USA Media Coverage
|
Apple Releases QuickTime 7.7.2 for Windows, Fixes 17 FlawsApple QuickTime version 7.7.2 is out, fixing 17 security vulnerabilities in the multimedia framework. Read more May 17, 2012 |
|---|---|
|
Apple Security Update Fixes QuickTime VulnerabilitiesGuest post from Rodrigo Branco, Director of Vulnerability and Malware Research at Qualys, about Apple's latest advisory. Read more May 16, 2012 |
|
Apple Issues QuickTime Patch for Windows, OSX Users SafeApple issued a QuickTime update for Windows users on Tuesday night, patching 17 vulnerabilities that were not known to be in the wild yet. Read more May 16, 2012 |
|
Google Unleashes Chrome 19, Flattens 20 BugsHot fuzz spawns QuickTime patch Read more May 16, 2012 |
|
|
Qualys Adds Security Experts to CTO/CSO Advisory BoardMay 14, 2012 |
|
|
Apple's OS X, Safari Updates Improve OS X SecurityApple is legendary for its iron-fist control over what can or cannot run on its operating system. However, there are signs the company is beginning to relinquish some of the responsibility back to the vendors. Read more May 12, 2012 |
Why Do Software Holes Take So Long to Fix?Experts weigh in about how long it takes for vendors to patch vulnerabilities. Read more May 10, 2012 |
|
|
New .secure Internet Domain On Tap'Safe neighborhood' top-level domain will require SSL, DNSSEC, and other security measures for websites Read more May 10, 2012 |
|
|
Apple OS X Update Puts Elderly Flash Out Of Its MiserySecurity fixes include new Safari that executes old plugins Read more May 10, 2012 |
|
Apple Auto-Disables Outdated Versions of Flash Player In Latest Software UpdateFollowing a recent update to its iOS software that addressed several security issues with Apple’s mobile devices, the Cupertino tech titan pushed another significant software update today, this time for its flagship Mac OS X operating system and Safari Web browser. Read more May 10, 2012 |
10 Years of Trustworthy Computing: The Current State of Windows SecurityA decade after launching its Trustworthy Computing initiative, Microsoft has come a long way but faces new challenges. Read more May 10, 2012 |
|
|
Your May 2012 Patch Update from MicrosoftMicrosoft has just released seven bulletins -- three critical and four important -- addressing 23 vulnerabilities, as part of its monthly Patch Tuesday rollout. Read more May 8, 2012 |
|
|
Microsoft Releases Seven Security UpdatesThis month, Microsoft released seven bulletins, three critical and four important, that addressed a total of 23 vulnerabilities. Read more May 8, 2012 |
|
Microsoft Fixes Critical Flaws with Patch Tuesday UpdatesMicrosoft released a total of seven new security bulletins for May’s Patch Tuesday. Read more May 8, 2012 |
|
Adobe and Apple Patch VulnerabilitiesAdobe released a patch to cover a critical update in Flash at the end of last week. Read more May 8, 2012 |
|
‘May Day, May Day’: Microsoft Scrambles to Plug Critical HolesMicrosoft plans to ship in May seven security bulletins, including three critical bulletins to plug remote code execution holes in Microsoft Windows, Office, .NET Framework, and Silverlight. Read more May 7, 2012 |
|
Adobe Patches Flash Player Bug as Hackers Attack IE for WindowsAdobe released an emergency update today to fix a critical vulnerability in Adobe Flash Player for Windows, which has come under attack. Read more May 4, 2012 |
May's Patch Tuesday to Address Vulnerabilities in Windows, OfficeThe upcoming Patch Tuesday, scheduled to take place May 8, will include seven security bulletins addressing a total of 23 vulnerabilities. Read more May 4, 2012 |
|
A Patch Is Not Always a PatchSometimes a patch is not actually a patch; it is a configuration workaround. Read more May 4, 2012 |
|
Most Secure Websites Aren'tDid you know that most ‘secure’ websites actually aren’t all that secure? Read more May 4, 2012 |
|
|
Microsoft Announces 7 Bulletins for May 2012 Patch Tuesday, Closes Book on MAPP Data LeakIn addition to its advance notification for Patch Tuesday, Microsoft uncovers the party responsible for leaking security information and exposing customers to attacks against RDP Read more May 3, 2012 |
