Search results for: zero trust

Mac OS X 10.6.7 fixes security vulnerabilities

Apple today released Mac OS X 10.6.7 which increases the stability, compatibility, and security of your Mac. AirPort A divide by zero issue existed in the handling of Wi-Fi frames. When connected to Wi-Fi, an attacker on the same network may be able to cause a system reset. This issue does not affect systems prior to Mac OS X v10.6. Apache Apache is updated to version 2.2.17 to address several vulnerabilities, the most serious of … More

BufferZone Pro now free

Trustware just made BufferZone Pro completely free. BufferZone Pro adds an additional layer of protection to the traditional security suites addressed for the home users. It creates a separate – or virtual – environment that isolates security threats and prevents them from ever touching the user’s hard drive. BufferZone protection prevents all threats, even unknown (zero-day) threats that anti-virus misses. There are no signature updates, no maintenance and no response time. “Threat Virtualization or Sandboxing … More

WatchGuard XCS gains spam blocking and encryption capabilities

WatchGuard released a free update to its XCS (extensible content security) line of email and web content security appliances that includes new features to make stopping spam even easier along with new email encryption capabilities. The new add-in for Outlook allows end users to mark any delivered messages that bypass the XCS spam filters as either “spam’ or ‘not spam’. This way, end users gain the ability to report false positives, where legitimate messages were … More

2010: The year of the vulnerability

The year 2010 has been almost identical to the previous one in terms of malware evolution. Generally speaking, trends have not changed that much and nor have the targets for attack, though certain malicious activities have progressed dramatically. Whilst monthly malware detection rates have remained reasonably stable since 2009, with browser attacks and botnets continuing to be the main threats to cybersecurity, there has been a downturn in activity by certain types of malware. Vulnerabilities … More

Hacktivism and social engineering emerge as top threats

Hacktivism and more profit-oriented malware, social engineering and malicious codes with the ability to adapt to avoid detection will be the main threats in the coming year, according to PandaLabs. There will also be an increase in the threats to Mac users, new efforts to attack 64-bit systems and zero-day exploits. The major security trends of 2011 are outlined below. Malware creation. In 2010, PandaLabs witnessed significant growth in the amount of malware and discovered … More

The Zeus malware R&D program

Trusteer captured and analyzed a new version (2.1) of the Zeus financial malware and found that it has added sophisticated new mechanisms to commit online fraud and remain the Trojan of choice for criminals. Zeus has not only improved its business logic but also its ability to avoid detection and automatic analysis by antivirus vendors. Zeus is under the spotlight of security vendors, banks, and law enforcement, which forces its developers to continually improve it … More

New financial malware targeting bank customers

Bank customers are being targeted by criminals using regional specific malware that flies under the radar of most antivirus technology to steal peoples online banking credentials and commit fraud. Detection rates for regional malware are between zero and 20%, suggesting that the majority of these attacks go undetected. Two pieces of regional malware targeted at UK banks have been detected by Trusteer; Silon.var2 which resides on one in every 500 computers in the UK compared … More

90% of critical Windows 7 vulnerabilities are mitigated by eliminating admin rights

The removal of administrator rights from Windows users is a mitigating factor for 90% of critical Windows 7 vulnerabilities, according to research by BeyondTrust. The results demonstrate that as companies migrate to Windows 7 they’ll need to implement a desktop Privileged Identity Management solution, to reduce the risks from un-patched Microsoft vulnerabilities without inhibiting their users’ ability to operate effectively. Key findings from this report show that removing administrator rights will better protect companies against … More

Checklist to accelerate your software security efforts

In recent years, Software-as-a-Service (SaaS) has emerged as a viable application delivery method, and most enterprises are now including some SaaS software in their portfolios. SaaS saves IT infrastructure and maintenance costs, not to mention the hassle of initial deployment, integration and customization common with licensed software. Organizational functions such as sales, marketing, customer service, HR and others may request to subscribe to hosted software. If you have concerns around the security of cloud computing, … More

Week in review: Aurora malware, cyber war games and 0-day vulnerabilities for sale

Here’s an overview of some of last week’s most interesting news and articles: Biggest Chinese hacker training site taken down Black Hawk Safety Net, which offered attacking programs and malicious software to its subscribers, has been shut down by the police. Sensitive information retrieved from P2P networks Security researchers demonstrated the amazing variety of sensitive information that people send out out over peer-to-peer networks. Zero-day vulnerabilities on the market Zero-day vulnerabilities have become prized possessions … More

Top 10 information security threats for 2010

“The start of a new year is a great time for companies to evaluate their information security practices and begin thinking about what threats they’ll be facing in the coming year,” said Kevin Prince, CTO, Perimeter E-Security. “As these security threats are becoming more serious and difficult to detect, it is vital for companies to understand what they can do to best protect their systems and information. Top 10 information security threats for 2010 according … More

Malware in rich media and content

Cybercriminals most commonly used PDF and Shockwave Flash rich-media formats during the first half of 2009. In their State of the Internet 2009 report, CA discusses how exploited PDFs were first used for targeted attacks and adopted by organized cybercriminals for massive distribution of malware infection. These attackers implemented server-side automation to evade security scanner detection, and as a result, a malicious server generates a new file per request. Attackers also misused Shockwave Flash files … More