News & Commentary
Content posted in January 2010
|
49 Congressional Websites Hacked By Brazilian 'Red Eye Crew'
Defacement worries legislators, who have been hit previously
Google Offers Hackers Bucks For Chrome Bugs
New vulnerability disclosure incentive program pays a minimum $500 per critical bug
Personal Data Of 77,000 At Risk As Data Is Lost In Alaska
PricewaterhouseCoopers under the gun as state government seeks records lost in legal case
Wiping Out Wimpy Passwords
Recent breaches at Rockyou.com and Hotmail illustrate the consistency of human behavior: Since the dawn of access control systems, users continue to choose easily guessed passwords.
Government's Cybersecurity Role Gets Mixed Reaction
A survey of critical infrastructure executives finds mixed views on government's role in cybersecurity in the private sector.
Global Critical Infrastructure Networks Regularly Under Attack
New report from the Center for Strategic and International Studies finds it's not a matter of when energy, telecom, and other networks will be attacked -- but how often
Phishing Attacks Steadily Rise
A report this week shows the number of phishing attacks continue to climb, year over year. Ditto for the number of Web servers dishing out malware. And the country that hosts the most phishing sites? That one just may surprise you.
Black Hat DC: Researchers To Release Web Development Platform Hacking Tool
Tool tests for newly discovered class of vulnerabilities in popular Apache, Sun, Microsoft Web development platforms
Critical Infrastructure Vulnerable To Attack
A report finds widespread concern among IT security executives about cyber threats to industry networks.
Identity Thieves Successfully Targeting Wealthy Victims, Study Says
Affluent individuals who live 'the good life' are 43 percent more likely to be victims, according to Experian
Report: SMBs To Spend More On Security
According to a new survey from Forrester Research, businesses of all sizes plan to spend more on security -- especially network security -- in 2010.
IE 6 Aftermath: Time To Review Your Browser Strategy
The latest update for Internet Explorer is out, and organizations are busy applying or at least certifying the patch on their testbeds.
Microsoft Finds Indiscreet Sharing Costs Jobs
A survey commissioned by the company shows that the majority of human resources professionals have rejected job applicants based on information found online.
Computer Theft Adds Up To $7 Million For Blue Cross Of Tennessee
October break-in nets 57 computers for thieves -- and major headaches for healthcare firm
Cybersecurity Czar's First Two Weeks On The Job 'Non-Stop'
Howard Schmidt address Google attack in first public speech
Anatomy Of A Targeted, Persistent Attack
New report provides an inside look at real attacks that infiltrated, camped out, and stole intellectual property and proprietary information -- and their links to China
Cybersecurity Chief Confronts Google Attack, Cloud Security
New to the job, Howard Schmidt's priorities include developing an organized response to attacks on American systems, private-public partnerships, and R&D.
Global CIO: After Google Cyber Attack, CIOs Must Find The Body
The Aurora attacks from China are incredibly advanced and malicious, says McAfee's CTO: "Where's the body?"
Cost Of Data Breaches Increased In 2009, Study Says
Ponemon Institute research says malicious attacks are the most costly breaches
Google Fixes Toolbar Privacy Flaw
Prompted by a report on a privacy problem affecting its browser toolbar add-on, Google has addressed the issue with an update.
Report: More Than 560,000 Websites Infected In Q4
Web attacks get stealthier and more efficient; 5.5 million Web pages discovered to be infected
New Attack Uses Internet Explorer's Own Features Against It
Microsoft investigating threat, considering patch, or offering guidance for protection
Global CIO: UPS Provides Peek Into Future Of Wireless
Watching what UPS is doing with its wireless devices has been a good indicator of where the industry is headed
Google Chrome Gets Extensions, APIs
With support for user-installed extensions, Google Chrome presents stronger competition to the more established Web browsers.
Flaws In The 'Aurora' Attacks
Security experts say targeted attacks could have been much worse, point out strategic errors made by the attackers
China Denies Attacking Google
Officials in China call claims that the government had a role in the cyber attack on Google and other companies "groundless."
BBB Offers SMB Security Info
The Better Business Bureau, working with technology and financial companies, unveiled a new online educational resource intended to help small businesses get a grip on data and online security. Based on the BB's numbers, it's past time for plenty of those businesses and their staffs to go back to school.
New Worm Overwrites Master Boot Records
Win32/Zimuse could make it difficult for users to access or restore their data, researchers say
Cost of Data Breaches Continue Their Rise
Businesses that suffered a data breach in 2009 paid a higher price for the incident than any previous year, according to a study released today. Also, the average cost for a data breach reached an eye-opening $6.75 million.
Get Data Out Of The Cloud
As the Cloud Compute and Cloud Storage markets continue to mature, some of those vendors are going to go out of business. It is the natural order of things. The strong (or well funded) survive. You either need to be very sure that the cloud vendor is not going to be one of those that does or you need to make sure you are getting your data out of the cloud on a regular basis.
