Security Blog http://windowsitpro.com/blog/41446/feed en TechEd 2012: Windows 8 and MBAM 2.0 Bring Enhanced Security Features http://windowsitpro.com/blog/teched-2012-windows-8-and-mbam-20-bring-enhanced-security-features <div class="node-body blog-body">I've written about some of the new Windows 8 security features already, but Microsoft released some additional Windows 8-friendly details about the beta version of Microsoft BitLocker Administration and Monitoring (MBAM) 2.0, which is now available for download.</div> <div class="og_rss_groups"><ul class="links"><li class="og_links first last"><a href="/blog/security-blog">Security Blog</a></li> </ul></div><p><a href="http://windowsitpro.com/blog/teched-2012-windows-8-and-mbam-20-bring-enhanced-security-features" target="_blank">read more</a></p> http://windowsitpro.com/blog/teched-2012-windows-8-and-mbam-20-bring-enhanced-security-features#comments Windows Server Security #infosec BitLocker Drive Encryption BitLocker Drive Encryption Encryption Jeff James MBAM MBAM 2.0 Microsoft BitLocker Administration News Security security Stephen Rose Windows 7 Windows 8 Security Blog Mon, 18 Jun 2012 16:31:04 +0000 41574 at http://windowsitpro.com Stuxnet and Duqu Redux: Flame Malware Found in Iran http://windowsitpro.com/blog/stuxnet-and-duqu-redux-flame-malware-found-iran <div class="node-body blog-body">The internet has been buzzing the last few days over a new strain of malware dubbed 'Flame' (alternatively called 'SkyWiper' by some security experts) that has been found on hundreds of PCs in the middle east, primarily in Iran.</div> <div class="og_rss_groups"><ul class="links"><li class="og_links first last"><a href="/blog/security-blog">Security Blog</a></li> </ul></div><p><a href="http://windowsitpro.com/blog/stuxnet-and-duqu-redux-flame-malware-found-iran" target="_blank">read more</a></p> http://windowsitpro.com/blog/stuxnet-and-duqu-redux-flame-malware-found-iran#comments Windows Server Security Cyberwarfare Duqu Flame Jeff James Kaspersky Lab malware Mark Russinovich News Security security researcher stuxnet Security Blog Wed, 30 May 2012 18:49:29 +0000 41447 at http://windowsitpro.com Apple Ships Flashback Malware Removal Tool for OS X 10.5, Patches Quicktime for Windows http://windowsitpro.com/blog/apple-ships-flashback-malware-removal-tool-os-x-105-patches-quicktime-windows <div class="node-body blog-body">Windows 7 is arguably one of the most hardened and regularly updated OSes available, and now Apple and the Macintosh are in the headlines for fighting off malware and patching vulnerable software.</div> <div class="og_rss_groups"><ul class="links"><li class="og_links first last"><a href="/blog/security-blog">Security Blog</a></li> </ul></div><p><a href="http://windowsitpro.com/blog/apple-ships-flashback-malware-removal-tool-os-x-105-patches-quicktime-windows" target="_blank">read more</a></p> http://windowsitpro.com/blog/apple-ships-flashback-malware-removal-tool-os-x-105-patches-quicktime-windows#comments Windows Server Security Systems Management Apple Apple Flashback Jeff James John Hodgman Justin Long Mac OS X Macintosh Malware malware News Patch Management removal tool Security virus Windows 7 Security Blog Wed, 16 May 2012 20:15:35 +0000 57891 at http://windowsitpro.com Patch Tuesday: Microsoft Patches 23 Vulnerabilities, Addresses "Sons of Duqu" http://windowsitpro.com/blog/patch-tuesday-microsoft-patches-23-vulnerabilities-addresses-sons-duqu <div class="node-body blog-body">Another Patch Tuesday has passed, with Microsoft releasing a total of seven security bulletins that address 23 security vulnerabilities. Three of these are classified as "critical" while the remaining four are dubbed "important." Chief among the critical ones is bulletin MS12-034, which provides a number of updates for the .NET Framework, Office, Silverlight, and Windows.</div> <div class="og_rss_groups"><ul class="links"><li class="og_links first last"><a href="/blog/security-blog">Security Blog</a></li> </ul></div><p><a href="http://windowsitpro.com/blog/patch-tuesday-microsoft-patches-23-vulnerabilities-addresses-sons-duqu" target="_blank">read more</a></p> http://windowsitpro.com/blog/patch-tuesday-microsoft-patches-23-vulnerabilities-addresses-sons-duqu#comments Windows Server Security Systems Management bug Duqu Jeff James Microsoft Windows News Patch Patch Management Patch Tuesday Qualys Security security Vulnerability Wolfgang Kandek Security Blog Wed, 09 May 2012 20:06:20 +0000 57448 at http://windowsitpro.com Juniper Survey Reveals Lack of Trust in Mobile Device Security http://windowsitpro.com/blog/juniper-survey-reveals-lack-trust-mobile-device-security <div class="node-body blog-body">Mobile devices are showing up in ever-increasing numbers in enterprises these days, from smartphones and ultralight notebooks to iPads and Androids tablets. The bring your own device (BYOD) phenomenon is also at work here, with employees bringing their own personal devices into the workplace.