In his thought-provoking session, entitled ‘Changing threats to privacy: From TIA to Google’, Maxie Marlinspike, researcher with the Institute for Disruptive Studies, declared that surveillance is at an all-time high, and privacy is at an all-time low. 30 July 2010
Rather than consulting a crystal ball, the Information Security Forum (ISF) looked to experts in the field – including those from its member organizations – to develop a set of security risk predictions for 2012 and beyond. 29 July 2010
At Black Hat Las Vegas, 28th July 2010, Microsoft announced that it will extend its Microsoft Active Protections Program (MAPP) to include vulnerability information sharing from Adobe Systems. 28 July 2010
If you use e-banking with HSBC, NatWest, RBS, Santander and a growing number of other European and US banks, chances are you'll have been asked to download and install a free copy of Trusteer's Rapport security add-in to your browser. 28 July 2010
Citigroup is advising US-based users of its free iPhone banking app to upgrade to a newer version that addresses coding-based security flaws. 27 July 2010
It has been a busy acquisition season in the security sector thus far, with few companies being more active in this sphere than IBM. Members of the IBM security team spoke with Infosecurity about their views on the future of security and the firm’s strategy going forward. 22 July 2010
Research carried out by Sophos claims to show that the zero-day flaw identified by a number of security vendors late last week is being exploited by a new variant of the Stuxnet malware. 22 July 2010
It seems that card skimmers – fraudsters who modify ATMs and retail EFTPOS terminals to record data from shopper's cards – are starting to migrate their fraudulent activities over to the humble gas station, as reports suggest that drivers in Denver are falling victim to card fraud when they gas their cars up. 21 July 2010
Today Adobe announced a new security feature to the next major release of its popular Reader software the takes advantage of sandboxing technology, whereby the company hopes to implement another security hurdle for malicious-minded attackers. 20 July 2010
Mozilla – the organization responsible for the open-source Firefox web browser – has upped the ante for the discovery of security bugs, as it will begin paying security researchers $3000 for each reported flaw with its products. 19 July 2010
Work usage of Web 2.0 services has soared in recent years, but many businesses block access to Web 2.0 sites in the work environment on the basis that these services pose too much of a security risk. 16 July 2010
The latest report from M86 Security, a company specializing in real-time web and e-mail threat protection, has found hackers are using multiple attacks to get around IT security. 15 July 2010
Hard on the heels of a raft of WinXP patches and updates on Tuesday of this week, it seems that a nasty USB-based zero-day flaw is hitting users of the popular operating system. 15 July 2010
Microsoft has signed an agreement with Russia to share the source code of multiple products, according to US reports. 13 July 2010
Google has announced a web-based visual software development tool to make it easy to create applications for mobile devices running the Android operating system. 13 July 2010
Microsoft's monthly Patch Tuesday security update due for release on July 13 is small, with only four bulletins 13 July 2010
The 400 iTunes accounts Apple admitted were hacked by a rogue developer to boost his ratings may be just the tip of the iceberg, say experts. 12 July 2010
Malicious e-mail attacks that look like PDF reader updates have been increasing in volume since the middle of June, says Symantec Hosted Services. 12 July 2010
Barracuda Networks has warned internet surfers to be wary of fake Adobe flash updates, after it uncovered a number of compromised sites in the wild which present unwary visitors with an official-looking Adobe Flash update page. 09 July 2010
The June malware charts from Sunbelt Software show that Conficker has surfaced once again as a security threat, largely as a result of internet users visiting untrusted sites looking for World Cup video streams, says the IT security specialist. 07 July 2010
Apple has banned a Vietnam-based developer from its online applications store for manipulating sales figures to boost his ranking. 07 July 2010
Microsoft has announced that an unpatched flaw in Windows XP and Server 2003 – which it routinely alerted users about in the middle of last month – is being actively exploited by hackers in the wild. 06 July 2010
Danish security tracking company Secunia has reported that around half of third-party software applications are failing to use two key Windows security features developed by Microsoft. 02 July 2010
As reported yesterday by Infosecurity, IBM has announced it has agreed to buy BigFix, the Emeryville, California-based corporate software policy control software vendor for an undisclosed sum. 02 July 2010
Facebook is taking further steps to make good on its pledge to simply user privacy settings and increase security of personal information by requiring third-party developers to obtain permission when connecting to their applications and websites. 01 July 2010
Three researchers from the Google Security Team revealed that the Chrome web browser will attempt to enhance security through increased scrutiny of plug-ins, including blocking those that are out-of-date. 30 June 2010
As promised earlier this month, Adobe has issued an advanced security update to sure up ‘critical’ vulnerabilities found with its Reader and Acrobat products. 28 June 2010
Mozilla has patched eight flaws, including five critical vulnerabilities in versions 3.5 and 3.6 of the Firefox browser. 23 June 2010
M86 Security has come across active exploitation of a Skype ActiveX vulnerability that affects older versions of the popular VoIP service. 17 June 2010
You wouldn't normally classify digital printers as being a security risk but, according to Quentyn Taylor, director of information security with Canon, high-end multi-functional printers pose a serious security risk when they come to the end of their working lifetime. 17 June 2010
Massachusetts-based managed file transfer (MFT) provider Ipswitch has acquired MessageWay Solutions in a bid to expand its offerings into high-value, sensitive file transfer services. 16 June 2010
Businesses running Windows XP SP2 have been hit by a double-whammy this week. 16 June 2010
The latest version of the Mac OS X operating system includes Adobe's Flash Player, but it is not the latest patched version. 16 June 2010
Tuesday was, of course, pre-order day for iPhone 4 in the US and many other parts of the world, when anxious would-be buyers could order their new iPhone handset for fulfillment later this month. But reports are emerging that the sheer volume of orders may have caused AT&T's ordering servers to overload and inadvertently leak customer data. 16 June 2010
