Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in February 2010
<<   <   Page 2 / 4   >   >>
DHS Three Years Behind On Smart Card Project
News  |  2/19/2010  | 
The original completion for the issuance and use of identity cards to federal employees and contractors was Oct. 27, 2008
Czech Researchers Say 'Chuck Norris' Kicks Bots
News  |  2/18/2010  | 
Emerging botnet could redirect users to data-stealing sites, researchers say
Thousands Of Organizations Worldwide Hit By Widespread Malware Attack
News  |  2/18/2010  | 
Botnet bearing the Zeus Trojan infected 75,000 systems worldwide in 2,500 enterprises, government agencies
DHS Misses Target For Smart Card ID System
News  |  2/18/2010  | 
Poor management, insufficient funding, and deficient IT systems are blamed for a three-year delay by the Department of Homeland Security in issuing smart cards to 250,000 employees and contractors.
Rootkit Causing 'Blue Screen Of Death' On Newly Patched XP Machines
Quick Hits  |  2/18/2010  | 
Microsoft concludes that its MS10-015 patch isn't the cause; affected machines were already infected with the Alureon rootkit
Another Massive Breach Reveals Sorry State Of IT Security
Commentary  |  2/18/2010  | 
On the heels of the operation Aurora attacks, and constant stories about the Advanced Persistent Threat, another security firm has discovered a botnet that is responsible for stealing sensitive data from more than 2,500 companies over the past 18 months.
Product Watch: New Service Shuts Down Counterfeit-Brand Websites
News  |  2/18/2010  | 
An estimated $135 billion worth of counterfeit and pirated goods will be sold online in 2010, according to MarkMonitor
Apple Offers To Replace Faulty Drives
News  |  2/18/2010  | 
The hard drives on certain Macbooks are vulnerable, but Apple did not describe the conditions that could lead to drive failure.
Will Cyber Shockwave Make Some Waves?
Commentary  |  2/17/2010  | 
With March Madness coming up, I recently spent the morning in some rather distinguished company simulating the effect of a March Madness smartphone app that turned out (within the confines of the simulation) to be malware.
U.S. Fails Test In Simulated Cyberattack
News  |  2/17/2010  | 
Organizers, observers of 'Cyber Shockwave' conclude nation is not ready for the real thing
The Top 10 Enterprise Botnets
News  |  2/17/2010  | 
A Zeus botnet was one of the most prevalent to infiltrate U.S. enterprises last year, according to new data culled from Damballa customer networks
Mozilla's Add-On Policies And Spyware Surprises
Commentary  |  2/17/2010  | 
I've been using FlashGot on and off for years. It is a useful plug-in that helps you download multiple files from the same Web page "automagically." So when Firefox informed me about a new update for an add-on I've used for years, I clicked "OK" and updated it, only to find a surprise the next time I used Google.
Google Buzz Brings Complaint From Canada
News  |  2/17/2010  | 
The country's Privacy Commissioner wants Google to explain how its changes to Buzz will address privacy concerns.
Microsoft Investigating Possible Breach Of Windows Live ID
Quick Hits  |  2/17/2010  | 
Flaw might have enabled some users to see into other users' accounts, Microsoft says
Penetration Testing Is Sexy, But Mature?
Commentary  |  2/17/2010  | 
The buzz generated from Core Security's move to integrate with the Metasploit Framework has left me a little puzzled. Don't get me wrong: I love Metasploit. It's a fantastic tool that has certainly been put through its paces as a pen-testing tool -- it's free, open source, and extremely accessible to aspiring security professionals. And, of course, I've heard great things about Core's flagship product, Impact Pro. But the deal just seems like an odd move.
Cyberattack Drill Shows U.S. Unprepared
News  |  2/17/2010  | 
A group of high-ranking former federal officials scramble to react to mobile phone malware and the failure of the electricity grid in a staged exercise.
SMBs Face Growing Risks From Social Networks, Web 2.0
Commentary  |  2/17/2010  | 
A new SMB survey confirms that social networks and Web 2.0 applications pose a growing threat to SMBs and even those businesses with sufficient defensive resources struggle to thwart cybercriminals.
Google Acknowledges Privacy Issues With Buzz
News  |  2/17/2010  | 
Announces changes to its new social networking service to prevent it from compromising user privacy; EPIC complains to FTC anyway
Where Will You Get Your Storage Services From?
Commentary  |  2/17/2010  | 
Storage services is the intelligence added to storage systems that make them more than just a bunch of disk drives in a cabinet. This can range from the very basic RAID and LUN management functions to the more advanced snapshot and replication. The type of services a storage system is, to a large degree, where the vendors do battle. The differentiation between the services offered is often what makes you want one solution over the other.
New Report Examines Malware's Origins, Motivations
News  |  2/16/2010  | 
Defending against malicious software means understanding where it comes from, researcher says
Proposal Would Hold Software Developers Accountable For Security Bugs
News  |  2/16/2010  | 
SANS releases Top 25 list of the most dangerous programming errors; joins with Mitre, others, to push for contract language that makes custom app developers liable for vulnerabilities
Google Sorry About Buzz Privacy
News  |  2/16/2010  | 
But the company's apology isn't enough for the Electronic Privacy Information Center, which has just filed a complaint with the Federal Trade Commission.
DoD To Issue Stronger Security Guidelines To Defense Vendors
News  |  2/16/2010  | 
Threat looms with a wide variety of military information residing on external systems
Is It Time For Software Liability?
Commentary  |  2/16/2010  | 
MITRE and the SANS Institute, along with more than 30 U.S. and international cyber security organizations, released today an updated list of the 25 most dangerous programming mistakes. Software acquisition contract language, designed to protect software buyers from being held liable for faulty code, was also made available.
