operators have changed tactics to minimize the impact of authorities shutting down their ISPs. Security researchers discussed how with eWEEK.
- In the year since the shutdown of notorious Web hosting firm McColo,
spammers are growing strong. In fact, researchers at McAfee reported
that spam accounted for 92 percent of e-mail in the second quarter of
2009.
Part of this is the result of improvements by botnet operators. Like
anyone who...
Windows 7 UAC Is Ineffective Security Solution for Malware, Sophos Says
A researcher at Sophos reports putting Windows 7's User Account Control feature to the test and finding the technology failed to block numerous pieces of malware. Microsoft, however, stresses that UAC is only one part of Windows 7's security.
- A researcher at Sophos called the UAC feature in Windows 7
ineffective after numerous pieces of malware snuck by the technology in a test.
Microsoft first introduced User
Account Control in Windows Vista to improve security. After some users
complained the number of alerts it generated were an...
Man Indicted in Cable Modem Hacking Scheme
The FBI unsealed charges recently against Ryan Harris, 26, who they say developed hardware and software tools to enable people to configure their cable modems to give them free Internet access.
- Federal authorities unsealed charges in Boston
Nov. 2 against a man they allege developed tools to help people steal free
Internet access by modifying cable modems.
Charges against 26-year-old Ryan Harris, who has residences
in Redmond,
Ore., and San
Diego, were unveiled Nov. 2. According...
How to Protect Against Web 2.0 Crime and Data Breaches
Facebook, Twitter, MySpace, blogs and other Web 2.0 technologies have created new opportunities for individuals, enterprises and governments. But where law-abiding users go, cyber-criminals quickly follow. It's critical for users to be wary of increasingly sophisticated online threats from the recently discovered Botnet platform to cyber-criminals who infiltrate networks to steal data and identities. Here, Knowledge Center contributor Yuval Ben-Itzhak explains how users can protect their systems from cyber-criminals, phishing, botnets, viruses, Trojans and other malware.
- In today's Web 2.0 world, information sharing, online shopping and remote working are just a few examples of the many benefits the Internet and Web 2.0 technologies offer us. Blogs and social networks such as Facebook, Twitter and MySpace are becoming increasingly popular, with individual users and ...
M86 Buys Finjan in Web Security Play
Fresh off the acquisition of Avinti, M86 Security announces the acquisition of Finjan. The deal, made for an undisclosed sum, brings Finjan's enterprise-class solutions to the company.
- M86 Security has acquired Finjan as part of a push into the enterprise secure Web gateway and software-as-a-service businesses.
Financial terms of the deal were not disclosed, but the buy is the latest in a string of acquisitions and mergers by the company. Formed last year by the merger of Marshal...
Security Vendors Take Hybrid Approach to Web Filtering
To help enterprises deal with a growing number of remote workers, cloud-based URL filtering is likely to continue to gain traction.
- With more employees operating outside the workplace, solving the problem of web filtering for remote workers has gotten attention from a number of security vendors.
Addressing it has led some vendors to push a hybrid approach of cloud-based and on-premise technology something that may gain tracti...
Symantec Uncovers Trojan Scheme Using Facebook
Researchers at Symantec find a Trojan that uses Facebook to communicate with a command and control server.
- Researchers at Symantec have uncovered a Trojan using Facebook as a
coordinator for its command and control server.
The Trojan malware, known to Symantec
as Whitewell, is being spread via e-mail through quot;documents (PDF, or
MS Office formats) containing exploits for known vulnerabilities, qu...
10 Reasons Why Google Android Is Secure
News Analysis: Google's Android platform is a relatively secure operating system. It has a number of features that make it a fine alternative to the iPhone. But it's important for users to understand just how Google built security into the mobile operating system.
- The debate over which mobile platform iPhone, Android, Windows Mobile or
BlackBerry is best might rage for hours. Everything is subjective. But it's
security that may matter most when considering a mobile phone.
Will the phone provide the kind of security required when important data is
transmi...
