Security Blog

Jun 18, 2012

TechEd 2012: Windows 8 and MBAM 2.0 Bring Enhanced Security Features 1

I've written about some of the new Windows 8 security features already, but Microsoft released some additional Windows 8-friendly details about the beta version of Microsoft BitLocker Administration and Monitoring (MBAM) 2.0, which is now available for download....More
May 30, 2012

Stuxnet and Duqu Redux: Flame Malware Found in Iran

The internet has been buzzing the last few days over a new strain of malware dubbed 'Flame' (alternatively called 'SkyWiper' by some security experts) that has been found on hundreds of PCs in the middle east, primarily in Iran....More
May 16, 2012

Apple Ships Flashback Malware Removal Tool for OS X 10.5, Patches Quicktime for Windows 2

Windows 7 is arguably one of the most hardened and regularly updated OSes available, and now Apple and the Macintosh are in the headlines for fighting off malware and patching vulnerable software....More
May 9, 2012

Patch Tuesday: Microsoft Patches 23 Vulnerabilities, Addresses "Sons of Duqu"

Another Patch Tuesday has passed, with Microsoft releasing a total of seven security bulletins that address 23 security vulnerabilities. Three of these are classified as "critical" while the remaining four are dubbed "important." Chief among the critical ones is bulletin MS12-034, which provides a number of updates for the .NET Framework, Office, Silverlight, and Windows....More
May 9, 2012

Juniper Survey Reveals Lack of Trust in Mobile Device Security

Mobile devices are showing up in ever-increasing numbers in enterprises these days, from smartphones and ultralight notebooks to iPads and Androids tablets. The bring your own device (BYOD) phenomenon is also at work here, with employees bringing their own personal devices into the workplace....More
May 2, 2012

StillSecure Unveils Public Cloud Security Suite

Cloud computing adoption is gradually picking up steam, yet legitimate concerns about security, data portability, auditing, compliance, and other issues have kept some IT departments on the sidelines. Security solution vendor StillSecure hopes to tackle some cloud security concerns with their new Cloud Network Security Appliance (NSA)....More
Apr 12, 2012

Patch Tuesday: Microsoft Releases Four Critical Updates

Microsoft released a new round of updates for a variety of products and platforms on Patch Tuesday this week, prefaced by a reminder that support for Windows XP and Office 2003 will end in April 2014....More
Mar 28, 2012

Richard Clarke: Every Major U.S. Company Already Hacked by Chinese Government

Clarke was recently interviewed by Ron Rosenbaum for Smithsonian Magazine, primarily for an article that focuses on who Clarke believes was behind the Stuxnet cyberattack against Iran in late 2010. Clarke -- like many other security experts -- points the finger squarely at the U.S., hinting that America may have received some assistance from Israeli intelligence services....More
Mar 16, 2012

RSA Conference 2012 in Pictures

The Windows IT Pro editorial team presents the 2012 RSA Conference in pictures....More
Mar 8, 2012

RSA 2012: Symantec Bets on Cloud, Mobile, and Virtualization Security

Symantec had a host of security-related news to share at RSA last week, but that wasn't all. The security solution giant released a fair amount of mobile security news at the Mobile World Congress (MWC) in Barcelona during the same period....More
Feb 28, 2012

RSA 2012: Qualys Updates Cloud Platform, Launches Web Application Firewall Service

The increasing adoption of cloud-based security services is an ongoing trend at RSA this year, and cloud security service provider Qualys chose the conference to announce a host of new modules for their QualysGuard cloud security platform and to take the wraps of their new QualysGuard Web Application Firewall (WAF) service....More
Feb 22, 2012

Updated: What to Expect at RSA Conference 2012

In order to help you get the most out of RSA Conference 2012, I've put together some tips and pointers about what you can expect to see at the show, how to get the most of of RSA using the most popular social media platforms, some good blogs and website to follow for RSA news, and posted an open invitation to meet with Windows IT Pro readers at the show....More
Feb 9, 2012

