Apple on Thursday released an update to Mac OS X Snow Leopard (10.6), closing multiple vulnerabilities that could allow an attacker to run malicious code on an affected system.
Thanks to compliance requirements and a threat environment marked by growing sophistication, sellers of software security products are expected to earn more than $16.5 billion in revenue this year, an 11.3 percent jump from 2009, according to a Gartner forecast released this week.
FaceTime Communications has sold its trademark to Apple. The computing giant plans to call its new iPhone video calling application FaceTime. The Belmont, Calif.-based FaceTime Communications, which currently offers instant messenger, web and unified communications security, plans to rebrand itself and announce a new name in the coming months, the company said in a statement. — DK
LifeLock will pay $11 million to the Federal Trade Commission (FTC) and $1 million to a group of 35 state attorneys general to settle charges that the Tempe, Ariz.-based company made false claims that its product could prevent identity theft.
Fortinet, maker of UTM appliances, is set to make a rare IT security initital public offering.
Trying to meet the demands of larger businesses in their fight against web threats, M86 on Tuesday acquired Finjan.
A new feature from Google is designed to help website administrators identify malicious code on their sites.
West Coast Labs (WCL), an independent test facility for information security products and services, has partnered with OPSWAT, a provider of development tools that power software application manageability. The alliance will allow for the incorporation of data from WCL's Checkmark Certification program into the OPSWAT OESIS Framework, a development toolkit for managing endpoint security applications. — CAM
The final version of Microsoft Security Essentials is now available for download. According to the company, the software provides real-time protection for PCs against viruses, spyware and other malicious software. The free consumer solution is backed by research from the Microsoft Malware Protection Center (MMPC), enabling it to quickly respond to new threats and placing it in competition alongside offerings from Symantec and McAfee in the anti-virus market. — CAM
The global software security market still is growing despite a far-reaching recession.
Microsoft has released two new tools that developers and testers can leverage to meet the requirements of the company's industry-accepted SDL software security assurance process.
Users who upgrade to the next versions of the Firefox web browser -- 3.5.3 and 3.0.14, due out Wednesday -- will be notified if they are running a vulnerable version of the Adobe Flash Player, Mozilla's "Human Shield" Johnathan Nightingale announced Friday. The move comes out of concerns that a majority of Flash users are running out-of-date versions of the software. Nightingale said the warnings will enable people to avoid crashes, stability issues and other security problems. Mozilla plans to partner with other plug-in providers to offer similar alerts. — DK
Actimize, provider of anti-fraud solutions for financial firms, announced Monday that it has acquired its biggest competitor, Fortent, for $73.5 million. The deal will enable New York-based Actimize to offer customers an "integrated platform" for money laundering prevention, brokerage compliance and case and investigation management, according to a news release. The company, a subsidiary of NICE Systems, is expected to generate $100 million in business in 2010. Fortent, also based in New York, was founded in 1993 and is best known for creating statistically based anti-money laundering technology. — DK
The new anti-virus feature in Snow Leopard could entice cybercriminals to create more Mac malware, say security firms.
Apple appears to be getting at least somewhat serious about security, with plans to include an anti-virus mechanism in the next version of its Mac OS X.
ConSentry Networks is the latest network access control (NAC) vendor to bite the dust. The Milpitas, Calif.-based company, which lately had shifted its focus to making LAN switches and controllers, closed its doors last Thursday, according to Network World, which broke the story. No one at ConSentry answered the telephone on Tuesday, and an email went unreturned. Earlier this year, Trustwave acquired Mirage Networks, and in March 2008, prominent NAC player Lockdown Networks went out of business. Experts said pure-play NAC providers have had trouble competing against bigger companies. -- DK
Surprised? Microsoft came out on top in a recent test that studied how well the leading web browsers respond to malware and phishing.
The Chinese government has bowed to criticism over its internet filtering software requirement.