May 2012 Patch Tuesday Includes 7 Bulletins, 2 CriticalSecurity Bulletin Advance Notification released on Thursday provides Patch Tuesday preview. Read more May 3, 2012 |
|
|
|
Oracle Addresses 0-day "TNS Poison"Guest post from Wolfgang Kandek on Oracle's workaround for Oracle Database vulnerability CVE-2012-1675 Read more May 2, 2012 |
|
|
Global Dashboard for Monitoring the Quality of SSL SupportGuest post from Ivan Ristic about SSL Pulse, a continuously updated dashboard that is designed to show the state of the SSL ecosystem at a glance. Read more May 1, 2012 |
|
|
Trustworthy Internet Movement Builds SSL 'Avengers'Industry's top names in SSL development agree to join task force Read more Apr 30, 2012 |
|
8 Reasons Conficker Malware Won’t DiePoor corporate password practices and continuing use of Autorun help explain why eradicating this three-year-old worm has been so difficult. Read more Apr 30, 2012 |
|
|
Sick SSL Ecosystem: 90% of HTTPS Sites Insecure, 75% Vulnerable to BEAST AttackTrustworthy Internet Movement's SSL Pulse shows 90% of the world's 200,000 most popular websites with HTTPS-enabled are actually insecure and 75% are vulnerable to the BEAST attack. Read more Apr 29, 2012 |
Microsoft: Conficker Worm Still a Major ThreatWeak security passwords and overlooked security updates have kept Conficker, a malware 'worm' first reported in 2008, alive and well. Read more Apr 27, 2012 |
|
|
|
Microsoft Conficker Work Remains ‘Ongoing’ ThreatThree-year-old 'dead' Windows worm infection is still spreading -- mainly via weak or stolen passwords, new Microsoft report says Read more Apr 25, 2012 |
|
|
Microsoft: Conficker Worm Continues to Plague EnterprisesThe notorious Conficker worm, which began infecting Windows systems in 2008 but has not had a new variant in more than two years, continues to dog enterprises more than three years later, according security experts at Microsoft. Read more Apr 25, 2012 |
|
|
Oracle Patches 88 Issues in Mammoth Security UpdateOracle released 88 security fixes addressing vulnerabilities in over 35 products in its portfolio as part of its Critical Patch Update. Read more Apr 17, 2012 |
|
Oracle Patches 88 VulnerabilitiesOracle will release 88 vulnerability fixes across hundreds of its offerings as part of a scheduled quarterly security update. Read more Apr 16, 2012 |
|
|
SSL/TLS Deployment Best PracticesSSL/TLS is a deceptively simple technology. It is easy to deploy, and it just works… except that it does not, really. Read more Apr 16, 2012 |
|
|
Two Mac Trojans: Apple Patching Fast Enough?Apple Friday released a Java security update to battle the Apple OS X malware known as Flashback. Read more Apr 16, 2012 |
|
|
Oracle to Issue Quarterly Patches Next WeekAs part of its scheduled quarterly security update, Oracle announced that on Tuesday it will release 88 new vulnerability fixes across hundreds of its offerings, covering more than 30 product lines. Read more Apr 13, 2012 |
|
|
Apple Issues Software Update to Fix Flashback Vulnerabilities and Disable JavaApple released a software update last night for Java in order to remove the most common variants of the Flashback malware. Read more Apr 13, 2012 |
|
|
Flashback Malware Removal Cleverly Reduces Risks for MacsBetter late than never? Apple has released the third Java update in a week for Mac OS X, and this one contains the tool to remove the Flashback malware from infected systems. Read more Apr 13, 2012 |
|
|
Microsoft begins final two years of support for XPMicrosoft has confirmed that it will end support for Windows XP and Office 2003 in two years. Read more Apr 11, 2012 |
|
|
End of Windows XP Support Era Signals Beginning of Security NightmareConsumer, corporate and even SCADA systems could be at risk when Microsoft stops supporting Windows XP. Read more Apr 11, 2012 |
