ISSA Omaha

PCI virtualization SIG closer to proposing changes to standard

Fri, 25 Sep 2009 12:26:18 -0500

PCI virtualization SIG closer to proposing changes to standard: A special interest group studying virtualization for the payment industry is preparing guidance on the use of virtualization and ways to maintain PCI DSS compliance.

Security Squad: Privacy gone awry

Wed, 23 Sep 2009 00:36:57 -0500

Security Squad: Privacy gone awry: SearchSecurity editors discuss Internet privacy issues, the Apache disclosure, VMworld and Apple security.

First Data, RSA push tokenization for payment processing

Wed, 23 Sep 2009 00:36:56 -0500

First Data, RSA push tokenization for payment processing: The encryption-token service could compete against vendors offering format preserving encryption to secure payment transactions.

Security challenges with cloud computing services

Mon, 21 Sep 2009 17:20:58 -0500

Security challenges with cloud computing services: Panel discusses cloud computing security issues including encryption and user authentication.

New Bahama botnet evades search engines, fuels click fraud

Fri, 18 Sep 2009 10:38:43 -0500

New Bahama botnet evades search engines, fuels click fraud: Researchers at Click Forensics have discovered a new botnet that is evading search engines and responsible for a spike in click fraud traffic and popup adware.

Experts rebuke programmers who use SQL injection as feature

Thu, 17 Sep 2009 04:18:43 -0500

Experts rebuke programmers who use SQL injection as feature: Security experts point to online advertising campaigns that distributed faulty code to affiliates as the source of spikes in SQL injection attacks.

Melissa Hathaway urges more cooperation, government attention to cybersecurity

Tue, 15 Sep 2009 22:04:21 -0500

Melissa Hathaway urges more cooperation, government attention to cybersecurity: Former acting director for cyberspace Melissa Hathaway called for public-private cooperation on cybersecurity and pressed government to develop standards and foster innovation.

Secure virtual desktop software enables remote client security

Tue, 15 Sep 2009 22:04:18 -0500

Secure virtual desktop software enables remote client security: Virtual desktops control endpoints and cut costs for an Atlanta-based financial company. The setup helps IT control core essentials and enforce acceptable use policy.

Brute force attacks target Yahoo email accounts

Tue, 15 Sep 2009 22:04:08 -0500

Brute force attacks target Yahoo email accounts: Attackers target a background Web services authentication application used by ISPs and Web applications to authenticate users.

SANS: Application threats, website flaws pose biggest security threats

Tue, 15 Sep 2009 22:03:38 -0500

SANS: Application threats, website flaws pose biggest security threats: A new report from the SANS Institute calls flaws in client-side applications often the most ignored by IT professionals.

Symark acquires BeyondTrust

Mon, 14 Sep 2009 15:32:11 -0500

Symark acquires BeyondTrust: Privileged access management provider expands beyond Unix and Linux environments to the Windows platform with acquisition.

DNSSEC deployment challenges can be overcome

Sat, 12 Sep 2009 03:46:32 -0500

DNSSEC deployment challenges can be overcome: Experts deploying DNSSEC across the .ORG domain share the issues encountered during the early-adoption of the technology. Key management remains an issue.

Security vendors can learn from ConSentry Networks demise

Thu, 10 Sep 2009 21:58:16 -0500

Security vendors can learn from ConSentry Networks demise: The switch-oriented NAC vendor serves as a sad reminder that security often only has niche appeal, says security expert Eric Ogren.

Trustwave acquires data loss prevention vendor Vericept

Thu, 10 Sep 2009 21:58:16 -0500

Trustwave acquires data loss prevention vendor Vericept: MSSP and PCI compliance firm buys one of dwindling field of independent DLP vendors.

Microsoft repairs Windows media, TCP/IP vulnerabilities

Wed, 09 Sep 2009 16:34:16 -0500

Microsoft repairs Windows media, TCP/IP vulnerabilities: Microsoft released five critical updates fixing a serious flaw in the Windows Media Format Runtime engine and TCP/IP processing errors that could crash Web and mail servers.

Microsoft issues SMB vulnerability advisory, patch pending

Wed, 09 Sep 2009 16:34:16 -0500

Microsoft issues SMB vulnerability advisory, patch pending: With attack code widely available, companies could take steps to mitigate the threat. Windows 7 and Vista users are at risk.

Attackers target Microsoft IIS; new SMB flaw discovered

Tue, 08 Sep 2009 10:33:27 -0500

Attackers target Microsoft IIS; new SMB flaw discovered: New exploit code targets a zero-day flaw in Microsoft Server Message Block, a protocol used by Windows to communicate messages to printers and other devices on a network.

Microsoft five critical updates won't include IIS

Sat, 05 Sep 2009 13:25:31 -0500

Microsoft five critical updates won't include IIS: A patch repairing a critical zero-day flaw in Microsoft’s IIS Web server will not be ready in time for Patch Tuesday, the software giant said.

At VMworld 2009, companies focus on virtual desktops for security

Fri, 04 Sep 2009 07:45:36 -0500

At VMworld 2009, companies focus on virtual desktops for security: While security is not a major theme at VMworld 2009, companies are turning attention to virtual desktop infrastructures to improve security and address remote employees.

Microsoft issues IIS FTP advisory, exploit code circulates

Fri, 04 Sep 2009 07:45:36 -0500

Microsoft issues IIS FTP advisory, exploit code circulates: Exploit code is circulating for the FTP zero-day flaw in Microsoft IIS Web server.