Consumer Awareness Of Online Threats Is Up, Study Says
Users more worried about phishing, social networking threats, according to RSA
Global CIO: Salesforce.com CEO Benioff On IT Scams And Cloud Power
In Part 2 of our Salesforce.com analysis, Benioff describes the power of the cloud and proves it with his company's incredibly lean IT infrastructure.
4 Steps For Trimming Patch Management Time
The heat is on to protect your systems from the newest exploits; here's a look at how to speed up patching without causing problems
HP Expands Security Portfolio
By adding new security services and integrating them, HP aims to simplify enterprise security and regulatory compliance.
Product Watch: Report Finds '123456' Most Popular Password
Imperva's study of 32 million passwords breached in last month's Rockyou.com hack finds consumer users still creating weak passwords
Weak Passwords Pervasive, Despite Security Risks
Data from a breach affecting 32 million online accounts reveals the persistent popularity of weak passwords, despite obvious risks.
Operating In An Insecure World
I've heard of the idea of operating day-to-day with the assumption that your organization is already compromised, and I just saw it reiterated in the Tenable Security Blog, but I think it's a tough one to swallow for most organizations. There has to be some level of trust within an organization, otherwise, how could you get any business done. But as tough as it is to accept, there is value in taking this approach.
Privacy Network Tor Suffers Breach
The virtual network, Tor, designed to provide private and secure Web browsing to people around the world had a number of servers hacked recently. The Tor anonymous network is helpful to those living in nations that oppress free speech, such as China and Iran, and need unfettered access to information.
Global CIO: Will Steve Jobs Ban Google From AppleWorld?
An imaginative Apple investor says Steve Jobs is preparing to rock Google's world.
New Details On Targeted Attacks On Google, Others, Trickle Out
Meanwhile, Microsoft releases emergency patch for IE exploit used in the attacks
Secretary Clinton: Countries, Individuals Who Wage Cyberattacks Should 'Face Consequences And International Condemnation'
U.S. Secretary of State again calls on China to investigate attacks on Google, others
Avoiding ATM "Skimmer" Threats
A security expert has posted photos of a device that could cost your small business dearly if you fall prey to it: an ATM "skimmer."
Microsoft Releases Critical Internet Explorer Patch
With exploit code already in circulation, Microsoft has made a planned February browser fix available immediately.
Sloppy Software Dev Exposes Google Hacker Holes
I've ranted on the subject before, but it's worth sounding off again in light of the recent China hacker breaches of Gmail: Poor software development procedures are the big reason major firms are apparently running around scared witless that their products are vulnerable to cyberattacks. (The corollary, about which we haven't read anything, is that firms with buttoned-down dev rules are likely feeling, if not entirely safe, then at least free of the panic which plagues the cluelessly unprepared.
Inside IBM's Patent Applications For Airport Security
Technology has potential to apply profiling of passengers, alerting officials to potential terminal and tarmac threats
Google/China Reality Check Amid The Fog Of Cyberwar
We've all heard about the Chinese attacks against Google by now. We've heard of Google's moral standing, how corporations now impact international relations, and how censorship is bad and freedom is good. However, some important questions lost in the fog of war need to be asked.
Microsoft IE Patch Due Today -- Once It's Out, Do The Microsoft IE Patch Today
The fact that the patch for the high-buzz IE vulnerability is being released "out-of-band" is an indication of Microsoft's concern -- both for the vulnerability and no doubt for the rising negative buzz chorus as well. Either way, it's up to you to get your browsers patched, the sooner the better.
Global CIO: Salesforce.com CEO Benioff On Beating Microsoft & SAP In The Cloud
Part 1 of 2: The cloud's foremost evangelist and highest achiever opines on those two rivals plus partner/competitor Oracle.
Industry-Standard Updater For Third-Party Apps Fails To Materialize
Secunia decides to go it alone after failing to get buy-in from other vendors to create a standard
Denial-of-Service Attack Intensity Grows
A survey of 132 network operators and telecommunication providers reveal that Distributed Denial-of-Service (DDoS) attacks is the top day-to-day security challenge facing service providers.
|
White Papers
Video
3 Comments
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-9541
PUBLISHED: 2018-11-14
PUBLISHED: 2018-11-14
PUBLISHED: 2018-11-14
PUBLISHED: 2018-11-14
PUBLISHED: 2018-11-14
From DHS/US-CERT's National Vulnerability Database CVE-2018-9541
PUBLISHED: 2018-11-14
In avrc_pars_vendor_rsp of avcr_pars_ct.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Androi...
CVE-2018-9542PUBLISHED: 2018-11-14
In avrc_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 ...
CVE-2018-9543PUBLISHED: 2018-11-14
In f2fs_format_utils.c WITH_BLKDISCARD is not defined, which may cause the data partition to not be wiped at factory reset, leading to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. ...
CVE-2018-9544PUBLISHED: 2018-11-14
In register_app of btif_hd.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: A...
CVE-2018-9545PUBLISHED: 2018-11-14
In BTA_HdRegisterApp of bta_hd_api.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Androi...
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This