Quest Software Touts New Features of Secure Copy 6.0

Scriptlogic was acquired by Quest Software in August 2007, and Secure Copy 6.0 -- released in late January -- is one of the first Scriptlogic products to be branded under the Quest umbrella. The first Secure Copy was released by Small Wonders Software, which was acquired by Scriptlogic in 2003....More
Feb 1, 2012

Will DMARC Stop Spam and Improve Email Security? 2

Stemming the flood of potentially spam has been a thorny issue for many email providers, who have struggled to product effective means to steam the ever-rising flood of spam. This struggle has all the hallmarks of a never-ending arms race, and email companies needed something to help them turn the tide -- or at least slow down the rising waters....More
Jan 18, 2012

What Companies can Learn from the Zappos Breach 3

Companies are under siege from cyberattacks more than ever, with news of data breaches, phishing attacks, and other digital security exploits nearly a daily occurrence. So when news broke that online retailer Zappos (now owned by Amazon) had been the victim of a new cyberattack, I'm sure we shrugged our shoulders and collectively said "Here we go again." While the full details of the how and why of the Zappos attack are still to emerge, an email from Zappos CEO Tony Hsieh to employees earlier this week stated that "We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky." Zappos immediately issued a forced password reset of all 24+ million customer accounts, and also sent an email to consumers telling them about the breach, advising them to reset their passwords, and pointing them to additional resources for information. I think Zappos handled the breach better than most, and could serve as a good example for other companies to follow. Companies that are slow to reveal an attack to their customers, or hide their heads in the sand, or immediately set out with a blame-shifting strategy deserve to be criticized. ESET Security Researcher Cameron Camp goes into more detail about what Zappos did right in a blog post over at the ESET Threat Blog, and I'd suggest that Camp's post should be required reading for the CEO, CISO, and IT/PR departments of every company that maintains a database of customer information. Here's one especially good bit of advice that Camp offers to any company who wants to maintain good relationships with their customers after a breach: Tell users where to find more information: [Zappos] put up a special website to disseminate information as it becomes available. This does two things: 1) established a central clearinghouse for relevant information, and 2) reduced the repetitiveness of the requests their support staff may r...More
Jan 4, 2012

Check Point Teams with Amazon for Cloud Security

With polls and surveys continuing to show that IT professionals have concerns about security in the cloud, Check Point Software has unveiled a virtual appliance for Amazon Web Services (AWS) that should help alleviate some of the concerns of security-minded system administrators and security officers. According to Check Point, the company will be offering an AWS-friendly virtual appliance that can be configured to handle such security tasks as data loss prevention (DLP), application control, URL filtering, virtual private networking (VPN), and more. In a statement announcing the new products, Stephen Schmidt, chief information security officer at Amazon Web Services, applauded Check Point's decision to support AWS. "We offer a shared-responsibility security model that enables customers to choose a security solution that best meets their application’s needs, while AWS remains focused on providing a safe and secure infrastructure," Schmidt said. "We are excited that Check Point has embraced this model and is providing an innovative solution for customers." Check Point Software VP Network Security Products Oded Gonda stressed that while IT departments are moving to the cloud, most IT organizations are adopting a hybrid approach that leverages both on- and off-premise IT resources. "As many businesses plan to manage their IT infrastructure in the cloud, it’s important to protect both cloud and on-premise infrastructure to ensure that all corporate assets remain secure," Gonda said. "One of the best ways to achieve this is to enforce a consistent security policy across the organization." Check Point's announcement states that the new virtual appliance is available now, and pricing is "based on the existing software blade licensing and can be purchased through the Check Point worldwide network of value-added resellers." Find out more about the new Check Point virtual security appliances for AWS by visiting the Check Poi...More
Dec 13, 2011

