News & Commentary

Content posted in November 2009
Page 1 / 4   >   >>
Global CIO: Fear Of Facebook For The Enterprise
Commentary  |  11/30/2009  | 
Enterprise social networking, at its worst, looks like another way to get buried in data.
The Futility Of Security By Obscurity
Commentary  |  11/30/2009  | 
Last week saw the launch of Shodan, a search engine for machines (servers, routers, etc.) connected to the Internet.
Free Tool Paints Picture Of Stealthy Attacks
News  |  11/30/2009  | 
Honeynet Project's 'Picviz' gets a graphical user interface
July Theft Of Navy Laptops Serves As Important Reminder
News  |  11/30/2009  | 
Bottom line: External storage drives shouldn't be overlooked as a security risk
IBM Buys Database Security Company
News  |  11/30/2009  | 
By purchasing Guardium, IBM is strengthening its ability to sell to healthcare and financial companies.
Security Gets Top Billing On Cyber Monday
Quick Hits  |  11/30/2009  | 
FBI, others offer tips to protect shoppers during online shopping season
Product Watch: IBM Buys Database Security Firm Guardium
News  |  11/30/2009  | 
Big Blue plans to integrate Guardium's database activity monitoring technology into its information management software products
AppGate Introduces AppGate Mobile Filter Version 1.1
News  |  11/30/2009  | 
AppGate Mobile Filter version 1.1 allows administrators to fully control browsing from mobile units
Security Lessons From Couple's White House Hijinks
Commentary  |  11/30/2009  | 
Even the most stringent security procedures have failures. That fact was evident when the U.S. Secret Service learned a Virginia couple slipped into last week's state dinner at the White House.
'Black Screen of Death' Linked To Microsoft Patch
News  |  11/30/2009  | 
A recent Microsoft security fix has been fingered as one of several possible causes of black screen Windows crashes.
Heap Spraying: Attackers' Latest Weapon Of Choice
News  |  11/30/2009  | 
Difficult to detect reliably, heap spraying was behind an exploit of IE and Adobe Reader
Famous Password Auditing Tool, L0phtCrack Is Back
Commentary  |  11/30/2009  | 
After a couple of years of rest, L0phtCrack, one of the most famous password auditing and recovery tools is back.
Navy Finds Lessons In Stolen Laptops, Storage Drives
News  |  11/30/2009  | 
The theft of computer equipment from a Naval office turned out to be less serious than feared, but served as a reminder on the importance of securing external hard drives and encrypting data.
Cloud Storage Now
Commentary  |  11/30/2009  | 
Cloud storage is constantly being discussed in the IT media today. When you get right down to it, what can businesses really use cloud storage for now? The small office, individual user has embraced cloud storage for backups and for collaboration, but what can larger businesses use these services for?
Global CIO: Oracle, Larry Ellison, The EU, And MySQL
Commentary  |  11/30/2009  | 
Would you be shocked--shocked!--to learn that the EU's battle against Oracle is all about politics, power, and preserving jobs?
Microsoft Provides Insight Into Password Attacks
Commentary  |  11/29/2009  | 
For about a year now, Microsoft has been trying to gather data on real-world attacks, the types of attacks normal users might encounter in their day to day Internet use - and the software maker just released some interesting data on password attacks.
Secure Software Needs Careful Testing--And Lots Of It
News  |  11/25/2009  | 
Security must be woven throughout the software development process. Testing tools are helping make that happen.
Kudos To F-Response's New IR Tool For Ease Of Use
Commentary  |  11/25/2009  | 
F-Response TACTICAL will be released on Thanksgiving Day, with the promise of a plug-and-play ease to help cyber investigators quickly get the evidence they need from live systems.
New Exploit Masquerades As Flash Player Upgrade
News  |  11/25/2009  | 
Phishing campaign has hit more than 3.5 million mailboxes, researchers say
Spammer Gets Four Years In Slammer
News  |  11/25/2009  | 
'Godfather of Spam' Alan Ralsky and three associates sentenced for stock fraud spam scheme
Security Is Chief Obstacle To Cloud Computing Adoption, Study Says
Quick Hits  |  11/25/2009  | 
Half of organizations say they have no plans to use cloud technology; many cite security concerns
NIST Director Sees Key Role In Emerging Technologies
News  |  11/25/2009  | 
Newly confirmed director Patrick Gallagher outlines the agency's efforts in healthcare IT, smart grid, and cybersecurity.
Cyber Monday Security Risks Are All Business
Commentary  |  11/25/2009  | 
Why Cyber Monday for the online shopping surge? Because for many, Monday's the first working day after Thanksgiving. Which means they can do their online shopping on business time, on the business dime, using business machines over business connections. You may not be able -- or want -- to do anything about the productivity drop, but at least you can tell your people to shop safely.
Stay On Top of Source Code Security Flaws
News  |  11/25/2009  | 
Fortify's 360 Server helps developers track flaws and fixes in applications.
Exploit Code Targets Internet Explorer Zero-Day
Commentary  |  11/24/2009  | 
There's exploit code circulating that can be used to target certain versions of Internet Explorer, Microsoft says it's working on a fix.
'Godfather Of Spam' Gets Four Years In Prison
News  |  11/24/2009  | 
Prosecutors hope the prison sentence sends a message to spammers.
CSI Annual Report: Financial Fraud, Malware On The Increase
News  |  11/24/2009  | 
Security pros generally happy with products; not so much with awareness programs
Microsoft Issues Internet Explorer Security Advisory
News  |  11/24/2009  | 
Users of Internet Explorer 6 and 7 may be vulnerable to a malware attack.