Adobe, Microsoft Issue Critical UpdatesAdobe and Microsoft today each issued critical updates to plug security holes in their products. Read more Apr 10, 2012 |
|
|
Microsoft April 2012 Patch Tuesday Repairs Critical IE Flaws, ActiveX Control IssueMicrosoft issued a major browser security update, repairing critical Internet Explorer flaws as part of its April 2012 Patch Tuesday. Read more Apr 10, 2012 |
|
Microsoft Released Six Comprehensive Security UpdatesThis month Microsoft issued six bulletins, four critical, two important, addressing 11 distinct vulnerabilities. Read more Apr 10, 2012 |
|
|
Microsoft's Patch Tuesday Brings Seven Critical FixesBulletins warn of SQL Server, Visual Basic, IE threats as well Read more Apr 10, 2012 |
|
Microsoft Patches Critical Windows Zero-Day Bug That Hackers Are Now ExploitingFixes first security flaw in Windows 8 Consumer Preview Read more Apr 10, 2012 |
Tuesday Top Tips – Qualys SSL LabsIf you are configuring SSL on your website or online application (and you should be these days), use the resources over at Qualys SSL Labs. Read more Apr 10, 2012 |
|
Death, Taxes, and Microsoft's Patch TuesdayIT administrators in the US better have their taxes done already because Microsoft is sending plenty of work on Tuesday with six security bulletins, four of which are rated critical and could lead to remote exploitation by hackers. Read more Apr 9, 2012 |
|
|
|
Microsoft's Patch Tuesday Will Address Exploits in Office 2010, IE94 of 6 bulletins rated critical Read more Apr 5, 2012 |
|
|
Patch Tuesday Preview: 6 Security Bulletins, 11 Vulnerabilities, 4 CriticalPreview of April 2012 Security Bulletin Read more Apr 5, 2012 |
|
Microsoft Slates Critical Windows, Office, IE Patches Next Week, Including 'Head-Scratcher'Reveals Patch Tuesday's agenda, plans to fix 11 flaws with six security updates Read more Apr 5, 2012 |
|
|
Apple Patches Malware-Targeted Java BugApple released a patch for multiple Java vulnerabilities, a couple of days after a security vendor reported that password-stealing malware exploiting the flaws was floating about the Web. Read more Apr 4, 2012 |
|
|
Apple Plugs Java Hole After Flashback Trojan Intrusion6 weeks after Microsoft machines are patched... Read more Apr 4, 2012 |
Apple Patches OS X Java Security FlawsApple recently released a Mac OS X update that patches 12 Java security flaws, including a vulnerability that was being actively exploited by the latest version of the Flashback Trojan. Read more Apr 4, 2012 |
|
|
|
Apple Updates Java After Malware SpreadsOne day after security researchers spotted active exploits taking advantage of gaping vulnerability in Java software running on Mac OS X machines, Apple released a fix. Read more Apr 3, 2012 |
1.5 Million Infected with Drive-by Malware in FebruaryApr 3, 2012 |
|
|
|
BlackHole exploit targets Java bug through browser-based attacksA recently discovered Java exploit will have many updating, or even removing, the program. Read more Mar 30, 2012 |
|
|
Adobe Fixes Critical Security Flaws In Flash PlayerAdobe Systems (NSDQ:ADBE) has released a Flash Player update that fixes two critical vulnerabilities and adds an automatic update feature. Read more Mar 29, 2012 |
Adobe Auto-Update Eases Flash Update Chore - on Windows OnlyBackdoors plugged without lifting a finger Read more Mar 29, 2012 |
|
|
|
Digging into Verizon DBIR: Hacking, Malware, Cyber-ThreatsWhile we all seized on the fact that hacktivists were reponsible for more than half of the data records stolen in 2011, Verizon's Data Breach Investigations Report had a few more gems. Read more Mar 23, 2012 |
|
|
Hardening the Endpoint Operating SystemQualys CTO Wolfgang Kandek, talks about the effects of hardening the endpoint operating system and improving the resilience against common attacks. Read more Mar 22, 2012 |
|
|
Microsoft Flaw Demonstrates Dangers Of Remote Desktop AccessFear is that attackers will soon come up with exploits for targeted attacks, worms Read more Mar 14, 2012 |
|
|
