News: Popular apps need better patching, says report

Popular apps need better patching, says report

News: Hacker charged with Heartland, other breaches

Hacker charged with Heartland, other breaches

News: Web attacks hit U.S., South Korean sites

Web attacks hit U.S., South Korean sites

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909

News: FTC persuades court to shutter rogue ISP

FTC persuades court to shutter rogue ISP

Brief: Firms fail to secure mobile, cloud data

Firms fail to secure mobile, cloud data

ST04-016: Recognizing and Avoiding Spyware

Recognizing and Avoiding Spyware

SA09-314A: Microsoft Updates for Multiple Vulnerabilities

Microsoft Updates for Multiple Vulnerabilities

ST04-015: Understanding Denial-of-Service Attacks

Understanding Denial-of-Service Attacks

ST04-014: Avoiding Social Engineering and Phishing Attacks

Avoiding Social Engineering and Phishing Attacks

SA09-286B: Multiple Vulnerabilities Affect Adobe Reader and Acrobat

Multiple Vulnerabilities Affect Adobe Reader and Acrobat

Cisco launches iPhone security app

Cisco is offering a free iPhone app that will allow people to get customized alerts on new security threats and other information for safe web browsing. Cisco is offering a free iPhone app that will allow people to get customized alerts on new security threats and other information for...

UK police make Zeus Trojan arrests

The UK Metropolitan Police Central e-Crime Unit made two arrests earlier this month for suspected use of the Zeus Trojan. The UK Metropolitan Police Central e-Crime Unit made two arrests earlier this month for suspected use of the Zeus Trojan. A man and a woman, both...

Inside the Google Chrome OS security model

Google will use a combination of system hardening, process isolation, verified boot, secure auto-update and encryption that thwart malicious hackers from attacking its new Google Chrome OS. by Ryan Naraine

Microsoft finds security hole in Google Chrome Frame

A security researcher in the Microsoft Vulnerability Research MSVR has discovered a "high risk" Google Chrome Frame security vulnerability that could allow an attacker to bypass cross-origin protections. by Ryan Naraine

FCC to review regulatory and legal impacts to cloud services and identity management

The FCC is embarking on a review of several innovations that have now gained critical mass, among them, cloud computing, identity management and government data transparency. by Doug Hanchard

IBM sees Conficker hitting 4 percent of PCs

IBM is the second company in two days to suggest that the number of computers infected by the Conficker.C worm may be higher than previously thought.

Hackers seize on 0-day flaw in Microsoft's PowerPoint

Microsoft warned Thursday that hackers are actively exploiting a software vulnerability in PowerPoint, the company's presentation application.

IBM continues push for Sun, but will the deal kill Solaris?

The high-stakes, but still under-the covers battle by IBM to take over Sun Microsystems is still in play, but IBM may be rethinking what it is willing to pay for the enterprise vendor.

Bill would give feds role in private sector cybersecurity

Two U.S. senators are proposing legislation that would give federal officials significant new authority to create and enforce data security standards both for government agencies and key parts of the private sector.

Conficker may be more widespread than previously thought

The Conficker worm may have infected more machines than previously thought, according to Internet infrastructure provider OpenDNS.

Cisco's free iPhone app grabs security feeds

Cisco has made available a free iPhone app that can be used to receive over a dozen security-related information feeds in customizable form related both to Cisco products and to general security topics, such as newly detected threats.

Three indicted for Comcast hack last year

Three hackers have been indicted for redirecting the Comcast.net Web site to a page of their own making in 2008.

Security pro says new SSL attack can hit many sites

A Seattle computer security consultant says he's developed a new way to exploit a recently disclosed bug in the SSL protocol, used to secure communications on the Internet. The attack, while difficult to execute, could give attackers a very powerful phishing attack.

Cyberattacks on U.S. military jump sharply in 2009

Cyberattacks on the U.S. Department of Defense -- many of them coming from China -- have jumped sharply in 2009, a U.S. congressional committee reported Thursday.

Banks on watch after suspected card breach

An apparent data breach in Spain has caused Visa and MasterCard to warn banks of possible fraudulent credit card transactions.

MS09-068 - Important: Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307)

Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-067 - Important: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652)

Bulletin Severity Rating:Important - This security update resolves several privately reported vulnerabilities in Microsoft Office Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-066 - Important: Vulnerability in Active Directory Could Allow Denial of Service (973309)

Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Active Directory directory service, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow denial of service if stack space was exhausted during execution of certain types of LDAP or LDAPS requests. This vulnerability only affects domain controllers and systems configured to run ADAM or AD LDS.

MS09-065 - Critical: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947)

Bulletin Severity Rating:Critical - This security update resolves several privately reported vulnerabilities in the Windows kernel. The most severe of the vulnerabilities could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font. In a Web-based attack scenario, an attacker would have to host a Web site that contains specially crafted embedded fonts that are used to attempt to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have no way to force users to visit a specially crafted Web site. Instead, an attacker would have to convince the user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the attacker's site.

MS09-064 - Critical: Vulnerability in License Logging Server Could Allow Remote Code Execution (974783)

Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft Windows 2000. The vulnerability could allow remote code execution if an attacker sent a specially crafted network message to a computer running the License Logging Server. An attacker who successfully exploited this vulnerability could take complete control of the system. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter.