USA Media Coverage

Half of Fortune 500 Firms Infected with DNS Changer

Machines will be cut off from the Web next month, say experts

02/02/2012

Oracle Patches DoS Flaw in Database 10g, WebLogic, iPlanet

Oracle patched three products to address a vulnerability in Web Application frameworks that could cause a denial of service due to hashing collisions.

02/02/2012

Symantec Patches PCAnywhere, But Should You Delete

Symantec says hotfix 'eliminates known vulnerabilities,' but hackers could use source code to exploit unknown holes. Some users will want to delete the app entirely.

02/01/2012

Detecting the DNS Changer Malware

DNS servers handling traffic of infected machines will be shutdown in March, cutting off Internet access to those infected.

02/01/2012

InfoSecurity

CSO Interchange: Cloud Concerns Are Largely Propaganda

Last week’s CSO Interchange roundtable centered on “Barriers to Cloud Adoption”, with talks on identity issues from Jericho Forum’s Paul Simmonds and SSL from security researcher Moxie Marlinspike.

01/30/2012

Qualys Expands Its FreeScan Service

Qualys announced its new and improved FreeScan service to help SMBs audit and protect their web sites from security vulnerabilities and malware infections.

01/20/2012

Qualys Keeps the Future Under Wraps

The long-range import of Qualys’ hard work will become clear as the software-as-a-service firm enhances its platform and adds new services starting at the end of February at the annual RSA Conference.

01/20/2012

Fierce CIO

Is Oracle Neglecting Database Security?

Oracle's big critical patch update on Jan. 17 set a record for the fewest fixes for database products--only two of the 78 total fixes in the CPU.

01/20/2012

Oracle Scorned for Paltry Database Patches

With only two of many reported vulnerabilities fixed in Oracle's latest update, the database security community questions Oracle's patch bottleneck.

01/19/2012

Oracle CPU Contains Lowest Number Of Database Fixes Ever

Database security community concerned about Oracle's patch bottleneck

01/18/2012

Oracle Squashes 78 Software Bugs in Latest Patch

Oracle yesterday deployed 78 different security fixes aimed at patching holes throughout its various database products.

01/18/2012

Oracle Repairs Two Database Flaws, Issues 78 Patches to Product Line

Oracle repaired two flaws in its database management system as part of its quarterly update this week that included 78 patches across its product portfolio.

01/18/2012

Oracle Patches 78 Vulnerabilities

Oracle publishes Critical Patch Updates (CPUs) on a quarterly schedule.

01/18/2012

Oracle Readies 16 Highly Critical Security Patches

Oracle (NSDQ:ORCL) plans to release next week dozens of security patches, 16 highly critical, for most of the software maker's products.

01/13/2012

Reactions from the Security Community to the Trustworthy Computing Initiative

Comments on the Trustworthy Computing Initiative that Help Net Security received from industry veterans.

01/13/2012

Info Boom

Slow Read Attack: A New HTTP Denial of Service Attack

A new HTTP-based threat, dubbed a "Slow Read attack" aims to cause an undetected Denial of Service (DoS) by exploiting a transmission control protocol (TCP) persist timer vulnerability.

01/12/2012

Microsoft and Adobe Release First Major Patch Bundles of 2012

Microsoft released seven bulletins last night to fix one critical issue on its first Patch Tuesday of 2012.

01/11/2012

Adobe Plugs 6 Critical Holes in Reader

Also gives IT admins more control over PDF docs' oft-exploited JavaScript

01/11/2012

Microsoft Releases Seven Bulletins

Qualys CTO Wolfgang Kandek on this month's Patch Tuesday

01/10/2012

Microsoft January 2012 Patch Tuesday Issues Windows Media Fix, Resolves SSL Protocol Weakness

Microsoft issued seven security bulletins, including one “critical” bulletin, repairing a serious Windows Media Player flaw that could be exploited in dangerous drive-by website attacks.

01/10/2012

Microsoft Slays the BEAST, and Six Other Patch Tuesday Updates

Microsoft has released a total of seven security bulletins – one ranked as “critical”, with the remaining 6 designated merely as “important”

01/10/2012

Microsoft's First 2012 Patch Tuesday Offers One Critical Fix

Microsoft (NSDQ:MSFT) released Tuesday one critical bulletin in a package of seven that comprised the company's first monthly patch release of the year.

01/10/2012

Media Player, Security Bypass Are Focus of Microsoft's First Patch Tuesday of 2012

Of the seven bulletins issued as part of Microsoft's first Patch Tuesday of the year, researchers agree that a vulnerability affecting Windows Media Player should be the first one patched.

01/10/2012

Adobe Repairs Critical Reader, Acrobat Flaws, Adds JavaScript Control

Adobe Systems Inc. issued its quarterly security update Tuesday, repairing six critical vulnerabilities in its Reader and Acrobat software.

01/10/2012

Help Net Security

Exploit Code for Recent ASP.NET DoS Flaw Made Public

The ASP.NET DoS flaw that has recently been revealed at the Chaos Communication Congress in Berlin has been patched by Microsoft in almost record time, but users who have not already implemented the patch should definitely hop to it

01/10/2012

Ars Technica

New Slow-Motion DoS Attack: Just a Few PCs, Little Fear of Detection

Qualys Security Labs researcher Sergey Shekyan has created a proof-of-concept tool that could be used to essentially shut down websites from a single computer with little fear of detection.

01/07/2012

The Verge

New Denial of Service Vulnerability Detailed, Doesn't Require Many PCs

What you may not know is that there are denial of service (DoS) methods that don't need to be so distributed.

01/07/2012

Adobe Plans Fixes for Critical 3D Bugs in Reader, Acrobat X

Adobe will fix a slew of security flaws in Reader and Acrobat, including the critical 3D vulnerabilities that were discovered in December, as part of its quarterly update.

01/06/2012