News & Commentary
Content posted in November 2009
|
Global CIO: Fear Of Facebook For The Enterprise
Enterprise social networking, at its worst, looks like another way to get buried in data.
The Futility Of Security By Obscurity
Last week saw the launch of Shodan, a search engine for machines (servers, routers, etc.) connected to the Internet.
Free Tool Paints Picture Of Stealthy Attacks
Honeynet Project's 'Picviz' gets a graphical user interface
July Theft Of Navy Laptops Serves As Important Reminder
Bottom line: External storage drives shouldn't be overlooked as a security risk
IBM Buys Database Security Company
By purchasing Guardium, IBM is strengthening its ability to sell to healthcare and financial companies.
Security Gets Top Billing On Cyber Monday
FBI, others offer tips to protect shoppers during online shopping season
Product Watch: IBM Buys Database Security Firm Guardium
Big Blue plans to integrate Guardium's database activity monitoring technology into its information management software products
AppGate Introduces AppGate Mobile Filter Version 1.1
AppGate Mobile Filter version 1.1 allows administrators to fully control browsing from mobile units
Security Lessons From Couple's White House Hijinks
Even the most stringent security procedures have failures. That fact was evident when the U.S. Secret Service learned a Virginia couple slipped into last week's state dinner at the White House.
'Black Screen of Death' Linked To Microsoft Patch
A recent Microsoft security fix has been fingered as one of several possible causes of black screen Windows crashes.
Heap Spraying: Attackers' Latest Weapon Of Choice
Difficult to detect reliably, heap spraying was behind an exploit of IE and Adobe Reader
Famous Password Auditing Tool, L0phtCrack Is Back
After a couple of years of rest, L0phtCrack, one of the most famous password auditing and recovery tools is back.
Navy Finds Lessons In Stolen Laptops, Storage Drives
The theft of computer equipment from a Naval office turned out to be less serious than feared, but served as a reminder on the importance of securing external hard drives and encrypting data.
Cloud Storage Now
Cloud storage is constantly being discussed in the IT media today. When you get right down to it, what can businesses really use cloud storage for now? The small office, individual user has embraced cloud storage for backups and for collaboration, but what can larger businesses use these services for?
Global CIO: Oracle, Larry Ellison, The EU, And MySQL
Would you be shocked--shocked!--to learn that the EU's battle against Oracle is all about politics, power, and preserving jobs?
Microsoft Provides Insight Into Password Attacks
For about a year now, Microsoft has been trying to gather data on real-world attacks, the types of attacks normal users might encounter in their day to day Internet use - and the software maker just released some interesting data on password attacks.
Secure Software Needs Careful Testing--And Lots Of It
Security must be woven throughout the software development process. Testing tools are helping make that happen.
Kudos To F-Response's New IR Tool For Ease Of Use
F-Response TACTICAL will be released on Thanksgiving Day, with the promise of a plug-and-play ease to help cyber investigators quickly get the evidence they need from live systems.
New Exploit Masquerades As Flash Player Upgrade
Phishing campaign has hit more than 3.5 million mailboxes, researchers say
Spammer Gets Four Years In Slammer
'Godfather of Spam' Alan Ralsky and three associates sentenced for stock fraud spam scheme
Security Is Chief Obstacle To Cloud Computing Adoption, Study Says
Half of organizations say they have no plans to use cloud technology; many cite security concerns
NIST Director Sees Key Role In Emerging Technologies
Newly confirmed director Patrick Gallagher outlines the agency's efforts in healthcare IT, smart grid, and cybersecurity.
Cyber Monday Security Risks Are All Business
Why Cyber Monday for the online shopping surge? Because for many, Monday's the first working day after Thanksgiving. Which means they can do their online shopping on business time, on the business dime, using business machines over business connections. You may not be able -- or want -- to do anything about the productivity drop, but at least you can tell your people to shop safely.
Stay On Top of Source Code Security Flaws
Fortify's 360 Server helps developers track flaws and fixes in applications.
Exploit Code Targets Internet Explorer Zero-Day
There's exploit code circulating that can be used to target certain versions of Internet Explorer, Microsoft says it's working on a fix.
'Godfather Of Spam' Gets Four Years In Prison
Prosecutors hope the prison sentence sends a message to spammers.
