Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in October 2009
<<   <   Page 3 / 3
October's Scary Patch Tuesday
Commentary  |  10/9/2009  | 
Next Tuesday Microsoft plans to release 13 separate security bulletins that will cover more than 30 individual patches. More than half of the bulletins are ranked as "critical."
Understanding Storage Bandwidth Performance
Commentary  |  10/9/2009  | 
Storage bandwidth is the connectivity between servers and the storage they are attached to. When it comes to understanding storage bandwidth performance you have two challenges to deal with. The first and most obvious is can the storage get the data to the application or user fast enough? The second and less obvious is can the applications and hardware those applications run on take advantage of that bandwidth?
The Future Of Digital Forensics
Commentary  |  10/9/2009  | 
Last week's 10th annual IT Security Awareness Day at the University of Florida had IT workers from all over the state in attendance to hear experts from InGuardians, F-Response, Sunbelt Software, and Microsoft. Though I enjoyed every presentation, I keep thinking about one in particular -- the future of forensics, by F-Response's Matt Shannon.
You Can't Always Be Proactive
Commentary  |  10/8/2009  | 
Having your car serviced regularly, stretching before working out, and visiting the dentist twice a year are known to prevent engine failure, physical injury, and potentially life-threatening gingivitis. In addition, being proactive also extends to the world of information security.
Botnets Behind Most Modern Malware Infections
News  |  10/8/2009  | 
Command-and-control conduit in most malware makes infected machines bots
'Operation Phish Phry' Nets 100 Suspects In Major Bank-Fraud Ring
Quick Hits  |  10/8/2009  | 
Bust represents largest number of defendants ever charged in a U.S. cybercrime case, FBI says
Dark Reading Tech Center: Database Security
News  |  10/8/2009  | 
Hackers may covet your data, but insiders are the most common source of database leaks, a new report says.
Avoiding Database Audit Pitfalls
Commentary  |  10/8/2009  | 
Many seasoned database administrators howl in protest at the mere suggestion of running native auditing functions due to the poor performance and log management headaches that often come with auditing.
100 Phishers Charged In Largest Cybercrime Case
News  |  10/7/2009  | 
A two-year international phishing investigation involving the FBI and authorities in Egypt has led to charges against 53 people in the U.S. and 47 overseas.
Enterprises Confident In Defenses Against External Attacks, Study Says
Quick Hits  |  10/7/2009  | 
Eighty-five percent of IT security decision makers believe data loss through hacking is 'very unlikely'; internal leaks are primary concern
Google Offers Advice On Strong Passwords
News  |  10/7/2009  | 
Passwords remain the primary means of online authentication, despite their shortcomings. That's why Google wants to make sure users' passwords won't be easily defeated.
Understanding Storage Performance
Commentary  |  10/7/2009  | 
For most storage managers improving storage performance is an endless loop of upgrades that are taken until the problem goes away. Understanding where to look and how to configure the environment is often a series of "best guesses" instead of a thorough understanding of it. In today's economy best guesses are not allowed. Making the right move, the first time, is critical.
SSL Still Mostly Misunderstood
News  |  10/7/2009  | 
Even many IT professionals don't understand what Secure Sockets Layer does and doesn't do, leaving them vulnerable, new survey shows
Hotmail Phishers Pull In Poor Passwords By The Thousands
Commentary  |  10/7/2009  | 
Tens of thousands of email accounts from Hotmail, Gmail, Earthlink, Yahoo and Comcast compromised by phishing scams had those those details posted briefly online for all to see. One thing that was seen was how many of those accounts had lousy passwords.
Amazon Web Services DDoS Attack And The Cloud
Commentary  |  10/7/2009  | 
A suspected denial-of-service attack aimed at Amazon Web Services (AWS) this past weekend shut down a code hosting service for nearly 24 hours. I don't see this as a security issue specific to cloud computing, rather just another disruption to availability like all of the others.
CBS Interactive Sued For Distributing China's Green Dam Filter
News  |  10/6/2009  | 
Internet filter maker Solid Oak Software has filed a lawsuit against CBS Interactive's ZDNet China for distributing China's Green Dam filtering software, which allegedly includes the company's code.
Tens Of Thousands Of Email Usernames And Passwords Posted Online By Phishers
News  |  10/6/2009  | 
Hotmail, Gmail, Yahoo, and other email users' accounts exposed
Heartland, After The Hacking
News  |  10/6/2009  | 
The data breach at Heartland Payment Systems was a disaster for the company. But after picking up the pieces, the company is looking ahead to a more secure future.
Microsoft Blocks Hacked Hotmail Accounts
News  |  10/6/2009  | 
Phishing scam may also have breached e-mail services offered by Google and Yahoo.
U.S. Government Set To Clamp Down on P2P Networks
Commentary  |  10/6/2009  | 
You've probably heard the horror stories around private and confidential files being exposed via peer-to-peer network sharing. Federal lawmakers are now stepping up their efforts to keep sensitive data from inadvertently leaking to the public.
