Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Content posted in July 2008
<<   <   Page 2 / 2
What Should VMware Do Now?
Commentary  |  7/9/2008  | 
VMware had its first bad day yesterday and in what amounted to piling on, by the time you got through all the blogs and articles, you would think they were folding up the VMware tent.
Hacking The Hypervisor
Commentary  |  7/8/2008  | 
Security researchers from Invisible Things Lab will be demonstrating (they say) just how easy it is to hack the hypervisor. More specifically, they'll be discussing the (in)security of the Xen hypervisor, such as how to plant rootkits, how to bypass various hypervisor anti-subverting techniques, as well as how "Bluepills" can be used in bare-metal hypervisor compromises. They plan on releasing proof-of-concept code. This could get interesting.
Hacked ICANN Not Master Of Its Own Domain
Commentary  |  7/8/2008  | 
You know the security threatscape is getting weirder when the organization in charge of domain names gets some of its own domains hacked.
Identity Management As A Service
Commentary  |  7/7/2008  | 
Just before the long July 4 holiday weekend, I had a chance to speak with on-demand identity management start-up Symplified. This vendor is well capitalized and has veteran IdM leadership at its helm. It also wants to "revolutionize" the identity and assessment management (IdM) market. And it just might do so.
Watch your Back -- And Your Back-Office: Insider Threats More Than Double
Commentary  |  7/7/2008  | 
Insider threats increased by more than 100 percent over the past year, according to a new report. The percentage of identity breaches attributed to insider crime or error far exceeds those caused by external hackers.
Behind The Storage Cloud
Commentary  |  7/7/2008  | 
Last week we had an entry introducing everyone to cloud computing and cloud storage. As promised, it was and will be the first of many entries on the topic. In this entry we're going to start looking at some of the plumbing that will sustain the cloud. The look won't be exhaustive, and my intent is not to mention everyone that may have a role to play. I may simply not know them all yet or be unaware of t
Microsoft Readies Most Secure IE To Date
Commentary  |  7/3/2008  | 
Next month, should Microsoft make good on its promises, Internet Explorer 8 will pack some considerable security enhancements. Could Microsoft deliver not only the most widely used Web browser, but also the most secure?
Faster Laptop Check-Throughs May Be In The Bag
Commentary  |  7/3/2008  | 
Just in time for higher airline ticket prices, reduced numbers of flights and capacities, cutbacks in travel budgets and the rest of the annoyances and irritations of what are quickly becoming the unfriendly skies, a new approach to laptop/notebook cases promises to speed road warriors' transit through airport security checks.
Player Beware: PS3 Site Hacks Can Game Your Systems
Commentary  |  7/2/2008  | 
Whether or not you're a gamer, the detection of malware infestation on the Sony USA PlayStation Web site should give you pause. Compromises of popular commercial sites -- the sorts that employees and family members might visit, even if you don't -- are precisely the sort of thing that can have anything but a playful effect on your business.
Out Of Band Data Movers
Commentary  |  7/2/2008  | 
Another form of data mover is the out-of-band data mover. Unlike Global Namespaces or agent-based data movers, these data movers crawl selected servers when doing their analysis. As they access each file, they analyze it to see if meets any criteria that you might have set for data movement. S
Hey You. Yeah, You: Patch Your Web Browser
Commentary  |  7/1/2008  | 
Roughly 59% of Internet users use the latest, more secure Web browsers, according to an examination of what version Web browser, down to the patch level, people are using. That means about 576 million Web surfers leave themselves vulnerable to attack. You might just (not) be surprised by who doesn't patch.
Mishandling Information Overload A Security and Legal Risk
Commentary  |  7/1/2008  | 
Small and midsize businesses generate digital information a furious rate -- same as bigger business (and individuals, for that matter.) What to save and what to toss -- and the consequences of either -- looms large among security, business, compliance and fiduciary concerns. A new slideshow offers some interesting and provocative takes on taking out (and keeping in) the digital trash.
<<   <   Page 2 / 2


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21742
PUBLISHED: 2021-09-25
There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive information of users by accessing specific pages.
CVE-2020-20508
PUBLISHED: 2021-09-24
Shopkit v2.7 contains a reflective cross-site scripting (XSS) vulnerability in the /account/register component, which allows attackers to hijack user credentials via a crafted payload in the E-Mail text field.
CVE-2020-20514
PUBLISHED: 2021-09-24
A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/&lt;id&gt;.html allows authenticated attackers to delete all users.
CVE-2016-6555
PUBLISHED: 2021-09-24
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in ver...
CVE-2016-6556
PUBLISHED: 2021-09-24
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This iss...