Malicious Proxies May Become Standard FareDNSChanger shows that funneling infected network traffic to central servers can enable massive fraud, but the technique has significant weaknesses, as well Read more Mar 13, 2012 |
|
|
Your March 2012 Patch Update from MicrosoftMicrosoft's March 2012 security update just landed. Read more Mar 13, 2012 |
|
|
Microsoft Issues Urgent Patch for 'Wormable' RDP VulnerabilityMicrosoft released six new security bulletins today for the March 2012 Patch Tuesday. Read more Mar 13, 2012 |
Critical Windows Bug Could Make Worm Meat of Millions of High-Value MachinesMicrosoft has plugged a critical hole in all supported versions of Windows that allows attackers to hit high-value computers with self-replicating attacks that install malicious code with no user interaction required. Read more Mar 13, 2012 |
|
|
|
Microsoft Incites Madness with March's Patch Tuesday ReleaseDetails emerge on Microsoft's most critical patch of the year Read more Mar 13, 2012 |
Microsoft: Remote Desktop Protocol Vulnerability Should be Patched ImmediatelyMicrosoft is urging organizations to apply the sole critical update in this month’s Patch Tuesday release as soon as possible. Read more Mar 13, 2012 |
|
Patch Tuesday: Microsoft Fixes Critical Bug in Remote Desktop ProtocolThis month's update from Redmond includes six security advisories, but a pair of IE zero-day exploits demonstrated at last week's Pwn2Own hacking contest remain unpatched. Read more Mar 13, 2012 |
|
|
Dangerous Microsoft RDP Vulnerabilities Repaired in Patch TuesdayMicrosoft issued six security bulletins, including one critical update that addresses two serious Windows Remote Desktop Protocol (RDP) vulnerabilities that could be exploited by an attacker to take complete control of a system or prevent it from working properly. Read more Mar 13, 2012 |
RDP Flaws Lead Microsoft’s March Patch BatchMicrosoft today released updates to sew up at least seven vulnerabilities in Windows and other software. Read more Mar 13, 2012 |
|
|
|
Microsoft to Patch Windows Bug Called 'Holy Grail' by One ResearcherAnnounces next week's Patch Tuesday line-up, will fix 7 flaws in Windows, developer software Read more Mar 9, 2012 |
The Week in Security: Microsoft, Google and AdobeAlthough the number of patches in Microsoft's Patch Tuesday this month is relatively low, the pain point may come in the rebooting. Read more Mar 9, 2012 |
|
Microsoft Plans Light Patch Tuesday for MarchMicrosoft has a relatively quiet Patch Tuesday planned for this month, with just six bulletins on the way for next week. Read more Mar 8, 2012 |
|
March’s Patch Tuesday to Contain 6 Bulletins, Only One of Which is ‘Critical’It’s that time of the month again, friends, when gather round the table to stare at the batch of fixes that Microsoft has compiled to respond to newly uncovered security issues in its products. Read more Mar 8, 2012 |
|
DNSChanger-infected Machines Won't Be Disconnected, for NowIt's good news for the owners of the computers still infected by the DNSChanger malware Read more Mar 7, 2012 |
|
Major Phishing Contributors and EnablersAgari announced the first Annual Sumo Awards to dishonor phishing's biggest contributors and enablers. Read more Mar 6, 2012 |
|
|
|
Virtual Scanners for Consultants, Enterprises and the CloudQualys announced virtual scanner appliances for its QualysGuard Cloud Platform and suite of integrated applications for security and compliance. Read more Mar 1, 2012 |
|
IT Security & Network Security News & Reviews: RSA 2012: eWEEK Labs Picks the 21 Hottest Security VendorsThe RSA Conference 2012 (Feb. 27-March 2) will set the security agenda for the year. More than 300 companies are at the expo, but I've picked the 21 stops I'm making while in San Francisco. Read more Feb 29, 2012 |
In Pictures: RSA Conference 2012 (Day 2)Highlights from RSA Day 2 Read more Feb 29, 2012 |
|
|
|
Surveying Policies, Controls and ComplianceQualys unveiled a new service for its QualysGuard Cloud Platform and suite of integrated applications for security and compliance to help businesses further automate their compliance tasks and reduce the time and effort for manual assessment of IT and non-IT controls. Read more Feb 29, 2012 |