Sophos has released a free app for the iPhone that is said to allow users to stay on top of latest threats, news and malware information in the IT security-sphere. 15 June 2010
A white paper just published by ISACA, the not-for-profit IT security association, claims to show that five main social media issues pose a serious security risk for most businesses. 14 June 2010
Adobe has quietly fixed the 'critical' security flaw affecting its Flash and Reader software that it revealed earlier this week. The issue has been fixed in an urgent patch folded in with a raft of updates that are claimed to solve 32 documented problems with Adobe's software. 11 June 2010
Microsoft says it continues to support responsible disclosure of security vulnerabilities after a researcher went public with a zero-day vulnerability in Windows XP and Windows Server 2003. 11 June 2010
An independent security researcher has published exploit code for a zero-day vulnerability in Windows XP and Windows 2003. 10 June 2010
A security breach has exposed the personal details of more than 100 000 US iPad owners, including senior company executives, military officials and top politicians. 10 June 2010
Check Point has acquired Liquid Machines, a start-up in the enterprise data management arena, for an undisclosed sum. 10 June 2010
Adobe announced that it will issue an unscheduled security patch to address vulnerabilities found in its Flash Player operating on Windows, Mac, and Linux. The company expects to have this fix ready by June 10. 09 June 2010
One of the biggest surprises in Apple CEO Steve Job's presentation yesterday on the new iPhone 4 was the transfer of the FaceTime trademark from the social networking security vendor of the same name. 08 June 2010
Next time you come across a 'different' looking ATM that may – or may not – have a card skimming device attached, it's probably not worth looking around for furtive-looking data thieves, as they may be sitting comfortably at home while using a text message-enabled receiving device. 08 June 2010
Nearly half of all information security threats came from Adobe application exploits over the first quarter of 2010 according to the most recent quarterly analysis from security vendor Kaspersky. 07 June 2010
Adobe has released a major warning over a critical vulnerability in its Flash Player 10.0.45.2 and earlier editions for Windows, Apple Mac, Linux and Solaris platforms. 07 June 2010
Tomorrow is Patch Tuesday, the day when Microsoft makes its monthly batch of security updates and, by all accounts, it's going to be a major batch with 10 bulletins addressing 34 vulnerabilities. Three of the bulletins are classed as critical, says Microsoft. 07 June 2010
Windows will be increasingly modified and optimised for various functions and different types of hardware, says Steve Ballmer, chief executive of Microsoft. 04 June 2010
Apple chief executive Steve Jobs has predicted that personal computers running Microsoft's Windows operating system are in a permanent decline. 04 June 2010
Research just published shows that 83% of IT professionals consider commercial software to be riddled with security flaws and, as a result, they are making heavy investments in penetration and code testing of their IT resources. 03 June 2010
Earlier this week, Google announced that its staff will require special permission to install Microsoft operating systems and software on their computers. According to one security expert, however, Google could be raising, rather than reducing its security risk profile. 03 June 2010
Wolfgang Kandek, the chief technology officer of Qualys, has warned Windows XP users that Microsoft's technical support for service pack 2 (SP2) of the popular operating system will cease on July 13. As a result of this, he advises users to install XP SP3 or upgrade to Windows 7. 02 June 2010
Microsoft's Internet Explorer 6 browser is still used by more than 25% of internet users, even though it attracts cyber attackers because it lacks up-to-date security features, a study has revealed. 02 June 2010
HP is investing $1bn in technology for its services business as its focus moves away from integrating EDS to growth. 02 June 2010
It's been something of a busy week for distributed denial of service (DDoS) attacks – as well as CNN reporting that Media Temple, the web hosting provider for a range of blue chip companies, was hit with a sophisticated attack, the Associated Press reported that a Nebraska man has been sentenced to a year in prison for his role in a cyber attack on the Church of Scientology's websites two years ago. 28 May 2010
Many in the security field agree that attack vectors have rapidly moved from exploiting operating system vulnerabilities to the application layer. Security specialists from Microsoft and Adobe lent their opinions as to why this is the case. 27 May 2010
Adobe, maker of Photoshop, has issued a patch for vulnerabilities affecting earlier versions of the popular image editing software. 27 May 2010
RSA has joined the Open Compliance and Ethics Group (OCEG), a non-profit organization with a mission to help companies align their governance, risk and compliance (GRC) management activities to help drive their business performance. 26 May 2010
Results from a survey just released makes the interesting assertion that cloud computing – far from causing IT security problems in businesses – will actually improve security for most organizations. 24 May 2010
Oracle has announced it has reached an agreement to acquire database security firm Secerno. 21 May 2010
Apple has issued two Java security patches for Mac OS X 10.5 and 10.6. 20 May 2010
Adobe issued security patches for its Shockwave Player and ColdFusion on Tuesday, plugging holes for more than 20 potential vulnerabilities. 13 May 2010
Microsoft issued two security bulletins on Tuesday for what the company called “critical” patches to the Windows OS, Office suite, and Visual Basic. 12 May 2010
A security researcher from Poland has discovered what is being called a “highly critical” zero-day flaw in the Apple Safari browser that would allow for remote code execution. 10 May 2010
Reports are coming in that large numbers of Twitter account holders have had their online accounts compromised, with the accounts apparently generating messages advertising a website that claims to help users attract more followers. 10 May 2010
Facebook has hired former US Federal Trade Commission chairman Tim Muris in the face of increased government scrutiny of the social networking site's privacy policies. 10 May 2010
Microsoft is to issue only two software fixes in its Patch Tuesday monthly security update on 11 May, according to the advance bulletin. 10 May 2010
A newly released survey from (ISC)² shows that federal CISOs are avoiding cloud computing applications due to concerns about replicating IT security policy in the cloud. 07 May 2010
