Securosis analysts Rich Mogull, Adrian Lane and Mike Rothman tackle the key themes for this year’s RSA 2010 conference — virtualization/cloud security, advanced persistent threats/cybersecurity and compliance.
Browsing Author: Ryan Naraine
T[img_assist|nid=3395|title=|desc=|link=none|align=right|width=100|height=100]he Federal Trade Commission today finally voiced concern about the long-known problem of data leaking into criminal hands via LimeWire, BearShare, Kazaa and dozens of other peer-to-peer (p2p) file sharing networks. The FTC put nearly 100 companies and agencies on notice that their employees appear to be regularly leaking large amounts of sensitive customer and employee data on popular peer-to-peer, or P2P, file-sharing networks. Read the full story [The Last Watchdog]
[img_assist|nid=3327|title=|desc=|link=none|align=right|width=100|height=100]OpenOffice.org has shipped a new version of the desktop productivity suite to patch six vulnerabilities that could expose users to malicious hacker attacks.The flaws fixed in OpenOffice.org 3.2 could be exploited via GIF, XPM files and Microsoft Word document processing, according to an advisory released by the open-source group.
today released an out-of-band security update to patch a pair of gaping
holes that expose hundreds of millions of computer users to remote code
The vulnerabilities are rated “critical” and affect Adobe Reader and Adobe Acrobat on all platforms — Windows, Mac and Linux.
[img_assist|nid=3280|title=|desc=|link=none|align=left|width=123|height=84]The organizers of this year’s CanSecWest Pwn2Own have painted a big bulls-eye on mobile devices, offering up an whopping $60,000 in prizes to entice hackers to exploit vulnerabilities on iPhones, Android, Nokia and BlackBerry smartphones.
[img_assist|nid=3208|title=|desc=|link=none|align=right|width=100|height=100]Malware hunters at SecureWorks have intercepted a new banker Trojan being used by cyber-criminals to steal financial credentials from banks in the U.S.The Trojan, dubbed “Bugat,” targets Automated Clearing House (ACH)
and wire transfer transactions by small- and mid-sized business in the U.S., much like the virulent Clampi Trojan that has stolen tens of millions of dollars.
[img_assist|nid=3181|title=|desc=|link=none|align=right|width=100|height=100]Microsoft today released 13 security bulletins with fixes for 26 vulnerabilities affecting Windows and Office users and warned customers to pay special attention to a slew of flaws that can be trivially exploited by malware miscreants.
[img_assist|nid=3176|title=|desc=|link=none|align=left|width=100|height=100]Adobe has acknowledged that an internal screw-up caused a potentially dangerous Flash Player flaw to remain unpatched for more than 16 months after it was first reported by an external security researcher.”It slipped through the cracks,” said Emmy Huang, a product manager for Flash Player. Adobe’s mea-culpa follows the public release of proof-of-concept code demonstrating a Flash Player browser plug-in crash.
[img_assist|nid=2971|title=|desc=|link=none|align=left|width=100|height=100]To entice security researchers to look for holes in the Chrome browser,
Google has announced it will pay $500 for dangerous security flaws found in the code. But
several experts say that’s not enough money to motivate skilled
vulnerability researchers. Read the full story [CNet]
has released an out-of-band patch to fix a gaping security hole in the
Oracle WebLogic Node Manager and, warning that an attacker could launch
remote attacks over a network without the need for a username and