RSA 2012: Qualys Updates Cloud Platform, Launches Web Application Firewall ServiceThe increasing adoption of cloud-based security services is an ongoing trend at RSA this year, and cloud security service provider Qualys chose the conference to announce a host of new modules for their QualysGuard cloud security platform and to take the wraps of their new QualysGuard Web Application Firewall (WAF) service. Read more Feb 28, 2012 |
|
|
|
Automated managing of enterprise assetsQualys announced the availability of hierarchical Dynamic Asset Tagging for its QualysGuard Cloud Platform and suite of applications for security and compliance. Read more Feb 28, 2012 |
BSidesSF: Amol Sarwate on SCADA Security ChallengesIn a presentation at the Security BSides San Francisco event, Amol Sarwate - Security Research Manager at Qualys - examined how SCADA security and advance persistent threats have now taken center stage. Read more Feb 28, 2012 |
|
Expert Panel at RSA 2012: Who's Responsible for Cloud Security?Experts discuss cloud security questions at CSA Summit Read more Feb 27, 2012 |
|
|
|
0-day analysis service by QualysQualys launched Zero-Day Risk Analyzer, a new service to help companies protect their IT systems against zero-day attacks which is delivered as part of the QualysGuard Cloud Platform Read more Feb 27, 2012 |
|
|
#BSidesSF: Why SCADA security is such an uphill struggleWe've covered the troubles with SCADA security at length, but have yet to see a real consensus on how to proceed. Amol Sarwate, security research manager at Qualys, took a crack at making sense of things at BSidesSF Monday morning. Read more Feb 27, 2012 |
Eradicating Malware from Enterprise Web SitesQualys announced a new service to help enterprises detect and eradicate malware from their web sites. Read more Feb 27, 2012 |
|
|
|
IT Security & Network Security News & Reviews: RSA Conference 2012: Hot Security Products for Cloud, BYODThis year marks the 20th anniversary of the RSA conference, and companies are descending on San Francisco's Moscone Convention Center with product announcements and demonstrations highlighting the latest and greatest in their security portfolios. Read more Feb 27, 2012 |
Qualys Pushes Major Enhancements to its Flagship QualysGuard SuiteQualys has a history of making major product announcements at the RSA Conference in San Francisco each year, and this year is no exception. Read more Feb 27, 2012 |
|
|
|
RSA Conference 2012 Opens in San FranciscoThe world’s top information security professionals and business leaders gathered for the opening of the annual RSA Conference being held at San Francisco’s Moscone Center. Read more Feb 27, 2012 |
|
|
What's Hot at RSA This WeekSlideshow of hot products at RSA Conference 2012, including enterprise edition of the QualysGuard Malware Detection Service and QualysGuard Zero-Day Risk Analyzer Read more Feb 26, 2012 |
|
|
Do you need to worry about the advanced persistent threat?Qualys CTO discusses how to reduce susceptibility to attacks Read more Feb 26, 2012 |
|
|
Web Encryption That WorksSSL technology isn't perfect, but it can be an effective security tool for your organization. Here are four tips for optimizing its performance Read more Feb 24, 2012 |
|
|
Better Information Sharing is the Future of Security, Experts SayPotential seen for more proactive security following release of free threat intelligence feed Read more Feb 24, 2012 |
|
|
Five Schemes for Redeeming Trust in SSLCreativity loves constraint and for security thinkers trying to shore up Web authentication today, that constraint is SSL/TLS Read more Feb 21, 2012 |
|
|
The Decision to Strip Online Certificate Revocation Checks From Chrome Is Misguided, Symantec SaysStripping OCSP (Online Certificate Status Protocol) and CRL (certificate revocation list) checks from Google Chrome could have dangerous implications because it will turn Google into a single point of failure, according to security vendor Symantec. Read more Feb 17, 2012 |
