News

Further evidence links Aurora attack to China
Further evidence links Aurora attack to China
Further evidence has emerged suggesting that the Operation Aurora attack exploiting a zero-day flaw in Internet Explorer came from within the People's Republic of China.
Jan. 21, 2010
Microsoft confirms Thursday patch for Internet Explorer exploit
Microsoft confirms Thursday patch for Internet Explorer exploit
Confirming what many internet industry watchers thought would happen this week, Microsoft says it will release an out-of-band patch later today, for the Internet Explorer security vulnerability used to attack Google and around 30 other companies affected by the widely publicised security flaw seen in the Google/China incident.
Jan. 21, 2010
ISACA welcomes strengthening of UK penalties on data breaches
ISACA welcomes strengthening of UK penalties on data breaches
ISACA, the not-for profit international association of 86 000 IT security, audit and governance professionals, has welcomed news that the UK government has beefed up the penalties the Information Commissioner's Office (ICO) can impose on errant companies causing major data breaches.
Jan. 21, 2010
RockYou users display poor password skills
RockYou users display poor password skills
Social media site RockYou may be the subject of a lawsuit from disgruntled customers after it allowed 32 million of their accounts to be compromised, but new data suggest that many of its users are equally unsavvy when it comes to security, especially password security.
Jan. 21, 2010
$100 000 cracking prize goes unclaimed at CES
$100 000 cracking prize goes unclaimed at CES
Despite 45 teams trying for up to two hours at the recent Consumer Electronics Show in Las Vegas, it seems that the latest USB drive-equipped Swiss Army Knife - which sports an encrypted (Elliptical Curve and AES) data storage feature - was uncracked.
Jan. 20, 2010
Sourcefire launches faster IPS configuration
Sourcefire launches faster IPS configuration
Sourcefire has increased the speed of its intrusion prevention system, or IPS, announcing support for a 20 Gbit/sec clustered model.
Jan. 20, 2010
Internet Explorer zero-day vulnerability spreads to Microsoft Office as fixes surface
Internet Explorer zero-day vulnerability spreads to Microsoft Office as fixes surface
Microsoft has scheduled an out-of-band patch for the zero-day vulnerability in Internet Explorer, just as other fixes for the problem began to surface. The company has also admitted for the first time that the attack could be used to compromise a computer using Microsoft Office.
Jan. 20, 2010
France joins Germany in public slamming of Internet Explorer
France joins Germany in public slamming of Internet Explorer
Following on from Germany's internet security agency publicly slamming Internet Explorer over the weekend and advising internet users to switch to another browser, France's CERTA agency has made a similar pronouncement.
Jan. 19, 2010
Conservative party outlines plans on cybersecurity
Conservative party outlines plans on cybersecurity
The Conservative party has published a green paper which, amongst other items of national security, seeks to create a center to deal with cyberattacks against the UK.
Jan. 18, 2010
Internal security risks webinar this Wednesday
Internal security risks webinar this Wednesday
The internal security risk issue is fast becoming a boardroom topic in most organizations, especially now that relatively rare road warriors have given way to a truly mobile workforce, able to work from almost anywhere, in most businesses.
Jan. 18, 2010
Internet Explorer zero-day code goes public
Internet Explorer zero-day code goes public
The Internet Explorer exploit code used in the Operation Aurora attack against Google and other technology companies has made it into the public domain, and has been incorporated into the Metasploit penetration testing tool, it was revealed this weekend.
Jan. 18, 2010
PDF attacks target defense community
PDF attacks target defense community
Evidence of further targeted attacks are surfacing, just days after Google and other technology companies announced that they had been the victims of a concerted campaign. This time, the attacks targeted PDFs of those in the US defense community, and occurred more recently.
Jan. 18, 2010