RSA: Cybergang Hid Money Trail Behind 'Fake' Mules
Quick Hits  |  10/6/2009  | 
URLZone Trojan attackers made sure their real money mules remained anonymous
Database Auditing Essentials
Commentary  |  10/5/2009  | 
Auditing database activity is a core component to any data security program. Databases capture data access and alterations during transaction processing, along with modifications to the database system. These actions are captured and written into an audit log that is managed by the database internally. The audit log is the most accurate source of events because it's the database that acts as the arbiter to ensure transactional consistency and data integrity.
Bankers Gone Bad: Financial Crisis Making The Threat Worse
News  |  10/5/2009  | 
Seventy percent of financial institutions in the past 12 months have had cases of insider fraud, new survey says
Breach At Pharmaceutical Benefits Company May Have Affected 700,000
Quick Hits  |  10/5/2009  | 
FBI investigation of 2008 incident leads Express Scripts to notify hundreds of thousands about potential breach
Squashing Malware With Snort In-Line
Commentary  |  10/5/2009  | 
Snort is a powerful open source intrusion detection system (IDS). What surprises me is how many security people have never touched it to learn more about how IDS works -- or how easy it is to evade many IDS signatures that are designed to look for known bad traffic.
Federal Taskforce To Focus On Cybersecurity Metrics
News  |  10/5/2009  | 
Cross-agency taskforce will emphasize cybersecurity outcomes over compliance, says federal CIO Kundra
Selecting A Storage Protocol For Virtualized Servers
Commentary  |  10/5/2009  | 
In our last entry we discussed selecting the right storage foundation and I advised that you may want to initially ignore what protocol to use. That said, part of building a storage foundation for server virtualization is selecting the protocol.
U.S. Government Suffers 'Largest Release Of Personally Identifiable Information Ever'
Quick Hits  |  10/2/2009  | 
Records of more than 70 million military personnel may be at risk after loss of unerased hard drive, report says
Tech Insight: Beating Bots And Scareware On A Budget
News  |  10/2/2009  | 
Free tools, like the Squid Web caching proxy, can add extra layers of protection for your users
Beware Hijacked Social Networking Accounts, FBI Warns
News  |  10/2/2009  | 
Social networking sites are becoming a more popular attack vector for cybercriminals because people trust those they believe to be friends.
Selecting A Storage Foundation for Virtualized Servers
Commentary  |  10/2/2009  | 
The storage component of a virtualized server infrastructure has been labeled as complex. The storage and server virtualization suppliers have both tried to deliver solutions that reduce storage complexity in server virtualization projects. The challenge for virtual infrastructure administrators is that there are so many options that it can be confusing. There are several steps to take when selecting a storage foundation for virtualized servers and our next series of entries will cover these ste
A Weapon Against SQL Injection
Commentary  |  10/2/2009  | 
The single most common database security inquiry I get is, "What's this whole stored procedure parameter thing, and how does it help with SQL injection?"
Top Database Threat? Legit Users And Sloppy Company Policies!
Commentary  |  10/1/2009  | 
A new Dark Reading report makes clear what's been strongly suspected for some time: Authorized users are business databases' biggest vulnerabilities. Actually, as the report makes clear, the biggest vulnerability is the array of shoddy and hole-filled data policies many companies put in place to protect" data.
Databases' Most Serious Vulnerability: Authorized Users
News  |  10/1/2009  | 
New Dark Reading report outlines threats posed to databases by end users -- and how to protect your data
Mozilla Tests More Secure Firefox
News  |  10/1/2009  | 
Versions of Firefox with enhanced cross-site scripting protection have been released for testing.
Help Wanted: Homeland Security Seeks Cybersecurity Pros
News  |  10/1/2009  | 
Hiring has become a top priority for the Department of Homeland Security's cybersecurity arm, a key player in the U.S. government's push to bolster online defenses.
Factoring Malware Into Your Web Application Design
News  |  10/1/2009  | 
Web developers need to consider the complexity of their Web apps' design, as well as beefing up application monitoring and anti-fraud tools on the back end
Microsoft's New MSE Scores High In Rootkit Detection
Quick Hits  |  10/1/2009  | 
Early test of Microsoft's free AV software shows promising results
Dark Reading's Database Security Tech Center Refresh
Commentary  |  10/1/2009  | 
The Dark Reading Database Security Tech Center is expanding. The subsite, devoted to bringing you news, product information, opinion, and analysis all focused on the very timely topic of database security, has been well-received by our readers since its launch in June, so we're adding two new elements to provide even more depth of coverage: a new blogger dedicated to database security, and new monthly feature articles that drill down on the latest database security threats and issues.
<<   <   Page 3 / 3


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-32411
PUBLISHED: 2022-07-01
An issue in the languages config file of HongCMS v3.0 allows attackers to getshell.
CVE-2022-32412
PUBLISHED: 2022-07-01
An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell.
CVE-2022-34903
PUBLISHED: 2022-07-01
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
CVE-2022-32324
PUBLISHED: 2022-07-01
PDFAlto v0.4 was discovered to contain a heap buffer overflow via the component /pdfalto/src/pdfalto.cc.
CVE-2022-32325
PUBLISHED: 2022-07-01
JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c.