</div> <div class="og_rss_groups"><ul class="links"><li class="og_links first last"><a href="/blog/security-blog">Security Blog</a></li> </ul></div><p><a href="http://windowsitpro.com/blog/juniper-survey-reveals-lack-trust-mobile-device-security" target="_blank">read more</a></p> http://windowsitpro.com/blog/juniper-survey-reveals-lack-trust-mobile-device-security#comments Windows Server Mobile Networking Hardware Security Apple BYOD Hardware iPad Jeff James Juniper Networks Mobile and wireless mobile devices mobile security Networking News Security Smartphones Security Blog Wed, 09 May 2012 18:02:08 +0000 57520 at http://windowsitpro.com StillSecure Unveils Public Cloud Security Suite http://windowsitpro.com/blog/security-blog-12/news2/stillsecure-unveils-public-cloud-security-suite-142972 <div class="node-body blog-body">Cloud computing adoption is gradually picking up steam, yet legitimate concerns about security, data portability, auditing, compliance, and other issues have kept some IT departments on the sidelines. Security solution vendor StillSecure hopes to tackle some cloud security concerns with their new Cloud Network Security Appliance (NSA).</div> <div class="og_rss_groups"><ul class="links"><li class="og_links first last"><a href="/blog/security-blog">Security Blog</a></li> </ul></div><p><a href="http://windowsitpro.com/blog/security-blog-12/news2/stillsecure-unveils-public-cloud-security-suite-142972" target="_blank">read more</a></p> http://windowsitpro.com/blog/security-blog-12/news2/stillsecure-unveils-public-cloud-security-suite-142972#comments Cloud Computing cloud computing cloud services Jeff James Network security News public cloud infrastructure StillSecure WAF Web Application Firewall Security Blog Wed, 02 May 2012 19:43:04 +0000 57786 at http://windowsitpro.com Patch Tuesday: Microsoft Releases Four Critical Updates http://windowsitpro.com/blog/patch-tuesday-microsoft-releases-four-critical-updates <div class="node-body blog-body">Microsoft released a new round of updates for a variety of products and platforms on Patch Tuesday this week, prefaced by a reminder that support for Windows XP and Office 2003 will end in April 2014.</div> <div class="og_rss_groups"><ul class="links"><li class="og_links first last"><a href="/blog/security-blog">Security Blog</a></li> </ul></div><p><a href="http://windowsitpro.com/blog/patch-tuesday-microsoft-releases-four-critical-updates" target="_blank">read more</a></p> http://windowsitpro.com/blog/patch-tuesday-microsoft-releases-four-critical-updates#comments Windows Server Security Systems Management ActiveX control Adobe Configuration management Internet Explorer Jeff James Microsoft News Patch Management Patch Tuesday Security VMware Windows 7 Windows XP Security Blog Thu, 12 Apr 2012 16:10:26 +0000 57530 at http://windowsitpro.com Richard Clarke: Every Major U.S. Company Already Hacked by Chinese Government http://windowsitpro.com/blog/richard-clarke-every-major-us-company-already-hacked-chinese-government <div class="node-body blog-body">Clarke was recently interviewed by Ron Rosenbaum for Smithsonian Magazine, primarily for an article that focuses on who Clarke believes was behind the Stuxnet cyberattack against Iran in late 2010. Clarke -- like many other security experts -- points the finger squarely at the U.S., hinting that America may have received some assistance from Israeli intelligence services.</div> <div class="og_rss_groups"><ul class="links"><li class="og_links first last"><a href="/blog/security-blog">Security Blog</a></li> </ul></div><p><a href="http://windowsitpro.com/blog/richard-clarke-every-major-us-company-already-hacked-chinese-government" target="_blank">read more</a></p> http://windowsitpro.com/blog/richard-clarke-every-major-us-company-already-hacked-chinese-government#comments Windows Server Security China cyberspace Cyberwarfare Electronic warfare Islamic Republic of Iran Israel Jeff James Malware News Richard Clarke Rootkits Security Spyware and Adware United States Viruses Windows IT Pro Security Blog Wed, 28 Mar 2012 16:14:19 +0000 57206 at http://windowsitpro.com RSA Conference 2012 in Pictures http://windowsitpro.com/blog/rsa-conference-2012-pictures <div class="node-body blog-body">The Windows IT Pro editorial team presents the 2012 RSA Conference in pictures.