Tech Prods Obama over Cyber Czar
TechAmerica tells President Obama his promise to appoint a cyber-security coordinator in the White House is growing more urgent by the day. Obama promised to appoint a cyber-security coordinator more than five months ago.
- The tech industry is
growing impatient over President Obama's failure so
far to appoint a cyber-security coordinator in the White House. It has been
more than five months since Obama
held a much ballyhooed media event on the importance of cyber-security
and pledging to appoint a cyber-security ...
Microsoft Security Report Underscores Weak Enterprise Security Policies
In an analysis of the top security threats during the first half of 2009, Microsoft's findings show the importance of having sound guidelines governing thumb drives and connecting to corporate networks from machines outside the enterprise. According to Microsoft, both Conficker and another notorious worm took advantage of poor policies around USB devices to spread.
- In its biannual
snapshot of the security landscape, Microsoft has uncovered a resurgence a
worms that underscores the importance of having sound security guidelines
for removable
USB devices accessing corporate
networks.
While Volume 7 of
Microsofts Security Intelligence Report found that Tr...
Security - RSS Feeds
Security - RSS Feeds
Switchers Guide: Understanding Mac security
When it comes to security, using Windows can feel like living in the heart of a big city--the kind of place where you can install all the locks and alarms you want, but you still worry. The vast number of computer users who run Microsoft operating systems form the biggest, juiciest target cybercriminals could dream of. Which is why there are more than twenty-two million unique examples of Windows malware out there.
Skype's legal storm clears
Skype's cofounders, Janus Friis and Niklas Zennstrom, have agreed to transfer ownership of the remaining Skype technology that eBay didn't own, paving the way for eBay to complete its sale of a majority stake in Skype to an investor consortium.
Norwegian ISP doesn't have to block Pirate Bay, says court
Norwegian ISP Telenor doesn't have to block access to file-sharing site The Pirate Bay, according to a ruling from the district court for Asker and Bærum on Friday.
Gumblar malware's home domain is active again
ScanSafe researchers are seeing renewed activity regarding Gumblar, a multifunctional piece of malware that spreads by attacking PCs visiting hacked Web pages.
Postini technology to spread across Google Apps
The Postini technology that lets Google Apps Premier administrators control their e-mail environments by establishing and enforcing usage policies, rules and parameters will be extended to the other applications of the suite.
Dashboard shows what Google knows about you
Google's new Dashboard products provides its users with some transparency, but critics say more needs to be done to protect consumer privacy.
More Security News
View more Security news and analysis from Computerworld.com
Computerworld Security News
News: Popular apps need better patching, says report
Popular apps need better patching, says report
News: Hacker charged with Heartland, other breaches
Hacker charged with Heartland, other breaches
News: Web attacks hit U.S., South Korean sites
Web attacks hit U.S., South Korean sites
>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your
Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
News: FTC persuades court to shutter rogue ISP
FTC persuades court to shutter rogue ISP
Brief: Gov't warns firms about online robberies
Gov't warns firms about online robberies
Brief: Vulnerability sales help secure Microsoft
Vulnerability sales help secure Microsoft
>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your
Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
Brief: Sensitive gov't docs leaked over peer-to-peer
Sensitive gov't docs leaked over peer-to-peer
Brief: Small, medium firms cut security budgets
Small, medium firms cut security budgets
News: FBI and SOCA plot cybercrime smackdown
FBI and SOCA plot cybercrime smackdown
>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your
Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
News: Botnet boosts criminals' revenues from Google
Botnet boosts criminals' revenues from Google
News: Apple sneaks anti-malware into Mac OS X
Apple sneaks anti-malware into Mac OS X
News: Security flaws foul financial giant’s Web site
Security flaws foul financial giant’s Web site
>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your
Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
Infocus: Enterprise Intrusion Analysis, Part One
Enterprise Intrusion Analysis, Part One
Infocus: Responding to a Brute Force SSH Attack
Responding to a Brute Force SSH Attack
Infocus: Data Recovery on Linux and ext3
Data Recovery on Linux and <i>ext3</i>
>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your
Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
Infocus: WiMax: Just Another Security Challenge?
