News

Microsoft has released an advisory regarding an issue that affects customers using Microsoft Windows Vista, Windows Server 2008, Microsoft Office 2003 through 2010, and all supported versions of Lync. The company said that it was aware of targeted attacks “largely in the Middle East and South Asia” against older software and the exploit requires user interaction as the attack is disguised as an email requesting potential targets to open a specially crafted Word attachment. “If the attachment is...

Read more

A new movement to encourage sharing of information among trusted users has been launched and is seeking new partners. Founder Wolfgang Kandek, CTO of Qualys, said that the campaign has stemmed from experiences of security departments typically being policy driven and beholden to following extensive guidelines and not being able to measure programs in a way that is intelligible to their non-technical colleagues. He said: “We are good at reaching out to people about who...

Read more

Banks in the United States are to face a cyber security test that will be conducted by the New York State Department of Financial Services. According to the Wall Street Journal, around 200 banks will be required to participate in a live webcast where they will answer questions about their cyber security policies and processes on 12th December. All of the banks will be asked questions simultaneously and later will be able to see how they stack...

Read more

A large stash of data was hacked recently, exposing the personal and financial information on more than 850,000 Fortune 500 CEOs, lawmakers and A-list celebrities. Reported by Brian Krebs to have been found on the same servers as the Adobe source code, the file “CorporateCarOnline” the plain text archive apparently contained 850,000 credit card numbers, expiry dates and associated names and addresses, with more than one-quarter (241,000) including  high or no-limit American Express accounts. Those names included basketball star LeBron...

Read more

The anticipated changes to the payment card industry data security standard (PCI DSS) was published today. Overall there is better clarification of the 12 steps of the standard as well as to remain current with attack vectors and to address the need for physical security of payment terminals and address requests for more stringent scoping and testing. Altogether there are 11 main changes to requirements 5 (use and regularly update anti-virus software on all systems commonly affected...

Read more

Microsoft will release eight bulletins next week, including three critical-rated patches for vulnerabilities in Internet Explorer and Microsoft Windows. Tyler Reguly, technical manager of IT security research and development at Tripwire, said: “It's a pretty typical patch Tuesday, Internet Explorer, Windows, and Office patches. This month shows that new Microsoft software isn't immune to flaws -- Office 2013, IE 11, and Windows 8.1 will all receive patches on Tuesday.” Wolfgang Kandek, CTO of Qualys, said...

Read more

HyTrust has acquired cloud encryption and key management vendor HighCloud Security to add cloud-optimised data security and privacy to administrative visibility and control. According to the companies, the combined offering will enable ‘cloaked’ private, hybrid and public clouds and helps address three of the primary security concerns in cloud environments: control; visibility; and data security and privacy. Eric Chiu, president and founder of HyTrust, said: “HyTrust represents the control point for cloud management, providing automated...

Read more

The United States computer emergency readiness team (CERT) has issued an alert about the CryptoLocker ransomware. Proving the major impact that it has had upon businesses and users globally, the US CERT said that the 2013 campaign “restricts access to infected computers and demands the victim provide a payment to the attackers in order to decrypt and recover their files”. It said: “As of this time, the primary means of infection appears to be phishing emails containing...

Read more

Pre-requisite requirements for hiring by Human Resources may cause the best people not being considered for jobs in security. Speaking to IT Security Guru, Cyber Security Challenge CEO Stephanie Daman said that there is often an issue where a company will have a hiring policy and if a person doesn’t fit with a qualifications minimum but has the right skill set, they may not be seen. “The problem is two-fold: there are people with the...

Read more

Trustwave has announced the acquisition of data security vendor Application Security. Adding automated database security scanning technologies to its product and service offering, Trustwave will continue to develop, support and offer the DbProtect and AppDetectivePRO products to help with compliance, patch management and mitigate data-centric vulnerabilities. Trustwave said that Application Security’s technologies will enhance Trustwave’s penetration testing and vulnerability management services, with additional database scanning and testing capabilities. Financial terms of the acquisition, which has already closed, were...

Read more
Page 1017 of 1033 1 1,016 1,017 1,018 1,033