Everett, Wash.-based Fluke Networks, which installs, tests, certifies and monitors networks used by enterprises and telecommunications carriers, announced Thursday that is has acquired AirMagnet, provider of wireless LAN security solutions. The deal -- terms of which were not disclosed -- is expected by some industry observers to make Fluke a leader in Wi-Fi testing. Sunnyvale, Calif.-based AirMagnet is best known for its WLAN security and performance management offering. — DK
A new report says web application firewalls and intrusion prevention systems are necessary technologies for many businesses, but intrusion detection systems and network behavior anomaly detection technologies are declining in popularity.
Next week, Microsoft will make available to consumers a new, free anti-malware service to replace its subscription model.
Microsoft's Windows 7 will go into general commercial availability on Oct. 22, according to a Microsoft spokeswoman. The company did not announce prices for the several versions it plans, but said it will introduce a program -- a "Tech Guarantee" or Windows Upgrade Option -- that enables people who buy current PCs with Vista to get a free upgrade to the new Windows 7 software when it becomes available. — CAM
Google has introduced its latest version of Chrome, and claims to have enhanced speed and privacy features.
Microsoft on Tuesday released a free tool to help application developers better secure their programs. The SDL (Secure Development Lifecycle) Process Template for Visual Studio Team System provides a framework -- including auditable requirements -- for building security into applications. The offering complements previous Microsoft SDL releases: Optimization Model, Pro Network and Threat Modeling Tool. Microsoft developed SDL in 2004 to address security vulnerabilities in its software. The program is credited with reducing vulnerabilities in Vista and SQL Server. — DK
Redwood City, Calif.-based Oracle has agreed to acquire Virtual Iron Software, a vendor of server virtualization software that addresses a variety of data center issues. Oracle said the incorporation of Virtual Iron's technology is expected to provide more dynamic resource management across the full software stack. The deal is pending approvals and is expected to close this summer. Meanwhile, the companies will operate independently. Financial details were not disclosed. Lowell, Mass.-based Virtual Iron was founded in 2003. — GM
Microsoft is planning to update its Windows platforms so that their AutoRun features - one of the preferred vectors for spreading the infectious Conficker worm - does not support USB sticks, the company announced Tuesday. In the next version of the operating system, Windows 7, AutoRun - a technology that automatically runs programs when media is plugged into a PC - only will work for CDs and DVDs. Engineers plan to extend this change to Vista and XP platforms. — DK
Microsoft has extended its Forefront brand and is now putting messaging security into the cloud.
The CERT Coordination Center at the Carnegie Mellon Software Engineering Institute in Pittsburgh on Thursday released a free, open-source tool that software developers can use to detect ActiveX vulnerabilities. Dubbed Dranzer, the tool was tested on 22,000 ActiveX controls produced by more than 5,000 organizations. Dranzer is designed for use during the quality assurance phase of software creation and can help prevent flaws, such as buffer overflows, from being shipped in software to the public. — DK
The Open Web Application Security Project (OWASP), an open-source project, has announced a free, 216-page guide for how to review code for application vulnerabilities. The book complements the already released "OWASP Security Developer Guide" and the "Security Testing Guide." The latest publication is "part of OWASP's strategy to make application security visible and enable the market to support the development of secure application software," according to the organization. — DK
A new patch for Firefox is being readied for shipment early next week to fix a vulnerability detected on Wednesday.
Sign up to our newsletters
SC Magazine Articles
- New SSL/TLS vulnerability, FREAK, puts secure communications at risk
- Report: Majority of health-related websites leak data to third parties
- Researchers investigate link between Axiom spy group, Anthem breach
- Natural Grocers investigating unauthorized access to POS systems
- Spammers leverage DMARC to more successfully distribute ransomware
- Clinton's use of private email spawns security, transparency debate
- Android 'Gazon' worm proliferates through texts, infects more than 4k phones
- Ramirez: FTC focus on data security, fraud, cross device tracking
- Greenwald says Snowden invoked changes toward privacy
- Playing defense in ranks: Cybersecurity reimagined