Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in November 2009
<<   <   Page 4 / 4
Microsoft: Windows 7 Malware Threat 'Sensationalized'
News  |  11/9/2009  | 
Software maker claims tests by security vendor don't tell the whole story.
Healthcare Providers Face Security Challenges
News  |  11/9/2009  | 
Three-quarters of organizations that conduct formal risk assessments have found patient data at risk, study says.
USB-Based Incident Response Tools
Commentary  |  11/9/2009  | 
Last month's "Using USBs For Incident Response" blog garnered a lot of e-mail responses asking about what tools are available, free or commercial, and how easy they were to use. While there isn't an "EASY" button that makes incident response and digital forensics easy for the layperson, there are tools that enable first responders to arrive on scene, pop a USB flash drive (or hard drive), grab volati
Despite Security Concerns, Social Networks Soar
Commentary  |  11/9/2009  | 
Security firm Palo Alto Networks peeked at the application use of more than 200 organizations around the globe, and found social networking growth on corporate networks is on fire. Will security concerns be the extinguisher? Don't count on it.
Microsoft Rolls Out Exchange Server 2010
News  |  11/9/2009  | 
Also announces Forefront Protection 2010 for Exchange Server, which helps Exchange Server customers further safeguard business information
Insider Threat Reality Check
Commentary  |  11/9/2009  | 
Organizations tend to think once they hire an employee or a contractor, that person is now part of a trusted group of people. Although an organization might give an employee additional access that an ordinary person would not have, why should it trust that person?
JailBroken iPhones Targeted By Rick-Rolling Worm
Commentary  |  11/8/2009  | 
The SANS Institute Internet Storm Center is warning users of jailbroken iPhones that a new worm is targeting their hacked phones. So how dangerous is it, really?
Gumblar Botnet Resurges
Quick Hits  |  11/6/2009  | 
Reactivation of Gumblar.cn domain could have ripple effect, researchers say
WiFi = Mobile Phone
Commentary  |  11/6/2009  | 
Traditionally, we've thought of WiFi as the way we connect to the Internet from our notebook computers. This is rapidly changing, with definite implications for security pros.
New Spamming Botnet On The Rise
News  |  11/6/2009  | 
'Festi' quickly jumps from sending about 1 percent of all spam to 5 to 6 percent, MessageLabs researchers say
Microsoft Plans Fixes For 15 Security Flaws
News  |  11/6/2009  | 
November's patch day is about half the size of October's massive fix.
Microsoft To Patch 15 Vulnerabilities
Commentary  |  11/5/2009  | 
As part of its monthly ritual, Microsoft in its Security Bulletin Advanced Notification for this month warned of a number of nasty vulnerabilities in its operating systems and productivity software.
Dissecting Microsoft's Latest Security Intelligence Report
Commentary  |  11/5/2009  | 
This week Microsoft published volume 7 of its Security Intelligence Report (SIR), covering January 2009 through June 2009.
Microsoft Expresses Cloud Privacy Commitment, Concerns
News  |  11/5/2009  | 
In a policy paper, Microsoft affirms its support for privacy in the cloud and calls for regulatory clarity.
Global CIO: Oracle Trapped By EU Politics As Sun Employees Suffer
Commentary  |  11/5/2009  | 
As thousands of Sun employees face layoffs, the EU ninnies focus on conjuring up an outcome that will make them seem less pathetic than they truly are.
Former Employees Face Five-Year Sentence After Allegedly Hacking Company Database
News  |  11/5/2009  | 
System access was still possible for almost two years using old passwords, indictment says
Major SSL Flaw Find Prompts Protocol Update
News  |  11/5/2009  | 
Vendors, IETF, have been working on a fix since last month for a newly discovered vulnerability in the SSL protocol that spans browsers, servers, smart cards, and other products
14 Charged In Tech Insider Trading Case
News  |  11/5/2009  | 
Investigators expand probe into securities fraud ring that penetrated major IT vendors.
