High Tech

Fortinet plans IPO

By

Fortinet, maker of unified threat management solutions, on Monday announced plans to go public. The Sunnyvale, Calif. company plans an initial public offering (IPO) of up to $100 million in common stock, according to a filing with the U.S. Securities and Exchange Commission. Many firms have steered clear of IPOs in recent months, but with the stock market again climbing, that may change, experts said. ArcSight was the last major security company to file for public status. — DK

Industry group releases software integrity framework

By

Not enough emphasis is placed on the integrity of software, according to a software assurance group, which hopes to change that mentality with a new framework.

T-Mobile confirms hack but doubts crooks have the goods

By

T-Mobile has confirmed that hackers were able to swipe data from its systems, but the wireless carrier is downplaying the threat to customers.

McAfee acquires Solidcore

By

McAfee today announced the acquisition of dynamic whitelisting vendor Solidcore for approximately $33 million. The acquisition advances McAfee's endpoint security and risk management portfolio. Specifically, Solidcore enables McAfee to now provide security for automated teller machines (ATMs), point-of-sale (POS) systems, multifunction printers (MFPs), supervisory control and data acquisition (SCADA) systems, as well as mobile and other embedded devices. In addition, it will strengthen McAfee's virtualization solutions, the company said in a news release. — AM

Cloud computing providers require strong audits

By

Companies must develop better ways of evaluating the security and privacy practices of the cloud services they utilize, according to a report by Forrester released Friday.

NERC president: Emergency cybersecurity help needed

By

Efforts of the North American Electric Reliability Corp. (NERC) to secure the nation's power grid against cyberthreats cannot substitute for additional emergency authority at the federal level, urged Richard Sergel, president and CEO of NERC, in testimony during a Senate hearing on cybersecurity Tuesday.

U.S. missile defense information found in disk bought on eBay

By

A hard disk containing the launch procedures for a U.S. military missile defense system was recently purchased on eBay.

How the recession is affecting IT spending

By

Despite the financial crisis, companies are still putting forth money for IT security efforts while overall IT spending is less of a priority, according to a new survey conducted by strategy and business advisory firm MetroSITE Group, and Pacific Crest Securities, a technology investment bank.

ActiveX flaw detector released

By

The CERT Coordination Center at the Carnegie Mellon Software Engineering Institute in Pittsburgh on Thursday released a free, open-source tool that software developers can use to detect ActiveX vulnerabilities. Dubbed Dranzer, the tool was tested on 22,000 ActiveX controls produced by more than 5,000 organizations. Dranzer is designed for use during the quality assurance phase of software creation and can help prevent flaws, such as buffer overflows, from being shipped in software to the public. — DK

VMware patches new critical security vulnerability

By

VMware has issued patches for a critical security vulnerability in its ESX and ESXi virtualization products.

OWASP releases code guide

By

The Open Web Application Security Project (OWASP), an open-source project, has announced a free, 216-page guide for how to review code for application vulnerabilities. The book complements the already released "OWASP Security Developer Guide" and the "Security Testing Guide." The latest publication is "part of OWASP's strategy to make application security visible and enable the market to support the development of secure application software," according to the organization. — DK

Microsoft denies code flaw

By

On its TechNet blog, Microsoft denied that a recently uncovered GDI+ EMF buffer overflow problem will result in a crash that is "exploitable for code execution." The flaw had been reported Tuesday by SecurityFocus. Microsoft said it was continuing its investigation, but that mitigating defenses already in place effectively counteract the threat, even when the flaw causes termination of an application. — CAM

Firefox flaw fixed

By

Mozilla has addressed a notorious zero-day vulnerability discovered Wednesday that could have caused execution of malicious code if exploited. With the flaw, attackers could have modified Firefox source code. In its release notes for version 3.0.8, Mozilla identified the problem as an XSL parsing "root" XML tag remote memory corruption vulnerability, and lists the bug as "Resolved." — CAM

Cisco releases security updates for IOS

By

Security updates for Cisco Internetwork Operating System were released Wednesday to shield against a number of vulnerabilities.

