News & Commentary
Content posted in October 2010
|
State Sues WellPoint Over Data Breach Notification
The state of Indiana's attorney general is suing insurer WellPoint Inc. for $300,000 for not notifying customers in a timely enough manner that their data was at risk.
Java Worm Targets Mac OS X
A just uncovered Trojan horse is employing an old social engineering ploy on social networks to lure Mac users.
Facebook Launches Friendship Pages, Raises Privacy Concerns
The new feature can show the relationship between two Facebook friends through the public information they've shared between each other through Wall posts, photos and more.
Slideshow: The 10 Most Common Database Vulnerabilities
AppSec's Team SHATTER shares the top 10 database vulnerabilities it sees most commonly plaguing organizations over and over again
Firesheep Exposes Need For Encryption
Using Facebook, Twitter, Yelp, Flickr, or other Web services on an open WiFi network could lead to lead to account hijacking.
MeeGo 1.1 Released To Developers
Linux-based mobile OS allows software creation on Intel Atom and ARMv7 architectures.
Bredolab Botnet Still Spewing Malware
Days after Dutch authorities disabled 143 command and control servers, security researchers are seeing new signs of life.
New DDoS Trojan Attacks Sites That Criticize Vietnamese Communist Party
Politically motivated attacks are becoming more sophisticated, researcher says
Adobe Acknowledges Active Flash Exploit
Zero-day bug, which won't be patched for two weeks, is being delivered in a malicious PDF targeted toward job seekers.
Tech Insight: The Five Stages Of Vulnerability Management
Like grief, vulnerability management can be a heart-wrenching and complex challenge. Here's a road map that will help you get from denial to acceptance
Identity Theft Council Aims To Bring 'Neighborhood Watch' Concept To Cybersecurity
Regional initiatives designed to attack security awareness problem at the grass roots
Small Vendors Driving Innovation In Security, Venture Capitalists Say
Major vendors dominate industry revenue, but startups and emerging vendors are the ones behind real change, panelists say
Microsoft Profits Soar 51%
Sales of Microsoft Office were up 15% year over year and the software maker's business division, which includes the server and database units, saw 11% growth.
Things To Look Out For In New PCI Version 2.0
Payment card security standard hasn't changed much, but there are a few issues to prepare for
The Futility Of A Single Storage Platform
Every storage supplier wants to be your only vendor. It sounds like a good idea. It would simplify storage management, simplify purchasing and make it easier to train new IT staff and protect you if the current staff has some turnover. While meeting with users at SNW Europe, I was reminded just how futile of a goal this really is.
Easy-To-Find Brute-Force Tools
Tools are available to create word lists that can be used for brute-force attacks to nab passwords.
Social Networks' Threat To Security
Weak passwords and insecure personal information could put your company's data at risk.
Banks Weak Against Credit Card Skimming Attacks
Gartner warns that anti-skimming standards and technologies aren't keeping up with recent spate of attacks, which can quickly net individual gangs $500,000 a month.
Microsoft Windows Still Vulnerable To DLL Hijacking
Even patched applications aren't safe from bug, says ACROS security researcher.
President Should Have 'Kill Switch' For Internet, Most Americans Say
Worries of Internet security rank below financial, personal, and national security among people worldwide surveyed by Unisys
CIA Invests In Cloud, Web Analytics Startups
In-Q-Tel, a Central Intelligence Agency-based non-profit, will work with Cleversafe and Silver Tail Systems to adapt the companies' technologies for intelligence work.
AT&T Partners With Mobile Payment Providers
Deals with BilltoMobile, Boku, and Zong give the carrier's wireless subscribers the ability to buy online goods and services from their cell phones.
Talk About Evasion
Security research, like fashion, sometimes gets recycled, restyled, and even rebranded. Take network security evasion and sidejacking attacks, both of which have recently re-emerged with researchers taking new spins on these known threats.
Cloud Creates SIEM Blind Spot
Current SIEM and log management approaches for network and security devices are 'moot' in the cloud
Java Trojan Bungles Mac Attack
Mac malware might be worrisome if it were coded better.
Vietnam Is Riskiest Country Domain, Study Says
Bad guys say good morning, Vietnam, good night, Singapore
Talk About Evasion
What's new is old and what's old is still news
DHS Urged To Bolster Cyber Infrastructure Security
Homeland Security must work more with power and telecom network owners to ensure they could survive a disaster, GAO reports.
FTC Ends Google Street View Investigation
The steps Google has taken to improve its internal controls are enough for the FTC.
