MS08-020 – Important: Vulnerability in DNS Client Could Allow Spoofing (945553)   08 Apr 2008 08:00 GMT
Bulletin Severity Rating:Important - This important security update resolves a privately reported vulnerability. This spoofing vulnerability exists in Windows DNS clients and could allow an attacker to send specially crafted responses to DNS requests, thereby spoofing or redirecting Internet traffic from legitimate locations.
Source: TechNet

MS08-019 – Important: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (949032)   08 Apr 2008 08:00 GMT
Bulletin Severity Rating:Important - This security update resolves privately reported vulnerabilities in Microsoft Office Visio that could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Source: TechNet

MS08-018 – Critical: Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183)   08 Apr 2008 08:00 GMT
Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft Office Project that could allow remote code execution if a user opens a specially crafted Project file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Source: TechNet

OS Smackdown: Linux vs. Mac OS X vs. Windows Vista vs. Windows XP   08 Apr 2008 05:07 GMT
Forget market share -- which desktop operating system is truly the best? Four experts defend their OS of choice in an opinionated free-for-all.

Source: Computerworld

Malware count blows past 1M mark   08 Apr 2008 05:07 GMT
The number of malware threats is rising exponentially, with Symantec reporting that the total number of threats passed the 1 million mark in 2007.

Source: Computerworld

Black Hat Europe, Day 4 (Finally): Early wake-up calls always lead to long days   07 Apr 2008 18:12 GMT
For those of you who had been reading my Day 1, Day 2/Day 3, and Day 2 revisited stories about Black Hat Europe here on ZDNet, I'm sure you were wondering what happened to Day 4, the second day of conferences.  Well, after a long delay, here it is!  Basically, I got caught up...
Source: ZDNet

The next big thing? Crimeware-as-a-service   07 Apr 2008 14:49 GMT
Finjan says Crimeware-as-a-Service (CaaS) is becoming an increasing problem and the ability of law enforcement to track malicious hackers will become increasingly hampered. On Monday, Finjan's Malicious Code Research Center (MCRC) released its first quarter Web security trends report (registration required) and highlighted CaaS. finjan's release is...
Source: ZDNet

MokaFive and Desktop Virtualization   07 Apr 2008 10:00 GMT
MokaFive is lauching MokaFive Virtual Desktop Solution™, its entry into the rapidly moving "desktop virtualization market, today. Although the claims MokaFive is making sound similar to many other suppliers in this area, the company appears to have come up with a slighly different approach, one that just make the process...
Source: ZDNet

Confronting the Application Layer   07 Apr 2008 04:27 GMT
A security manager can't simply ignore the things she doesn't understand. So it's time to secure Web-enabled apps.

Source: Computerworld

IT Tries to Keep Internal Users Under Control   07 Apr 2008 04:27 GMT
Tools that monitor end-user activities and flag violations of corporate policies may be able to help stop rogue insiders from compromising data. But they aren't being widely adopted yet.

Source: Computerworld