Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.
Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.
The weakness allows for an intruder to quietly have access to any files stored on the server.
The software giant is trying to put the brakes on a serious flaw that is being leveraged as part of possible espionage campaign against U.S. energy workers.
May 06, 2013
Originally, researchers believed that the Labor Department site led to malware that took advantage of a known vulnerability. But that is no longer the case, and Microsoft has confirmed a fresh, unpatched vulnerability in IE 8.
The software maker seemed to downplay the threat posed by issue, which McAfee is calling a security vulnerability that could be used in APT-style campaigns.
May 02, 2013
WhiteHat Security's annual survey of tens of thousands of websites also studied whether certain best practices are helpful in preventing such flaws as information leakage and cross-site scripting.
In this month's debate, experts discuss if advanced malware is still a persistent challenge after administrator rights are removed.
April 29, 2013
McAfee said it considers this a security issue because the flaw could be leveraged as part of a malicious attack to gather reconnaissance about a target.
Microsoft is now issuing a replacement patch for a fix that was shelved two weeks ago after customers reported problems resulting after they installed it.
April 23, 2013
In addition to the exploit, which leverages a recently patched bug, a researcher has discovered a fresh vulnerability in the newly minted version of Java SE.
The American Civil Liberties Union has filed a complaint with the Federal Trade Commission over several major carriers' alleged sluggish patching practices, a concern for enterprises as BYOD pervades the business world.
An improved notification system will help protect users from running risky applications from untrusted sources.
Symantec's annual "Internet Security Threat Report 2013" concentrated on the success attackers are attaining by sabotaging legitimate websites.
The software giant said applying the update could prevent machines and applications from properly restarting and loading.
The biggies are two vulnerabilities in Internet Explorer and a single weakness in Remote Desktop Connection.
April 04, 2013
The software giant expects to distribute eight other fixes to correct vulnerabilities in Windows, Office, Server Software and Security Software.
The release patches 13 vulnerabilities, five of which are deemed "critical."
The security company is urging customers to upgrade to the latest version of the appliance, which is not susceptible to the vulnerabilities reported Wednesday by researchers at SEC Consult.
April 01, 2013
April's "threat of the month" are Universal Plug and Play (UPnP) vulnerabilities, which allow attackers to execute arbitrary code.
Prioritization is a key part of the patching strategy of any customer, says SC Magazine's Dan Kaplan.
Of the companies polled in a recent survey, eight in 10 indicated that they experienced web attacks in 2012.
Owing to outdated browsers, an attack aimed at older Java vulnerabilities can be just as successful for miscreants as targeting new vulnerabilities, according to new research.
Honeypots installed by researchers at security firm Trend Micro provided bait for 39 attacks on simulated ICS environments over the course of a month.
March 15, 2013
The security update patched 21 vulnerabilities and a Java Web Start bug that could allow apps to be launched automatically.
The new offering shows that, as cyber criminals become more sophisticated, they'll need more options to secure their infrastructure.
The vulnerability allows anyone with "casual physical access, such as a custodian sweeping your office at night or a security guard making his rounds" to plug in a USB device and become an administrator, according to Microsoft.
In this video shot at RSA Conference 2013 in San Francisco, Illena Armstrong, VP of editorial at SC Magazine, sits with Courtot to discuss some of the big problems facing CISOs today, as well as his thoughts on this year's big conference.
Researchers also found that the median number of vulnerabilities per application was 13 flaws.
They address flaws in Internet Explorer (IE), Windows, Office, Server Software and Silverlight.