|
|
Open Source Tool Detects Videoconferencing Equipment VulnerabilitiesNew open source tool can detect whether a given videoconferencing system is vulnerable to attack Read more Feb 17, 2012 |
|
Oracle Plugs 14 Holes in JavaOracle this week issued a critical patch update (CPU) that fixes 14 vulnerabilities in its Java SE product. Read more Feb 16, 2012 |
The 8 Best Tips You'll Ever Get On How To Launch (And Grow) A StartupPhilippe Courtot is a well-known name in the security industry and for good reason. Read more Feb 16, 2012 |
|
Oracle’s Patches Address Java SE Security FlawsOracle released one CPU (critical patch update), which plugs 14 security holes within one of its products namely Java SE Read more Feb 16, 2012 |
|
|
|
Adobe Flash Flaw Under Attack, Update IssuedCross-site scripting vulnerability in Flash is being targeted by emails containing malicious links Read more Feb 16, 2012 |
|
|
February Patch Tuesday Lighter Than ExpectedIt turns out that this February Patch Tuesday is lighter than we had anticipated. Read more Feb 14, 2012 |
|
|
February 2012 Patch Tuesday: Critical IE, Windows Kernel Flaws FixedMicrosoft repaired 23 vulnerabilities this month Read more Feb 14, 2012 |
|
|
Microsoft, Oracle, Adobe Send Patches for Valentine's DayDetails come forward on Valentine's Day/Patch Tuesday security bulletins from Microsoft, Adobe and Oracle Read more Feb 14, 2012 |
|
|
Microsoft to Fix Internet Explorer HolePatch Tuesday to include nine fixes for 21 vulnerabilities Read more Feb 13, 2012 |
|
|
Microsoft to Fix Internet Explorer HolePatch Tuesday to include nine fixes for 21 vulnerabilities. Read more Feb 13, 2012 |
|
|
Microsoft to Patch 21 Bugs TuesdayMicrosoft previews fixes in apps including Internet Explorer and Windows. Read more Feb 10, 2012 |
Critics Slam SSL Authority for Minting Certificate for Impersonating SitesCritics are calling for the ouster of Trustwave as a trusted issuer of secure sockets layer certificates after it admitted minting a credential it knew would be used by a customer to impersonate websites it didn't own. Read more Feb 9, 2012 |
|
|
|
Microsoft Ruining Valentine's Day with Nine Security BulletinsNext Tuesday is a big deal. Read more Feb 9, 2012 |
|
|
Microsoft Issues Patch Plans, Includes Internet Explorer FixMicrosoft on Thursday posted its plans for next week's Patch Tuesday. Read more Feb 9, 2012 |
|
|
Microsoft to Issue More Critical Patches Next Week for Win7 Than XPIE update likely the one users will want to apply ASAP, say researchers Read more Feb 9, 2012 |
|
|
Microsoft's February Patch Tuesday Fixes 21 BugsMicrosoft is expected to show some love for Windows administrators on Valentine's Day, with nine patches fixing 21 vulnerabilities in February's Patch Tuesday release. Read more Feb 9, 2012 |
|
|
Valentine's Day Patch Tuesday: Microsoft to Issue 9 Patches, 4 CriticalProgress continues as Microsoft will issue fewest February patches since 2009 Read more Feb 9, 2012 |
|
|
Patch Tuesday Preview, February 2012Qualys CTO's assessment of this month's Patch Tuesday. Read more Feb 9, 2012 |
|
|
Marlinspike Asks Browser Vendors to Back SSL-Validator'Convergence' open source dev needs vendors to balance the load Read more Feb 8, 2012 |
|
|
Hackers May Be Able to 'Outwit' Online Banking Security DevicesInvestigators probe malware threat to 2-factor authentication Read more Feb 6, 2012 |
|
|
FBI Prepares to Shut Down DNSChanger Temporary Servers, Infections RemainThousands of computers still infected with the DNSChanger Trojan will not be able to access the Internet after the FBI shuts down its temporary servers March 8. Read more Feb 5, 2012 |
|
|
Oracle Patches DoS Flaw in Database 10g, WebLogic, iPlanetOracle patched three products to address a vulnerability in Web Application frameworks that could cause a denial of service due to hashing collisions. Read more Feb 2, 2012 |
|
|
