Microsoft warns web-hosting providers of zero-day flaw

By Janine de Blois

The vulnerability affects Windows XP Service Pack 2 as well as all supported versions and editions of Windows Server 2003, Windows Vista, and Windows Server 2008. It allows for elevation of privilege from authenticated user to LocalSystem.
An attack is possible through authenticated user provided code. Internet Information Services (IIS) and SQL [...]

Google Apps hit by session-stealing assault

By Dave Nixon

A security researcher has exposed a grave flaw in Google Spreadsheets, which could give an attacker access to all of a user’s Google services.
While the bug, a cross-site scripting (XSS) flaw, has now been fixed by Google, it is a sign of the dangers that can go together with the growing popularity of Software [...]

IBM plans new security for virtual servers

By Dave Nixon

IBM researchers are developing new attack deterrence technology for the company’s virtualisation products.
The company is set to specify the new project, codenamed Phantom, at the RSA Conference in San Francisco Tuesday.
Phantom is a combined effort between IBM’s X-Force threat analysis team and the company’s research division. It aims to lock down the hypervisor [...]

IFRAME SEO attack spreads to over a million search queries

By Janine de Blois

The IFRAME Search engine optimization (SEO) which began last week has spread and has infected an increasing number of important sites.
The latest high profile sites found to have the IFRAMES redirecting browsers to fake security software and Zlob malware variants are:

USAToday.com
ABCNews.com
News.com
Target.com
Packard Bell.com
Walmart.com
Rediff.com
MiamiHerald.com
Bloomingdales.com
PatentStorm.us
WebShots.com
Sears.com
Forbes.com
Ugo.com
Bartleby.com
Linkedwords.com
Circuitcity.com
Allwords.com
Blogdigger.com
Epinions.com
Buyersindex.com
Jcpenney.com
Nakido.com
Uvm.edu
hobbes.nmsu.edu
jurist.law.pitt.edu
boisestate.edu

The hackers have been searching for popular keywords on sites [...]

Finjan discovers website offering volume purchase of stolen credit cards

By Janine de Blois

“If further proof were needed that there is a very serious problem facing the card acceptance and processing industry, this is it,” said Yuval Ben-Itzhak, chief technology officer at Finjan.
“Prices are segmented depending on whether a card is a Classic Visa or MasterCard, a premium account such as a Gold, Platinum or Business/Corporate [...]

New telecommuting system for home and remote workers will reduce CO2 emmissions

By Janine de Blois

Aruba Networks and Avaya have teamed up to pave the way for the future by producing an IP-based voice and data access system for teleworkers. More and more people are working from home or small remote offices and require an easy to use system to keep in touch as though they were at the office. [...]

Highly critical patches released for Kerberos 5-multiple vulnerabilities

By Janine de Blois

Kerberos credits Jeff Altman of Secure Endpoints, and Red Hat Security Response Team for discovering critical vulnerabilities in various versions of Kerberos 5. The bugs may cause DoS (Denial of Service), or otherwise compromise vulnerable systems.
The first problem is the Key Distribution Center (KDC). Incoming krb4 requests can be exploited to crash [...]

Sophos combines NAC with endpoint security in free upgrade

By Janine de Blois

Endpoint Security and Control 8.0., released Tuesday, integrates anti-virus, anti-spyware, host intrusion prevention, application control, firewall and NAC to block viruses and spyware as well as ensure that computers are running authorised up-to-date software and adhere to company policies. Sophos research indicates two out of three corporate computers have out of date anti-virus, missing [...]

VMware improves virtual machine security

By Dave Nixon

VMware has announced a new security technology that it maintains can shield applications running in virtual machines in ways earlier not possible in physical environments.
VMsafe operates as a sub-system, or security engine, in the hypervisor, VMware ESX Server, and scrutinizes all traffic in and out of each virtual machine. It can furthermore inspect the state [...]

Logins for 8,700 FTP servers found on sale

By Dave Nixon

Finjan stated it had found upon a database containing account usernames, passwords and server addresses for an astounding 8,700 FTP servers, many of which were being used by US Fortune 100-level enterprises.
The hacked servers might be used to distribute crimeware by inserting iframe tags into any webpage stored on the hacked FTP servers. Without a [...]

