Secunia has updated its Personal Software Inspector (PSI) with the ability to silently download and apply patches from multiple vendors soon after their release. PSI 2.0 is now available in an open beta test,

Organizations seeking a reliable ally to help defend the network should seriously consider enlisting Wireshark, a free, open source network protocol analyzer that has been around since 1998. Created by Gerald Combs and worked on by hundreds of contributing developers, this tool has been the go-to soldier in the trenches for tens of millions of network troubleshooters and the envy of almost every other open source program.

A majority of security software suites still fail to detect attacks on PCs even after the style of attack has been known for some time, underscoring how cyber criminals still have the upper hand.

Voltaire is famous for noting that the main problem with common sense is that it’s not all that common. Proof of that abounds in the security industry, where people who should know better do idiotic things daily, according to Roger G. Johnston, a member of the vulnerability assessment team at Argonne National Laboratory.

Toshiba on Tuesday introduced a new hard drive feature that can wipe out data after the storage devices are powered down.

The Wipe feature in Toshiba’s SED (Self-Encrypting Drives) will allow for deletion of secure data prior to disposing or repurposing hard drives, Toshiba said in a statement. This feature prevents secure data from getting lost or stolen.

And you thought those iPhone 4 signal problems were bad — at last week’s Black Hat conference, a San Francisco firm called Lookout Mobile Security revealed that third-party smartphone apps are stealing user information and (literally) phoning home with it. And by “home,” I mean China.

A few companies in the Fortune 500 need to upgrade their Web browsers. And while they’re at it, a little in-house training on social engineering wouldn’t be a bad idea, either.

Hackers appear to be increasingly counting on configuration problems and programming errors rather than software vulnerabilities in order to steal information from computer systems, according to a new study from Verizon.

Is your company’s data under surveillance by foreign spybots looking for any competitive advantages or weaknesses they can exploit? This might sound farfetched, but such electronic espionage is real. It’s an insidious security threat that’s a lot more common than you probably realize.

As an IT or security executive, determining whether your organization is under attack via this seemingly undetectable threat — and putting in place adequate technology and procedural safeguards — should be a high priority. The stakes are too high to ignore the problem.

Is your company’s data under surveillance by foreign spybots looking for any competitive advantages or weaknesses they can exploit? This might sound farfetched, but such electronic espionage is real. It’s an insidious security threat that’s a lot more common than you probably realize.

As an IT or security executive, determining whether your organization is under attack via this seemingly undetectable threat — and putting in place adequate technology and procedural safeguards — should be a high priority. The stakes are too high to ignore the problem.

Researchers at Eset have discovered a second variant of the Stuxnet worm that uses a recently disclosed Windows vulnerability to attack Siemens industrial machines .

The second variant, which Eset calls “jmidebs.sys,” can spread via USB drives, exploiting an unpatched flaw in Windows involving a malicious shortcut file with the “.lnk” extension.

IBM announced it has added capabilities for Web application protection and data-loss prevention (DLP) to the basic technology platform for its intrusion-system prevention (IPS) product line.

Security managers are often concerned about employees who use Facebook at work and fall for the 419 “I’m trapped in London and need money” scam. Others might still have some in their organization who are convinced it is the Prince of Nigeria who wants to share his fortune. And with spear phishing, a targeted email attack in which messages are created to look like they come from an employer, bank or other trusted source, now a common criminal technique, the need for effective awareness programs for employees has become paramount.

Oracle released a set of 59 patches on Monday to fix security vulnerabilities across its entire range of database, application, and middleware products.

The patches include fixes for three critical flaws affecting virtually every supported version of the company’s Database Server technology.

A recent Forbes magazine article advised readers to assume that their companies have been hacked. Some readers have asked me to weigh in, and here’s my assessment: The article is slightly hyperbolic, but all in all, it’s a pretty accurate assessment. Most companies are actively hacked, and their sensitive data is being stolen and leaked to outsiders.

Websense Thursday is announcing that it’s making its data-loss prevention (DLP) suite free for 30 days under a “DLP for Download” program.

The roughly 600MB download available at the Websense.com site is the full enterprise Websense Data Security Suite. The download can be installed in a VMware-based environment and is intended to provide a quick way to evaluate the effectiveness of the software for stopping unauthorized transmission of data.

Businesses worried about keeping tabs on the latest Apple iPhone will soon be able to remotely interact with the devices in the event of theft, loss or mishap, Absolute Software has announced.

Using an update due in the next quarter, Absolute Software will enable Apple iPhones running iOS 4 to be remotely managed like any other portable computer using the company’s Absolute Manage system, the company said.

For all its promise of revolution, the computing industry often lags behind expectations. After all, your netbook is really just a laptop, only smaller and cheaper. The chip that powers your PC today has a direct lineage back to the Pentiums of yesterday. Your latest hard drive might hold 2TB, but it’s still just a hard drive. Where’s the real innovation?

In the labs, of course.

The hack of iPad user info on the AT&T site may be much worse than an embarassment, according to a security researcher who specializes in mobile devices.