News & Commentary
Content posted in October 2010
|
State Sues WellPoint Over Data Breach Notification
The state of Indiana's attorney general is suing insurer WellPoint Inc. for $300,000 for not notifying customers in a timely enough manner that their data was at risk.
Java Worm Targets Mac OS X
A just uncovered Trojan horse is employing an old social engineering ploy on social networks to lure Mac users.
Facebook Launches Friendship Pages, Raises Privacy Concerns
The new feature can show the relationship between two Facebook friends through the public information they've shared between each other through Wall posts, photos and more.
Slideshow: The 10 Most Common Database Vulnerabilities
AppSec's Team SHATTER shares the top 10 database vulnerabilities it sees most commonly plaguing organizations over and over again
Firesheep Exposes Need For Encryption
Using Facebook, Twitter, Yelp, Flickr, or other Web services on an open WiFi network could lead to lead to account hijacking.
MeeGo 1.1 Released To Developers
Linux-based mobile OS allows software creation on Intel Atom and ARMv7 architectures.
Bredolab Botnet Still Spewing Malware
Days after Dutch authorities disabled 143 command and control servers, security researchers are seeing new signs of life.
New DDoS Trojan Attacks Sites That Criticize Vietnamese Communist Party
Politically motivated attacks are becoming more sophisticated, researcher says
Adobe Acknowledges Active Flash Exploit
Zero-day bug, which won't be patched for two weeks, is being delivered in a malicious PDF targeted toward job seekers.
Tech Insight: The Five Stages Of Vulnerability Management
Like grief, vulnerability management can be a heart-wrenching and complex challenge. Here's a road map that will help you get from denial to acceptance
Identity Theft Council Aims To Bring 'Neighborhood Watch' Concept To Cybersecurity
Regional initiatives designed to attack security awareness problem at the grass roots
Small Vendors Driving Innovation In Security, Venture Capitalists Say
Major vendors dominate industry revenue, but startups and emerging vendors are the ones behind real change, panelists say
Microsoft Profits Soar 51%
Sales of Microsoft Office were up 15% year over year and the software maker's business division, which includes the server and database units, saw 11% growth.
Things To Look Out For In New PCI Version 2.0
Payment card security standard hasn't changed much, but there are a few issues to prepare for
The Futility Of A Single Storage Platform
Every storage supplier wants to be your only vendor. It sounds like a good idea. It would simplify storage management, simplify purchasing and make it easier to train new IT staff and protect you if the current staff has some turnover. While meeting with users at SNW Europe, I was reminded just how futile of a goal this really is.
Easy-To-Find Brute-Force Tools
Tools are available to create word lists that can be used for brute-force attacks to nab passwords.
Social Networks' Threat To Security
Weak passwords and insecure personal information could put your company's data at risk.
Banks Weak Against Credit Card Skimming Attacks
Gartner warns that anti-skimming standards and technologies aren't keeping up with recent spate of attacks, which can quickly net individual gangs $500,000 a month.
Microsoft Windows Still Vulnerable To DLL Hijacking
Even patched applications aren't safe from bug, says ACROS security researcher.
President Should Have 'Kill Switch' For Internet, Most Americans Say
Worries of Internet security rank below financial, personal, and national security among people worldwide surveyed by Unisys
CIA Invests In Cloud, Web Analytics Startups
In-Q-Tel, a Central Intelligence Agency-based non-profit, will work with Cleversafe and Silver Tail Systems to adapt the companies' technologies for intelligence work.
AT&T Partners With Mobile Payment Providers
Deals with BilltoMobile, Boku, and Zong give the carrier's wireless subscribers the ability to buy online goods and services from their cell phones.
Talk About Evasion
Security research, like fashion, sometimes gets recycled, restyled, and even rebranded. Take network security evasion and sidejacking attacks, both of which have recently re-emerged with researchers taking new spins on these known threats.
Cloud Creates SIEM Blind Spot
Current SIEM and log management approaches for network and security devices are 'moot' in the cloud
Java Trojan Bungles Mac Attack
Mac malware might be worrisome if it were coded better.
Vietnam Is Riskiest Country Domain, Study Says
Bad guys say good morning, Vietnam, good night, Singapore
Talk About Evasion
What's new is old and what's old is still news
DHS Urged To Bolster Cyber Infrastructure Security
Homeland Security must work more with power and telecom network owners to ensure they could survive a disaster, GAO reports.
FTC Ends Google Street View Investigation
The steps Google has taken to improve its internal controls are enough for the FTC.