Americans Maximize Social Network Security
The U.S. leads the world in restricting the personal information that people can access on their Facebook, Twitter, and other pages, reports Unisys study.
Iranian Cyber Army Joins Botnet Business
Up to 20 million machines may be infected by malware network, which may be backed by Iranian authorities, finds Seculert.
Bredolab Botnet Busted
The Dutch High Tech Crime Team has seized 143 servers used to infect an estimated 30 million computers and arrested the alleged mastermind behind the botnet.
Virgin America Goes Google
The airline is dropping Microsoft Exchange and moving to Google Apps for e-mail.
Emerging Qakbot Exploit Is Ruffling Some Feathers
Fast-spreading attack spreads like a worm, stings like a Trojan, RSA researchers say
Retailers Biggest Victims Of Targeted Attacks
New Symantec data shows one-fourth of all focused attacks hitting retail organizations this month
Java Keeps Security Managers Up At Night
Attacks aimed at exploiting vulnerabilities in the Java platform have skyrocketed. Is your enterprise prepared?
Yet Another Botnet Dismantled, Alleged Botmaster Arrested
Dutch authorities take unusual tack in directly contacting machines infected by 'Bredolab' botnet
Microsoft Launches Office 2011 For Mac
Productivity suite for Mac includes Outlook for first time, in addition to collaboration and social networking tools.
Google 'Mortified' Over WiFi Data Gathering
New procedures have been implemented to prevent similar incidents from occurring.
Why Windows Phone 7 Could Be Most Secure Smartphone At Launch
One of the interesting things I learned from spending a few days with McAfee recently was that the iPhone is actually one of the most secure smartphones.
Microsoft Windows 8 To Arrive In 2012
The next version of the operating system is reported to be coming in the second half of 2012.
New Firefox Plug-In Offers WiFi Cookie-Jacking For 'Average Joe'
'Firesheep' tool executes point-and-click sidejacking attacks
Wi-Fi Direct Products Connect Without A Network
Atheros, Broadcom, Intel, Ralink and Realtek form first test suite for certification program.
Personal Data Of 280,000 At Risk Following Healthcare Breach
Portable drive containing data on nearly 300,000 Medicaid patients in Pennsylvania is missing
More Patient Data Dumps
Yet another case where patient medical records are left in a dumpster and out in plain sight.
Workers Abusing Social Sites On Corporate Networks
Employees' use of Facebook, Gmail, Hotmail and BitTorrent is posing security risks, according to study by Palo Alto Networks.
What Business Data Should Be In The Cloud?
In our last entry we discussed different ways that you can move data into the cloud, something I call onramps. In theory the ability now exists to put all your data types on a cloud storage platform, but is that the right choice for your business? How do you determine which data you should put in the cloud?
White House Unveils Internet Privacy Committee
Technology council subcommittee will work with federal agencies and lawmakers to balance consumer protection with economic opportunity.
MySpace Sharing User Info With Advertisers
Days after Facebook disclosure, the second largest social media site is found committing the same privacy breach.
Americans Ignoring Social Media Privacy Risks
Users are worried about the dangers of disclosing personal information on Facebook and other sites, but they do it anyway, finds Lawyers.com study.
|
White Papers
Video
1 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Could you pass the hash, I really have to use the bathroom!
Latest Comment: Could you pass the hash, I really have to use the bathroom!
Current Issue
Building and Managing an IT Security Operations ProgramAs cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
How Enterprises Are Developing Secure Applications
IT security and application development are disparate processes that are increasingly coming together. Here's a look at how that's happening.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2019-6513
PUBLISHED: 2019-05-21
PUBLISHED: 2019-05-21
PUBLISHED: 2019-05-21
PUBLISHED: 2019-05-21
PUBLISHED: 2019-05-21
From DHS/US-CERT's National Vulnerability Database CVE-2019-6513
PUBLISHED: 2019-05-21
An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one.
CVE-2019-12270PUBLISHED: 2019-05-21
OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configure excessive permissions by default on Windows. During installation, a displaylistcache file share is created on the Windows server with full read and write permissions for the Everyone group at both the NTFS and Share levels. The ...
CVE-2019-12269PUBLISHED: 2019-05-21
Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different unauthenticated text.
CVE-2019-12189PUBLISHED: 2019-05-21
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.
CVE-2019-12190PUBLISHED: 2019-05-21
XSS was discovered in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.747 via the testacc/fileManager2.php fm_current_dir or filename parameter.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2019 UBM, All rights reserved
Tweet This