Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
DHS Secretary Says Cabinet-Level IT Position Unnecessary
Napolitano addresses role of cybersecurity czar, calls for individuals to take personal responsibility by practicing better security habits
E-Health Records Put Patient Privacy At Risk
Healthcare IT managers say their organizations aren't adequately protecting electronic health records, survey says.
Gumblar: Back With A Vengeance
Earlier this year, the botnet Gumblar made a splash when it infected more than 2,300 Websites, including popular destinations such as Tennis.com, Variety, and Coldwellbanker.com. Now, security researchers say Gumblar is back in strength and is changing its tactics.
Phishing Alert: Get Your Guards Up! Botnet On The Move And It Looks Like It's Coming From YOU
Odds are you or someone in your business have received some dangerously convincing e-mails in the last few days. Mail that claims to come from Microsoft, warning of Conficker infections and, more dangerously, mail that appears to be from your administrator at your own domain, announcing a server upgrade. They're phishing attacks, of course, and particularly nasty ones.
Gallup, Unisys Polls: Most Americans Worried About ID Theft
Cybercrime top of the polls when it comes to crime concerns in the U.S.
NSA Director Tapped For Cyber Command
Lt. Gen. Keith Alexander will be in charge of cyberwarfare and the security of military networks.
Mozilla Restores Blocked Microsoft Extension For Firefox
A controversial Firefox extension is working again after being blocked as a security risk over the weekend.
Botnet Unleashes Variety Of New Phishing Attacks
Attackers use phony messages of system upgrades, Outlook updates, and Microsoft Conficker 'cleanup tool' to spread malware
'Middlemen' Drive Distribution Of Rogue Security Software, Report Says
Symantec study says networks of 'affiliates' are paid between a penny and 55 cents for each download of scareware
Using USBs For Incident Response
I was honored to be the keynote speaker this week at Operation WebLock, a cyber incident response two-day seminar hosted by the Florida Department of Law Enforcement. The event focused on helping administrators and IT staff respond better to cyber-threats that could affect their networks and Florida's infrastructure -- a very worthwhile endeavor, and awesome that it was offered free to local business, government, and law enforcement.
Full Nelson: The Growing Threat Of Cyberwarfare
Many more casualities will pile up, but policy and agreements will prove meaningless against today's anonymous cyberwarrior.
Scammers Up The 'Rogueware' War
Attackers have been known to encrypt user files (such as happened with Gpcode), and then demand payment for the decryption key, for some time. These so-called rogueware, including scareware, attacks have been underway for some time. Now scammers have upped their attack tactics.
Security Software's New Form Factor: Free
Emerging vendors find viral marketing works very well in security arena
NASA Told To Plug IT Security Holes
The space agency has suffered hundreds of security incidents, including malware, data breaches, stolen laptops, and bot nets, according to the GAO.
Ex-Ford Engineer Indicted For Allegedly Stealing Company Secrets
Xiang Dong Yu allegedly copied 4,000 sensitive Ford documents onto a USB drive before leaving the company
Here Comes Automated Storage Tiering
At Storage Networking World, at least one new category in storage is coming to the forefront; Automated Storage Tiering. These are typically devices that can sit in front of your existing storage platform and allow some of it to leverage a high speed solid state front end without you manually having to move data to a Solid State Disk (SSD).
Integrating WAFs And Vulnerability Scanners
Sharing vulnerability scanning data with a WAF could expedite shielding Web apps from newly discovered flaws, but it also opens the door for false positives
App Whitelisting Potentially More Effective Against Bots
Application whitelisting is beginning to look more and more appealing. Don't get me wrong. It has had its merits all along. But lately I've seen way too many failures of antivirus against bots, and that has me rethinking a few things.
Laptop Theft Nets Data On 800,000 Doctors
The stolen laptop contained personal data on nearly every physician in the country.
UPDATE Sidekick Data Restored: Security And Cofidence Questions Remain
So now the missing Microsoft/T-Mobile Sidekick is back, doubtless relieving both hundreds of thousands of customers and the legal departments at the affected companies. But the questions about confidence in cloud-based data remain. And that's a good thing.
New Fake Antivirus Attack Holds Victim's System Hostage
Attack forces user to purchase phony antivirus package to free computer
The Priority Patches From This Month's Batch
Tuesday's patch releases by Microsoft and Adobe are creating plenty of work for IT administrators -- quite possibly involving multiple groups with further coordination and meetings. But there are two patches that IT administrators should be focusing on to roll out quickly:
Ellison Details Oracle Enterprise Manager Rollout
During OpenWorld keynote, Oracle CEO highlights integration with My Oracle Support and Oracle Fusion Applications
DIY: Defending Against A DDoS Attack
Proactive self-defense can make DDoS attacks less painful and damaging
Adobe Fixes 29 Flaws In Acrobat And Reader
At least one of the vulnerabilities addressed is being actively exploited.
