News & Commentary

Content posted in January 2010
Page 1 / 5   >   >>
49 Congressional Websites Hacked By Brazilian 'Red Eye Crew'
News  |  1/29/2010  | 
Defacement worries legislators, who have been hit previously
Google Offers Hackers Bucks For Chrome Bugs
News  |  1/29/2010  | 
New vulnerability disclosure incentive program pays a minimum $500 per critical bug
Personal Data Of 77,000 At Risk As Data Is Lost In Alaska
Quick Hits  |  1/29/2010  | 
PricewaterhouseCoopers under the gun as state government seeks records lost in legal case
Wiping Out Wimpy Passwords
Commentary  |  1/29/2010  | 
Recent breaches at Rockyou.com and Hotmail illustrate the consistency of human behavior: Since the dawn of access control systems, users continue to choose easily guessed passwords.
Government's Cybersecurity Role Gets Mixed Reaction
News  |  1/29/2010  | 
A survey of critical infrastructure executives finds mixed views on government's role in cybersecurity in the private sector.
Global Critical Infrastructure Networks Regularly Under Attack
Quick Hits  |  1/28/2010  | 
New report from the Center for Strategic and International Studies finds it's not a matter of when energy, telecom, and other networks will be attacked -- but how often
Phishing Attacks Steadily Rise
Commentary  |  1/28/2010  | 
A report this week shows the number of phishing attacks continue to climb, year over year. Ditto for the number of Web servers dishing out malware. And the country that hosts the most phishing sites? That one just may surprise you.
Black Hat DC: Researchers To Release Web Development Platform Hacking Tool
News  |  1/28/2010  | 
Tool tests for newly discovered class of vulnerabilities in popular Apache, Sun, Microsoft Web development platforms
Critical Infrastructure Vulnerable To Attack
News  |  1/28/2010  | 
A report finds widespread concern among IT security executives about cyber threats to industry networks.
Identity Thieves Successfully Targeting Wealthy Victims, Study Says
News  |  1/27/2010  | 
Affluent individuals who live 'the good life' are 43 percent more likely to be victims, according to Experian
Report: SMBs To Spend More On Security
Commentary  |  1/27/2010  | 
According to a new survey from Forrester Research, businesses of all sizes plan to spend more on security -- especially network security -- in 2010.
IE 6 Aftermath: Time To Review Your Browser Strategy
Commentary  |  1/27/2010  | 
The latest update for Internet Explorer is out, and organizations are busy applying or at least certifying the patch on their testbeds.
Microsoft Finds Indiscreet Sharing Costs Jobs
News  |  1/27/2010  | 
A survey commissioned by the company shows that the majority of human resources professionals have rejected job applicants based on information found online.
Computer Theft Adds Up To $7 Million For Blue Cross Of Tennessee
Quick Hits  |  1/27/2010  | 
October break-in nets 57 computers for thieves -- and major headaches for healthcare firm
Cybersecurity Czar's First Two Weeks On The Job 'Non-Stop'
News  |  1/27/2010  | 
Howard Schmidt address Google attack in first public speech
Anatomy Of A Targeted, Persistent Attack
News  |  1/27/2010  | 
New report provides an inside look at real attacks that infiltrated, camped out, and stole intellectual property and proprietary information -- and their links to China
Cybersecurity Chief Confronts Google Attack, Cloud Security
News  |  1/27/2010  | 
New to the job, Howard Schmidt's priorities include developing an organized response to attacks on American systems, private-public partnerships, and R&D.
Global CIO: After Google Cyber Attack, CIOs Must Find The Body
Commentary  |  1/26/2010  | 
The Aurora attacks from China are incredibly advanced and malicious, says McAfee's CTO: "Where's the body?"
Cost Of Data Breaches Increased In 2009, Study Says
News  |  1/26/2010  | 
Ponemon Institute research says malicious attacks are the most costly breaches
Google Fixes Toolbar Privacy Flaw
News  |  1/26/2010  | 
Prompted by a report on a privacy problem affecting its browser toolbar add-on, Google has addressed the issue with an update.