</div> <div class="og_rss_groups"><ul class="links"><li class="og_links first last"><a href="/blog/security-blog">Security Blog</a></li> </ul></div><p><a href="http://windowsitpro.com/blog/rsa-conference-2012-pictures" target="_blank">read more</a></p> http://windowsitpro.com/blog/rsa-conference-2012-pictures#comments Windows Server Security News Security Security Blog Fri, 16 Mar 2012 16:54:16 +0000 57622 at http://windowsitpro.com RSA 2012: Symantec Bets on Cloud, Mobile, and Virtualization Security http://windowsitpro.com/blog/rsa-2012-symantec-bets-cloud-mobile-and-virtualization-security <div class="node-body blog-body">Symantec had a host of security-related news to share at RSA last week, but that wasn't all. The security solution giant released a fair amount of mobile security news at the Mobile World Congress (MWC) in Barcelona during the same period.</div> <div class="og_rss_groups"><ul class="links"><li class="og_links first last"><a href="/blog/security-blog">Security Blog</a></li> </ul></div><p><a href="http://windowsitpro.com/blog/rsa-2012-symantec-bets-cloud-mobile-and-virtualization-security" target="_blank">read more</a></p> http://windowsitpro.com/blog/rsa-2012-symantec-bets-cloud-mobile-and-virtualization-security#comments Windows Server Security cloud computing Dave Elliott Jeff James Jim Reavis News O3 platform Security Symantec Symantec CSA Training Partnership Verisign VMware Windows IT Pro Security Blog Thu, 08 Mar 2012 15:00:00 +0000 57675 at http://windowsitpro.com RSA 2012: Qualys Updates Cloud Platform, Launches Web Application Firewall Service http://windowsitpro.com/blog/rsa-2012-qualys-updates-cloud-platform-launches-web-application-firewall-service <div class="node-body blog-body">The increasing adoption of cloud-based security services is an ongoing trend at RSA this year, and cloud security service provider Qualys chose the conference to announce a host of new modules for their QualysGuard cloud security platform and to take the wraps of their new QualysGuard Web Application Firewall (WAF) service. </div> <div class="og_rss_groups"><ul class="links"><li class="og_links first last"><a href="/blog/security-blog">Security Blog</a></li> </ul></div><p><a href="http://windowsitpro.com/blog/rsa-2012-qualys-updates-cloud-platform-launches-web-application-firewall-service" target="_blank">read more</a></p> http://windowsitpro.com/blog/rsa-2012-qualys-updates-cloud-platform-launches-web-application-firewall-service#comments Windows Server Security availability services cloud-based security services DNS firewall Jeff James News Qualys Security Web Application Firewall web servers Wolfgang Kandek Security Blog Tue, 28 Feb 2012 18:00:36 +0000 57205 at http://windowsitpro.com Updated: What to Expect at RSA Conference 2012 http://windowsitpro.com/blog/updated-what-expect-rsa-conference-2012 <div class="node-body blog-body">In order to help you get the most out of RSA Conference 2012, I've put together some tips and pointers about what you can expect to see at the show, how to get the most of of RSA using the most popular social media platforms, some good blogs and website to follow for RSA news, and posted an open invitation to meet with Windows IT Pro readers at the show.</div> <div class="og_rss_groups"><ul class="links"><li class="og_links first last"><a href="/blog/security-blog">Security Blog</a></li> </ul></div><p><a href="http://windowsitpro.com/blog/updated-what-expect-rsa-conference-2012" target="_blank">read more</a></p> http://windowsitpro.com/blog/updated-what-expect-rsa-conference-2012#comments Windows Server Security News Security Security Blog Thu, 23 Feb 2012 05:01:00 +0000 57799 at http://windowsitpro.com Quest Software Touts New Features of Secure Copy 6.0 http://windowsitpro.com/blog/quest-software-touts-new-features-secure-copy-60 <div class="node-body blog-body">Scriptlogic was acquired by Quest Software in August 2007, and Secure Copy 6.0 -- released in late January -- is one of the first Scriptlogic products to be branded under the Quest umbrella. The first Secure Copy was released by Small Wonders Software, which was acquired by Scriptlogic in 