Half of Fortune 500 Firms Infected with DNS ChangerMachines will be cut off from the Web next month, say experts Read more Feb 2, 2012 |
|
|
Detecting the DNS Changer MalwareDNS servers handling traffic of infected machines will be shutdown in March, cutting off Internet access to those infected. Read more Feb 1, 2012 |
|
|
Symantec Patches PCAnywhere, But Should You DeleteSymantec says hotfix 'eliminates known vulnerabilities,' but hackers could use source code to exploit unknown holes. Some users will want to delete the app entirely. Read more Feb 1, 2012 |
CSO Interchange: Cloud Concerns Are Largely PropagandaLast week’s CSO Interchange roundtable centered on “Barriers to Cloud Adoption”, with talks on identity issues from Jericho Forum’s Paul Simmonds and SSL from security researcher Moxie Marlinspike. Read more Jan 30, 2012 |
|
Is Oracle Neglecting Database Security?Oracle's big critical patch update on Jan. 17 set a record for the fewest fixes for database products--only two of the 78 total fixes in the CPU. Read more Jan 20, 2012 |
|
|
Qualys Expands Its FreeScan ServiceQualys announced its new and improved FreeScan service to help SMBs audit and protect their web sites from security vulnerabilities and malware infections. Read more Jan 20, 2012 |
|
|
Oracle Scorned for Paltry Database PatchesWith only two of many reported vulnerabilities fixed in Oracle's latest update, the database security community questions Oracle's patch bottleneck. Read more Jan 19, 2012 |
|
|
Oracle CPU Contains Lowest Number Of Database Fixes EverDatabase security community concerned about Oracle's patch bottleneck Read more Jan 18, 2012 |
|
|
Oracle Patches 78 VulnerabilitiesOracle publishes Critical Patch Updates (CPUs) on a quarterly schedule. Read more Jan 18, 2012 |
|
|
Oracle Squashes 78 Software Bugs in Latest PatchOracle yesterday deployed 78 different security fixes aimed at patching holes throughout its various database products. Read more Jan 18, 2012 |
|
|
Oracle Repairs Two Database Flaws, Issues 78 Patches to Product LineOracle repaired two flaws in its database management system as part of its quarterly update this week that included 78 patches across its product portfolio. Read more Jan 18, 2012 |
|
|
Reactions from the Security Community to the Trustworthy Computing InitiativeComments on the Trustworthy Computing Initiative that Help Net Security received from industry veterans. Read more Jan 13, 2012 |
|
|
Oracle Readies 16 Highly Critical Security PatchesOracle (NSDQ:ORCL) plans to release next week dozens of security patches, 16 highly critical, for most of the software maker's products. Read more Jan 13, 2012 |
Slow Read Attack: A New HTTP Denial of Service AttackA new HTTP-based threat, dubbed a "Slow Read attack" aims to cause an undetected Denial of Service (DoS) by exploiting a transmission control protocol (TCP) persist timer vulnerability. Read more Jan 12, 2012 |
|
|
|
Microsoft and Adobe Release First Major Patch Bundles of 2012Microsoft released seven bulletins last night to fix one critical issue on its first Patch Tuesday of 2012. Read more Jan 11, 2012 |
|
|
Adobe Plugs 6 Critical Holes in ReaderAlso gives IT admins more control over PDF docs' oft-exploited JavaScript Read more Jan 11, 2012 |
|
|
Media Player, Security Bypass Are Focus of Microsoft's First Patch Tuesday of 2012Of the seven bulletins issued as part of Microsoft's first Patch Tuesday of the year, researchers agree that a vulnerability affecting Windows Media Player should be the first one patched. Read more Jan 10, 2012 |
|
|
Microsoft January 2012 Patch Tuesday Issues Windows Media Fix, Resolves SSL Protocol WeaknessMicrosoft issued seven security bulletins, including one “critical” bulletin, repairing a serious Windows Media Player flaw that could be exploited in dangerous drive-by website attacks. Read more Jan 10, 2012 |
|
|
Microsoft's First 2012 Patch Tuesday Offers One Critical FixMicrosoft (NSDQ:MSFT) released Tuesday one critical bulletin in a package of seven that comprised the company's first monthly patch release of the year. Read more Jan 10, 2012 |
