Stories about: SANS Institute

Apple's patching process proves that the company isn't serious about moving Macs into the enterprise, security researchers said Monday.

The high-profile sabotage this month of the city of San Francisco's fiber backbone network clearly shows both the extent of damage a disgruntled employee can cause and the need for controls to mitigate the risk of such actions.

A botnet is now using a SQL-injection attack tool designed to hack legitimate Web sites, a move meant to add more hijacked PCs to its collection, according to a security researcher.

A security researcher has developed malicious rootkit software for Cisco Systems' routers, a development that has placed increasing scrutiny on the routers that carry the majority of the Internet's traffic.

The SANS Institute has formalised its association with Shearwater Solutions by appointing the company as its local ANZ representative, as well as bringing it on board to organize a SANS security training event in Canberra in June.

Microsoft issued four critical updates Tuesday that quashed 12 bugs in Office, the company's business suite, including a flaw in Excel that has been exploited by attackers for more than two months.

Criminals have been able to hack into computer systems via the Internet and cut power to several cities, a U.S. Central Intelligence Agency analyst said this week.

A rootkit that hides from Windows on the hard drive's boot sector is infecting PCs, security researchers said Wednesday. Once installed, the cloaking software is undetectable by most current antivirus programs.

Security is a people problem. OK, you already knew that. But recently the SANS Institute finally recognized it too, in its list of the top 20 Internet security risks of 2007. Topping the chart of new, hard-to-defend-against risks were vulnerabilities in custom Web applications and (drum roll, please) "gullible, busy, accommodating computer users, including executives, IT staff and others with privileged access."

I'm hearing more about new kinds of attacks on the LAN, such as voice over IP (VoIP) attacks or using printers as a source of attack. How can LAN security help me prevent those attacks?

Many analysts consider Web application vulnerabilities to be among the biggest security threats facing companies these days. A lot of attention has been paid to understanding risks such as input-validation flaws, cross-site scripting errors and other Java Web application security threats.