Internet Explorer 8 "critical" flaw in final version

By

The Internet Explorer 8 vulnerability demonstrated at the CanSecWest hacker conference on the beta version of the browser also exists in the final version.

Solving the hacking problem

Solving the hacking problem

To avoid hacking and malicious alteration of the application, software companies are turning to new anti-tamper solutions that will protect the entire application, as well as maintain code integrity.

IE 8 coming today

By

The official release of Internet Explorer 8 is scheduled to be available at noon EST on Thursday. The new browser "offers leading-edge security features," including a cross-site scripting filter, clickjacking prevention, and per-site ActiveX, which enables users and administrators to manage where an ActiveX Control can run, Microsoft said. The download, in 25 languages, is at http://www.microsoft.com/ie8. — CAM

March Madness nearing, but cyberthreats already here

By

Sports fans might be eager for March Madness to begin on Thursday, but for cybercriminals, the games have already begun, security researchers said.

Time Warner confirms DDoS

By

Time Warner Cable confirmed Thursday that distributed denial-of-service (DDoS) attacks against its DNS servers are to blame for the slower-than-normal service affecting its broadband customers, particularly those living in Southern California, for about the past week. The company said in a statement that the culprits likely are using botnets to deliver their traffic because the attacks are "larger and more difficult to contain than similar attacks in the past." — DK

Another vendor threat

By

A fourth security vendor website has been found to be insecure. In a post on hackersblog.org, a Romanian hacker, whose alias is "Unu," describes an insecure parameter in the Symantec Document Download Center that is vulnerable to SQL injection. The flaw supposedly exists on an SSL login page and permits access to company databases. According to the hacker, Symantec has been contacted but has not yet responded. The same hacker claimed to gain access to Kaspersky, F-Secure and BitDefender websites. — CAM

BitDefender hit again

By

A Romanian hacker claims to have found a hole in the website for security firm BitDefender. According to a post by someone using the alias Unu on hackersblog.org, an SQL injection vulnerability persists in the site's news section. Recently websites belonging to security firms F-Secure and Kaspersky Lab were compromised. And a Portuguese partner site belonging to BitDefender also was hit. All three companies deny that any personal information was exposed to the attackers. — CAM

No Kaspersky compromise

By

A forensic exam has confirmed Kaspersky Lab's initial findings that Romanian hackers did not compromise any personal data when they launched an SQL injection attack against the anti-virus company's U.S. support site. David Litchfield of Next Generation Security Software said in a Thursday report that other attackers, upon learning of the vulnerable site at usa.kaspersky.com, attempted to access data but also were unable. — DK

Businesses detecting ID fraud faster, absorbing more costs

By

Identity fraud increased by 22 percent last year, but the burden on consumers is lessening, according to a new study.

Intruders put virus on government security contractor network

By

A security services provider for the federal government is notifying employees, former employees and customers that its network was compromised by malware.

Research In Motion outbids VeriSign for Certicom

By

On Tuesday, a bid from Research In Motion bested VeriSign's offer for control of cryptography technology firm Certicom.

To Facebook or not to Facebook?

By

More than half the respondents of a recent poll said their organization does not have a policy on using Facebook.

Google Video searches lead to malicious site

By

Cybercriminals have begun using Google Video to help deliver victims to their doorstep.

Google working on fix for clickjacking vulnerability in Chrome

By

A researcher has shown that the Google Chrome web browser also can succumb to clickjacking.

Data Privacy Day celebrates the safeguarding of information

By

Companies around the globe are recognizing the second annual Data Privacy Day on Wednesday with seminars and other events aimed at educating users and generating discussion around the topic.

Email worm spreads under guise of Valentine's Day greetings

By

The criminal group behind the Waledac email worm, distributed last week in inauguration-related phishing attacks, is now leveraging Valentine's Day to distribute malware and expand a botnet.

Sign up to our newsletters

POLL