WiMax: Just Another Security Challenge?
Gunter Ollmann: Time to Squish SQL Injection
Time to Squish SQL Injection
Mark Rasch: Lazy Workers May Be Deemed Hackers
Lazy Workers May Be Deemed Hackers
>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your
Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
Adam O'Donnell: The Scale of Security
The Scale of Security
Mark Rasch: Hacker-Tool Law Still Does Little
Hacker-Tool Law Still Does Little
More rss feeds from SecurityFocus
News, Infocus, Columns, Vulnerabilities, Bugtraq ...
SecurityFocus News
SecurityFocus is the most comprehensive and trusted source of security
information on the Internet. We are a vendor-neutral site that provides
objective, timely and comprehensive security information to all members of
the security community, from end users, security hobbyists and network
administrators to security consultants, IT Managers, CIOs and CSOs.
Lose/Lose: Kill an Alien, Delete a File
Post from: TrendLabs | Malware Blog - by Trend Micro
Anyone who has ever played a video game—whether in an arcade, using a gaming console, or on a PC—knows how a good kill can get one all excited and pumped up. Games that involve killing certain entities give us the thrill of being in such an exhilarating situation, without suffering any serious consequence. A certain [...]
Lose/Lose: Kill an Alien, Delete a File
DOWNAD/Conficker Turns 1yr
Post from: TrendLabs | Malware Blog - by Trend Micro
Worm Exploits MS08-067 Bug
DOWNAD, also known as the Conficker worm, was first seen in the wild taking advantage of the MS08-067 vulnerability. True to form, it propagated via shared networks. Like its predecesors—the Sasser and Nimda worms—it also raised security concerns with regard to a spike in port 445 activity.
A few days after its appearance, [...]
DOWNAD/Conficker Turns 1yr
Elite Loader Goes Public
Post from: TrendLabs | Malware Blog - by Trend Micro
A few days ago, I got access to the source code of the well-known Elite Loader for free. Yes. It was published on one of the Russian underground forums. It even had a detailed description and screenshots showing how to use the application’s command and control (C&C) server.
Apart from dropping malicious files on infected machines, [...]
Elite Loader Goes Public
BREDOLAB Revealed!
Post from: TrendLabs | Malware Blog - by Trend Micro
When BREDOLAB entered the threat landscape several months ago, it was initially thought of as a common downloader (that downloads executable files) designed for malware infection only. However, Trend Micro researchers noticed a sudden increase in its activities in August 2009. This pushed our researchers to delve more into the inner workings and behaviors of BREDOLAB.
Our analysis then [...]
BREDOLAB Revealed!
Malware Conceals Itself as Boss’s Letter
Post from: TrendLabs | Malware Blog - by Trend Micro
Trend Micro threat analysts found spammed messages that pretended to be a letter coming from the “boss.” The messages bore the subject “get back to my office for more details” and instructed users to extract and read the letter contained in the attached .ZIP file. The attachment, of course, does not contain a letter but an .EXE file [...]
Malware Conceals Itself as Boss’s Letter
Christmas Spam Spotted
Post from: TrendLabs | Malware Blog - by Trend Micro
With Christmas just right around the corner, spammers are already flooding users’ inboxes with unwanted email. No surprises there. Spammers are known to exploit the holidays to further their malicious causes.
Just recently, Trend Micro threat analysts found another spammed message that claimed to be a “replication specialist” and enticed users to buy replica products like watches, handbags, [...]
Christmas Spam Spotted
Trick or Threat?
Post from: TrendLabs | Malware Blog - by Trend Micro
The month of October in the threat landscape is often associated with scary social engineering tactics in time for Halloween. As in years past, the threats that lurk in and plague the current threat landscape are real. Most of them can cause irreparable damage, often resulting in information, or worse, identity theft as shown in [...]
Trick or Threat?
