Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in October 2009
<<   <   Page 2 / 3   >   >>
DHS Secretary Says Cabinet-Level IT Position Unnecessary
News  |  10/20/2009  | 
Napolitano addresses role of cybersecurity czar, calls for individuals to take personal responsibility by practicing better security habits
E-Health Records Put Patient Privacy At Risk
News  |  10/20/2009  | 
Healthcare IT managers say their organizations aren't adequately protecting electronic health records, survey says.
Gumblar: Back With A Vengeance
Commentary  |  10/20/2009  | 
Earlier this year, the botnet Gumblar made a splash when it infected more than 2,300 Websites, including popular destinations such as Tennis.com, Variety, and Coldwellbanker.com. Now, security researchers say Gumblar is back in strength and is changing its tactics.
Phishing Alert: Get Your Guards Up! Botnet On The Move And It Looks Like It's Coming From YOU
Commentary  |  10/20/2009  | 
Odds are you or someone in your business have received some dangerously convincing e-mails in the last few days. Mail that claims to come from Microsoft, warning of Conficker infections and, more dangerously, mail that appears to be from your administrator at your own domain, announcing a server upgrade. They're phishing attacks, of course, and particularly nasty ones.
Gallup, Unisys Polls: Most Americans Worried About ID Theft
Quick Hits  |  10/20/2009  | 
Cybercrime top of the polls when it comes to crime concerns in the U.S.
NSA Director Tapped For Cyber Command
News  |  10/20/2009  | 
Lt. Gen. Keith Alexander will be in charge of cyberwarfare and the security of military networks.
Mozilla Restores Blocked Microsoft Extension For Firefox
News  |  10/19/2009  | 
A controversial Firefox extension is working again after being blocked as a security risk over the weekend.
Botnet Unleashes Variety Of New Phishing Attacks
News  |  10/19/2009  | 
Attackers use phony messages of system upgrades, Outlook updates, and Microsoft Conficker 'cleanup tool' to spread malware
'Middlemen' Drive Distribution Of Rogue Security Software, Report Says
Quick Hits  |  10/19/2009  | 
Symantec study says networks of 'affiliates' are paid between a penny and 55 cents for each download of scareware
Using USBs For Incident Response
Commentary  |  10/19/2009  | 
I was honored to be the keynote speaker this week at Operation WebLock, a cyber incident response two-day seminar hosted by the Florida Department of Law Enforcement. The event focused on helping administrators and IT staff respond better to cyber-threats that could affect their networks and Florida's infrastructure -- a very worthwhile endeavor, and awesome that it was offered free to local business, government, and law enforcement.
Full Nelson: The Growing Threat Of Cyberwarfare
Commentary  |  10/19/2009  | 
Many more casualities will pile up, but policy and agreements will prove meaningless against today's anonymous cyberwarrior.
Scammers Up The 'Rogueware' War
Commentary  |  10/17/2009  | 
Attackers have been known to encrypt user files (such as happened with Gpcode), and then demand payment for the decryption key, for some time. These so-called rogueware, including scareware, attacks have been underway for some time. Now scammers have upped their attack tactics.
Security Software's New Form Factor: Free
News  |  10/16/2009  | 
Emerging vendors find viral marketing works very well in security arena
NASA Told To Plug IT Security Holes
News  |  10/16/2009  | 
The space agency has suffered hundreds of security incidents, including malware, data breaches, stolen laptops, and bot nets, according to the GAO.
Ex-Ford Engineer Indicted For Allegedly Stealing Company Secrets
Quick Hits  |  10/16/2009  | 
Xiang Dong Yu allegedly copied 4,000 sensitive Ford documents onto a USB drive before leaving the company
Here Comes Automated Storage Tiering
Commentary  |  10/16/2009  | 
At Storage Networking World, at least one new category in storage is coming to the forefront; Automated Storage Tiering. These are typically devices that can sit in front of your existing storage platform and allow some of it to leverage a high speed solid state front end without you manually having to move data to a Solid State Disk (SSD).