Americans Maximize Social Network Security
The U.S. leads the world in restricting the personal information that people can access on their Facebook, Twitter, and other pages, reports Unisys study.
Iranian Cyber Army Joins Botnet Business
Up to 20 million machines may be infected by malware network, which may be backed by Iranian authorities, finds Seculert.
Bredolab Botnet Busted
The Dutch High Tech Crime Team has seized 143 servers used to infect an estimated 30 million computers and arrested the alleged mastermind behind the botnet.
Virgin America Goes Google
The airline is dropping Microsoft Exchange and moving to Google Apps for e-mail.
Emerging Qakbot Exploit Is Ruffling Some Feathers
Fast-spreading attack spreads like a worm, stings like a Trojan, RSA researchers say
Retailers Biggest Victims Of Targeted Attacks
New Symantec data shows one-fourth of all focused attacks hitting retail organizations this month
Java Keeps Security Managers Up At Night
Attacks aimed at exploiting vulnerabilities in the Java platform have skyrocketed. Is your enterprise prepared?
Yet Another Botnet Dismantled, Alleged Botmaster Arrested
Dutch authorities take unusual tack in directly contacting machines infected by 'Bredolab' botnet
Microsoft Launches Office 2011 For Mac
Productivity suite for Mac includes Outlook for first time, in addition to collaboration and social networking tools.
Google 'Mortified' Over WiFi Data Gathering
New procedures have been implemented to prevent similar incidents from occurring.
Why Windows Phone 7 Could Be Most Secure Smartphone At Launch
One of the interesting things I learned from spending a few days with McAfee recently was that the iPhone is actually one of the most secure smartphones.
Microsoft Windows 8 To Arrive In 2012
The next version of the operating system is reported to be coming in the second half of 2012.
New Firefox Plug-In Offers WiFi Cookie-Jacking For 'Average Joe'
'Firesheep' tool executes point-and-click sidejacking attacks
Wi-Fi Direct Products Connect Without A Network
Atheros, Broadcom, Intel, Ralink and Realtek form first test suite for certification program.
Personal Data Of 280,000 At Risk Following Healthcare Breach
Portable drive containing data on nearly 300,000 Medicaid patients in Pennsylvania is missing
More Patient Data Dumps
Yet another case where patient medical records are left in a dumpster and out in plain sight.
Workers Abusing Social Sites On Corporate Networks
Employees' use of Facebook, Gmail, Hotmail and BitTorrent is posing security risks, according to study by Palo Alto Networks.
What Business Data Should Be In The Cloud?
In our last entry we discussed different ways that you can move data into the cloud, something I call onramps. In theory the ability now exists to put all your data types on a cloud storage platform, but is that the right choice for your business? How do you determine which data you should put in the cloud?
White House Unveils Internet Privacy Committee
Technology council subcommittee will work with federal agencies and lawmakers to balance consumer protection with economic opportunity.
MySpace Sharing User Info With Advertisers
Days after Facebook disclosure, the second largest social media site is found committing the same privacy breach.
Americans Ignoring Social Media Privacy Risks
Users are worried about the dangers of disclosing personal information on Facebook and other sites, but they do it anyway, finds Lawyers.com study.
|
White Papers
Video
10 Comments
Current Issue
5 Emerging Cyber Threats to Watch for in 2019Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2019-8980
PUBLISHED: 2019-02-21
PUBLISHED: 2019-02-21
PUBLISHED: 2019-02-21
PUBLISHED: 2019-02-21
PUBLISHED: 2019-02-21
From DHS/US-CERT's National Vulnerability Database CVE-2019-8980
PUBLISHED: 2019-02-21
A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.
CVE-2019-8979PUBLISHED: 2019-02-21
Koseven through 3.3.9, and Kohana through 3.3.6, has SQL Injection when the order_by() parameter can be controlled.
CVE-2013-7469PUBLISHED: 2019-02-21
Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
CVE-2018-20146PUBLISHED: 2019-02-21
An issue was discovered in Liquidware ProfileUnity before 6.8.0 with Liquidware FlexApp before 6.8.0. A local user could obtain administrator rights, as demonstrated by use of PowerShell.
CVE-2019-5727PUBLISHED: 2019-02-21
Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, 6.3.x before 6.3.12, 6.2.x before 6.2.14, 6.1.x before 6.1.14, and 6.0.x before 6.0.15 and Splunk Light before 6.6.0 has Persistent XSS, aka SPL-138827.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2019 UBM, All rights reserved
Tweet This