News & Commentary
Content posted in November 2010
|
Expert: BSIMM Can Help Enterprises Build Secure App Development Processes
A look at the BSIMM framework, and how it has helped 30 companies to write safer code
Verizon's VERIS Aims To Push Security Beyond Fuzzy Numbers
When it comes to sharing data in IT security the bad guys always seem to be way ahead. They employ far-flung networks used for sharing stolen data, buying and selling exploits, and information on how to launch successful attacks. However, when it comes to enterprises sharing attack and breach incident data there has not been a lot of sharing going on.
Feds' Crackdown Of Online Counterfeit, Copyrighted Goods Meets DNS Backlash
Alternative DNS systems emerge to pick up seized domains
Report: Biometrics And One-Time Passwords Gaining Traction Among Consumers
Improved technology, growing familiarity making alternative authentication more palatable to consumers
WikiLeaks Missives Contain Many Tech Secrets
The diplomatic cables include references to the alleged execution of an IT director in Iran, cybersecurity weaknesses in Brazil, and friction with Germany over information sharing.
New Tool Patches Offline VMs
Nuwa, named after the Chinese goddess who patched a hole in the sky, aims to fix cloud computing security hole
WikiLeaks Under Hack Attack
DDOS hit comes days after the Web site slipped highly sensitive government information to media outlets.
Pirate Bay Loses Copyright Conviction Appeal
A Swedish court has reduced the prison sentences, but increased the monetary damages levied against the founders of the file-sharing site.
United Arab Emirates: Open For Hacking?
Three-quarters of companies in UAE have no written security plan in place, study says
Do Password Crackers Help Database Security?
Password 'crackers' determine if passwords are strong or compliant with company policies, but do they improve database security?
Preventing Outsiders From Becoming Insiders
Physical security and employee awareness can stop in-building attacks, experts say
Slide Show: DDoS With The Slow HTTP POST Attack
Researchers demonstrate attack that picks on inherent flaw in HTTP
Are You Ready For High Speed Storage Interfaces?
A new wave of high speed storage interfaces is on the way offering improved storage I/O performance To see the expected performance improvement you have to do more than simply add drives with the new interface and install a host bus adapter in the server, you have to make sure every link in the I//O chain is ready.
Confirmation? Chinese Government May Have Been Behind Operation Aurora Hacks
We suspected there would be some interesting cyber security related news to come out of the thousands of cables released by WikiLeaks over the weekend. We were not disappointed.
New HTTP POST DDoS Attack Tools Released
Very slooowwww HTTP POST connections wage denial-of-service attack on Web-based servers
Zero Day Bug Bypasses Windows User Account Control
Local buffer overflow vulnerability tricks Microsoft operating systems into granting an attacker system-level user privileges.
Android Vulnerable To Data Theft Exploit
Google is preparing a fix for the bug that could allow attackers to use JavaScript to read files from handsets.
Healthcare Breach Highlights Need For More Security Insight
Triple-S Management, a managed care services provider in Puerto Rico, suffered a security breach that could have exposed the personal health care information of more than 400,000 customers.
Wikileaks Spills Security Beans On State Department
Chinese officials oversaw cyberattack on Google among range of potentially embarrassing revelations
FBI Warns Of Mobile Cyber Threats
Criminals will target holiday shoppers with SMS text and voice mail scams, or smishing and vishing, said the agency.
Wolfe's Den: Airport Scanner Patents Promise Not To Show Your 'Junk'
Rapiscan, the company supplying the controversial x-ray backscatter screeners, has won a patent for a machine which detects threats "with minimum display of anatomical details." Its competitors, and body scanner pioneer Martin Annis, are also pursuing enhanced privacy approaches. Here are the technology details.
5 Airport Body Scanner Patents Stripped Down
Here's a deep dive on five patents applying X-ray backscatter technology to airport contraband detection. These screening machines have been much in the news recently, amid controversy regarding both their effectiveness and the amount of radiation exposure to which travelers are subjected. The patents we'll look at are from prime players in the airport body scanner field. This list is led by Rapiscan Systems Inc. , of Torrance, Calif., which in 2009 won the TSA contract to supply whole-body imag
China Directed Google Attack, Leaked Cable Says
A trove of diplomatic communications released by Wikileaks includes the claim that Chinese officials oversaw the cyber attack on Google.
Taming the Beast: Preventing/Detecting Insider Threat
While many companies deal with the problem of insider threat, there are some practical things that can be done to both prevent and detect insider threat. Always remember, prevention is ideal but detection is a must.
Shuttle Discovery Launch Delayed
External fuel tank repairs are in process and NASA says the earliest Discovery will make its final trip to the International Space Station is Dec. 17.
Schwartz On Security: China's Internet Hijacking Misread
Core Internet security concerns aren't as sexy as hyping Chinese attacks, but concern over the potential assault is misplaced and distracts from the need to fix what's really broken.
Most Microsoft DLL Hijacking Vulnerabilities Remain Unpatched
Three months after they were first disclosed, only 15% of known bugs have been patched, reports ACROS Security.
