Browsing Category: Vulnerabilities

Categories: Vulnerabilities

Microsoft on Wednesday plans to launch a new research effort to determine the total cost of the patch-management cycle, from testing and distributing a fix to user deployment of the patch. The end result of the project, which will be completely open and transparent to outsiders, will be a full metrics model that the company plans to make freely available.

Read more...

From Computerworld (Gregg Keizer)
Although the media blitz about the Conficker worm prompted a significant number of enterprise users to finally fix a six-month-old Windows bug, about one in five business computers still lack the patch [computerworld.com], a security company said today.
Scans of more than 300,000 Windows PCs owned by customers of Qualys Inc. show that patching of the MS08-067 vulnerability — a bug that Microsoft fixed with an emergency update issued in October 2008 — picked up dramatically two weeks ago. Read the full story. Also see our previous coverage of the Conficker threat.

Read more...

Categories: Malware, Vulnerabilities

Internet fraudsters are increasingly taking advantage of the deepening recession to dupe unsuspecting email recipients. The e-mail often includes a request for personal details on the pretense of receiving some financial reward, which later leads to fraud.
Common themes include prize wins, inheritance claims, money mule schemes and, increasingly, recession-beating scams.  Read the full story [websense.com]

Read more...

Categories: Vulnerabilities

From CIO (Robert McMillan)
Corporate IT staffers will get a double whammy next week, as both Microsoft and Oracle are set to release critical security updates [cio.com] on the same day, including a likely fix for an Excel bug that has been used by cybercriminals.
This month, Oracle’s quarterly software fixes and Microsoft’s monthly patches happen to fall on the same day, next Tuesday. For Windows users, there will be a lot to patch. Microsoft plans to release eight updates in total [microsoft.com]: Five of them are for Windows, with a single update each for Internet Explorer, Excel and Microsoft’s Internet Security and Acceleration (ISA) server. Read the full story.  More from ZDNet Zero Day [zdnet.com]

Read more...

Malware that attacks mobile phones and other handheld devices has been the Next Big Threat for most of the last decade. And much like the Year of PKI, it’s never really materialized. Security experts have postulated that this is mainly because there’s not enough valuable data on these devices to attract the money-motivated attackers. But a new paper, “Understanding the Spreading Patterns of Mobile Phone Viruses,” from a group of scientists shows that the barriers are more likely market saturation and geography.

Read more...

Categories: Vulnerabilities

From InformIT (Gary McGraw)  
This article originally appeared on InformIT.com as part of Gary McGraw’s Software [In]Security series.

Using the Software Security Framework (SSF) introduced in October, we interviewed nine executives running top software security programs in order to gather real data from real programs.Our goal is to create the Building Security In Maturity Model (BSIMM) based on these data, and we’re busy going over what we’ve built with the executives who run the nine initiatives (stay tuned here for more).

Read more...

Categories: Vulnerabilities

From Purdue University’s CERIAS
The economic crisis has affected virtually every facet of society, and information security is no exception. In a new report titled Unsecured Economies: Protecting Vital Information, researchers from Purdue University’s CERIAS security center lay out the fairly bleak view of what the tough times have done to corporate IT security.

Read more...