News & Commentary
Content posted in December 2010
|
Three 2011 Security Resolutions (for the uninitiated)
Chances are, when it comes to keeping your data safe, you aren't doing many of the things that you should. In fact, most of us don't do the good data hygiene things we should. Here's a short list of three essential things you need to be doing if you are not already.
New Snort Front-End Adds Speedy Analysis, Ease Of Use
Snorby is a new free, open-source analysis front-end to the popular Snort IDS that is fast and usable
Meet The "SMS of Death"
If a pair of German security researchers are correct, a successful SMS attack could cripple vast segments of mobile networks.
Trojan Targeting Android Phones
Geinimi malware displaying botnet characteristics can compromise a significant amount of information on a user's smartphone.
Information Security Predictions 2011
Here's my take on what big events will shape information security in the year ahead. (Or, maybe not).
Apple May Face More Privacy Lawsuits
Without definitive laws defining data privacy rights, Apple and other companies involved in developing mobile applications are likely to be targeted by consumers turning to the courts for protection.
Mozilla Claims Exposed Account Data Posed 'Minimal Risk'
The Firefox browser maker says it was able to account for every download of a partial database containing 44,000 inactive registered developer accounts that was left on a public server.
Nintendo Warns Children Should Skip 3DS
Because their eyes are still developing, kids under the age of 6 shouldn't use the handheld gaming device's 3D functions, said the company.
Apple, Social Networks Top Cybercrime Targets In 2011
McAfee threat predictions for the coming year forecast that Apple's increasing influence in personal computing, smartphones, and tablets will make it a prime target for cybercriminals.
Facebook Value Leaps 56% To $41.2 Billion
The social media giant led strong gains among privately held social media companies, including Groupon, Zynga, and Twitter, in the second half of 2010, finds analyst study.
Dell 'Looking Glass' Tab Specs Revealed
The 7' Android tablet will support 3G and Wi-Fi wireless networks according to documents the computer maker filed with the FCC.
As More SMBs Engage Online Security Concerns Grow
Almost three quarters of small and midsize businesses were victims of cyberattacks in the past year; these tips on Web hosting and cloud security can help boost your businesses defenses.
Amazon Says Kindle Best Selling Product Ever
Apple iPad owners are also buying e-readers according to the online retailer, which announced that sales of the Kindle have surpassed its previous all-time bestseller, "Harry Potter and the Deathly Hallows."
Why SMBs Aren't Buying DLP
Cost, complexity, and a dearth of complete solutions limit adoption rates for small and midsize businesses; revamping the architecture and packaging of DLP solutions is key to winning the SMB market.
Online Holiday Shopping Surges 15%
Mobile phones accounted for a larger share of the $36.4 billion consumers spent in November and December.
SCADA Security Heats Up
The use of Supervisory Control and Data Acquisition (SCADA) devices is growing. That growth is expected to continue to soar. According to research firm Frost & Sullivan SCADA revenues will grow from $4.6 billion last year to nearly $7 billion in 2016. Question is: What about security?
Happy Holidays From Dark Reading
Dark Reading staff takes brief hiatus; rebooting on Jan. 3
Pioneer Ships First 3D Blu-ray Players
The three models support the latest HDMI and audio formats, and can access content from streaming video services.
Why Don't Firewalls Work?
Even the best firewalls might fail an audit -- or get hacked -- if your enterprise doesn't follow proper change and configuration management practices. Here's a look at some of the common pitfalls that trip up firewall administrators
Microsoft Moves To Block Zero Day Attack
A French IT security firm recently warned of a new vulnerability that opens most versions of Microsoft Internet Explorer open to attack.
Targeted, Skilled Attacks Shaped 2010 Threats
While high-profile breaches like that of Google and the Stuxnet worm served as a wake-up call for many organizations, attackers continue to 'mow through' enterprises' systems and networks
Lessons Learned From Five Big Database Breaches In 2010
Second half of 2010 featured some major mess-ups that led to the exposure of sensitive data
Subcontractor Arrested For Stealing 15,000 SSNs From NY Disability Assistance Agency
Suspect lifted other personal information, as well, from computers storing New York state agency data
Fidelis Snags Anti-WikiLeaks Contracts
Security vendor is working with several federal agencies to prevent classified information on the Web from reaching unclassified government networks.
State Department Announces Cybersecurity Post
The position, planned before the recent WikiLeaks exposure, will report directly to Secretary of State Hillary Clinton and work to prevent data breaches involving confidential diplomatic information.
Why All The Big Deals?
Have you noticed that there seems to be a lot more "big" deals when it comes to storage acquisitions lately? Dell-Compellent, EMC-Isilon, HP-3PAR, EMC-Data Domain. This is not to say that there hasn't been smaller deals and part of the reason for the increase in big deals is perception, there is more to discuss which generates more press. There is however strategic reasoning behind the increase in larger deals.