This Halloween, Enjoy the Treats but Be Wary of Online Tricks
Post from: TrendLabs | Malware Blog - by Trend Micro
We often associate Halloween with pumpkins and costumes but for cybercriminals it’s merely another avenue to exploit, steal, and trick users into giving away their personal identities. Treats are fun but we all need to be on the lookout for the sneaky and tricky ways cybercriminals slither into our computers. Below are the TrendLabs, top 7 [...]
This Halloween, Enjoy the Treats but Be Wary of Online Tricks
Social Engineering Watch: Spam Leads to Canadian Pharmacy Sites
Post from: TrendLabs | Malware Blog - by Trend Micro
Trend Micro researchers found over 200 email samples that spamvertised male sexual enhancement pills. These bore subjects like “Re: Go wild in bedroom,” “Re: Let your lever straight up,” and “Re: Be her concrete-rod satisfier” and contains a URL that points to all-too-familiar Canadian pharmacy websites.
While spammed messages that lead to Canadian pharma sites are not [...]
Social Engineering Watch: Spam Leads to Canadian Pharmacy Sites
Taiwan: Spear Phishers Target Gmail Users
Post from: TrendLabs | Malware Blog - by Trend Micro
Trend Micro threat analysts found several phishing sites registered in China that target specific people or companies. The said email can customize phishing URLs using the names of intended recipients via a technique called “spear phishing.”
Spear phishing has been used by cybercriminals before in attacks that involved specific targets. In the previous post, “So Is It Twitter or [...]
Taiwan: Spear Phishers Target Gmail Users
Fake Facebook Password Notification Leads to Malware
Post from: TrendLabs | Malware Blog - by Trend Micro
A new spam campaign that purports to be from Facebook is making rounds today. It bears the subject, “Facebook Password Reset Confirmation,” and informs users that their passwords have been changed for security purposes. It then asks them to open the attached .ZIP file that supposedly contains their new passwords, which in actual fact is [...]
Fake Facebook Password Notification Leads to Malware
FDIC Spam Points to Info Stealer
Post from: TrendLabs | Malware Blog - by Trend Micro
Trend Micro researchers recently found spam emails fashioned to come from Federal Insurance Deposit Corporation (FDIC). The email message informs users that they should visit the “official” FDIC’s website (provided in the email) to check their Deposit Insurance Coverage.
However, clicking the URL leads users to a fake FDIC website where they are ask to download [...]
FDIC Spam Points to Info Stealer
IPv6 Tunneling Protocols: Good for Adoption, Not So Hot for Security
Post from: TrendLabs | Malware Blog - by Trend Micro
Have you ever noticed how security often takes a backseat when trying something new? When I am trying out a protocol out for the first time, I barely skim the Security Considerations section of the RFC. Just the same, as more of us start experimenting with IPv6, the use of tunneling protocols is likely to [...]
IPv6 Tunneling Protocols: Good for Adoption, Not So Hot for Security
Spoofed Contract Carries Malware
Post from: TrendLabs | Malware Blog - by Trend Micro
Trend Micro researchers found spammed messages with a .ZIP file attachment that contains a malware. It bears the subject, “Contract of Settlements,” and purports to come from LSM Company. It informs users to open and check the attached file that holds a contract, which in actual fact, is an executable file (contract_1.exe) detected by Trend [...]
Spoofed Contract Carries Malware
FAKEAV Goes Open Source… Or Not?
Post from: TrendLabs | Malware Blog - by Trend Micro
In the recent FAKEAV spam campaign, I realized something was off. Once the user clicks the URL and gets the bogus Antivirus 2010 up and running on his/her system, files are added. The additional files I found were related to ClamAV, the open source AV toolkit for UNIX. The files include the ClamAV virus definition file and [...]
FAKEAV Goes Open Source… Or Not?
TrendLabs | Malware Blog - by Trend Micro
Hottest news about malware -- worms, viruses, trojans, adware and other internet or web threats by Trend Micro.
October 2009 - M...
Security Advisory: October 2009 - Microsoft Releases 13 Security Advisories
September 2009 -...
