Latest articles from SC Magazine US

Another ActiveX zero-day bug from Microsoft

Mon, 13 Jul 2009 12:30:53 GMT

Microsoft is trying to combat another ActiveX vulnerability being actively exploited -- the second in a week.

Cyber retaliation debate: Is North Korea guilty of DDoS?

Mon, 13 Jul 2009 16:59:18 GMT

One U.S. lawmaker is urging the U.S. to take action against North Korea for the recent distributed-denial-of-service attacks, but others say the U.S. cannot play the blame game this soon.

AT&T temp indicted in ID theft scheme

Mon, 13 Jul 2009 17:00:46 GMT

A federal grand jury has handed up an indictment that charges a temporary employee at a Chicago-area AT&T office with stealing the personal information of some 2,100 employees of the telecom giant.

Microsoft reveals additional details on ActiveX flaw

Fri, 10 Jul 2009 12:03:09 GMT

Microsoft was first notified of a dangerous ActiveX vulnerability last year, but is working toward a quick fix after it learned of active attacks underway.

Spam trends highlighting holiday, tragedy themes

Fri, 10 Jul 2009 11:48:02 GMT

Spammers have been busy with holidays and tragedies to exploit, according to a Symantec report.

Social network site sued for spamming

Fri, 10 Jul 2009 13:04:31 GMT

A social networking site based in San Francisco has been notified that it will be sued by New York state for deceptive email marketing practices and invasion of privacy.

MasterCard will not permit automated encryption upgrade

Thu, 09 Jul 2009 15:16:15 GMT

The credit card company has not given a reason why, but it is not allowing merchants to make use of new technology that would automate the process of upgrading encryption keys on certain point-of-sale systems.

IBM develops selective data hiding on the fly

Thu, 09 Jul 2009 15:44:22 GMT

IBM researchers say they have invented a way to selectively obscure sensitive information before it is displayed on a computer screen.

DirectShow, ActiveX 0-days among planned Microsoft fixes

Thu, 09 Jul 2009 13:59:57 GMT

Microsoft is hoping it can pull off a quick turnaround for a fix of a zero-day ActiveX vulnerability that was only disclosed this week.

Security redesign coming in Google Chrome OS

Wed, 08 Jul 2009 16:26:28 GMT

Details are scant on Google's planned Chrome operating system -- but there is reason to be hopeful that security will be a big part of it.

Mass attacks on government, financial sites continue

Wed, 08 Jul 2009 17:26:19 GMT

Researchers remain unsure of the source of a major distributed denial-of-service attack, which temporarily crippled dozens of international government and financial websites.

Spammers exploiting trust in shortened URLs

Wed, 08 Jul 2009 12:08:23 GMT

Shortened URLs could potentially lead to sites hosting malware, phishing exploits or other spam-related content, security experts warn.

Cyberattacks: A call for collaborative action

Fri, 10 Jul 2009 12:57:58 GMT

We need to develop a collective consciousness for coping with the growing menace of cyber attacks, says Stanton Sloane.

The changing role of log management

Mon, 06 Jul 2009 13:55:37 GMT

We are only at the beginning of evolution in terms of the meaningful intelligence that can be derived from log and event data, says LogRhythm's Eric Knight.

Hot or not: SCAP is heating up

Thu, 02 Jul 2009 06:57:06 GMT

The Security Content Automation Protocol (SCAP) can help take guesswork out of secure system configurations.

PCI-DSS: Not on health care provider's radar

Fri, 19 Jun 2009 15:42:54 GMT

In 2009, virtually all health care providers take credit cards - and virtually none of them are PCI compliant.

Email: An open door to sophisticated security threats

Mon, 01 Jun 2009 13:22:34 GMT

Email was once a straightforward vehicle that, contrary to design, became a vector for viruses, trojans and spam. etc. Now, of course, it's a virtual open door exploited by individuals, organized groups of malware authors and cybercriminals to deliver sophisticated and stealthy security threats, which take up residency on desktops and establish extensive strongholds on corporate networks.

Process over trust: Will we ever learn?

Wed, 27 May 2009 17:25:07 GMT

To give businesses greater confidence in privilege management, we must define, implement, monitor and enforce processes for delegating administrative access.

Open letter to vendors on software security

Mon, 18 May 2009 18:35:07 GMT

Customers, consumers and enterprises need their vendors to take the entire life cycle of security management far more seriously than is evident from their behavior today.

PCI DSS: Double-duty solutions enable secure access and prove compliance

Mon, 18 May 2009 16:16:15 GMT

The reward that comes with being able to process payment card transactions is phenomenal, so is the risk

Navigate your company through an M&A transition

Mon, 11 May 2009 14:00:33 GMT

In the midst of an M&A environment, proactive risk management is key.

Hot or not: Web application vulnerabilities hit inflection point

Tue, 09 Jun 2009 16:54:14 GMT

Consider this: Though there was an overall 15 percent rise in vulnerabilities discovered last year, 60 percent of those uncovered were web application flaws.

Waging war on cyberthreats

Fri, 08 May 2009 16:47:37 GMT

Compromised information networks can put an organization's very life in jeopardy. Here are ways that firms can take the lead.

Solving the lying endpoint problem

Tue, 05 May 2009 12:10:47 GMT

Lying endpoints are a critical challenge to network security. No single solution is perfect, and each approach has its advantages and caveats; however, combined solutions can offer an effective response.

PCI DSS: Double-duty solutions enable secure access and prove compliance

Mon, 18 May 2009 16:16:15 GMT

The reward that comes with being able to process payment card transactions is phenomenal, so is the risk

PCI DSS compliance for firewalls: It doesn't have to be complex

Tue, 28 Apr 2009 16:26:57 GMT

The Payment Card Industry Data Security Standard has placed considerable pressure on retail industry IT security teams. The burden to ensure both security and compliance isn't easing; the current economic situation forcing IT to accomplish more with less is only adding to the problem.

Hot or Not: SCADA security is hot

Thu, 23 Apr 2009 16:22:27 GMT

As more physical systems are run and managed by IT systems, SCADA security will grow steadily in importance.

Gmail verifies senders

Tue, 14 Jul 2009 12:29:42 GMT

Gmail has added an icon next to verified emails coming from PayPal and eBay to signify they are not spam or phishes, Brad Taylor, Gmail spam czar, said in a blog post Monday. The "authentication icon for verified senders," which must be turned on by Gmail users by visiting the "Labs" tab under "Settings," will cause a key icon to appear next to legitimate messages coming from PayPal and eBay. Google soon hopes to extend the same protection to other popular senders, Taylor said. — DK

Study finds more breaches

Mon, 13 Jul 2009 11:56:25 GMT

Eight-five percent of organizations have experienced a data breach in the past 12 months -- up slightly from 84 percent a year ago, according to a fourth-annual encryption trends study released Monday by the Ponemon Institute and encryption vendor PGP. The study of 997 IT business managers, analysts and executives in the U.S. also found that 22 percent of organizations have experienced at least five security breaches within the past year -- a rise from 13 percent of respondents last year. — AM

Safend Data Protection Suite

Mon, 06 Jul 2009 09:00:00 GMT

The Safend Data Protection Suite is an encryption (and endpoint protection) software solution that consists of a centralized management console, which runs on IIS and .NET, a Microsoft SQL Server backend, and client software components.

SafeNet HASP SRM

Mon, 06 Jul 2009 09:00:00 GMT

SafeNet’s HASP SRM controls access to protected software applications either through a hardware dongle or through a virtual dongle that resides on the end-user’s hard disk.