Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in November 2010
<<   <   Page 4 / 4
Vulnerabilities Found In Banking Apps
News  |  11/5/2010  | 
Security holes in Android and iPhone apps from PayPal, Bank of America, Chase, Wells Fargo, and more could give attackers access to financial data.
NoSQL: Not Much, Anyway
Commentary  |  11/4/2010  | 
I don't get the NoSQL movement. Most old-school database administrators don't. In fact, a lot of people don't understand what NoSQL is exactly because, quite frankly, there's not much there. Most of the features and functions we consider synonymous with databases are unwanted by developers of nontransactional systems and are falling by the wayside as companies push applications into the cloud.
New Technique Spots Sneaky Botnets
News  |  11/4/2010  | 
Tool could be used to detect activity from botnets such as Conficker, Kraken, and Torpig, which rotate domains in an effort to evade discovery and stay alive
Blekko Search Fails To Inspire
Commentary  |  11/4/2010  | 
The beta service that uses slashtags to narrow your search's sites and topics has some good ideas but too many shortcomings.
Feds, IATA Seek Tighter Cargo Security
News  |  11/4/2010  | 
With bombs found on aircraft originating from Yemen, the DHS and International Air Transport Association explore technology solutions to securing the global supply chain.
'Inoculator' Detects Stealthy Malware Without Agents
Quick Hits  |  11/4/2010  | 
HBGary commercializes technology used in the wake of Aurora attacks
Meru 802.11n Access Point Targets Enterprises
News  |  11/4/2010  | 
Entry-level wireless LAN offering links remote offices with corporate networks.
UniBrows Adds Security To Internet Explorer 6 Apps
News  |  11/4/2010  | 
Startup Browsium could help eliminate security concerns for firms that don't have the budget to update their IE6-based apps or intranets for safer browsers.
U.S. Cyber Command Opens Doors
News  |  11/4/2010  | 
The military command in charge of defending Department of Defense networks against cyber attacks is fully operational, about a month later than expected.
European Union To Update Privacy Laws
News  |  11/4/2010  | 
Google Street View, Facebook breaches prompt review of consumer protection, with goal to roll out regulations in 2011.
Viruses Lead SMB Security Concerns
News  |  11/4/2010  | 
Malware tops employee-generated data breaches among security concerns of small and midsize business, finds Trend Micro survey.
Amazon Says Cloud Beats Data Center Security
News  |  11/4/2010  | 
Security is a shared responsibility between the cloud provider and its customers, says Amazon Web Services security architect.
Images Could Change The Authentication Picture
News  |  11/3/2010  | 
New technologies leveraging brain's ability to recognize, remember images could propel image-based authentication commercially
Microsoft Issues Zero-Day IE Warning
News  |  11/3/2010  | 
Internet Explorer 9 is not affected and the risk is not significant enough to prompt an emergency patch.
WellPoint Sued For Delay In Disclosing Security Breach
News  |  11/3/2010  | 
Indiana Attorney General seeks $300,000 for failure to comply with state law
TSA Calls Tech Key To Combating Terrorism
News  |  11/3/2010  | 
New investments in technology and continued use of body scanners to secure airports are part of strategy outlined by Transportation Safety Administration's John Pistole.
Zeus Attackers Deploy Honeypot Against Researchers, Competitors
News  |  11/3/2010  | 
Phony administrative panel posts fake data on recent electronic quarterly federal tax payment attacks, fake 'new botnet' malware
Former IT Director Imprisoned For Hacking Employer's Servers
News  |  11/3/2010  | 
Darnell Albert-El gets 27-month sentence for deleting files at Transmarx as revenge for being terminated.
Google Settles Buzz Lawsuit
News  |  11/3/2010  | 
The company will set aside $8.5 million to fund privacy education, but Gmail users will not be compensated.
Hundreds Of Software Flaws Found In Android
Quick Hits  |  11/3/2010  | 
New open-source software integrity report from Coverity shows one-fourth of defects in the Android OS pose security problems
Is Cloud Storage Fluffy?
Commentary  |  11/3/2010  | 
Before continuing with our look at how to use cloud storage in your business, we need to take a quick detour and discuss if cloud storage is a legitimate platform to begin with. The term in a recent comment that was used to describe cloud storage is fluffy. I find that not only is cloud storage a tangible technology, it is something that businesses of all sizes should be leveraging in some form.
SMB Guide To Credit Card Regulations, Part 2: The Low-Hanging Fruit
Commentary  |  11/2/2010  | 
The PCI Security Standards Council has created a document outlining a prioritized approach to help businesses comply with PCI DSS. It's a way to grab the low-hanging fruit, helping businesses tackle some of the more simple tasks that can provide a greater security ROI. I've boiled it down here to help small to midsize businesses (SMBs) get started.