Security Advisory: September 2009 - Microsoft Releases 5 Security Advisories
August 2009 - Mi...
Security Advisory: August 2009 - Microsoft Releases 9 Security Advisories
(MS09-034) Cumul...
Security Advisory: (MS09-034) Cumulative Security Update for Internet Explorer (972260)
(MS09-035) Vulne...
Security Advisory: (MS09-035) Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)
Vulnerability in...
Security Advisory: Vulnerability in Authplay.dll in Certain Versions of Adobe Reader, Acrobat and Flash Player
July 2009 - Micr...
Security Advisory: July 2009 - Microsoft Releases 6 Security Advisories
Microsoft Window...
Security Advisory: Microsoft Windows 'MPEG2TuneRequest' Object Remote Code Execution Vulnerability (972890)
June 2009 - Micr...
Security Advisory: June 2009 - Microsoft Releases 10 Security Advisories
May 2009 - Micro...
Security Advisory: May 2009 - Microsoft Releases 1 Security Advisory
Trend Micro - Security Advisories
Latest security advisory from Trend Micro
MAL_OTORUN2
MAL_OTORUN2
CRYP_MANGLED
CRYP_MANGLED
MAL_OTORUN1
MAL_OTORUN1
WORM_DOWNAD.AD
WORM_DOWNAD.AD
CRYP_KRAP
CRYP_KRAP
CRYP_NAIX-7
CRYP_NAIX-7
MAL_DOWNADJ
MAL_DOWNADJ
WORM_DOWNAD
WORM_DOWNAD
MAL_VUNDO-9
MAL_VUNDO-9
POSSIBLE_HIFRM-5
POSSIBLE_HIFRM-5
Trend Micro - Malware Top10
Malware Top 10 from Trend Micro
Is It Doing Anything?
Part two in a series about Norton 360’s smart task scheduler. In this entry, product development manager, Collin Davis, introduces a new tool that gives users insight into what this feature of Norton 360 is doing behind the scenes.
Norton 360’s Smart Scheduler
Norton 360’s smart task scheduler doesn’t rely on a fixed schedule – instead it works around yours. Product Development Manager Collin Davis explains how Norton 360 is always looking for times that you’re away from your desk to perform the routine maintenance tasks it needs to keep your PC safe and tuned.
Do you Yahoo?
I do! And if you’re among Yahoo!’s 27 million users*, you probably do too. A few weeks ago, Yahoo! announced its new Beta version of their popular instant messaging software called Yahoo! Messenger 9.0. Symantec worked alongside Yahoo! to bring additional security to instant messaging by enabling security scans of files that are sent via IM.
Passmark Performance Testing
While yesterday’s fast moving, widespread threats are a thing of the past, today’s threats are often more challenging to detect due to their stealthiness. They also present a bigger risk to consumers, often compromising personal or financial information.
Tackling Performance Impact with Norton Internet Security and Norton AntiVirus 2008
As most of our users know, over the years, the threat environment has changed drastically. Viruses gave way to worms, then came spyware, phishing, and botnets. In turn, Symantec responded by updating our consumer products each year with new features designed to protect users against these threats.
Detection and Remediation
While yesterday’s fast moving, widespread threats are a thing of the past, today’s threats are often more challenging to detect due to their stealthiness. They also present a bigger risk to consumers, often compromising personal or financial information.
Stray thoughts on security
With the pending trial of alleged spam mogul Robert Alan Soloway, I thought it might be interesting to look at today's threat landscape to see what consumers today are faced with when they switch on their computers.
Security is a funny thing
Security is a funny thing. Everyone knows they want it and need it. Most people using computers today want security software to be vigilantly on guard, but want it to function in the background as an invisible shield without hindering common tasks.
Organized Crime 2.0
Organized criminals are ramping up their use of the Internet as an attack medium.