Fresh from its security problems of earlier in the week when members' chat sessions were visible to third-party users, Facebook has come under fire for allegedly installing applications on users' Facebook areas by stealth. 07 May 2010
Apple could face an investigation by US competition authorities into whether the latest version of the software for the firm's iPhone unfairly locks out competitors. 04 May 2010
According to reports in the Virginia Pilot, investigators still have no idea who breached a statewide prescription drug database a year after the event. However, not all online criminals are as smart. Mesquite, Texas-based David Anthony Edwards is pleading guilty to charges of building a custom botnet. Charges allege that he and an accomplice attacked a computer posted by popular ISP The Planet as a demonstration to a potential botnet customer. 03 May 2010
IBM is considering cutting three-quarters of its 399,000 permanent staff in the next seven years and re-hiring them for projects as part of an HR strategy due to end in 2017. 30 April 2010
IT security professionals in the US believe that their organizations lack proper investment in website application security, even though many of their websites contain ‘mission critical’ applications. This is according to a study conducted by the Ponemon Institute and sponsored by data security firm Imperva and WhiteHat Security, which tests websites for vulnerabilities. 29 April 2010
Companies around the world have been forced to clean up thousands of computers after the flawed McAfee anti-virus update released on Wednesday caused chaos. 23 April 2010
Gartner has warned that the use of Flash local storage as a means of verifying end-user devices for security purposes is coming to an end. 23 April 2010
Reports are coming in that McAfee's popular IT security software is tagging Microsoft Windows system files as malicious, causing serious stability problems, screen freezes and bootup loops for a large number of Windows XP users. 22 April 2010
Google has closed four high-priority vulnerabilities in version 4 of its Chrome browser for Windows. 22 April 2010
The Open Web Application Security Project (OWASP) has refreshed its list of the top 10 web application vulnerabilities, swapping out two items for new risks. 22 April 2010
Trusteer says it has detected a completely new version of the Zeus password stealing trojan that has been designed to steal online banking credentials. 21 April 2010
Web-based attackers are increasingly targeting PDF files to compromise machines online, according to new figures released by Symantec. In the April version of its Internet Security Threat Report, the company revealed that half of all Web-based attacks in 2009 targeted PDF files, compared to just one in 10 attacks reported the previous year. 21 April 2010
A pair of security researchers have identified a way to use security tools within Internet Explorer 8 to compromise a website. The attack uses cross-site scripting filters implemented in the latest version of the Microsoft browser to execute cross-site scripting attacks on sites that would normally be invulnerable to them. 18 April 2010
Apple has issued a second security patch for its OS X for the second time in less than a month. This time the company looked to plug alleged security holes in the Safari browser that were uncovered by a researcher at this year’s CanSecWest conference. 16 April 2010
The website for the open source Apache Web server at Apache.org was compromised this month by a targeted attack, said the Apache Software Foundation, which has provided a detailed blow-by-blow account of the hack. 15 April 2010
The Zeus botnet continues to spread graciously, according to new data collected by Websense – and other researchers say that it is exploring a recently discovered design flaw in the Adobe PDF file format. 15 April 2010
Adobe released a mammoth set of security updates in its regular quarterly patch announcement yesterday. It also introduced an automatic updater for its PDF reader after several months of beta testing. 14 April 2010
Microsoft plans to fix the 'F1' security bug that has been plaguing Internet Explorer users for six weeks in its monthly set of security patches tomorrow. 12 April 2010
Security researcher Joanna Rutkowska has released an open source operating system, called Qubes, designed to offer better protection against rootkits. 12 April 2010
Nearly half of US IT professionals surveyed by ISACA said they believe that the security risks of cloud computing outweigh the potential benefits. 09 April 2010
Kaspersky has successfully patented technology that enables analysts to trace the activity of software code without infringing upon intellectual property. 09 April 2010
Infosecurity rounds up the week's news 06 April 2010
A security researcher has come up with a proof-of-concept attack that enables malicious executables to be remotely injected into clean PDF files. 06 April 2010
Enterprise customers are lagging behind on cloud security, according to a study released by Symantec and the Ponemon Institute. 06 April 2010
Microsoft has discovered a slew of bugs in Office 2010 by building what amounts to a legitimate botnet for software testing. Engineers within Microsoft have created a grid-style system that employs unused computing time on internal PCs to run fuzz tests against its software. 01 April 2010
Reports are coming in that social networking giant Facebook is proposing a change to its privacy policy. And in true social networking style, users seem apathetic to the changes, despite their importance, says Sophos, the IT security vendor. 01 April 2010
Apple issued an update to its Leopard and Snow Leopard systems yesterday, comprising numerous security, functionality and compatability fixes. 30 March 2010
Infosecurity covers the last week's news highlights 29 March 2010
A security researcher has uncovered a vulnerability in the latest version of the Firefox browser, prompting Mozilla to issue an update ahead of schedule. 25 March 2010
The man behind some of the most famous Twitter hacking events, including breaking into the account of President Obama, has been arrested in France. 25 March 2010
eSoft has taken the wraps off a major update to its secure web filtering service, Sitefilter 3.0, which is used as a 'white label' facility by a number of third-party organizations. 23 March 2010
Secunia has announced that its authenticated internal vulnerability scanner, the Corporate Software Inspector (CSI) 4.0, has been integrated with Microsoft Windows Server Update Service (WSUS) and System Center Configuration Manager (SCCM). 22 March 2010
Research just released claims to show that 58% of business software is vulnerable to the same security breaches as a seen on Google, the US Department of Defense, and other sites. 22 March 2010
