Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in December 2009
<<   <   Page 2 / 4   >   >>
Lab Test Results: Symantec, Kaspersky Lab, PC Tools, AVG, Detect The Most Zero-Day Attacks
News  |  12/17/2009  | 
AV-Test finds detection rates of 83 to 90 percent, but rival lab says rates are actually 29 to 64 percent
Privacy Group Files Complaint To FTC About Facebook
News  |  12/17/2009  | 
Recent changes will make too much user information available to the public, maintains the Electronic Privacy Information Center
Facebook Hit With FTC Complaint
News  |  12/17/2009  | 
Electronic Privacy Information Center files formal objection against social networking site's privacy changes.
Massive Outage Hits BlackBerry Service
News  |  12/17/2009  | 
RIM's Internet e-mail system plagued by nationwide disruption much of Thursday.
Review: Google Wave An Experimental Ride
News  |  12/17/2009  | 
The collaboration system combines e-mail, instant messaging, message boards, Wikis, and document-sharing tools -- to create something completely new.
Product Watch: IBM Replaces Passwords With Palm-Vein Biometrics In Single Sign-On
News  |  12/17/2009  | 
Fujitsu's PalmSecure LOGONDIRECTOR is integrated with IBM Tivoli Access Manager for Single Sign-On
Consumers Overestimate The Dangers Of Online Identity Theft, Study Says
Quick Hits  |  12/16/2009  | 
More than one-third of users think ID theft is most likely to happen online, but only 10 percent of the losses happen on the Web, researchers say
Readying For A Zero-Day Attack: Expect The Unexpected
News  |  12/16/2009  | 
In new report, Dark Reading describes methods for managing previously unknown vulnerabilities
Global CIO: Oracle-Sun A Bad Deal? Only A Fool Would Say That
Commentary  |  12/16/2009  | 
Oracle buying Sun is bad business, says Motley Fool, but that analysis is simply, well, foolish. Here's why.
Botnet Operators Infecting Servers, Not Just PCs
News  |  12/16/2009  | 
Web, FTP, and SSL servers are becoming handy tools for botnets to expand and multiply
Shadowserver Global Data Shows 'No One Is Immune' From Conficker
Quick Hits  |  12/16/2009  | 
Russia, U.S., and Ukraine are home to highest numbers of Conficker-infected IP addresses
Christmas Wish List: Patching & Whitelisting
Commentary  |  12/16/2009  | 
Christmas is next week, and if I were putting together a wish list of things to help lock down my enterprises, I'd have to put patch management and application whitelisting at the top. Why? It's simple. The two together could deliver the one-two punch to knockout the majority of compromises I've been seeing lately.
Cybercriminals Bypassing Two-Factor Authentication
News  |  12/16/2009  | 
Targeted attacks have resulted in theft of money and/or information, says Gartner
Product Watch: Bit9 Lists Top Vulnerable Applications Of 2009
News  |  12/16/2009  | 
Adobe apps top list of most vulnerable of the year
2010 Cybercrime Goals: Symantec
Commentary  |  12/16/2009  | 
What do cybercrooks want next year? According to Symantec Hosted Services, they want bigger and badder botnets, pathways through CAPTCHA traps, local language spam and plenty of hooks as good as Michael Jackson and Tiger Woods.
Global CIO: The World's Largest Private Cloud: Who's Number One?
Commentary  |  12/16/2009  | 
Its 13 petabytes include archived data from the world's top banks and pharma companies, and it's growing rapidly. The owner's name starts with A -- but it's not Amazon.
2010 Storage Trends Scale Out Storage
Commentary  |  12/16/2009  | 
This time of year I am always asked what storage trends will take off during the next year. I often resist because it is very hard to get it right. What I try to do is see what is likely to gain traction in the coming year. Over the next few entries we will explore some of the 2010 storage trends that you ought to be paying attention to. One of those is scale out storage.
Social Networking Developer Site Database Hacked In SQL Injection Attack
Quick Hits  |  12/15/2009  | 
32 million accounts exposed, Webmail accounts could be at risk as well
FTC Report Says SAFE WEB Act Is Working, Urges Congress To Keep It In Force
News  |  12/15/2009  | 
Three-year report says authority to work international cases is key to FTC's efforts to curb cybercrime
Adobe Reader, Acrobat Under Zero-Day Attack
News  |  12/15/2009  | 
New exploit in the wild capitalizes on flaw in JavaScript function, patch to come January 12
Government Grapples With EMR Security, Privacy
News  |  12/15/2009  | 
Healthcare providers aren't stepping up to protect privacy of electronic medical records. Can the government provide adequate data security?
Does The Fourth Amendment Protect E-Communications?
News  |  12/15/2009  | 
Issue heads to Supreme Court following a case in California
Global CIO: Welcome To The CIO Revolution, Circa 2010
Commentary  |  12/15/2009  | 
After the craziness that was 2009, what are the top strategic priorities for CIOs in 2010? Four world-class CIOs share their insights.
U.S. And Russia Talk Internet Security
Commentary  |  12/14/2009  | 
According to news reports, the American and Russian governments are engaged in talks designed to pave a way for a more secure Internet and a treaty to limit certain types of cyberweapons.
Hackers Take Aim At COFEE With DECAF
News  |  12/14/2009  | 
Anti-forensics tool promises to inhibit popular law enforcement software
Strong Authentication Not Strong Enough
News  |  12/14/2009  | 
Cyber thieves are defeating two-factor authentication systems. Gartner recommends defense-in-depth.