Stop Cyberbullying Day
Today has been declared "Stop Cyberbullying Day" by Andy Carvin, Internet activist and founding editor of the Digital Divide Network. Recent threatening posts against well-known computer industry blogger, Kathy Sierra, have raised concerns about the increasingly vicious nature of cyberbullying as well as the growth of activity.
Not all Security Solutions are Created Equal
Protecting consumers from the ever expanding universe of online threats requires focus, commitment and experience. Looks like Microsoft- and sadly, users of their Windows Live OneCare software – are finding this out the hard way.
Norton360 Ships!
I’m very pleased to announce the availability of Norton 360 on XP and Vista. Norton 360 is the new flagship product for the consumer team at Symantec, and it spans five key areas of functionality:
New Norton Identity Client Unveiled at DEMO '07
The new Norton Identity Client (NIC) was unveiled this week at
SONAR: Symantec Online Network for Advanced Response and PeaComm
On January 17th, Symantec announced a new technology, SONAR, which stands for Symantec Online Network for Advanced Response. In the week of the announcement, SONAR already played a critical role as an early warning system and Zero Hour detection for the PeaComm threat, let’s examine how:
Norton 360 Blog #5
Welcome back from the holidays! I hope everyone’s now had a chance to get more comfortable with the latest Beta build of Norton 360 to support Vista 6000.
Norton 360 Design Philosophy: User Experience and Performance
I’m very pleased to announce the availability of Norton 360 on Vista. I know many of you have been asking about Vista support, so the Norton 360 team is anxious to get your feedback on what you like and what we can improve.
Norton 360 Design Philosophy: Right Balance of Functionality
Hello All, I’m continuing our blog about the design philosophy behind Norton 360.
Norton 360 Blog #2: Design Philosophy Blog: Automation
Hello and welcome again to the Norton 360 blog. I want to share with you our thinking in the design of this product and expand a bit more about our design philosophy.
Spammers hit blogs...
An interesting new trend and vector for spammers.
Norton 360 Blog #1: Welcome Blog
It is my pleasure to say "Welcome!" to the Norton 360 blog community.
The Illusion of Control, Part 3
In two previous posts I’ve talked about why firewalls fail as outbound control mechanisms due to what amounts to lack of visibility into the traffic they are passing.
The Illusion of Control, Part 2
Previously I made the claim that firewalls fail as outbound control mechanisms because they depend on port bindings for protocol identification and because they make the assumption that they can do content inspection. Let’s explore that a little deeper now.
The Illusion of Control
A key aspect of security is control. In recent years, security and network administrators have spent a great deal of time and money attempting to control their networks for the sake of security.
Criminal ingenuity - online identity theft hits brokerages
Criminals are now targeting brokerage accounts to commit identity fraud against consumers. Consumers need to learn how to transact safely online, both by being more cautious and skeptical as well as utilizing new technology that is now available.
Security 2.0 and Identity
Last week we made some announcements about our "Security 2.0" initiative and talked in some detail about the various products and services. One topic that got some attention was identity. I thought I might write a little about digital identity and why we see it as so important.
Upgrading to Norton 2007 products
Upgrading to Norton 2007 products
Where to download Norton Internet Security Add-on Pack
Where to download Norton Internet Security Add-on Pack
FREE NIS Add-on pack available
FREE NIS Add-on pack available
Norton Internet Security Add-on pack
Norton Internet Security Add-on Pack
Threat Landscape
One of the things Symantec has an extremely good viewpoint into is the evolution of the threat landscape on the Internet.
New 2007 releases – Light and Tight!... continued
Norton Internet Security Add-on Pack
Hardware and Software Firewalls – which one should I use?
Home networking equipment often includes a hardware firewall. Norton Internet Security also includes a software firewall. Find out what makes each type of firewall different and what to use for the absolute best protection.
New 2007 releases – Light and Tight!
I am pleased to let you know that we have just shipped Norton Internet Security 2007 and Norton AntiVirus 2007. These releases were the result of the combined efforts of hundreds of Symantec employees, and I am personally very proud to have been a member of this team.
