Security: Vulnerabilities

Protecting Remote-Site Data

EdgeSecure makes it easier to protect data stored in remote locations.

Microsoft Patches Three Flaws, Zero-Day Still Open

As expected, Microsoft released three patches last week to fix one critical Office vulnerability as well as two Windows flaws.

Flagship Product Analyzes Red-flagged Applications

When it comes to malware, one company says their product separates the wheat from the chaff, advising enterprises which files should and shouldn’t be on their systems.

Back-to-School Supplies for Secure Campus Networks

Labor Day marks the move-in for most students, and it also marks the beginning of labor-intensive work for IT departments across colleges and universities nationwide. Find out what one institution is doing to secure its network for the school year.

Security Briefs: Breaches Increase, Trojans Displace Worms

Despite increased security spending, the number of security breaches also increases. Plus, how Trojan applications have displaced worms and viruses as top threats—and why.

Anti-Spyware Gets Rootkit Removal

New anti-spyware functionality highlights the enterprise security question: should you go for best of breed or opt for a security suite?

Security Briefs: JavaScript Worm, IBM DB2 Vulnerability, NIST Performance Metrics

Dealing with an e-mail worm targeting a Web application, and a vulnerability in IBM DB2. Plus, how to create a performance metrics program.

Q&A: The Quest (and Justification) for Trustworthy Code

How to evaluate the security of applications you build or buy, and justify those requirements to senior management.

Beware Active Microsoft Word Vulnerability, Rogue Browser

Microsoft moves to patch a “zero-day” Word vulnerability. Meanwhile in a first, a new worm arrives bearing its own browser—the better to launch drive-by download attacks.

2007 Tech Budgets to Decline; Stealth Malware on the Rise

A projected decrease in next year’s IT budget growth has unclear implications for security spending. Meanwhile, rootkits grow more virulent.

Employees Cause Most Security Breaches, Yet Response Lags

What’s the best way to stop users from inadvertently compromising your company’s information security?

Security Briefs: Risky IM; Pushing All-In-One Security Management Consoles

With IM use increasing 200 percent per year, unmanaged enterprise IM is a growing security risk. Plus, Check Point pushes one-console management for perimeter, internal, Web, and endpoint security.

Why Automated Patch Management Remains Elusive

Patching remains a manual, time-intensive process, despite more automated tools.

Anti-Spyware Shootout

VeriTest, an independent testing lab, pitted three popular anti-spyware products against each other for four months, but such performance results can be problematic.

New York Sues Over Alleged Spyware

Speaking a language spyware purveyors understand: fines and jail time

The Attack from Within: Stopping Malicious Insiders

While many IT managers obsess about hackers and external attackers purloining sensitive company information, studies point to a worse problem: the insider threat.

Building Better Applications: Beyond Secure Coding

While teaching developers “secure coding” techniques is important, experts say far more is needed to actually produce secure applications.

Fixes from Microsoft and Adobe, Havoc from McAfee

Microsoft released six critical updates for PC and Mac, and Adobe patched Flash. Grabbing headlines, however, was the file-eradication spree triggered by an update to McAfee's antivirus program, causing users to question automatic patches.

Q&A: IT in Denial over Spyware

While many small and medium-size companies fear spyware, they don’t think spyware infections can happen to them. Despite highlighting viruses, worms, and spyware as top network security concerns, many don’t actively combat even one of these problems.

Bot Networks Hurl More Trojan Code

Bot networks are behind the rise in malicious code aimed at capturing sensitive information. Also, IM attacks decrease during February.