100,000 Credit Cards Compromised By Data Breach
CitySights NY tour operator was storing card security codes in apparent violation of payment card industry regulations.
'Tis Attack Season: 5 Ways To Fight Back
For most of us, it's time for sleeping in, spending time with family, and ignoring e-mail. For criminals, it's time to go to work. Scammers are looking to exploit e-card traffic, sales promotions, and the general jolliness of Internet users. What better time to attack unwatched enterprise systems, siphon out data, and dig deeper into networks?
OpenBSD Project Finds Two Bugs In Software's IPsec Implementation
Up for debate: whether the FBI created a backdoor in the open-source operating system's code base
Facebook Testing Newsfeed Filter Options
Social media site testing an enhancement to allow users to customize the information they see.
OpenBSD Founder Believes FBI Built IPsec Backdoor
But Theo de Raadt said it is unlikely that the Federal Bureau of Investigation's Internet protocol security code made it into the final operating system.
Schwartz On Security: Don't Get Hacked For the Holidays
The Gawker data breach highlights how few companies employ passwords for security, and how many Web site users treat them as little more than a nuisance.
SIEM Gathers Steam In 2010
Strong market growth rate attracting new start-ups, but biggest slices are increasingly being hoarded by a very short list of SIEM vendors
Harvard Report: DDoS As A Weapon For Silencing Internet Speech
Berkman Center for Internet & Society report looks at breadth and impact of distributed denial-of-service attacks on independent media and human rights websites
41st Parameter Awarded Patent For Device Identification For Online And Mobile Commerce
DeviceInsight represents a significant advancement in the fight against online and mobile fraud
Gawker Details Missteps Behind Security Breach
The Gnosis group apparently faced few defenses in what it called a revenge attack on the prominent online media property.
What If Data Services Were Free?
Data services is my term for the storage software that most storage hardware vendors include to make their hardware a solution. The capabilities of these software applications include the basics like volume provisioning and advanced features like file services, snapshots, thin provisioning and replication. What if you could get these software functions for free and apply them to the hardware of your choice?
Britain Scraps Biometric National ID Cards
The identity register, billed as a way to increase security, was criticized for collecting too much information on United Kingdom citizens.
The Six Coolest Hacks Of 2010
Owned ATMs, a rogue cell tower, Firesheep, and a Samy comeback -- yep, it was a year to remember
Hulu Nixes IPO Plans
The online video site may look to its existing investors to raise capital, now that it's dismissed plans for a public stock offering, say reports.
Apple Unplugs WikiLeaks App
Other applications that connect users to Julian Assange's rogue Web site are still available for Google's Android platform.
Social Lender Prosper.com Drops Auction Model
Prosper.com says it will no longer allow lender bidding to set interest rates on new loans.
Being Your Own SSL Certificate Authority
How to address some key security and operational issues with managing and creating your own SSL CA
EU Investigating Intel's Plan To Buy McAfee
Sticking point is apparently Intel's stated intention to include previously standalone security features in its microprocessors
Microsoft Overhauls Free Antivirus Software
Firewall integration, a better heuristic antivirus scanner, and network traffic inspection added to Microsoft Security Essentials 2.0.
Google Adds 'Hacked Site' Alert To Search Results
New feature an expansion of Safe Browsing efforts
Intel Faces Antitrust Probe On Planned McAfee Acquisition
European Commission investigating whether proposed deal would box out competing antivirus products, reports the Wall Street Journal.
DHS Secretary Asserts Cybersecurity Leadership
Cybersecurity should be led by the Department of Homeland Security and not left to the market or the military, Janet Napolitano said.
University Of Wisconsin-Madison Leaves 60,000 SSNs Unprotected For Two Years
Colleges getting schooled on dangers of keeping social security numbers on file
Security Design Fail
It's common for routers to enable an HTTPS interface so that the device can be remotely administered. However, as was made clear this weekend, many routers are secured with hard-coded SSL keys that can be extracted and used by others.
|
White Papers
Video
3 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I want to tell an NSA joke but I feel like they've heard them all before.
Latest Comment: I want to tell an NSA joke but I feel like they've heard them all before.
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-17948
PUBLISHED: 2018-11-20
PUBLISHED: 2018-11-20
PUBLISHED: 2018-11-20
PUBLISHED: 2018-11-20
PUBLISHED: 2018-11-20
From DHS/US-CERT's National Vulnerability Database CVE-2018-17948
PUBLISHED: 2018-11-20
An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3.
CVE-2018-1779PUBLISHED: 2018-11-20
IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated attacker to cause a denial of service due to not setting limits on JSON payload size. IBM X-Force ID: 148802.
CVE-2018-19367PUBLISHED: 2018-11-20
Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case.
CVE-2018-19335PUBLISHED: 2018-11-20
Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug reports.
CVE-2018-19334PUBLISHED: 2018-11-20
Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axis) can be used to obtain sensitive information about the content of bug reports.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This