Norton Confidential
Norton Confidential is a new security product we are working on, and it is unlike anything else in the market. When something so different is released, it’s bound to create excitement, and to prompt some questions like: what does it do? Why do I need it?
Viruses, phishing... they happen to me too.
In the last few weeks I have received several instant messages linking to phishing sites. I find myself really disturbed when security threats find their way to one of my computers, or when they happen to someone I know.
Norton Internet Security 2007 beta
Many of our loyal Norton users are beginning to ask what new things we have been working on, and what will be coming out with this year’s product refreshes. A beta version for Norton Internet Security 2007 was posted last week (check it out here:
Beware of Vishing Attacks
In May of this year, our response organization
Online transaction security - protecting your personal information
As online threats change, you need to continue to evaluate your security protection. Online transactions are identity thieves’ sweet spots - is your security software designed to protect you specifically from the new type of threats like phishing and keystroke logging that are designed to steal your passwords, account numbers and other personal information? I have some tips for those of you banking and shopping online as to how to take more responsibility for your own security.
The importance of Network Intrusion Prevention technology
Intrusion Prevention Technology is a critical component of a comprehensive desktop security solution. This blog entry discusses the main benefits behind Network Intrusion Prevention Systems (NIPS), how they complement other security technologies and the importance of their role in defending a system against common attack vectors in today’s security threats.
Follow Me to Safety Town
Here at Symantec, we’ve been experimenting with new ways to capture people’s attention – and warn them about some of the dangers of going online without proper security precautions. Here’s one of our most recent experiments.
Suite Security
Consumer security suites bring together multiple layers of protection in order to secure a system. This notion of Multilayer Security is well accepted by the security industry at large. They can also be more secure. Let's examine how.
Are all desktop security products created equal, or are they getting harder to test?
It has become increasingly difficult to test the latest security products which use behavior-based systems to protect against today’s real-world threats. Traditionally, security product testing is done by running the product against a set of threats (files), and seeing how many of them are discovered.
Online Identity Theft & Fraud - A Growth Business...continued
Last time I discussed the rise in ID theft and online criminal activity. This week, I’d like to touch on how consumers and companies need to deal with emerging threats, like phishing, pharming, and key loggers.
Welcome to the Norton Protection Blog
Our goal with this blog is to generate an interactive dialog between Symantec and you – our customers, our partners, members of the media, analysts, security experts, and anyone else interested in the issues, technologies, and trends surrounding consumer security and protecting consumers when they go online.
Online Identity Theft & Fraud - A Growth Business
Identity theft continues to rise with reports indicating the vast majority of identity theft takes place offline – I’m not so sure I believe that. Fraud associated with identity theft is often unreported and not prosecuted, and it’s difficult to pinpoint the method by which personal data was stolen. The more technologically challenging the case, the less likely it is the victim will understand how their identity was originally compromised.
They Said It Couldn’t Be Done – A Silent Outbound Firewall and Usable Security
A silent outbound firewall has been made possible by recent innovations at Symantec in the field of Usable Security. While many industry experts believe that you cannot have both security and ease of use, Symantec engineers have applied a unique combination of technologies to provide strong security that is easy to use.
The Rest of the Iceberg
In the consumer security industry, we tend to focus a great deal on the “client software” –Norton Internet Security or some other security software that runs on a user’s PC. While this software is vitally important to effectively protecting people online, it’s really just the “tip of the iceberg” of what’s required to provide comprehensive, effective protection.
Norton Protection Blog - Symantec Corp.
none
Gumblar malware's home domain is active again
ScanSafe researchers are seeing renewed activity regarding Gumblar, a multifunctional piece of malware that spreads by attacking PCs visiting hacked Web pages.
Postini technology to spread across Google Apps
The Postini technology that lets Google Apps Premier administrators control their e-mail environments by establishing and enforcing usage policies, rules and parameters will be extended to the other applications of the suite.
Microsoft plans six patches next week, ties November record
Microsoft plans to will deliver six security updates on Tuesday, less than half the number it issued last month, to fix flaws in Windows and Office.