DNS Error Causes Sweden To Go Offline
Failed software update causes ".se" domain to temporarily disappear from Web
Cost, Strength Of Security Drive Users Toward SaaS Offerings
New Dark Reading report offers a look at the strengths, weaknesses of security SaaS -- and how to choose the right provider
Google Postini Customers Fuming Over Outage
E-mail delivery problems dogged Google's Postini Tuesday, and the company's business customers are demanding better communication.
Getting Around Vertical Database Security
A few database administrators told me they wanted to know why database security is vertical and how they can fix it. True, database access controls are vertical. The basic construct of a database is a table, and access controls grant access to tables or columns. This means you can see all of the entries from top to bottom, or none at all. Access is vertical and it lacks granularity.
Understanding Storage Controller Performance
Storage controllers are the engine that drives the storage system you own. They are essentially a compute engine for storage arrays. Understanding storage controller performance and what can impact storage controllers is an important step in the optimization of your storage environment. It is also something that many storage managers assume is good enough.
Sidekick Failure Highlights Security Demands Cloud Customers Must Make
Whether or not Sidekick recovers from the data debacle that may have cost hundreds of thousands of customers their cloud-stored material, the disaster shows into sharp relief a couple of great and greatly unasked questions about doing business in and with the cloud: How confident can you be of your cloud service providers? How confident should you insist on being?
RAND: U.S. Should Not Prioritize Cyberwarfare
The think tank RAND came out with an Air Force funded paper that concludes spending money on operational cyberwarfare is a waste of budget. I agree.
McAfee Rolls Out Centralized Security Solution For Macs
Security vendor McAfee has announced McAfee Endpoint Protection for Mac, a unified suite of security features that can be managed from a central console. The product is intended to address the security needs of the growing number of Macintoshes in businesses.
Patch Tuesday Is Microsoft's Biggest Ever
Thirteen security bulletins address 34 vulnerabilities -- 22 of them critical
Apple Acknowledges Snow Leopard Bug
The flaw, which may delete personal data, is related to a change in the way the operating system handles guest accounts.
In Support of Poor Ol' Windows Vista
We just released the October issue of the CSI Alert to CSI members, and this month we focus on Windows 7. This issue is, in some ways, a follow-up to last year's issue, "The Fate of the Secure OS," in which I said some nice things about Windows Vista, and advised it would be imprudent to completely ignore Windows Vista -- eyes-closed, fingers-in-ears, chanting I'm-not-listening-I'm-not-listening.
Adobe Issues Patches For Critical PDF Flaws
Vulnerabilities in Adobe Reader, Acrobat are already being exploited in the wild
Microsoft Releases Mammoth Security Patch
The company's 13 security bulletins set a record and bring Windows 7 its first official fixes.
Google Helps Webmasters Spot Malware
In an effort to help owners of compromised Web sites find and remove hidden malware, Google is now offering a malware identification tool to Webmasters who have registered their sites with the company.
Software Piracy Increasingly Leading To Malware Infection, Study Says
More than 40 percent of software on PCs is pirated, Business Software Alliance reports
Google Patches Android DoS Flaws
The patch fixes flaws that would enable malformed SMS messages or mobile applications to crash Android 1.5 handsets.
Enterprises Continue To Struggle With Vulnerability Management
New Dark Reading report offers a look at how to find -- and fix -- security flaws in enterprise infrastructure
Cyberwar Readiness Recast As Low Priority
Preparedness for cyberwar should have a place in U.S. defense planning, but resources are better spent on bolstering potentially vulnerable infrastructure, according to think tank RAND.
Dark Reading Launches Vulnerability Management Tech Center
Today Dark Reading launches a new feature: the Vulnerability Management Tech Center, a subsite of Dark Reading devoted to bringing you news, product information, opinion, and analysis of the technologies and practices used to identify and eradicate security vulnerabilities from enterprise IT environments.
Phishing Your Users for Better Security
A couple of years ago, William Perlgrin taught users about phishing...by phishing them. In doing so, the director of the New York State Office of Cyber Security and Critical Infrastructure Coordination, created an awareness program that (for the most part) worked.
Google Patches Google Pack Vulnerability
Google Pack, the company's collection of free Google and third-party applications, had a vulnerable component that Google has just fixed.
Six Steps Toward Better Database Security Compliance
Discovery, assessment, and monitoring play key roles in compliance efforts, experts say
Congressmen Inquire About JPMorgan Chase Breach
Lawmakers say they want to know about personal data contained in missing computer tape
Patch Alert! Microsoft Releasing Largest Patch Array Ever
Use BOLD when you mark next Tuesday on your patch calendar-- that's when Microsoft is releasing the biggest patch array ever: 13 patches addressing close to 3 dozen vulnerabilities.
Microsoft Security Fix Breaks Record Set In June
Next week's "Patch Tuesday" will keep IT administrators busy. Fixes include two zero-day vulnerabilities, at least one of which is actively being exploited.
|
Improving Enterprise Cybersecurity With XDREnterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