Smartphone Security, Cybercrime, and Fraudulent SSL Certificates Top Symantec 2012 Security Trends

2011 will likely be remembered as one of the most infamous periods in IT history from a security standpoint. From attacks by Lulzsec and Anonymous to questions about mobile device security, 2011 had plenty of ulcer-inducing security episodes. The new year will likely have its own share of security headaches, and Symantec Senior Intelligence Analyst Paul Wood recently posted his take on what IT professionals may be losing sleep over in 2012. First on Wood's list is the continuing threat from advanced persistent threats (APTs) that target business and government infrastructure. Wood points out that many companies aren't paying attention to critical infrastructure prevention (CIP) programs developed by state and federal governments: "A recent Symantec Critical Infrastructure Protection (CIP) Survey found that companies are generally less engaged in their government’s CIP programs this year when compared to last. In fact, only 37 percent of companies are completely or significantly engaged in such programs this year, versus 56 percent in 2010." We've written a lot about mobile security issues in 2011, ranging from multiple cases of malware targeting Android devices to controversy around Carrier IQ, a company that develops programs that track subscriber data for wireless carriers. Woods quotes a Gartner report that indicates more that 461 million smartphones will be sold by the end of 2011, surpassing PC sales for the first time in history. The growth of cybercrime is another security trend to be wary of for 2012, with large criminal organizations developing tactics and strategies to separate businesses from their most important data. Woods sees that trend continuing in 2012: "Cybercrime’s spread from the criminal underground to the business mainstream was highlighted by a surge in targeted attacks. Symantec’s November Intelligence Report shows that targeted attacks are becoming more prevalent in 2011. Large enterprises, with more than 2,500 employees...More
Dec 7, 2011

How Facebook Handles Image EXIF Data 2

Over the past few years a variety of mass media outlets have reported on the dangers of EXIF data and geotagging, yet many get the information wrong, particularly when it comes to EXIF data and social media platforms like Facebook....More
Nov 17, 2011

Microsoft Revamps Windows Update for Windows 8 3

Microsoft is hoping to address issues with Windows Update with Windows 8, and released some new details of how Windows 8 will offer improvements in this area in their Building Windows 8 blog....More
Nov 9, 2011

McAfee Warns Consumers about Holiday Scams

With the holiday season fast approaching, security vendor McAfee has released information about the “12 Scams of Christmas,” a list of what McAfee believes will be the most dangerous online scams of the holidays. Malware targeting mobile devices (particularly smartphones and tablets running Android) and social media threats topped the list, which was posted by McAfee's Gary Davis. In his blog post, Davis points to a survey by the National Retail Federation that indicates more than 52% of American smartphone users will use their phones for holiday research and shopping. A McAfee survey reveals that there has been a 76% increase in "malware targeted at Android devices in the second quarter of 2011 over the first, making it the most targeted smartphone platform." Read: Tips for Securing Android Phones Phony promotions on Facebook and other social media platforms are also an ongoing risk, with items like fake giveaways for airline tickets and other gifts being commonly used by cybercriminals to lure unsuspecting consumers into revealing their banking details, credit card numbers, and other personal information. Two particularly useful tips involve keeping an eye out for scams centered around delivery services like FedEx and UPS, as well as banks and other financial institutions. Davis describes these in additional detail in his post: A common holiday phishing scam is a phony notice from UPS, saying you have a package and need to fill out an attached form to get it delivered. The form may ask for personal or financial details that will go straight into the hands of the cyberscammer...Banking phishing scams continue to be popular and the holiday season means consumers will be spending more money—and checking bank balances more often. From July to September of this year, McAfee Labs identified approximately 2,700 phishing URLs per day. All of us know at least a few friends, family, and co-workers who tend to click first and think later, so all of these...More
What's Security Blog?

Security news, views, product reviews, and solutions for Microsoft Windows IT professionals.

Blog Archive

Sponsored Introduction Continue on to (or wait seconds) ×