Google has launched a security tool called skipfish, designed to help web developers scan their applications for vulnerabilities. 22 March 2010
Security research company Core Security says that it has found a security flaw in Microsoft's Virtual PC hypervisor that could undermine fundamental security measures included in the Vista and Windows 7 operating systems. 17 March 2010
Apple has issued version 4.0.5 of its Safari web browser – for both Mac OS X and Windows – with 16 security updates. 16 March 2010
Infosecurity rounds up the week's security news. 16 March 2010
Researchers from web security firm Websense warned Facebook users earlier today to refrain from clicking on URLs posted on the pages of some famous celebrities – or even people on their friend list – as links to alleged videos were actually portals to malware infection. 12 March 2010
Microsoft took customers through a fairly sedate patch Tuesday this week, releasing just two bulletins addressing issues in its applications. However, all did not go without a hitch, as yet another zero-day vulnerability emerged for Internet Explorer. 10 March 2010
Hard on the heels of announcing a free website infection scanning service, Qualys has teamed up with fellow IT security vendor Imperva to integrate some of their respective software offerings. 03 March 2010
In his keynote at RSA 2010, San Francisco, RSA President Art Coviello spoke of the industry’s latest and greatest challenge: securing cloud computing. 02 March 2010
Check Point Software Technologies has taken the wraps off a secure USB drive system. Known as Abra, the unit is designed to offer PC or Windows-based terminal users a secure virtualised workspace that is highly portable between machines. 02 March 2010
According to the Veracode ‘State of Software Security’ report, between 58 and 88 percent of all applications submitted to Veracode for verification did not achieve an acceptable security score upon first submission. The exact percentage depends on the standard applied, based on application criticality. 02 March 2010
Web application security company Mykonos Software has launched an appliance designed to watch what hackers are doing and take counter measures to confuse and divert them. 26 February 2010
Adobe's PDF document format continued to take a bashing this week, after a report from IBM's X-Force security consulting arm singled out readers supporting the software company's de facto standard document format as a particular security worry. 26 February 2010
Adobe has taken the easy option to fix the zero-day remote execution flaw discovered in its Adobe Download Manager last week. It advised users to simply delete the software so that it wouldn't come back again. 24 February 2010
Infosecurity rounds up some of the week's security news 23 February 2010
Fortify Software and HP have teamed up to release Hybrid 2.0, a tool designed to test web applications for security flaws. 22 February 2010
Adobe continued to fight fires on the security front last week, as a researcher discovered a second flaw in its Adobe Download Manager software tool. 22 February 2010
The state of New York is proposing language for inclusion in procurement documents that it hopes will help to enforce secure application development practices among suppliers. 18 February 2010
Rebounding spam traffic, increased use of shortened URLs to deliver malicious payloads, and continued vulnerabilities among some of the most popular software applications were among the most serious security threats over the last six months 2009 according to data from M86 Security. 18 February 2010
The SANS Institute and Mitre have come together to update their annual list of top 25 software programming security bugs. SQL injection is the number one danger to software customers, according to the organizations. 18 February 2010
Electronics retailer Small Dog Electronics has suffered from a systems breach that left 3000 customers' credit card details compromised. 18 February 2010
Internet security software and whitelisting firm Comodo has unveiled a secure browser designed to compete with Google's Chrome. 16 February 2010
At the RSA security show next month, Symantec will unveil a data indexing technology designed to identify the owners of files by querying enterprise storage systems. Called Data Insight, the product will have multiple applications, including cost reduction, data leakage prevention, and even IT forensics. 16 February 2010
Adobe plans an out-of-band patch to resolve yet another critical security flaw across multiple products. 15 February 2010
Microsoft found itself in patch hell this week, withdrawing an update resolving an important vulnerability in Windows. The company found that some users infected with malware experienced problems restarting their machines after installing the bug fix. 12 February 2010
Mozilla has apologized for its existing apology concerning a malware-infected add-on for Firefox. Last week, the company reported that a second experimental add-on for the browser had been infected by malware. After working with McAfee, it now says that the detection was a false positive. 11 February 2010
Adobe has apologized for a bug in its Flash Player that it has only just patched, 16 months after it was originally filed. 10 February 2010
Microsoft will not be patching last week's Internet Explorer vulnerability with this month's patch Tuesday releases, which are scheduled for tomorrow. 08 February 2010
Mozilla has had to pull two experimental add-ons for the Firefox browser from its website. The add-ons, which somehow made it through the quality control process, target Windows users with trojan malware. 05 February 2010
Infosecurity is pleased to report that a prestigious array of presenters have been lined up for the latest virtual conference, due to take place on February 25. 05 February 2010
Microsoft has discovered another flaw in Internet Explorer. The latest vulnerability could allow attackers to harvest any files from a victim's hard drive. 04 February 2010
Researchers have formulated a way to identify cheating in online games in a discovery that could revolutionize the growing market for virtual gaming assets. 03 February 2010
Internet Explorer 8 is now the world's most-used browser, according to the latest figures from Network Applications. 03 February 2010
Microsoft announced three enhancements to its secure development lifecycle (SDL) initiative at the BlackHat DC conference this week. 02 February 2010
Facebook was plagued by security and privacy issues both real and imagined in the last week, as a real-life worm battled with an imaginary one in a competition to see which could petrify the service's users the most. 29 January 2010
Google Chrome, the internet browser launched in late 2008, has been enhanced with a selection of new security features designed to make it harder for malware writers to infect client machines. 29 January 2010
