Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

posted in July 2008
<<   <   Page 2 / 2
What Should VMware Do Now?
Commentary  |  7/9/2008  | 
VMware had its first bad day yesterday and in what amounted to piling on, by the time you got through all the blogs and articles, you would think they were folding up the VMware tent.
Hacking The Hypervisor
Commentary  |  7/8/2008  | 
Security researchers from Invisible Things Lab will be demonstrating (they say) just how easy it is to hack the hypervisor. More specifically, they'll be discussing the (in)security of the Xen hypervisor, such as how to plant rootkits, how to bypass various hypervisor anti-subverting techniques, as well as how "Bluepills" can be used in bare-metal hypervisor compromises. They plan on releasing proof-of-concept code. This could get interesting.
Hacked ICANN Not Master Of Its Own Domain
Commentary  |  7/8/2008  | 
You know the security threatscape is getting weirder when the organization in charge of domain names gets some of its own domains hacked.
Identity Management As A Service
Commentary  |  7/7/2008  | 
Just before the long July 4 holiday weekend, I had a chance to speak with on-demand identity management start-up Symplified. This vendor is well capitalized and has veteran IdM leadership at its helm. It also wants to "revolutionize" the identity and assessment management (IdM) market. And it just might do so.
Watch your Back -- And Your Back-Office: Insider Threats More Than Double
Commentary  |  7/7/2008  | 
Insider threats increased by more than 100 percent over the past year, according to a new report. The percentage of identity breaches attributed to insider crime or error far exceeds those caused by external hackers.
Behind The Storage Cloud
Commentary  |  7/7/2008  | 
Last week we had an entry introducing everyone to cloud computing and cloud storage. As promised, it was and will be the first of many entries on the topic. In this entry we're going to start looking at some of the plumbing that will sustain the cloud. The look won't be exhaustive, and my intent is not to mention everyone that may have a role to play. I may simply not know them all yet or be unaware of t
Microsoft Readies Most Secure IE To Date
Commentary  |  7/3/2008  | 
Next month, should Microsoft make good on its promises, Internet Explorer 8 will pack some considerable security enhancements. Could Microsoft deliver not only the most widely used Web browser, but also the most secure?
Faster Laptop Check-Throughs May Be In The Bag
Commentary  |  7/3/2008  | 
Just in time for higher airline ticket prices, reduced numbers of flights and capacities, cutbacks in travel budgets and the rest of the annoyances and irritations of what are quickly becoming the unfriendly skies, a new approach to laptop/notebook cases promises to speed road warriors' transit through airport security checks.
Player Beware: PS3 Site Hacks Can Game Your Systems
Commentary  |  7/2/2008  | 
Whether or not you're a gamer, the detection of malware infestation on the Sony USA PlayStation Web site should give you pause. Compromises of popular commercial sites -- the sorts that employees and family members might visit, even if you don't -- are precisely the sort of thing that can have anything but a playful effect on your business.
Out Of Band Data Movers
Commentary  |  7/2/2008  | 
Another form of data mover is the out-of-band data mover. Unlike Global Namespaces or agent-based data movers, these data movers crawl selected servers when doing their analysis. As they access each file, they analyze it to see if meets any criteria that you might have set for data movement. S
Hey You. Yeah, You: Patch Your Web Browser
Commentary  |  7/1/2008  | 
Roughly 59% of Internet users use the latest, more secure Web browsers, according to an examination of what version Web browser, down to the patch level, people are using. That means about 576 million Web surfers leave themselves vulnerable to attack. You might just (not) be surprised by who doesn't patch.
Mishandling Information Overload A Security and Legal Risk
Commentary  |  7/1/2008  | 
Small and midsize businesses generate digital information a furious rate -- same as bigger business (and individuals, for that matter.) What to save and what to toss -- and the consequences of either -- looms large among security, business, compliance and fiduciary concerns. A new slideshow offers some interesting and provocative takes on taking out (and keeping in) the digital trash.
<<   <   Page 2 / 2


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-32411
PUBLISHED: 2022-07-01
An issue in the languages config file of HongCMS v3.0 allows attackers to getshell.
CVE-2022-32412
PUBLISHED: 2022-07-01
An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell.
CVE-2022-34903
PUBLISHED: 2022-07-01
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
CVE-2022-32324
PUBLISHED: 2022-07-01
PDFAlto v0.4 was discovered to contain a heap buffer overflow via the component /pdfalto/src/pdfalto.cc.
CVE-2022-32325
PUBLISHED: 2022-07-01
JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c.