News

• Smartphones take center stage in two-factor authentication schemes

  We all know that relying on a simple user ID and password combination is fraught with peril. One alternative is to use one of the single sign-on solutions we reviewed last year, but there are less expensive options that could also be easier to install.

• New Mac spyware found on Angolan activist's computer

  Previously unknown Mac OS X spyware, signed with a valid Apple Developer ID, has turned up on the laptop of an activist from Angola at a human rights conference in Norway.

• McAfee rethinks consumer security service delivery

  McAfee, part of Intel, today announced a profound shift in how it distributes and prices its consumer security products by introducing LiveSafe, a service that combines anti-malware plus a score of other capabilities, such as anti-theft protection and a so-called "safety deposit box" in the cloud that can only be accessed by means of the user's face or voice biometric.

• It's better to call ahead before sending malware, Symantec finds

  Hackers are finding it pays to call ahead before sending malware-laden email.

• Adobe warns customers of unpatched critical flaw in ColdFusion

  Adobe has warned users of its ColdFusion application server platform of a critical vulnerability that could give unauthorized users access to sensitive files stored on their servers.

• Senators want sanctions against countries supporting cyberattacks

  Two U.S. senators will push Congress or President Barack Obama's administration to pursue trade and immigration sanctions against China and other countries that allegedly support cyberattacks on U.S. government agencies and businesses, the lawmakers said Wednesday.

• Trend Micro seeks to make Amazon Web Services more secure

  Trend Micro today announced a slate of cloud-based security services that it says protect servers for Amazon Web Services (AWS) customers.

• IDC: SAP and Oracle winners as software growth slows

  A growing interest in big data, analytics, and cloud computing helped propel a weak software enterprise market last year, according to research from IDC. SAP and Oracle fared the best among the large software vendors.

• Symantec report finds small businesses battered by cybercrime

  Cybercriminals are increasingly targeting small businesses due to their less sophisticated defenses, according to a new report from Symantec.

• Virtual Instruments: Avoiding "The Abyss", trouncing Brocade and not hiding behind SDN

  Virtual Instruments, the nearly 5-year-old infrastructure performance management software and hardware maker, is one of those companies that might never become a household name no matter how successful it becomes. In fact, many at first mistake the company for being in the music business.

• Malware abuses Chromium Embedded Framework, developers fight back

  A new version of the TDL rootkit-type malware program downloads and abuses an open-source library called the Chromium Embedded Framework that allows developers to embed the Chromium Web rendering engine inside their own applications, according to security researchers from antivirus vendor Symantec.

• Researchers find TeamViewer-based cyberespionage operation

  Security researchers have uncovered yet another ongoing cyberespionage operation targeting political and human rights activists, government agencies, research organizations and industrial manufacturers primarily from Eastern European countries and former Soviet Union states.

• Symantec finds Linux wiper malware used in S. Korean attacks

  Security vendors analyzing the code used in the cyberattacks against South Korea are finding nasty components designed to wreck infected computers.

• Potential weakness in SSL/TLS security downplayed by certificate group

  Claims by a cryptography researcher this week about weaknesses in the RC4 algorithm used in SSL/TLS certificates is being downplayed by the group known as the Certificate Authority Security Council (CASC) which was recently established to address questions on security in this area.

• Security appliances are riddled with serious vulnerabilities, researcher says

  The majority of email and Web gateways, firewalls, remote access servers, UTM (united threat management) systems and other security appliances have serious vulnerabilities, according to a security researcher who analyzed products from multiple vendors.