Core Integrates Its Penetration Testing Product With Metasploit
Quick Hits  |  2/16/2010  | 
Next version of Core Impact Pro commercial tool will work in concert with Metasploit
Military To Tighten Vendor Cybersecurity Policies
News  |  2/16/2010  | 
The Department of Defense is setting the stage for changes in how vendors handle unclassified military data.
DHS Counter Terrorism Exec Takes Office
News  |  2/16/2010  | 
Caryn A. Wagner, now at the Department of Homeland Security, is responsible for using IT to coordinate counter-terrorism efforts.
Measuring Database Security
Commentary  |  2/16/2010  | 
How much does it cost to secure your database, and how do you calculate that? One of the more vexing problems in security is the lack of metrics models for measuring and optimizing security efforts. Without frameworks and metrics to measure the efficiency and effectiveness of security programs, it's difficult both to improve processes and to communicate our value to nontechnical decision makers.
Tech Insight: Securing The Virtualized Server Environment
News  |  2/14/2010  | 
Virtualization offers many benefits, but how do you keep your data safe? Here are some steps you should follow
CISOs Help Deliver A Better Business
Commentary  |  2/13/2010  | 
Most organizations with Chief Information Security Officers that function independently from, but work closely with IT operations, experience less data loss, less business downtime, and also ease some of the pain associated with regulatory audits. Oh yeah: they also help deliver higher revenue, profit, and retain customers.
Social Engineering Scammers Offer Live Support
News  |  2/12/2010  | 
A new rogue antivirus scheme has enlisted live "support" personnel to deceive victims.
Oracle 0-Days
Commentary  |  2/12/2010  | 
During BlackHat, David Litchfield disclosed a security issue with the Oracle 10g and 11g database platforms. The vulnerability centers on the ability to exploit low security privileges to compromise Oracle's Java implementation, resulting in a total takeover of the database. While the issue appears relatively easy to address, behind the scenes this disclosure has raised a stir in database security circles. The big issue is not the bug or misconfiguration issue, or whatever you want to call it.
Apple's iPad Drives New App Creation
News  |  2/12/2010  | 
The iPad is a hit, at least with developers.
Google Buzz Gets Privacy Patch
News  |  2/12/2010  | 
Responding to complaints, the company has enhanced the privacy options for Buzz users.
Shell Employee Directory Leaked, Allegedly By Activist Workers
Quick Hits  |  2/12/2010  | 
Oil company acknowledges leak, but says it isn't sure current employees did the deed
Motorola Targets Corporate Split For 2011
News  |  2/12/2010  | 
The company says it will cleave itself into two separate entities, one focused on mobile devices for home and SMB users, the other for enterprise.
Trojan Makers Thumb Noses At Trojan Hunters -- In A New Trojan!
Commentary  |  2/12/2010  | 
The makers of the Zeus bankscam Trojan have nerve as well as criminal intent: A new variation of their credential-stealing malware includes a "Thank You" note to anti-virus companies!
Virtualization Vulnerabilities Up And Coming
Commentary  |  2/11/2010  | 
Microsoft's February 2010 Patch Tuesday was one of the bigger releases for Microsoft and its clients in the past two years -- 13 bulletins addressing 26 vulnerabilities.
Google Rejects Australian Censorship
News  |  2/11/2010  | 
The company's mission to organize the world's information and make it universally accessible has put it on a collision course with censors around the globe.
New Technology Offers Secure Electronic Payment Via Mobile Phones
News  |  2/11/2010  | 
Oxford University's technology provides secure channel for making peer-to-peer and person-to-person payments
Adobe Flash, Reader, Acrobat Vulnerable
News  |  2/11/2010  | 
The company has issued fixes for two vulnerabilities, but a third set of flaw affecting Reader and Acrobat won't be patched until next week.
Sights, Sounds (And Snow) Of ShmooCon 2010
Commentary  |  2/11/2010  | 
There are hacker conferences, and then there's ShmooCon. The annual East Coast convention was held during a major snowstorm in Washington, D.C., but that didn't stop researchers from sharing their latest exploits, hardware, and software inventions, and huddling over discussions about the latest security issues.
New Zeus Variant Taunts Antivirus Vendors
Quick Hits  |  2/11/2010  | 
Researchers discover 'hidden message' inside new variant of the banking Trojan
Google Buys Aardvark
News  |  2/11/2010  | 
With its first acquisition of 2010, Google is showing that it's serious about social networking.
JDSU To Acquire Agilent Testing Unit
News  |  2/11/2010  | 
The Agilent network solutions unit offers testing and measurement capabilities for LTE, WiMax, Bluetooth, and 3G/4G wireless technologies.
AOL, Facebook Integrate Instant Messaging
News  |  2/11/2010  | 
The AIM instant messaging service has leveraged Facebook's Chat application programming interface, enabling users to chat across environments.
Iran Shutters Google's Gmail Service
News  |  2/11/2010  | 
Iran will soon offer a national e-mail service, presumably to give the government more control over how Iranian citizens communicate
Consumers Fighting Back Against Identity Fraud, Study Says
News  |  2/11/2010  | 
Better detection, reporting results in more arrests and prosecution, Javelin reports
Changing Backup's Image
Commentary  |  2/11/2010  | 
In a recent briefing with Vizioncore they introduced their Backup 2.0 concept that is based on the value of image based backups. The concept of image based backups are not new and there are several companies that offer image based backup technology like NetApp, Symantec, Syncsort and others. Thanks to the wide acceptance of disk as a backup repos
How Much Crypto You Really Need
Commentary  |  2/11/2010  | 
Last month an international team of researchers announced they had managed to factor a 768-bit RSA key. This raises interesting questions about handling encryption and planning ahead in your security strategy.
<<   <   Page 2 / 4   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30485
PUBLISHED: 2021-04-11
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.