CSI Annual Report: Financial Fraud, Malware On The Increase
Security pros generally happy with products; not so much with awareness programs
Microsoft Issues Internet Explorer Security Advisory
Users of Internet Explorer 6 and 7 may be vulnerable to a malware attack.
NIST Urges Feds To Continuously Monitor Cybersecurity Efforts
New document puts more onus on applying risk management throughout the life cycle of IT systems
Report: China's After U.S. Secrets, Technology
U.S.-China Economic and Security Review Commission notes a 'marked increase in cyber intrusions originating in China and targeting U.S. government and defense-related computer system'
Microsoft Warns Of Zero-Day Flaw In Older Versions Of IE
Pointer reference flaw could enable attackers to run their own code on IE machines, software giant says
Employees Stealing Data At Frightening Rate
Two new studies indicate that workers are not only able to steal confidential data from employers, they're ready and willing to do so -- at rates that are troubling, if not downright frightening.
The Future Of Storage As A Virtual Machine
In our last few entries we looked at what can be done today with storage software running as virtual machines. In this entry we will consider what the future holds for storage as a virtual machine. Storage as a virtual machine may be the only way you apply data services in the future.
Employees Willing To Steal Data; Companies On The Alert
Separate studies offer a scary glimpse into the minds of employees, management
Many Enterprises Still Struggling With Remote Security, Cisco Study Finds
Businesses still not prepared for mobile devices, operational disruptions, report says
New Tool For Centralizing Windows Logs
Microsoft has always overlooked centralized logging in Windows. To date, the most effective way to centralize Windows Event Logs has been through event log to syslog tools and custom agents for the various SIEM solutions. But now there's a new kid on the block with a full-featured agent that goes beyond what's previously been offered for free.
Product Watch: Database Acquisition Could Help Check Point Handle Social Network Attacks
Additional data will help Check Point provide security in Web 2.0 environs, officials say
Jailbroken iPhones Vulnerable To 'Duh' Worm
Cybersecurity companies are warning that new malware can turn modified iPhones and iPods into zombies.
Encryption Making Little Headway Among IT Pros: Survey
Only 14% of respondents to InformationWeek Analytics' State of Encryption Survey say encryption is pervasive in their organizations
NIST Drafts Cybersecurity Guidance
The National Institute for Standards and Technology is urging the government to continuously monitor its own cybersecurity efforts.
New Facebook Worm Warning: Wanna See Something Hot?
A new Facebook worm is making the rounds today, with a brilliant landing page that has already caused many infections.
Cisco Rolls Out iPhone Security App
The SIO To Go app sends realtime alerts to users' iPhones, notifying of attacks and potential threats to corporate networks.
Microsoft: 'TaterF' Worm Top Malware Threat So Far This Month
Software giant reveals November stats from Malicious Software Removal Tool
Former Database Administrator Convicted Of Hacking His Old Firm
Ex-employee attacked his old database months after being terminated
Chrome OS Security: Initial Impressions
There is much developers can do to build a secure operating system when limits are set on what devices are supported, and there's no regard for compatibility with all types of software applications. I'm sure it's a luxury some software designers in Redmond and Cupertino certainly envy. But that's the clean shot Google has with its new Chrome OS.
Three Indicted For Comcast Site Hack
'Kryogeniks' gang redirected traffic to its own Web page in 2008
China Cyber Espionage Threatens U.S., Report Says
A Congressional advisory report warns that cyber attacks against defense computers are on the rise.
Product Watch: BitArmor Launches Cloud-Based Encryption Managed Service For USBs, Email, Disks
DataControl 4.0 service offers military-grade encryption for midsize companies
Storage As A Virtual Machine Details - Part Two
Completing our storage as a virtual machine re-interviews were conversations we had with EMC and Nexenta. While our last entry focused on systems that leveraged virtual machines to deliver block I/O storage services these two companies are delivering something a little different, NAS services and backup services.
Twilight's Latest Hacking: Vampire Byte Scam Targets Stephanie Meyer Fans
Scareware masquerading as an interview with Twilight author Stephanie Meyer is making the rounds, and fast. Time to pass the word to any of your employees who are Twilight-obsessed and, more importantly, have them pass the word to their kids who may well be chasing the phenomenon on the same computers their parents may use for work-at-home.
|
White Papers
Video
0 Comments
Current Issue
Flash Poll
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security — even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-10839
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
From DHS/US-CERT's National Vulnerability Database CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This