Integrating WAFs And Vulnerability Scanners
News  |  10/15/2009  | 
Sharing vulnerability scanning data with a WAF could expedite shielding Web apps from newly discovered flaws, but it also opens the door for false positives
App Whitelisting Potentially More Effective Against Bots
Commentary  |  10/15/2009  | 
Application whitelisting is beginning to look more and more appealing. Don't get me wrong. It has had its merits all along. But lately I've seen way too many failures of antivirus against bots, and that has me rethinking a few things.
Laptop Theft Nets Data On 800,000 Doctors
News  |  10/15/2009  | 
The stolen laptop contained personal data on nearly every physician in the country.
UPDATE Sidekick Data Restored: Security And Cofidence Questions Remain
Commentary  |  10/15/2009  | 
So now the missing Microsoft/T-Mobile Sidekick is back, doubtless relieving both hundreds of thousands of customers and the legal departments at the affected companies. But the questions about confidence in cloud-based data remain. And that's a good thing.
New Fake Antivirus Attack Holds Victim's System Hostage
Quick Hits  |  10/15/2009  | 
Attack forces user to purchase phony antivirus package to free computer
The Priority Patches From This Month's Batch
Commentary  |  10/15/2009  | 
Tuesday's patch releases by Microsoft and Adobe are creating plenty of work for IT administrators -- quite possibly involving multiple groups with further coordination and meetings. But there are two patches that IT administrators should be focusing on to roll out quickly:
Ellison Details Oracle Enterprise Manager Rollout
News  |  10/15/2009  | 
During OpenWorld keynote, Oracle CEO highlights integration with My Oracle Support and Oracle Fusion Applications
DIY: Defending Against A DDoS Attack
News  |  10/14/2009  | 
Proactive self-defense can make DDoS attacks less painful and damaging
Adobe Fixes 29 Flaws In Acrobat And Reader
News  |  10/14/2009  | 
At least one of the vulnerabilities addressed is being actively exploited.
DNS Error Causes Sweden To Go Offline
Quick Hits  |  10/14/2009  | 
Failed software update causes ".se" domain to temporarily disappear from Web
Cost, Strength Of Security Drive Users Toward SaaS Offerings
News  |  10/14/2009  | 
New Dark Reading report offers a look at the strengths, weaknesses of security SaaS -- and how to choose the right provider
Google Postini Customers Fuming Over Outage
News  |  10/14/2009  | 
E-mail delivery problems dogged Google's Postini Tuesday, and the company's business customers are demanding better communication.
Getting Around Vertical Database Security
Commentary  |  10/14/2009  | 
A few database administrators told me they wanted to know why database security is vertical and how they can fix it. True, database access controls are vertical. The basic construct of a database is a table, and access controls grant access to tables or columns. This means you can see all of the entries from top to bottom, or none at all. Access is vertical and it lacks granularity.
Understanding Storage Controller Performance
Commentary  |  10/14/2009  | 
Storage controllers are the engine that drives the storage system you own. They are essentially a compute engine for storage arrays. Understanding storage controller performance and what can impact storage controllers is an important step in the optimization of your storage environment. It is also something that many storage managers assume is good enough.
Sidekick Failure Highlights Security Demands Cloud Customers Must Make
Commentary  |  10/14/2009  | 
Whether or not Sidekick recovers from the data debacle that may have cost hundreds of thousands of customers their cloud-stored material, the disaster shows into sharp relief a couple of great and greatly unasked questions about doing business in and with the cloud: How confident can you be of your cloud service providers? How confident should you insist on being?
RAND: U.S. Should Not Prioritize Cyberwarfare
Commentary  |  10/13/2009  | 
The think tank RAND came out with an Air Force funded paper that concludes spending money on operational cyberwarfare is a waste of budget. I agree.
McAfee Rolls Out Centralized Security Solution For Macs
Commentary  |  10/13/2009  | 
Security vendor McAfee has announced McAfee Endpoint Protection for Mac, a unified suite of security features that can be managed from a central console. The product is intended to address the security needs of the growing number of Macintoshes in businesses.
Patch Tuesday Is Microsoft's Biggest Ever
News  |  10/13/2009  | 
Thirteen security bulletins address 34 vulnerabilities -- 22 of them critical
Apple Acknowledges Snow Leopard Bug
News  |  10/13/2009  | 
The flaw, which may delete personal data, is related to a change in the way the operating system handles guest accounts.
