This month's Patch Tuesday is light, containing just five bulletins. Two are marked critical and three are marked important. One of the critical bulletins addresses Internet Explorer, and is believed to include a fix for the zero-day vulnerability highlighted by FireEye last month. Three fixes require a computer restart; so although light, it will still be a disruptive Patch Tuesday.
07 March 2014
It was post-dot-com bubble and post-Worldcom implosion, and the so-called “telecom winter” was dragging on. In the early 2000s, the communications industry had, in a word, been economically decapitated, and companies were struggling to find a new path to innovation and technology enablement that left old-world ideas behind. Against this backdrop the first tendrils of the web 2.0 economy began to flourish – and with it, came cyber-risks that had never been seen before.
06 March 2014
When it comes to the malware threatscape, it turns out that web-based attacks, which typically involve techniques that redirect the browser to malicious sites, were the most commonly reported type of attack for the last half of 2013, making up 26% of detections by F-Secure. In all, web-based malware attacks doubled in the second half of 2013 in comparison to the first half.
05 March 2014
A crypto error in the GnuTLS library has made hundreds of software packages vulnerable to fake security certificates.
05 March 2014
The SANS Institute has released its latest training and events schedule for 2014 in the Europe, Middle East and Asia regions
03 March 2014
As (ISC)² celebrates its 25th anniversary, the global non-profit is well underway to conducting the most extensive overhaul of the CISSP certification exam in its history. Infosecurity catches up with its executive director at the RSA Conference in San Francisco for a retrospective, and what to expect from the new certification exam
28 February 2014
At this week's RSA Conference in San Francisco, Qualys has unveiled a pair of new security offerings meant to enhance companies’ cloud security profiles. Continuous monitoring capability is the most recent addition to its QualysGuard Cloud Platform, while QualysGuard Web Application Firewall (WAF) service is for web applications running in Amazon EC2 and on-premise.
27 February 2014
In an effort to keep up with hackers, criminals, and nation-states, organizations are spending far too much on technology solutions, and not enough on the people and processes comprising a comprehensive security program.
27 February 2014
Four days after it fixed a critical flaw in its mobile iOS, Apple has fixed the same flaw in its desktop OS/X. The delay appears to have been so that Apple could roll the fix into a major upgrade to the Mavericks version of OS/X – a delay that has not been without criticism given the critical nature of the flaw.
26 February 2014
In his keynote at the RSA Conference in San Francisco, February 25 2014, Scott Charney, VP of Microsoft’s Trustworthy Computing Group, insisted that Microsoft has not compromised its principles in order to work with the NSA
25 February 2014