Securing The Cyber Supply Chain
News  |  11/5/2009  | 
Many parties touch your organization's systems and software, potentially exposing them to malware, breaches, or worse. A new end-to-end approach is required to minimize the risks.
Little-Known Hole Lets Attacker Hit Main Website Domain Via Its Subdomains
Quick Hits  |  11/5/2009  | 
Proof-of-concept demonstrates how exploits on Google, Expedia, Chase Manhattan subdomains could lead to compromises of their main sites
Practical Analysis: The Fastest-Growing Security Threat
Commentary  |  11/5/2009  | 
SQL injections, more than any other exploit, can land your company in trouble. So why aren't you worried about them?
Serious SSL Vulnerability Found
News  |  11/5/2009  | 
A vulnerability in the most common data security protocol on the Internet could allow secure Web sessions to be hijacked.
Cloud Security Certification In Development, But It Won't Be Quick
Commentary  |  11/5/2009  | 
The news that formal security certification for cloud-based services is in development is welcome news indeed. The news that the players involved understand just how complicated devising a certification will be is also good news, however little it may seem so at the moment.
Is Antivirus Software Dead?
News  |  11/5/2009  | 
Always-on Internet connectivity is keeping malware concerns alive and well. We examine whether antivirus software is up to the task, or whether it's a security solution of the past.
Wolfe's Den: HP Revs Data Center Strategy, Stabbing At Cisco
Commentary  |  11/5/2009  | 
Hewlett-Packard has fired back at Cisco in the increasingly contentious race to field an overarching data-center strategy, which will enable enterprises to rein in the complexity of sprawling networks and rampant virtualization.
What To Do With Too Much Storage Performance
Commentary  |  11/5/2009  | 
I recently concluded a series that examined the components of the storage environment that can impact overall storage I/O performance. There was storage I/O bandwidth, controllers and drives. What if you are like
Corporate Breaches Increase Chances Of Consumer ID Theft, Study Says
News  |  11/4/2009  | 
When their data is leaked by a business, individuals are four times more likely to suffer identity theft, Javelin study says
IT Workers Building Security Into Their Career Strategies
Quick Hits  |  11/4/2009  | 
More tech professionals seeking security certifications, CompTIA study says
IBM CEO Sam Palmisano Talks With Global CIO
Commentary  |  11/4/2009  | 
In a rare and exclusive interview, the man who transformed IBM speaks out on business analytics, cloud computing, and the emerging Smarter Planet.
New Security Certification On The Horizon For Cloud Services
News  |  11/4/2009  | 
Cloud security cert would go beyond existing SAS 70, ISO 27001 standards
A Tool For Investigating Suspicious Activity
Commentary  |  11/4/2009  | 
Dealing with malware-infected computer systems can be time-consuming. If the compromised system has sensitive information, then often digital forensics will be employed to see whether the data was or could have been accessed by the malware. With the hit-or-miss performance of antivirus solutions and craftiness of malware authors, determining whether a computer system is infected is getting harder.
What DAM Does
Commentary  |  11/4/2009  | 
Database activity monitoring (DAM) tools have a range of capabilities, including data collection and analysis. But the real question is: How does this technology help you?
FBI: SMBs Losing Millions To Cybercrooks
Commentary  |  11/4/2009  | 
Cybercrooks may have tried to nab as much as $100 million from small and midsized U.S. businesses in payroll scams over he last year. Now the FBI is talking about how to protect yourself from this automated threat.
DDoS-As-A-Service Open For Business
Quick Hits  |  11/3/2009  | 
McAfee report says botnet operators are increasingly contracting out their botnets to distributed denial-of-service attack service providers
Global CIO: IBM's New CIO Sheds Light On Priorities And Plans
Commentary  |  11/3/2009  | 
After two months as IBM's first company-wide CIO, Pat Toole talks about battling 80/20, a massive data-center consolidation, cloud initiatives, and cutting 11,500 apps.