|
|
Adobe Repairs Critical Reader, Acrobat Flaws, Adds JavaScript ControlAdobe Systems Inc. issued its quarterly security update Tuesday, repairing six critical vulnerabilities in its Reader and Acrobat software. Read more Jan 10, 2012 |
|
|
Microsoft Slays the BEAST, and Six Other Patch Tuesday UpdatesMicrosoft has released a total of seven security bulletins – one ranked as “critical”, with the remaining 6 designated merely as “important” Read more Jan 10, 2012 |
|
|
Exploit Code for Recent ASP.NET DoS Flaw Made PublicThe ASP.NET DoS flaw that has recently been revealed at the Chaos Communication Congress in Berlin has been patched by Microsoft in almost record time, but users who have not already implemented the patch should definitely hop to it Read more Jan 10, 2012 |
|
|
Microsoft Releases Seven BulletinsQualys CTO Wolfgang Kandek on this month's Patch Tuesday Read more Jan 10, 2012 |
New Denial of Service Vulnerability Detailed, Doesn't Require Many PCsWhat you may not know is that there are denial of service (DoS) methods that don't need to be so distributed. Read more Jan 7, 2012 |
|
New Slow-Motion DoS Attack: Just a Few PCs, Little Fear of DetectionQualys Security Labs researcher Sergey Shekyan has created a proof-of-concept tool that could be used to essentially shut down websites from a single computer with little fear of detection. Read more Jan 7, 2012 |
|
MetricStream, Qualys Partnership Brings Security and Risk Intelligence to IT-GRCQualys and MetricStream announce integration of MetricStream IT-GRC Solution with QualysGuard Vulnerability Management Read more Jan 6, 2012 |
|
|
|
Microsoft to Start 2012 with Seven Bulletins on Patch TuesdayMicrosoft has announced that it will release seven bulletins addressing eight vulnerabilities on its first patch Tuesday of 2012. Read more Jan 6, 2012 |
|
|
Adobe Plans Fixes for Critical 3D Bugs in Reader, Acrobat XAdobe will fix a slew of security flaws in Reader and Acrobat, including the critical 3D vulnerabilities that were discovered in December, as part of its quarterly update. Read more Jan 6, 2012 |
|
|
Rated Critical: A Microsoft Security BlogHow can Microsoft's only unscheduled patch of 2011 help predict its security success in 2012? Read more Jan 5, 2012 |
|
|
Researcher Devises Hard-to-detect Denial-of-service Attack Against HTTP ServersNew HTTP denial-of-service (DoS) attack relies on prolonging the time clients need to read Web server responses. Read more Jan 5, 2012 |
|
|
Microsoft Plans 7 Fixes for January Patch TuesdayMicrosoft is planning seven fixes for January's Patch Tuesday release that will address bugs in all versions of Windows and possibly for the SSL/BEAST flaw. Read more Jan 5, 2012 |
Microsoft's 2012 Inaugural Security Patch to Include 7 FixesJanuary's Security Update from Microsoft, arriving next Tuesday, will feature six fixes for Windows and one fix for Microsoft developer tools, according to the company's advance notice. Read more Jan 5, 2012 |
|
|
|
Microsoft to Start New Year With Seven Security BulletinsMicrosoft plans to start the new year with a relatively large number of security bulletins covering eight vulnerabilities. Read more Jan 5, 2012 |
Cyberthreats Evolve, Start-ups RespondingTypes of security threats companies face have shifted dramatically in recent years. Read more Jan 4, 2012 |
|
|
The Year in Security: A Look Back at 2011 and Trends for 2012Reflecting on security events of 2011 to plan for 2012 Read more Jan 4, 2012 |
|
|
MetricStream and Qualys Partnership Brings Actionable Security and Risk Intelligence to IT-GRCntegration partnership enables corporations to continuously take full inventory of their IT assets Read more Jan 4, 2012 |
|
No Shelter From a Cybercrime StormDenial of service hole closed Read more Jan 3, 2012 |
|
|
Microsoft Publishes Workaround for ASP.NET VulnerabilityAdvisory provides workaround to help protect ASP.NET customers from a publicly disclosed vulnerability that affects various web platforms Read more Jan 3, 2012 |