Scramble on to fix flaw in SSL security protocol
A flaw in the Internet's SSL protocol could be used to hack into SaaS servers, mail servers, databases and other secure applications, security researchers say.
Three-year-old Office patch stymies most attacks
Users running Microsoft Office can stump nearly three-fourths of all known attacks targeting the suite by applying just one three-year-old patch, according to recently published data.
Review: Whitelisting security software comes of age
Die, unknown executable! Keeping up with malware signatures is becoming unsustainable, so blocking all but known good programs may be our only hope. A review of five whitelisting security packages yields a clear winner in the battle for 21st century security.
More Viruses News
View more Viruses news and analysis from Computerworld.com
Computerworld Viruses News
Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
Vuln: PDFLib 'open_basedir' Restriction Bypass Vulnerability
PDFLib 'open_basedir' Restriction Bypass Vulnerability
Vuln: Alien Arena 'M_AddToServerList()' UDP Packet Buffer Overflow Vulnerability
Alien Arena 'M_AddToServerList()' UDP Packet Buffer Overflow Vulnerability
Vuln: HTML-Parser Invalid HTML Entity Remote Denial of Service Vulnerability
HTML-Parser Invalid HTML Entity Remote Denial of Service Vulnerability
Bugtraq: [ GLSA 200911-01 ] Horde: Multiple vulnerabilities
[ GLSA 200911-01 ] Horde: Multiple vulnerabilities
Bugtraq: Php 5.3.0 pdflib extension open_basedir bypass
Php 5.3.0 pdflib extension open_basedir bypass
Bugtraq: [ MDVSA-2009:294 ] firefox
[ MDVSA-2009:294 ] firefox
Bugtraq: [SECURITY] [DSA 1929-1] New Linux 2.6.18 packages fix several vulnerabilities
[SECURITY] [DSA 1929-1] New Linux 2.6.18 packages fix several vulnerabilities
More rss feeds from SecurityFocus
News, Infocus, Columns, Vulnerabilities, Bugtraq ...
SecurityFocus Vulnerabilities
SecurityFocus is the most comprehensive and trusted source of security
information on the Internet. We are a vendor-neutral site that provides
objective, timely and comprehensive security information to all members of
the security community, from end users, security hobbyists and network
administrators to security consultants, IT Managers, CIOs and CSOs.
New Malware Scams: Balloon Boy, Windows 7
Latching on to major headlines tend to be widely used techniques for hackers hoping to spread malware.
Spammers Target Auto Industry
A mere ten percent of the email received by auto industry and its staffers is legitimate.
Electronic Health Records: Privacy Issues Remain
Converting paper records to a digital format creates its own issues, even as it makes the health system more efficient.
Mcafee Unveils Email App as Cloud Hybrid
The security software firm is offering its new email security solution as a cloud or on-premise app, or a hybrid of both.
Windows and Online Banking: A Dangerous Mix
This security expert uses Windows for most functions, yet feels it’s not safe enough for the average user to trust for online banking.
McAfee Launches Mac Endpoint Protection
The software includes antivirus and antispyware protection as well as a system firewall.
Security
Security
Microsoft MMC How To: Hardening Desktops for Improved Security
A free-for-all user desktop environment is a recipe for malware infections, data leaks, or worse. Learn how to take control of your end-user systems with Microsoft MMC and Active Directory.
Ten Back to School Security Tips for Administrators
Soon students and faculty will put many schools' IT departments to the test. Schools (and businesses, too) can take steps to keep their users and their data safe.
Verisign Aims to Deflate 'Pump and Dump' Scams
A fraud-detection service warns online brokerages when they're about to make a trade that looks fishy.
Bandwidth Alert: Brace Yourself for the Beijing Olympics
Enterprises would do well to consider the strain their Internet access will take during the Games -- not to mention increased malware attacks.
Security Basics: A Strong Password is the Key
Protecting your data and your identity starts with a strong password. Here's what you need to know to make your computer life safer and more secure.
Security Best Practices
Security Best Practices