Vendors crowd to support NAP

By Dave Nixon

Security vendors are lined up to publicize their products’ compatibility with Microsoft’s network access protection. Foundry Networks, McAfee, Symantec, Avenda Systems and a start-up named Napera Networks have all affirmed that their security platforms can plug into NAP, a key security feature of Windows Server 2008.
In the case of Foundry, this interoperability signifies that its [...]

Blackberry’s interruption result of upgrade to improve service

By Janine de Blois

The cause of the 3 hour interruption of its BlackBerry’s North American service on Monday was due to upgrade designed to increase capacity announced owner Research in Motion (RIM). Upgrades are routine and ongoing, rarely causing problems. In its nine year history Blackberry has had few outages. The last major [...]

Phishing Attacks could be Untraceable

By Dave Nixon

Companies and users are subject to grave threat from an ambiguity in the Domain Name System (DNS) that could result in financial tricks such as virtually undetectable phishing attacks, according to a study presented this week by researchers from Georgia Tech and Google.
The researchers, David Dagon, Chris Lee and Wenke Lee of Georgia Tech, [...]

8e6 Technologies Re-Launches in the UK

By Dave Nixon

With the promise to entice SurfControl customers suspicious of being forced to upgrade to products from new proprietor, Websense US web filtering company 8e6 Technologies has re-launched itself in the UK.
The company plans, by using partner and reseller Wick Hill, to advance its R3000 web filtering appliance to the SurfControl customer base, whose products [...]

IBM moves on Tivoli flaw

By Rohan Parker

TippingPoint, a division of 3Com, has recently uncovered a potential security breach in Tivoli Storage Manager Express. A problem with the TSM Express backup and recovery system could enable unauthorized access to data.
IBM has warned that, due to this security breach, an attack could potentially deliver customized packets to an express server via the [...]

HP Tightens Security on HP-UX Operating System

By Brian Turner

HP has upgraded security on its HP-UX 11i operating system with new encrypted volume and file system support for “data-at-rest,” which describes an embedded-trusted computing chip for HP’s Integrity servers.
The new encryption is included in HP-UX11i v2 tie in with HP’s Integrity servers which use the Intel Itanium processor. Itanium allows HP-UX 11i to do [...]

Collax Enhances Security Gateway Bandwidth Management

By Brian Turner

Collax has announced expanded bandwidth management of the Collax Security Gateway, a Unified Threat Management (UTM) solution providing Web, email and network security.
The UTM solution in Version 4.0.10 prioritizes and guarantees bandwidths in Virtual Private Networks giving Voice-over-IP (VoIP), and other business applications including ERP systems, priority in the VPN tunnel.
The Collax Security Gateway 4.0.10 [...]

Seagate Provides New Hardware-Based Encryption Technology

By Brian Turner

Seagate’s new ‘DriveTrust Technology’, an effective means of preventing the theft of data from stolen or lost laptops, could become standard in a few years.
While most encryption technologies reside in a separate application or as part of the operating system, DriveTrust technology integrates encryption directly into the drive itself. Although the technology had been available [...]

New AVG Security Solutions Announced

By Brian Turner

GRISOFT, the developer of AVG security software, has announced several new versions of its antivirus software for GNU/Linux and FreeBSD open source platforms.
The products include AVG Email Server Edition 7.5 for Linux/FreeBSD and new products for the GNU/Linux platform - AVG Anti-Virus Professional Edition 7.5 for Linux/FreeBSD and AVG File Server Edition 7.5 for Linux/FreeBSD.
The [...]

CryptoServer S Platform Completes Utimaco’s HSM Range

By Brian Turner

US data security company, Utimaco, has completed its HSM (Hardware Security Module) portfolio with the announcement of the new CryptoServer S platform.
The company is now well-placed to cover the entire HSM market. The CryptoServer S Series, which includes the S10 and S50 versions, is designed for users who manage their server-based security with software.
Hardware security [...]