Full Disk Encryption: What It Can And Can't Do For Your Data
News  |  12/14/2009  | 
Protection depends on how implementation -- and user know-how
OMB, NIST Propose Cybersecurity Performance Metrics
News  |  12/14/2009  | 
Aimed at federal agencies, proposal calls for real-time monitoring
What It Takes To Have True Visibility Into Web Attacks
Commentary  |  12/14/2009  | 
I'm one of those people who takes extensive notes but rarely goes back and read them. Today was one of those exceptions: I was looking through Evernote for something, and a statement I'd copied some time ago stuck out.
Trojan Buzus Attack Passes 1.5 Million Infected Sites
Commentary  |  12/14/2009  | 
A widlfire-fast SQL injection that started picking up speed last week hasn't slowed down. Last week's hundreds of thousands of compromised sites have grown to more than 1.5 million, eSoft reports.
Global CIO: Oracle's EU Nemesis Mocked Intel After $1.5B Fine
Commentary  |  12/14/2009  | 
After fining Intel $1.5 billion, top EC bureaucrat Neelie Kroes joked about Intel sponsoring European taxpayers. What sort of joke was she planning for Oracle?
Global CIO: Oracle Customer Comments Will Force EU To Yield
Commentary  |  12/13/2009  | 
Oracle customers last week crushed the EU's case against Oracle by saying its databases don't compete with MySQL. But will the EU listen?
Product Watch: Core Adds Wireless To Penetration Test Tool
News  |  12/13/2009  | 
Impact Version 10 adds support for wireless support, more Web vulnerabilities
Report: Enterprise Endpoints Behaving Badly
Quick Hits  |  12/11/2009  | 
Scan of 100,000 endpoints at 25 different enterprises reveals unauthorized P2P activity, missing application agents, misconfigured or missing antivirus
Old-School Botnet Still Thriving
Quick Hits  |  12/11/2009  | 
New Trend Micro report details how IRC-based SDBOT is going strong with a new mission
Google Douses Privacy Fire
News  |  12/11/2009  | 
CEO Eric Schmidt's remarks are being taken out of context, the company says.
Apple: 'Nokia Chose To Copy The iPhone'
News  |  12/11/2009  | 
Mac maker accuses Nokia of infringing on 13 patents
Tech Insight: Learn To Love Log Analysis
News  |  12/11/2009  | 
Log analysis and log management can help breach detection and investigations
Cybersecurity Metrics Coming For Federal Agencies
News  |  12/11/2009  | 
Government agencies may soon be required to report a host of metrics focusing on real-time cybersecurity performance.
Why Stop At Automated Storage Tiering?
Commentary  |  12/11/2009  | 
Automated tiering, the transparent movement of data based on activity or type, is quickly proving itself to be a hot consideration for storage managers but why stop at automated tiering? Can't we make the entire storage ecosystem respond automatically based on environmental conditions and its available resources?
Security PR: How To Talk To Reporters
Commentary  |  12/11/2009  | 
Here are some tips for security professionals and security public relations representatives on how to pitch reporters when you have something new and exciting to share.
Global CIO: Riverbed Sees Cloud Computing Boom In 2010
Commentary  |  12/11/2009  | 
With CIOs looking to the cloud to help rekindle growth and CEOs dazzled by the economic promise, Riverbed is very bullish on cloud computing.
Choosing Email Security Services? Watch Your Step
News  |  12/10/2009  | 
New Dark Reading Tech Center report offers advice on what to look for -- and what to avoid -- in third-party services
How Organizations Get Hacked
Commentary  |  12/10/2009  | 
Want a better idea of how organizations get infiltrated, including detailed synopsis of how many successful data breaches occur? Sit down with a copy of the just released Verizon Data Breach Investigations Supplemental Report and you'll get a great idea.
Droid Smartphone Hacked
News  |  12/10/2009  | 
Exploit lets phone users gain administrative root access to Google Android-based phones
Microsoft Acquires Sentillion
News  |  12/10/2009  | 
Sentillion offers identity and access management systems for healthcare environments
Some 132K Websites Hit By New SQL Injection Attack
Quick Hits  |  12/10/2009  | 
ScanSafe reports widespread attack that continues to grow
Using Facebook To Social-Engineer A Business
Commentary  |  12/10/2009  | 
My firm was recently asked to compromise a company's network infrastructure using intelligence available from the Internet. The client's CIO was worried that social networking sites provided too much information about its employees and the company, so we discussed the possibility of using information gained from social networking sites to social-engineer our way into the customer's facility and, ultimately, into its network.
Top 15 Threats: How The Crooks Are Coming At You
Commentary  |  12/10/2009  | 
The latest Verizon Data Breach Report lists the top outside threats -- keyloggers, spyware, SQL injections, remote access and control -- and inside threats -- access and privilege abuse, usage and other policy violations -- that businesses have faced. The report is based on actual business's data breach experiences.
Global CIO: Why SAP Won't Match Oracle's 22% Maintenance Fees
Commentary  |  12/9/2009  | 
Here are five reasons why SAP won't make the awful mistake of raising annual maintenance fees to match Oracle at 22%.
<<   <   Page 2 / 4   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30485
PUBLISHED: 2021-04-11
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.