Consumers Ignore Safe Online Shopping Guidance
Webroot survey finds that 52% of people don't check for an HTTPS connection before making purchases and 23% feel safe when using free, public wireless connections for e-commerce.
Facebook Christmas Tree Virus Hoax Spreading
Fake malware warnings multiplying faster than actual threats, says Sophos' Graham Cluley.
Healthcare Breach In Puerto Rico Could Affect More Than 400,000
Breach disclosure says employees gained unauthorized access to customer records
Opera 11 Beta Offers Tab Stacking
Opera joins Firefox in trying to provide users a better way to organize large numbers of open browser tabs.
Smartphones: The Next Generation Of Security Vulnerabilities?
Enterprises are seeing an explosion of smart devices entering the company and accessing their data. Security experts recommend some simple steps to tame the mobile beast
The Top Five Challenges In Securing Oracle Databases
Keeping Oracle data safe has never been easy. Here's a look at the challenges -- and some emerging tools for handling them
Researchers Uncover Holes In WebOS Smartphones
Linux-based platform prone to Web-injection vulnerabilities and targeted attacks for stealing data
DHS Cybersecurity Center Promotes Information Sharing
The MS-ISAC aims to give state and local governments the same real-time access to cybersecurity threat info that the federal government has.
Credential-Stealing Botnet Infects Website To Website
Kroxxu botnet infects servers, steals mostly FTP credentials
Enterprises Overlook Virtualization, Cloud In Disaster Recovery
Symantec study finds 44% of data on virtualized systems is rarely backed up, and 60% of virtualized servers are not included in disaster recovery plans.
Sophos Sees Macs OS Infected With Windows Sludge
Anti-virus firm Sophos shows that while Macs may be under increasing malware threats, most of the sludge its anti-virus software found targeted Windows systems - Apple users aren't out of the woods.
Thanksgiving IT Help
Tips for helping family members secure their computers for safe internet browsing and online shopping
What About Biometrics?
Integrating fingerprints in a standard way so that Web and enterprise applications can take advantage of them
Does SSD Make Sense In The Small Data Center?
Solid State Storage is often thought of as being used in one of two extremes. Either in the high end enterprise to acceleration databases or in the consumer netbook, smartphone market. The truth is that solid state storage can be used in a wide variety of applications in businesses of all sizes. The small data center with two to three servers should not exclude SSD from it's consideration.
Securing The PDF
New Adobe Reader X sandbox and Invincea's virtualized Document Protection offer new methods to combat PDF attacks
Federal Officials Honored For Continuous Security Monitoring Efforts
Vivek Kundra, the nation's CIO, U.S. Sen. Tom Carper, and John Streufert, CIO at the State Department helped uncover $300 million in inefficiencies related to certification and accreditation reporting
Web-Based Malware Infections Have Doubled Since Last Year, Report Says
More than 1.2 million sites were infected in Q3, according to figures from Dasient
Federal Reserve Hacker Indicted
Lin Mun Poo of Malaysia is accused of possessing more than 400,000 stolen credit and debit card numbers.
Air Force Launches Enormous Spy Satellite
A Delta IV Heavy rocket lifted off Sunday on a top-secret defense mission, according to the National Reconnaissance Office.
Check Point Survey: More Than Half Of U.K. Corporate Laptops Are Not Protected Against Theft Or Data Loss
A majority of businesses are potentially vulnerable to unauthorized network access
Alureon Malware Bites Windows 7
The threat's rootkit gets an upgrade to compromise Microsoft's 64-bit operating systems by defeating driver-signing security.
SOC 2.0: A Crystal-Ball Glimpse Of The Next-Generation Security Operations Center
Thanks to some fundamental shifts in security technology and thinking, the day-to-day activities of security professionals in large enterprises could take some sharp turns in the near future, experts say
Researchers: Be Wary Of New Trojan Attacks
A yet to be named developer has released a free software development kit for a new Trojan horse considered to be similar to the Zeus banking Trojan - prompting a warning from researchers at a German security firm.
|
White Papers
Video
10 Comments
Current Issue
5 Emerging Cyber Threats to Watch for in 2019Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2019-8955
PUBLISHED: 2019-02-21
PUBLISHED: 2019-02-21
PUBLISHED: 2019-02-21
PUBLISHED: 2019-02-21
PUBLISHED: 2019-02-21
From DHS/US-CERT's National Vulnerability Database CVE-2019-8955
PUBLISHED: 2019-02-21
In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the KIST cell scheduler.
CVE-2019-1698PUBLISHED: 2019-02-21
A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director (IoT-FND) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External E...
CVE-2019-1700PUBLISHED: 2019-02-21
A vulnerability in field-programmable gate array (FPGA) ingress buffer management for the Cisco Firepower 9000 Series with the Cisco Firepower 2-port 100G double-width network module (PID: FPR9K-DNM-2X100G) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) conditio...
CVE-2019-6340PUBLISHED: 2019-02-21
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RE...
CVE-2019-8996PUBLISHED: 2019-02-21
In Signiant Manager+Agents before 13.5, the implementation of the set command has a Buffer Overflow.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2019 UBM, All rights reserved
Tweet This