Researchers Create Hypervisor-Based Tool For Blocking Rootkits
News  |  11/3/2009  | 
New technology 'patches' the operating system kernel, protects it from rootkits
Fundamental Failures With Incident Response Plans
Commentary  |  11/3/2009  | 
I recently got back from a sizable IT security conference in London. As I've experienced countless times at shows, everyone was most intrigued by the war stories about organizations that were victims of a data breach. Security folks have an innate desire to learn what happened to others so they can prevent encountering the same fate -- or so they say. However, after personally investigating hundreds of data breaches for my clients, there seems to be a number of recurring themes that nobody seems
Fighting The Fear Factor
Commentary  |  11/3/2009  | 
It's hard work being prey. Watch the birds at a feeder. They're constantly on alert, and will fly away from food -- from easy nutrition -- at the slightest movement or sound. Given that I've never, ever seen a bird plucked from a feeder by a predator, it seems like a whole lot of wasted effort against not very big a threat.
Mainstreaming SSD
Commentary  |  11/3/2009  | 
Most of the major Solid State Disk (SSD) manufacturers and providers are reporting record sales both in terms of units and capacity being purchased. Much of this success is being driven by cost reductions in the technology and an increased understanding of how to best implement the technology. Mainstreaming SSD is going to require more than just price drops, its going to require intelligent leveraging of the technology.
Hacking Is A Way Of Life
Commentary  |  11/2/2009  | 
We've heard the stories and seen the statistics about insider attacks and how devastating they are to enterprises and their data. However, we've heard little about the underlying causes for many of the insider attacks other than it's the user's fault and the incident could have been avoided if proper precautions were in place. A recent article over at CSO Online sheds light on one of the causes and how it's due in large part to a generation gap and a need to stay connected.
Manhattan DA Announces Major ID Theft Indictment
Commentary  |  11/2/2009  | 
A Manhattan DA brought an 149-count indictment accusing a computer technician of stealing the identities of more than 150 employees of the Bank of New York Mellon and using those identities to orchestrate more than $1.1 million in thefts against charities and non-profits, among other institutions.
Bank IT Worker Charged In $1.1 Million Fraud
News  |  11/2/2009  | 
A computer technician has been indicted for stealing the identities of 150 Bank of New York employees, as well as for grand larceny and money laundering.
Microsoft Report: Worms Rise, New Vulnerabilities Decline
News  |  11/2/2009  | 
The new Microsoft Security Intelligence Report (SIR) found worm infections nearly doubled, vulnerability counts down by nearly one-third in the first half of 2009
Worms Invade Corporate Computers, Microsoft Finds
News  |  11/2/2009  | 
In its latest Security Intelligence Report, Microsoft documents the doubling of worms in enterprises during the first half of 2009.
New Trojan Kills The Zeus Trojan
Quick Hits  |  11/2/2009  | 
'Opachki' Trojan hijacks links for cash and deletes Zeus malware from the infected machine
Thwarting SQL Injection Threats
News  |  11/2/2009  | 
New Dark Reading report explores what database developers and database administrators can do about the pervasive SQL injection attack
Worm Infections Double In First Half Of Year: Microsoft
Commentary  |  11/2/2009  | 
Microsoft's latest Security intelligence Report confirms what we all know: worms are spreading faster and faster, and although rogue anti-virus scams remain the top threat, the rate of worm infection doubled in the first six months of 2009.
Pressure Grows To Name National Cybersecurity Coordinator
News  |  11/2/2009  | 
Five months after President Obama announced plans to appoint a cybersecurity coordinator, some members of Congress are getting impatient and pressing for action.
Global CIO: Juniper Attacks Cisco Head-On With Help Of IBM And Dell
Commentary  |  11/1/2009  | 
Sensing Cisco is distracted with its non-networking ventures as CIOs are growing unhappy with rising network costs, Juniper is going after Cisco full-bore with key new products and partners.
<<   <   Page 4 / 4


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21195
PUBLISHED: 2021-04-09
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.