NIST Urges Feds To Continuously Monitor Cybersecurity Efforts
News  |  11/24/2009  | 
New document puts more onus on applying risk management throughout the life cycle of IT systems
Report: China's After U.S. Secrets, Technology
News  |  11/24/2009  | 
U.S.-China Economic and Security Review Commission notes a 'marked increase in cyber intrusions originating in China and targeting U.S. government and defense-related computer system'
Microsoft Warns Of Zero-Day Flaw In Older Versions Of IE
Quick Hits  |  11/24/2009  | 
Pointer reference flaw could enable attackers to run their own code on IE machines, software giant says
Employees Stealing Data At Frightening Rate
Commentary  |  11/24/2009  | 
Two new studies indicate that workers are not only able to steal confidential data from employers, they're ready and willing to do so -- at rates that are troubling, if not downright frightening.
The Future Of Storage As A Virtual Machine
Commentary  |  11/24/2009  | 
In our last few entries we looked at what can be done today with storage software running as virtual machines. In this entry we will consider what the future holds for storage as a virtual machine. Storage as a virtual machine may be the only way you apply data services in the future.
Employees Willing To Steal Data; Companies On The Alert
News  |  11/23/2009  | 
Separate studies offer a scary glimpse into the minds of employees, management
Many Enterprises Still Struggling With Remote Security, Cisco Study Finds
Quick Hits  |  11/23/2009  | 
Businesses still not prepared for mobile devices, operational disruptions, report says
New Tool For Centralizing Windows Logs
Commentary  |  11/23/2009  | 
Microsoft has always overlooked centralized logging in Windows. To date, the most effective way to centralize Windows Event Logs has been through event log to syslog tools and custom agents for the various SIEM solutions. But now there's a new kid on the block with a full-featured agent that goes beyond what's previously been offered for free.
Product Watch: Database Acquisition Could Help Check Point Handle Social Network Attacks
Quick Hits  |  11/23/2009  | 
Additional data will help Check Point provide security in Web 2.0 environs, officials say
Jailbroken iPhones Vulnerable To 'Duh' Worm
News  |  11/23/2009  | 
Cybersecurity companies are warning that new malware can turn modified iPhones and iPods into zombies.
Encryption Making Little Headway Among IT Pros: Survey
News  |  11/23/2009  | 
Only 14% of respondents to InformationWeek Analytics' State of Encryption Survey say encryption is pervasive in their organizations
NIST Drafts Cybersecurity Guidance
News  |  11/23/2009  | 
The National Institute for Standards and Technology is urging the government to continuously monitor its own cybersecurity efforts.
New Facebook Worm Warning: Wanna See Something Hot?
Commentary  |  11/22/2009  | 
A new Facebook worm is making the rounds today, with a brilliant landing page that has already caused many infections.
Cisco Rolls Out iPhone Security App
News  |  11/20/2009  | 
The SIO To Go app sends realtime alerts to users' iPhones, notifying of attacks and potential threats to corporate networks.
Microsoft: 'TaterF' Worm Top Malware Threat So Far This Month
News  |  11/20/2009  | 
Software giant reveals November stats from Malicious Software Removal Tool
Former Database Administrator Convicted Of Hacking His Old Firm
News  |  11/20/2009  | 
Ex-employee attacked his old database months after being terminated
Chrome OS Security: Initial Impressions
Commentary  |  11/20/2009  | 
There is much developers can do to build a secure operating system when limits are set on what devices are supported, and there's no regard for compatibility with all types of software applications. I'm sure it's a luxury some software designers in Redmond and Cupertino certainly envy. But that's the clean shot Google has with its new Chrome OS.
Three Indicted For Comcast Site Hack
Quick Hits  |  11/20/2009  | 
'Kryogeniks' gang redirected traffic to its own Web page in 2008
China Cyber Espionage Threatens U.S., Report Says
News  |  11/20/2009  | 
A Congressional advisory report warns that cyber attacks against defense computers are on the rise.
Product Watch: BitArmor Launches Cloud-Based Encryption Managed Service For USBs, Email, Disks
News  |  11/20/2009  | 
DataControl 4.0 service offers military-grade encryption for midsize companies
Storage As A Virtual Machine Details - Part Two
Commentary  |  11/20/2009  | 
Completing our storage as a virtual machine re-interviews were conversations we had with EMC and Nexenta. While our last entry focused on systems that leveraged virtual machines to deliver block I/O storage services these two companies are delivering something a little different, NAS services and backup services.
Twilight's Latest Hacking: Vampire Byte Scam Targets Stephanie Meyer Fans
Commentary  |  11/20/2009  | 
Scareware masquerading as an interview with Twilight author Stephanie Meyer is making the rounds, and fast. Time to pass the word to any of your employees who are Twilight-obsessed and, more importantly, have them pass the word to their kids who may well be chasing the phenomenon on the same computers their parents may use for work-at-home.
Page 1 / 4   >   >>


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
The Data Security Landscape Is Shifting: Is Your Company Prepared?
Francis Dinha, CEO & Co-Founder of OpenVPN,  8/13/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-1712
PUBLISHED: 2018-08-16
IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370.
CVE-2018-10139
PUBLISHED: 2018-08-16
The PAN-OS response page for GlobalProtect in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. PAN-OS 8.1 is NOT affected.
CVE-2018-10140
PUBLISHED: 2018-08-16
The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 and earlier may allow an authenticated user to shut down all management sessions, resulting in all logged in users to be redirected to the login page. PAN-OS 6.1, PAN-OS 7.1 and PAN-OS 8.0 are NOT affected.
CVE-2018-11771
PUBLISHED: 2018-08-16
When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream,...
CVE-2018-1715
PUBLISHED: 2018-08-16
IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 14700...