Sophos Launches Free Anti-Virus For Mac
News  |  11/2/2010  | 
Anti-Virus For Mac Home Edition runs in the background to intercept viruses, Trojans and other malware.
How Firesheep Can Hijack Web Sessions
Slideshows  |  11/2/2010  | 
Firesheep is a Firefox extension used to hijack web sessions, usually used over WiFi networks. Firesheep doesn't steal usernames and passwords, instead it copies session cookies used on authenticated websites. These are then used to impersonate the hijacked connection. Session hijacking, or sidejacking is a well known problem, ranking 3rd on OWASP's (Open Web Application Security Project) Top 10 Application Security Risk list. Attackers using Firesheep just need access to network traffic -- such
Wi-Fi, HomePlug Alliances Collaborate On Smart Grid Apps
News  |  11/2/2010  | 
Interoperability between Wi-Fi equipment and devices linked to powerline home networks at heart of joint effort.
Google Offers Bucks For Bugs In Its Web Applications
News  |  11/2/2010  | 
New vulnerability reward program could set precedent in white-hat Web hacking
Indiana AG Sues Wellpoint Over Health Data Breach
News  |  11/2/2010  | 
Consumer health data was at risk for 137 days through an unsecured Wellpoint website, alleges the suit filed against the health insurer.
Cloud Fusion: Webroot Buys Prevx
Quick Hits  |  11/2/2010  | 
Acquisition of U.K. cloud-based client security firm aims to lighten the security load for end users
Globalstar Launches Satellites For Planned Broadband Service
News  |  11/2/2010  | 
CEO Dalton targets over 200 rural communities, following FCC's efforts to stimulate mobile satellite services.
VeriSign Aims Wednesday Promotion At SMBs
News  |  11/2/2010  | 
VeriSign is offering a $298 discount on one year's worth of Trust seal
Google Brings Bug Bounty To Web Apps
News  |  11/2/2010  | 
Chromium's vulnerability rewards program has been extended to Google's Web properties.
Lookout Rolls Android Privacy App
News  |  11/2/2010  | 
Tool scans smartphone apps and reveals which are accessing private identity, location, and information.
Verisign Offers $1 Promo For Its Trust Seals
News  |  11/2/2010  | 
One-day promotion offered on Nov. 3 to help SMBs promote consumer confidence in their e-commerce sites.
Researchers To Demonstrate New Attack That Exploits HTTP
News  |  11/1/2010  | 
Issuing very slooowwww HTTP POST connections results in major denial-of-service attack on Web-based servers and can build "agentless" botnet
Tackling Insider Fraud From The Outside-In
News  |  11/1/2010  | 
Companies should use the same technologies that authenticate external customers to monitor employees and watch for insider attacks
Facebook Says Data Broker Bought User IDs
News  |  11/1/2010  | 
A handful of developers have been suspended for violating Facebook policies.
Startup Offers Cloud-Based Bot Detection Service
Quick Hits  |  11/1/2010  | 
Newly launched ipTrust headed by former IBM ISS executives
The 10 Most Common Database Vulnerabilities
News  |  11/1/2010  | 
Nearly half of weaknesses are directly or indirectly related to lax patch management practices
Firesheep Simplifies Stealing Logins
Commentary  |  11/1/2010  | 
Firefox extension created to shine a light on the problem of unencrypted websites fails, because rather than offering a solution, it only makes it worse.
RAID Rebuilds Will Kill The Hard Disk
Commentary  |  11/1/2010  | 
We've written about it before as have others. RAID rebuild times continue to increase and as they do the very technology that made the hard drive safe for the enterprise thirty years ago may now be its undoing. The time it takes to rebuild a drive, measured in double digit hours if not days, has a critical impact on performance and data reliability. The work arounds may lead you to solid state disk faster than you originally planned.
Google Sues U.S. Over Unfair Cloud Contract
News  |  11/1/2010  | 
The Department of the Interior's request for proposals to provide the agency with e-mail service is written to exclude Google, the company claims.
HP And The Scary Corporate Fifth Column Concept
Commentary  |  11/1/2010  | 
HP is currently in an epic and unprecedented battle with Oracle, and Oracle rarely leaves any company still standing that it focuses this much attention on.
<<   <   Page 4 / 4


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-32411
PUBLISHED: 2022-07-01
An issue in the languages config file of HongCMS v3.0 allows attackers to getshell.
CVE-2022-32412
PUBLISHED: 2022-07-01
An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell.
CVE-2022-34903
PUBLISHED: 2022-07-01
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
CVE-2022-32324
PUBLISHED: 2022-07-01
PDFAlto v0.4 was discovered to contain a heap buffer overflow via the component /pdfalto/src/pdfalto.cc.
CVE-2022-32325
PUBLISHED: 2022-07-01
JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c.