Report: More Than 560,000 Websites Infected In Q4
Quick Hits  |  1/26/2010  | 
Web attacks get stealthier and more efficient; 5.5 million Web pages discovered to be infected
New Attack Uses Internet Explorer's Own Features Against It
News  |  1/26/2010  | 
Microsoft investigating threat, considering patch, or offering guidance for protection
Global CIO: UPS Provides Peek Into Future Of Wireless
Commentary  |  1/25/2010  | 
Watching what UPS is doing with its wireless devices has been a good indicator of where the industry is headed
Google Chrome Gets Extensions, APIs
News  |  1/25/2010  | 
With support for user-installed extensions, Google Chrome presents stronger competition to the more established Web browsers.
Flaws In The 'Aurora' Attacks
News  |  1/25/2010  | 
Security experts say targeted attacks could have been much worse, point out strategic errors made by the attackers
China Denies Attacking Google
News  |  1/25/2010  | 
Officials in China call claims that the government had a role in the cyber attack on Google and other companies "groundless."
BBB Offers SMB Security Info
Commentary  |  1/25/2010  | 
The Better Business Bureau, working with technology and financial companies, unveiled a new online educational resource intended to help small businesses get a grip on data and online security. Based on the BB's numbers, it's past time for plenty of those businesses and their staffs to go back to school.
New Worm Overwrites Master Boot Records
Quick Hits  |  1/25/2010  | 
Win32/Zimuse could make it difficult for users to access or restore their data, researchers say
Cost of Data Breaches Continue Their Rise
Commentary  |  1/25/2010  | 
Businesses that suffered a data breach in 2009 paid a higher price for the incident than any previous year, according to a study released today. Also, the average cost for a data breach reached an eye-opening $6.75 million.
Get Data Out Of The Cloud
Commentary  |  1/25/2010  | 
As the Cloud Compute and Cloud Storage markets continue to mature, some of those vendors are going to go out of business. It is the natural order of things. The strong (or well funded) survive. You either need to be very sure that the cloud vendor is not going to be one of those that does or you need to make sure you are getting your data out of the cloud on a regular basis.
Consumer Awareness Of Online Threats Is Up, Study Says
Quick Hits  |  1/25/2010  | 
Users more worried about phishing, social networking threats, according to RSA
Global CIO: Salesforce.com CEO Benioff On IT Scams And Cloud Power
Commentary  |  1/25/2010  | 
In Part 2 of our Salesforce.com analysis, Benioff describes the power of the cloud and proves it with his company's incredibly lean IT infrastructure.
4 Steps For Trimming Patch Management Time
News  |  1/22/2010  | 
The heat is on to protect your systems from the newest exploits; here's a look at how to speed up patching without causing problems
HP Expands Security Portfolio
News  |  1/22/2010  | 
By adding new security services and integrating them, HP aims to simplify enterprise security and regulatory compliance.
Product Watch: Report Finds '123456' Most Popular Password
News  |  1/22/2010  | 
Imperva's study of 32 million passwords breached in last month's Rockyou.com hack finds consumer users still creating weak passwords
Weak Passwords Pervasive, Despite Security Risks
News  |  1/22/2010  | 
Data from a breach affecting 32 million online accounts reveals the persistent popularity of weak passwords, despite obvious risks.
Operating In An Insecure World
Commentary  |  1/22/2010  | 
I've heard of the idea of operating day-to-day with the assumption that your organization is already compromised, and I just saw it reiterated in the Tenable Security Blog, but I think it's a tough one to swallow for most organizations. There has to be some level of trust within an organization, otherwise, how could you get any business done. But as tough as it is to accept, there is value in taking this approach.
Privacy Network Tor Suffers Breach
Commentary  |  1/22/2010  | 
The virtual network, Tor, designed to provide private and secure Web browsing to people around the world had a number of servers hacked recently. The Tor anonymous network is helpful to those living in nations that oppress free speech, such as China and Iran, and need unfettered access to information.