This spring, a project under development to help assess the security and privacy of software applications will go public. WhatApp, an online resource where experts and the public alike can rate applications based on how well-behaved they are, will help consumers to exercise their privacy rights, said its project manager. 28 January 2010
An annual report from security software provider Intego acknowledges it was a busy year for security threats to Apple devices, including the Mac OS X and iPhones. And while the Mac OS may be a less frequent target of malware authors, security threats to Apple products are proliferating as these devices land in the hands of more and more users. 27 January 2010
Infosecurity US magazine is excited to announce the 2010 virtual conference on endpoint security, to be held on February 25, 2010. This one-day event brings a series of topical keynote sessions direct to your computer, giving you the flexibility to learn about the latest information security trends and challenges from wherever you are in the world. 26 January 2010
Infosecurity rounds up the week's news 25 January 2010
Websense has relaunched a spam protection service with a new feature set that protects Facebook users against malware. 21 January 2010
Further evidence has emerged suggesting that the Operation Aurora attack exploiting a zero-day flaw in Internet Explorer came from within the People's Republic of China. 21 January 2010
Microsoft has scheduled an out-of-band patch for the zero-day vulnerability in Internet Explorer, just as other fixes for the problem began to surface. The company has also admitted for the first time that the attack could be used to compromise a computer using Microsoft Office. 20 January 2010
Microsoft has promised an Internet Explorer out-of-band patch for the zero-day vulnerability discovered earlier this month. In the meantime, a trusted researcher has highlighted a flaw in all versions of Microsoft Windows that could lead to privilege escalation. 19 January 2010
Blackhats are working smarter rather than harder in attacks on network infrastructure, according to a comprehensive report on internet infrastructure security from Arbor Networks. 19 January 2010
Security appliance company FireEye has said that its products can detect the latest zero-day vulnerability in Internet Explorer without any software patches. 18 January 2010
The internal security risk issue is fast becoming a boardroom topic in most organizations, especially now that relatively rare road warriors have given way to a truly mobile workforce, able to work from almost anywhere, in most businesses. 18 January 2010
Adobe distributed its first quarterly critical security update yesterday, finally patching a vulnerability that had been targeted by a zero day attack. 13 January 2010
It's official — Adobe is releasing an automatic silent updater for its PDF Reader product on April 13. The company confirmed the news to Infosecurity US this week. 08 January 2010
More details are emerging of a zero-day attack on Adobe's PDF reader and Acrobat applications, and security experts are calling it highly sophisticated. Moreover, anti-malware tools have been woefully poor at spotting it. 05 January 2010
Adobe has announced its latest zero-day security vulnerability in what has become a litany of such flaws this year - and this one won't be patched until halfway through January. 17 December 2009
The Firefox browser topped the list of software applications with most security vulnerabilities in 2009, according to a report from application whitelisting firm Bit9. 17 December 2009
The latest version of the Google Chrome browser is negating the efforts of anonymous browsing services to protect users' identities, according to bug reports. 15 December 2009
Infosecurity sums up the week's information security news. 14 December 2009
Microsoft’s last Patch Tuesday of the year saw the release of fixes for five flaws in its Internet Explorer browser, including a critical zero-day security vulnerability that was first publicly disclosed three weeks ago. 11 December 2009
Adobe has announced that it will be issuing a critical update for its Flash and Air products tomorrow - but isn't telling us what the vulnerabilities are. 07 December 2009
Anti-malware firm Prevx has apologized to Microsoft after admitting that the 'black screen of death' - a condition that renders Windows unusable after bootup - was not caused by faulty system patches after all. 02 December 2009
Microsoft has published an article describing a new tool that it hopes will thwart memory-based heap-spraying attacks on software. 26 November 2009
Infosecurity US rounds up the last week's information security news. 23 November 2009
Microsoft has announced guidance for applying secure programming techniques for agile software developers. The company rolled out new guidelines that will enable agile software developers to apply its Security Development Lifecycle (SDL) guidelines. 13 November 2009
Facebook hit back at a grassroots digital privacy group this week, after it criticized the social media giant's handling of its Groups functionality. Control Your Info, a group hoping to highlight information privacy flaws in social media applications, revealed that it is possible for anyone to take over ownership of a Facebook group that has no administrators. 11 November 2009
Botnet controllers have been using cloud based systems such as the Google cloud platform as command and control nodes for infected PCs, said a researcher at Arbor Networks. 10 November 2009
Spam king Sanford Wallace has been ordered to pay US$710.7 million to social networking company Facebook following a federal court case. Wallace is said to have compromised Facebook accounts using phishing emails, and used them to send spam to other members. 09 November 2009
The Department of Defense has updated its guidance on open source software for the first time since 2003. 08 November 2009
The closure of the popular Pirate Bay torrent tracking service earlier this year created a flood of alternative illegal file sharing sites and malware distribution hubs, according to a report released by McAfee. 08 November 2009
Anti-virus companies are failing to get the joke after the release of a free arcade game for the Mac that deletes the users' files during play. Lose/Lose warns 'victims' that it is about to delete files on their hard drives before they begin playing, and it keeps its word. 06 November 2009
A US court has sentenced a man to three years in jail for selling more than $1m worth of pirated software on eBay. 26 October 2009
Research just published by Symantec claims to show that users are increasingly being fooled into installing fake anti-virus software - aka scamware - onto their machines. 20 October 2009
Google is to expand a mass-market advertising campaign for its cloud-based office software services beyond the US today. 19 October 2009
