Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Content posted in April 2009
<<   <   Page 2 / 2
SCADA Security: What SCADA Security?
Commentary  |  4/7/2009  | 
SCADA, the control systems for such infrastructure services as water and energy, has us worried whenever critical infrastructure defense is mentioned. Why, then, is it the most insecure industry on the planet?
Public More Scared Of Digital Dangers Than National Security Threats
Commentary  |  4/7/2009  | 
A new study finds that Americans are more concerned about identity theft than they are about national security. Could be they're right. And right or wrong, there are lessons here that affect your customers, partners, and employees
Register.com Suffered Massive Denial-of-Service Attack
Commentary  |  4/6/2009  | 
Anyone dependent on domain name registrar and hosting company Register.com, for either hosting their Web site or e-mail, learned first hand the pain of a distributed denial-of-service attack.
The Week After: Conflicted About Conficker
Commentary  |  4/6/2009  | 
The title says it all. With so much hype surrounding last week's impending destruction of the Internet, I started out a bit lackadaisical when people asked me about Conficker. As the week progressed, I started to feel annoyed and slightly hostile because so many people were coming to me to ask what was going to happen and how should they protect themselves. In hindsight, I should be happy at the new awareness brought on by Conficker, but I'm not.
Scanning Flash Apps For Insecurities
Commentary  |  4/3/2009  | 
Did you know that a simple Flash application on your Website could be a backdoor into your network? I've always known of such insecurities in Flash applications, but until recently, I had only looked at some Flash-based malware using Flare to analyze suspected malicious SWF files. All that has all changed with HP's new SWFScan tool,
More Mailicious Sites Than Ever. More On The Way.
Commentary  |  4/3/2009  | 
The number of malicious sites detected in March jumped by almost 200% over February, according to a new report from MessageLabs. The increase consists primarily image-based malware: time to warn your employees (and everybody else) about the risks of image-sharing sites, including social nets.
Getting Physical With Workstation Security
Commentary  |  4/2/2009  | 
So often we as security professionals talk about the security of the machines we're responsible for, and the only time physical security comes up is during the discussion of laptops and server rooms. We're concerned about laptop theft and loss that could lead to the dreaded customer notification process. Or maybe we brag about the awesome security of our datacenter. What about user workstations? Is there an subconscious assumption they're safe since they're behind locked doors?
Home Worker Security Is Business Security
Commentary  |  4/2/2009  | 
The news that IBM will no longer reimburse home-based workers for their Internet connections makes you wonder if Big Blue is going to make home-workers and telecommuters responsible for their own security. And that raises the question of how far you should go to make sure your off-site employees are using sound security sound security practices and procedures.
Archiving Your Way To Efficiency
Commentary  |  4/2/2009  | 
In an earlier post, You Can't DeDupe IT Administration, I discuss the problem with optimizing primary storage. While it is incredibly valuable to be able to squeeze more data into less storage footprint, from an administrative standpoint you still have to manage the data, there is limited increase in efficiency. Archiving however, especially disk based archive can provide tremendous gains in efficiency.
Anticipating Government Overreaction To An Actual Conficker Attack
Commentary  |  4/1/2009  | 
Most governments tend to overreact, and the U.S. probably leads the pack. Fortunately, we survived Conficker on Wednesday, but what if it had resulted in a massive amount of damage? Would the government's response have done more damage than the worm?
Conficker Communicates With Command; Conficker Media Communicators Miss An Opportunity
Commentary  |  4/1/2009  | 
As generally anticipated in the tech press, the Conficker worm communicated with its controllers, downloading new instructions, but otherwise failing to cause problems. Problems, though, were what many in the mainstream press were looking for, and therein lies a problem itself.
Dark Reading Launches Security Services Tech Center
Commentary  |  4/1/2009  | 
Today Dark Reading launches a new feature: the Security Services Tech Center, a subsite of Dark Reading devoted to bringing you news, product information, opinion, and analysis of the "outsourced" security services and technologies available to augment your organization's IT defenses.
<<   <   Page 2 / 2


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-43056
PUBLISHED: 2021-10-28
An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values.
CVE-2021-43057
PUBLISHED: 2021-10-28
An issue was discovered in the Linux kernel before 5.14.8. A use-after-free in selinux_ptrace_traceme (aka the SELinux handler for PTRACE_TRACEME) could be used by local attackers to cause memory corruption and escalate privileges, aka CID-a3727a8bac0a. This occurs because of an attempt to access th...
CVE-2021-3904
PUBLISHED: 2021-10-27
grav is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3906
PUBLISHED: 2021-10-27
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type
CVE-2021-3903
PUBLISHED: 2021-10-27
vim is vulnerable to Heap-based Buffer Overflow