In Support of Poor Ol' Windows Vista
Commentary  |  10/13/2009  | 
We just released the October issue of the CSI Alert to CSI members, and this month we focus on Windows 7. This issue is, in some ways, a follow-up to last year's issue, "The Fate of the Secure OS," in which I said some nice things about Windows Vista, and advised it would be imprudent to completely ignore Windows Vista -- eyes-closed, fingers-in-ears, chanting I'm-not-listening-I'm-not-listening.
Adobe Issues Patches For Critical PDF Flaws
Quick Hits  |  10/13/2009  | 
Vulnerabilities in Adobe Reader, Acrobat are already being exploited in the wild
Microsoft Releases Mammoth Security Patch
News  |  10/13/2009  | 
The company's 13 security bulletins set a record and bring Windows 7 its first official fixes.
Google Helps Webmasters Spot Malware
News  |  10/12/2009  | 
In an effort to help owners of compromised Web sites find and remove hidden malware, Google is now offering a malware identification tool to Webmasters who have registered their sites with the company.
Software Piracy Increasingly Leading To Malware Infection, Study Says
Quick Hits  |  10/12/2009  | 
More than 40 percent of software on PCs is pirated, Business Software Alliance reports
Google Patches Android DoS Flaws
News  |  10/12/2009  | 
The patch fixes flaws that would enable malformed SMS messages or mobile applications to crash Android 1.5 handsets.
Enterprises Continue To Struggle With Vulnerability Management
News  |  10/12/2009  | 
New Dark Reading report offers a look at how to find -- and fix -- security flaws in enterprise infrastructure
Cyberwar Readiness Recast As Low Priority
News  |  10/12/2009  | 
Preparedness for cyberwar should have a place in U.S. defense planning, but resources are better spent on bolstering potentially vulnerable infrastructure, according to think tank RAND.
Dark Reading Launches Vulnerability Management Tech Center
Commentary  |  10/12/2009  | 
Today Dark Reading launches a new feature: the Vulnerability Management Tech Center, a subsite of Dark Reading devoted to bringing you news, product information, opinion, and analysis of the technologies and practices used to identify and eradicate security vulnerabilities from enterprise IT environments.
Phishing Your Users for Better Security
Commentary  |  10/12/2009  | 
A couple of years ago, William Perlgrin taught users about phishing...by phishing them. In doing so, the director of the New York State Office of Cyber Security and Critical Infrastructure Coordination, created an awareness program that (for the most part) worked.
Google Patches Google Pack Vulnerability
News  |  10/9/2009  | 
Google Pack, the company's collection of free Google and third-party applications, had a vulnerable component that Google has just fixed.
Six Steps Toward Better Database Security Compliance
News  |  10/9/2009  | 
Discovery, assessment, and monitoring play key roles in compliance efforts, experts say
Congressmen Inquire About JPMorgan Chase Breach
Quick Hits  |  10/9/2009  | 
Lawmakers say they want to know about personal data contained in missing computer tape
Patch Alert! Microsoft Releasing Largest Patch Array Ever
Commentary  |  10/9/2009  | 
Use BOLD when you mark next Tuesday on your patch calendar-- that's when Microsoft is releasing the biggest patch array ever: 13 patches addressing close to 3 dozen vulnerabilities.
Microsoft Security Fix Breaks Record Set In June
News  |  10/9/2009  | 
Next week's "Patch Tuesday" will keep IT administrators busy. Fixes include two zero-day vulnerabilities, at least one of which is actively being exploited.
<<   <   Page 2 / 3   >   >>

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-07-01
An issue in the languages config file of HongCMS v3.0 allows attackers to getshell.
PUBLISHED: 2022-07-01
An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell.
PUBLISHED: 2022-07-01
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
PUBLISHED: 2022-07-01
PDFAlto v0.4 was discovered to contain a heap buffer overflow via the component /pdfalto/src/pdfalto.cc.
PUBLISHED: 2022-07-01
JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c.