US$4000 lost in Facebook scam; Michigan's airport website closed due to malware; the first Windows 7 security patches appear; and more. We report on the IT security news... 19 October 2009
Reports are coming in that the source code of the Wal-Mart highly customized point-of-sale (EPOS) computer system - used in almost 900 of its stores across the US - has been hacked. 16 October 2009
Adobe is warning that a critical security vulnerability in its Adobe Reader and Acrobat programs are being exploited in the wild. 09 October 2009
Talk, Tools, Techniques, Trials, and Traps - get the lowdown on the week's security news in our weekly brief. 21 September 2009
An informative webinar - in which BigFix, Trend Micro and one of their joint customers in the healthcare sector looked at some of the problems in the mobile workforce and allied IT security sectors - was a great success this Thursday. 18 September 2009
IT managers are focusing on the wrong security threats, according to a report from the SANS Institute. 16 September 2009
Breaches, threats, protections and security directions - we summarise what's been happening in the world of information security over the past week. 15 September 2009
This week promises to be an exciting one for Infosecurity and its readers as, while President Obama is reportedly close to appointing a Frank Kramer, former assistant defense secretary under President Bill Clinton, as his new cybersecurity chief, we will be hosting a topical IT security webinar looking at how to protect your critical data on a budget. 14 September 2009
Astaro Corp., has released a free business firewall for the VMware environment. The IT security vendor says that the firewall - which offers the base functionality of its Astaro Security Gateway Virtual Appliance by using a special license key - will allow organizations with virtual environments to secure their network from external threats. 10 September 2009
Microsoft may be forced to release an out-of-cycle security update for a vulnerability published the same day as the firm released its September Patch Tuesday update. 09 September 2009
A group of academics with the University of California in San Diego and MIT claim to have discovered a cloud attack methodology called a side channel attack. By signing up to Amazon's cloud computing service and placing a virtual machine on the same physical machine as a target application, they claim the security of the cloud application can be compromized. 08 September 2009
In this week’s information security news: Marshal8e6 rebrands as M86 Security; Australian federal police mock hackers - and are hacked in return; Raytheon releases industry's fastest cross-domain sharing solution; and more... 07 September 2009
As the recession continues to chew into budgets, and cybercriminals see increased opportunity for looting, CISOs need to ensure that their information security defences remain strong but affordable. Find out more for free! 07 September 2009
Whilst threats against business critical data have been rising steadily in recent times, almost all companies have had their IT security budgets cut or placed under intense scrutiny. 05 September 2009
Reports that a North Carolina business has been left with a US$2500 phone bill after phone phreakers hacked its PBX via the firm's toll-free number shows the danger of failing to audit all aspects of a systems' software, said Fortify, the application vulnerability specialist. 04 September 2009
The number of organizations with at least half of their servers virtualized is expected to double in 2010 to 51%, according to a survey of 480 IT professionals about virtualization conducted by identity and access management vendor Centrify Corporation. 03 September 2009
In this week’s information security news: Trojan eavesdrops on Skype; Snow Leopard only recognizes two Trojans; private messages are sent to wrong recipients; search warrants are needed for digital data; and more… 01 September 2009
Whilst Web 2.0-driven websites and services have made the mobile internet almost as popular as the desktop web, the technology is an information security manager's nightmare, with code extensibility, IP interactions and website flexibility driving a steamroller through traditional information security systems. So what are IT managers to do? 01 September 2009
Facebook has amended its privacy practices and policies to give users more control over the information they keep on the social networking site, following a report from the Canadian Privacy Commissioner. 28 August 2009
In this week’s information security news: Microsoft patch exploited by hackers; Office 2010 sandbox security welcomed by security industry; hackers get their revenge on police; and more… 24 August 2009
Radisson Hotels & Resorts has announced that its computer systems have been accessed without authorisation between November 2008 and May 2009. Radisson is not saying, however, whether the unauthorised incursion was caused by hackers or an internal security issue, nor how many customers are affected by the incident. 20 August 2009
Advance Internet, the division representing 36 newspaper websites owned by the Newhouse family, has entered into a ground-breaking deal with Microsoft. 19 August 2009
If you want to hear an eclectic mix of views on recent events in the world of IT security, you could do worse that visit the Bigfix blog site, where Amrit Williams, the firm's chief technology officer, has been talking with industry luminary Ryan Russell in his latest podcast. 17 August 2009
In this week's information security briefs: Poor password management a rising problem; Gartner says that IT products and services are heading for regulation by 2015; how Google helped Twitter fend off its DDOS attacks, and more... 17 August 2009
Applications on the Apple iTunes website are arguably what makes the iPhone so popular in mobile phone circles, but a growing number of users are unlocking (jailbreaking) their iPhones, for the simple reason that it opens up the mobile to third-party applications. This means the iPod and iPhone could be used for hacking. 12 August 2009
As many readers of Infosecurity may have noticed, Web 2.0-driven social networking sites like Facebook and Twitter have become attractive targets for phishing and scamming attacks as online criminals follow the latest internet trends that are attracting the most users. 12 August 2009
A new set of cybersecurity guidelines - released by NIST - the National Institute of Standards and Technology - leaves a lot to be desired when it comes to the protection needed for government agency computers, said the Cyber Secure Institute. 11 August 2009
Koobface, the first - and arguably the most successful of the social networking worms - is back, having been significantly tweaked by black hat hackers on the internet, reports Kaspersky Lab, the anti-malware and IT security vendor. 10 August 2009