Global CIO: Will Steve Jobs Ban Google From AppleWorld?
Commentary  |  1/21/2010  | 
An imaginative Apple investor says Steve Jobs is preparing to rock Google's world.
New Details On Targeted Attacks On Google, Others, Trickle Out
News  |  1/21/2010  | 
Meanwhile, Microsoft releases emergency patch for IE exploit used in the attacks
Secretary Clinton: Countries, Individuals Who Wage Cyberattacks Should 'Face Consequences And International Condemnation'
Quick Hits  |  1/21/2010  | 
U.S. Secretary of State again calls on China to investigate attacks on Google, others
Avoiding ATM "Skimmer" Threats
Commentary  |  1/21/2010  | 
A security expert has posted photos of a device that could cost your small business dearly if you fall prey to it: an ATM "skimmer."
Microsoft Releases Critical Internet Explorer Patch
News  |  1/21/2010  | 
With exploit code already in circulation, Microsoft has made a planned February browser fix available immediately.
Sloppy Software Dev Exposes Google Hacker Holes
Commentary  |  1/21/2010  | 
I've ranted on the subject before, but it's worth sounding off again in light of the recent China hacker breaches of Gmail: Poor software development procedures are the big reason major firms are apparently running around scared witless that their products are vulnerable to cyberattacks. (The corollary, about which we haven't read anything, is that firms with buttoned-down dev rules are likely feeling, if not entirely safe, then at least free of the panic which plagues the cluelessly unprepared.
Inside IBM's Patent Applications For Airport Security
News  |  1/21/2010  | 
Technology has potential to apply profiling of passengers, alerting officials to potential terminal and tarmac threats
Google/China Reality Check Amid The Fog Of Cyberwar
Commentary  |  1/21/2010  | 
We've all heard about the Chinese attacks against Google by now. We've heard of Google's moral standing, how corporations now impact international relations, and how censorship is bad and freedom is good. However, some important questions lost in the fog of war need to be asked.
Microsoft IE Patch Due Today -- Once It's Out, Do The Microsoft IE Patch Today
Commentary  |  1/21/2010  | 
The fact that the patch for the high-buzz IE vulnerability is being released "out-of-band" is an indication of Microsoft's concern -- both for the vulnerability and no doubt for the rising negative buzz chorus as well. Either way, it's up to you to get your browsers patched, the sooner the better.
Global CIO: Salesforce.com CEO Benioff On Beating Microsoft & SAP In The Cloud
Commentary  |  1/20/2010  | 
Part 1 of 2: The cloud's foremost evangelist and highest achiever opines on those two rivals plus partner/competitor Oracle.
Industry-Standard Updater For Third-Party Apps Fails To Materialize
News  |  1/20/2010  | 
Secunia decides to go it alone after failing to get buy-in from other vendors to create a standard
Denial-of-Service Attack Intensity Grows
Commentary  |  1/20/2010  | 
A survey of 132 network operators and telecommunication providers reveal that Distributed Denial-of-Service (DDoS) attacks is the top day-to-day security challenge facing service providers.
Page 1 / 5   >   >>


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15594
PUBLISHED: 2018-08-20
arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests.
CVE-2018-15572
PUBLISHED: 2018-08-20
The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.
CVE-2018-15573
PUBLISHED: 2018-08-20
** DISPUTED ** An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata parameter and a pathname in the lf...
CVE-2018-15574
PUBLISHED: 2018-08-20
** DISPUTED ** An issue was discovered in the license editor in Reprise License Manager (RLM) through 12.2BL2. It is a cross-site scripting vulnerability in the /goform/edit_lf_get_data lf parameter via GET or POST. NOTE: the vendor has stated "We do not consider this a vulnerability."
CVE-2018-15570
PUBLISHED: 2018-08-20
In waimai Super Cms 20150505, there is stored XSS via the /admin.php/Foodcat/editsave fcname parameter.