Tag Archives: IT Security

CipherCloud Adds Encryption to SaaS, Cloud Applications

CipherCloud CipherCloud’s new tool allows businesses to encrypt data in-transit, in-use, and at-rest for both public and private cloud applications.

The CipherCloud Connect AnyApp offers businesses cloud encryption for all types of data, regardless of whether it’s being used with infrastructure-as-a-service, software-as-a-service, and platform-as-a-service applications, CipherCloud said Thursday. The latest software addition to the CipherCloud Platform provides a single interface to manage encryption, making it a cheaper option for enterprises interested in deploying data encryption across multiple cloud applications, even the ones behind the firewall, according to the company. Continue reading CipherCloud Adds Encryption to SaaS, Cloud Applications


How To Protect Your Commercial Web Server

chart: Vulnerabilities Of Typical E-Commerce SitesIn February, a hacker placed a malicious program on shoe and clothing retailer Opening Ceremony’s website. For more than a month, the malware collected the names, addresses, and credit card information of customers who purchased items from the site.

“We discovered the malware on March 21, 2012, immediately removed it, and implemented increased security controls to prevent this from happening in the future,” Carol Lim, CEO and co-founder, wrote in a letter to customers in May. Continue reading How To Protect Your Commercial Web Server

Home › Virus & Malware Microsoft Releases Attack Surface Analyzer to Encourage Secure Software Development

Attack Surface Analyzer Helps Developers During the Verification Phase of the Microsoft Security Development Lifecycle (SDL)

Microsoft has released the public version of Attack Surface Analyzer, a tool that determines the security of an application by examining how it affects the computer it is installed on.

Microsoft Attack Surface AnalyzerMicrosoft originally released Attack Surface Analyzer as a public beta in January 2011 during the Blackhat DC security conference. In the year and a half since, the company has reduced the number of false positives, enhanced performance, and made bug fixes, Monty LaRue and Jimmie Lee, Trustworthy Computing Security engineers at Microsoft, wrote on the Security Development Lifecycle blog Thursday. Attack Surface Analyzer 1.0 now has an improved graphical user interface and in-depth documentation, they wrote. Continue reading Home › Virus & Malware Microsoft Releases Attack Surface Analyzer to Encourage Secure Software Development

5 Most In-Demand Security Skills

5 Most In-Demand Security SkillsThe number of IT security job postings listed on Dice.com has escalated significantly compared to a year ago, based on the job board’s annual comparative analysis. The biggest increase is for cybersecurity specialists, whose listings have grown by 60 percent.

“Every year the number of threats and the sophistication of those threats escalate,” says Alice Hill, managing director at Dice.com. “It’s a battle that will only continue to increase, making cybersecurity positions a priority within organizations.”ice defines the broad term of “cybersecurity professionals” as those responsible for building and maintaining a secure computing environment. These individuals collaborate with business leaders to define use cases, risk profiles and determine the appropriate access to information for employees and customers. The cybersecurity job category on Dice includes only those job posts that carry the keyword “cybersecurity.” The job board does not specifically track any particular skill or role that may fit into this job category. Continue reading 5 Most In-Demand Security Skills

MySQL vulnerability allows attackers to bypass password verification

IDG News Service – Security researchers have released details about a vulnerability in the MySQL server that could allow potential attackers to access MySQL databases without inputting proper authentication credentials.

The vulnerability is identified as CVE-2012-2122 and was addressed in MySQL 5.1.63 and 5.5.25 in May. However, many server administrators might not be aware of its impact, because the changelog for those versions contained very little information about the security bug. Continue reading MySQL vulnerability allows attackers to bypass password verification

Oracle to issue 14 patches for Java SE

IDG News Service – Oracle is planning to ship 14 patches related to Java SE on Tuesday, including a number with the highest level of severity under the CVSS (common vulnerability scoring system) framework, according to a pre-release announcement on the company’s website.

“Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible,” Oracle said. Continue reading Oracle to issue 14 patches for Java SE

Security threats explained: Internal negligence

In this series, Computerworld Australia examines some of the information security threats facing small business and larger enterprises today. We begin by speaking to experts about the problem of ‘internal negligence’ and company processes that can put businesses at risk of a data breach.

Internal negligence, according to Quest Software, can be defined as an offence committed by staff members, such as forgetting to check log reports for suspicious behaviour, that leads to company documents or financial information being leaked out of the enterprise. Continue reading Security threats explained: Internal negligence