The hacker attack on Twitter on Thursday afternoon UK time - which appears to have also spilled over to the Facebook social networking site - is now thought to have been the work of political activists who wanted to stop a pro-Georgian blogger - Cyxymu - from making his/her postings on the sites. 10 August 2009
In this week's information security briefs: ISPs team up in bid to tackle botnet problem; Former superhacker Kevin Mitnick dumped by ISP; US cyber-security tsar steps down; US military worried over Twitter security and more... 10 August 2009
Research just released by Symantec shows that phishing attacks rose 52% in July while spam - as a percentage of all email - stayed about the same compared as the previous month. 07 August 2009
After 27 years in the online and IT world, Symantec is moving into the offline/off-computer world thanks to a partnership with LifeLock Inc., a proactive provider of identify theft protection. 06 August 2009
A study just released by ABI Research predicts a period of healthy growth for managed wireless security solutions, with growth averaging 27% a year for the period 2008 to 2014. 06 August 2009
At around 3:00 pm on Thursday afternoon, Twitter, the extraordinarily popular microblogging portal, fell silent, apparently the victim of a sustained distributed denial of service (DDOS) attack. 06 August 2009
Seattle-based WatchGuard Technologies - the unified threat management (USM) security vendor - has announced plans to buy privately-held BorderWare Technology, which employs around 90 staff, for an undisclosed sum. 05 August 2009
Programmers with the Mozilla Foundation have moved rapidly to patch one of the two SSL security flaws in web browsers, such as Firefox, identified by researchers at the Black Hat security briefings in Las Vegas late last week. 05 August 2009
Twitter has quietly started checking URLs entered into tweets (user messages) on its microblogging service and immediately flown into a barrage of criticism about its checking methodology. 05 August 2009
Researchers have been busy over the last few days tracing where the Zeus botnet is being controlled from, following investigations by the University of Alabama in the US, which tracked down the Zeus Bot virus to a raft of fake internet postcards circulating on the internet. 04 August 2009
In this week's information security briefs: AVG flags up iTunes as malware; hackers score $219 000 from city; Microsoft's sandboxing criticised, and more... 03 August 2009
A potentially serious iPhone security flaw identified by researchers at the Black Hat security briefings in Las Vegas last week has been quickly patched by Apple Computer. 03 August 2009
Clever hackers are exploiting a number of loopholes in US credit reporting systems to substantially improve their credit rating and so gain access to zero percent loans and low-cost credit cards, an information security researcher said over the weekend. 03 August 2009
The programme for Infosecurity Magazine’s Virtual Conference on Information Security 2009 is now available with an exciting line-up of speakers from the IT security industry. 03 August 2009
At the Black Hat security conference in Las Vegas, researchers have revealed how the security of San Francisco's plans to become a showcase for the US on computerised parking has been compromised. 31 July 2009
Researchers at the Black Hat security briefings in Las Vegas this week revealed a number of flaws that affect the secure sockets layer (SSL) system for secure internet web browsing. 31 July 2009
Apple has reportedly caused a stir in copyright circles over claims that unlocking its iPhone handset from the partner network could cause the mobile to crash cellular base stations and even allow users to make free phone calls. 30 July 2009
You could never describe the Apple iPhone as totally secure, given the number of jailbreaks that crackers have developed to unlock the popular handset from its partner networks, but researchers at the Black Hat security conference are scheduled to reveal a serious chink in the mobile's armour today. 30 July 2009
The complications and concerns around cloud computing should not be underestimated, argued Alex Stamos, co-founder and partner of iSEC Partners, at the Black Hat conference in Las Vegas, 30 July 2009. 30 July 2009
IBM has acquired another IT security development firm - Ounce Labs - to add to its ITsec research and development efforts. 29 July 2009
Symantec has joined the growing ranks of IT security vendors that are offering their pooled information on the latest ITsec threats as a value-added outsourced option for major corporates. 29 July 2009
Information security: Fox News, Eugene Kaspersky reveals all, Marshal8e6's new hosted email service and more... 27 July 2009
Cloud computing, along with the growing number of web 2.0-enabled sites and services many of us now access on a regular basis, is changing the face of IT security. 27 July 2009
Access assurance is fast becoming a hot topic in regulatory and best practice circles, for the simple reason the technology that drives it can save a company a significant fine for failing to comply with the latest data protection. 25 July 2009
Novell is about to join the growing list of companies developing its security-enabled products for the cloud. 24 July 2009
Cambridge academics have revealed that social networks that promote their security controls are likely to deter users from joining, and as a result privacy guidelines are inaccessible. 24 July 2009
If you ever wondered how to start Windows XP without a password and without going down to source code level, wonder no more, as Butterscotch's content producer Stacey Reed has posted an informative video tutorial showing how it's done. 23 July 2009
California's TriCipher has announced plans to unveil its myOneLogin authentication and identification technology on day three of the Cloud SSO event in San Diego on July 29th. 23 July 2009
Information security: Microsoft, South Korea, China, Twitter, Facebook in the news... 20 July 2009
IT security administrators will have to deal with more than 10 security patches from Oracle and nine from Microsoft this week. 16 July 2009
The reputation of Mozilla's popular Firefox web browsing software - now into version 3.5 - took a battering this week as the Secunia security research advisory team revealed a flaw in the way the browser handles Javascript calls. 15 July 2009
Research commissioned by DeviceLock, the end point security company, claims to show that many firms are failing to act on the information security risks that the Apple iPhone poses to their IT resources. 15 July 2009
As Google announced the future launch of its Google Chrome operating system (OS) based on an open source Linux kernel, it also claimed that “users don’t have to deal with viruses, malware and security updates. It should just work”, but is that possible? 13 July 2009