2003. </div> <div class="og_rss_groups"><ul class="links"><li class="og_links first last"><a href="/blog/security-blog">Security Blog</a></li> </ul></div><p><a href="http://windowsitpro.com/blog/quest-software-touts-new-features-secure-copy-60" target="_blank">read more</a></p> http://windowsitpro.com/blog/quest-software-touts-new-features-secure-copy-60#comments Windows Server Security Systems Management File management File systems Jeff James News Quest Software Robocopy Ryan Oistacher Scriptlogic Secure Copy Security Security Server Management Systems Management Tood Tobias Xcopy Security Blog Thu, 09 Feb 2012 17:22:55 +0000 57601 at http://windowsitpro.com Will DMARC Stop Spam and Improve Email Security? http://windowsitpro.com/blog/will-dmarc-stop-spam-and-improve-email-security <div class="node-body blog-body">Stemming the flood of potentially spam has been a thorny issue for many email providers, who have struggled to product effective means to steam the ever-rising flood of spam. This struggle has all the hallmarks of a never-ending arms race, and email companies needed something to help them turn the tide -- or at least slow down the rising waters.</div> <div class="og_rss_groups"><ul class="links"><li class="og_links first last"><a href="/blog/security-blog">Security Blog</a></li> </ul></div><p><a href="http://windowsitpro.com/blog/will-dmarc-stop-spam-and-improve-email-security" target="_blank">read more</a></p> http://windowsitpro.com/blog/will-dmarc-stop-spam-and-improve-email-security#comments Security Systems Management Antivirus Client Management Cryptographic protocols DomainKeys Identified Mail E-mail authentication E-mail spam Google Jeff James mail authentication infrastructure Microsoft Security Sender Policy Framework Spamming Systems Management Yahoo! Security Blog Wed, 01 Feb 2012 21:44:24 +0000 57138 at http://windowsitpro.com What Companies can Learn from the Zappos Breach http://windowsitpro.com/blog/what-companies-can-learn-zappos-breach <div class="node-body blog-body">Companies are under siege from cyberattacks more than ever, with news of data breaches, phishing attacks, and other digital security exploits nearly a daily occurrence. So when news broke that online retailer Zappos (now owned by Amazon) had been the victim of a new cyberattack, I'm sure we shrugged our shoulders and collectively said &quot;Here we go again.&quot; While the full details of the how and why of the Zappos attack are still to emerge, an email from Zappos CEO Tony Hsieh to employees earlier this week stated that &quot;We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky.&quot; Zappos immediately issued a forced password reset of all 24+ million customer accounts, and also sent an email to consumers telling them about the breach, advising them to reset their passwords, and pointing them to additional resources for information. I think Zappos handled the breach better than most, and could serve as a good example for other companies to follow. Companies that are slow to reveal an attack to their customers, or hide their heads in the sand, or immediately set out with a blame-shifting strategy deserve to be criticized. ESET Security Researcher Cameron Camp goes into more detail about what Zappos did right in a blog post over at the ESET Threat Blog, and I'd suggest that Camp's post should be required reading for the CEO, CISO, and IT/PR departments of every company that maintains a database of customer information. Here's one especially good bit of advice that Camp offers to any company who wants to maintain good relationships with their customers after a breach: Tell users where to find more information: [Zappos] put up a special website to disseminate information as it becomes available. This does two things: 1) established a central clearinghouse for relevant information, and 2) reduced the repetitiveness of the requests their support staff may r</div> <div class="og_rss_groups"><ul class="links"><li class="og_links first last"><a href="/blog/security-blog">Security Blog</a></li> </ul></div><p><a href="http://windowsitpro.com/blog/what-companies-can-learn-zappos-breach" target="_blank">read more</a></p> http://windowsitpro.com/blog/what-companies-can-learn-zappos-breach#comments Windows Server Security Amazon.com Computing ESET Fid HTML Hyperlink News phishing Security Security Security Technology_Internet Twitter World Wide Web Zappos.com Security Blog Wed, 18 Jan 2012 22:57:36 +0000 57664 at http://windowsitpro.com