An attack is sweeping sites using Adobe's ColdFusion scripting system, according to information received by the SANS Institute. 05 July 2009
Facebook has plugged a major security hole that researchers say enabled any member of the site to view other users' personal information. 24 June 2009
Researchers have developed technology that enables users to participate in an anonymous, private communication session using nothing but an HTML 5-compliant web browser. 23 June 2009
Danny Bradbury documents Tools, Twitter, Law, Hacked, Patched, and the Totally Whacked this week. 22 June 2009
Researchers at the University of Michigan have criticized an alleged initiative by the Chinese government to protect the public's computers from malware, arguing that it creates significant vulnerabilities on users' machines. 16 June 2009
Vision Solution’s explores the data protection, recovery and optimization technologies and strategies for running AIX and IBM i (i5/OS) environments in its white paper State of Resilience & Optimization on IBM Power Systems. 16 June 2009
Information Security - Tools, Law, Techniques, Attacks, and Defenses 15 June 2009
Apple Computer has released v 4.0 of its increasingly popular Safari web browser for Windows and Mac OSX-based computers. The release counters the recent security flaws reported in CFNetwork, CoreGraphics, ImageIO, International Components for Unicode, libxml, Safari, Safari Windows Installer, and webKit 10 June 2009
LockLizard explores the pitfalls of PDF security in its white paper 10 Things You Really Wished You Had Known About PDF Security. 09 June 2009
Users of Office 2000 should start preparing for Microsoft’s withdrawal of its security update service for Office 2000 from 14 July this year, warns California-based security software provider Fortify Software. 03 June 2009
Microsoft has warned about hackers starting to use DirectX-enabled files to give them remote access to users' PCs across the internet. 01 June 2009
Malware attacks are becoming more targeted and more focused on social networks, according to a researcher at Kaspersky, who slammed Facebook for problems with its application certification process. 29 May 2009
Information security attacks, defenses, vulnerabilities, and losses 26 May 2009
McAfee will acquire Solidcore Systems, a whitelisting specialist, in a US$33m deal which will allow McAfee to integrate Solidcore's technology into its blacklisting malware detection and prevention products, as well as to bolster its high-end corporate IT security offerings. 20 May 2009
Infections, Intrusions, Protections and Misdirections 18 May 2009
With the economic downturn, cloud computing is seen as a way to improve operational efficiency, reduce headcounts and help with the bottom line, but according to the report from Massachusetts-based Forrester Research on cloud computing, organisations should not jump on the ‘cloud wagon’ before considering security and privacy concerns. 12 May 2009
Web 2.0-driven websites are now a premier target for hackers, amounting to 21% of all reported hacking incidents, according to an IT security report from the Secure Enterprise 2.0 Forum. 08 May 2009
Hackers are starting to create fake search engine sites to divert hapless internet users to malware infected websites, says PandaLabs, the research operation of Panda Security. 07 May 2009
Users of Google's Chrome browser are the most likely to be running the latest version of the software compared to other browsers, according to a study released this week. 06 May 2009
Splunk, the vendor who calls itself “the google for data centres” are seeing an increase in sales due to the high crime that comes hand in hand with an economic downturn. 06 May 2009
Two more zero-day flaws have been found in Adobe Reader that could lead to users' machines being compromised. 29 April 2009
The guys on the Blackberry stand at the Infosecurity Europe show weren't willing to talk specifically about it, but it looks like the White House has taken delivery of a custom Blackberry smartphone for President Obama. 28 April 2009
Endpoint security company Lumension teamed up with Microsoft at the RSA show to launch a software whitelisting service. The move, which sees the companies sharing information about legitimate software applications, lends increasing credence to the idea that blacklisting malicious software by signature is becoming less tenable as the number of malware variants increases. 22 April 2009
In his keynote at RSA in San Francisco, Symantec CEO Enrique Salem called for a significant shift in the way vendors and end-users approach information security. Change, said Salem, is needed to fight the current targeted threat landscape. 22 April 2009
Government, Twitter, Tools and the law. 20 April 2009
Security provider, Symantec, found that malicious code activity continued to grow at a record pace throughout 2008, with the most prominent target being confidential information, according to the Symantec Internet Security Threat Report Volume XIV. 15 April 2009
Powerpoint, Porn and Twitter 14 April 2009
Infosecurity magazine are now on Twitter. Please ‘follow’ us to receive our latest news, views and industry comments. 08 April 2009
SQL injection will take a new turn later this month at Black Hat Europe, when a security researcher shows how to take control of a database server using the technique. 03 April 2009
Cyber intelligence There were big shakeups afoot in the US cyberintelligence community. Rod Beckström, last year's controversial pick for head of the secretive National Cybersecurity Center, resigned amid stormy allegations of bureacratic roadblocks. 09 March 2009
Arrests A Chinese official has reportedly been arrested for taking backhanders to help one local anti-virus company disrupt the business of another. Yu Bing, director of the internet monitoring department of Beijing’s Public Security Bureau, allegedly took 4.5m Yuan ($657,000) to frame executives at antivirus company Micropoint and stop its products reaching the market. The money was said to have come from antivirus firm Rising, according to reports. 02 March 2009
Microsoft has warned customers about a zero-day flaw in Excel that could allow for remote code execution if specially-crafted files are opened in the spreadsheet program. 26 February 2009
The government faces sceptisicm after revealing plans to implement a huge database storing citizens’ phone and web records. 23 May 2008
Speculation on the security of social networking has increased amid reports that applications on Facebook are capable of collecting personal information. 01 May 2008
Cyber criminals have shifted their aim from flaws in commonly-used software to problems with custom-built applications, and are also targeting easily-misled users, according to the SANS Institute’s revised top 20 internet security risks. 07 December 2007
Email Address
Password
Forgotten login?