News & Commentary

Content posted in March 2009
Page 1 / 3   >   >>
Conficker's April Fools' Day Update Begins With A Yawn
News  |  3/31/2009  | 
The worm was designed initially to exploit a Microsoft Windows vulnerability that was patched last October.
Conficker's Real Threat
Commentary  |  3/31/2009  | 
Conficker is a real problem, but the world won't end on April Fool's Day. Here's why.
Final Hours Remain To Remove Conficker
Commentary  |  3/31/2009  | 
Whether this worm lives up to some of the hype as the-end-of-the-world-as-we-know-it, or proves to be a minor annoyance -- you're better off getting it off as many systems as possible. These recently updated tools help you to get that done.
EC Launches Probe Into Deep Packet Inspection
Quick Hits  |  3/31/2009  | 
Behavioral advertising services may violate users' right to privacy, official says
Card Based SSD's
Commentary  |  3/31/2009  | 
With Texas Memory Systems' recent announcement of their RamSan-20 they have joined Fusion-io in the Flash SSD on a card market. What is interesting about these solutions is that they make SSD attractive to a whole new host of users.
Attack Of The Mini-Botnets
News  |  3/31/2009  | 
All eyes may be on the big spamming botnets, but it's the small, silent ones that are most dangerous
Keep 'Deleted' Data From Coming Back To Haunt You
Commentary  |  3/31/2009  | 
On a typical PC, the "delete" button is a joke. Here's how to make sure you and your business don't end up as the punch line.
Homeland Security Keeps Tabs On Conficker Worm
News  |  3/30/2009  | 
The agency's US-CERT team created worm-scanning software for federal and state government agencies, commercial vendors, and critical infrastructure owners.
Spam Is Making A Comeback, Google Finds
News  |  3/30/2009  | 
The volume of unwanted messages has been creeping upward at a rate of about 1.2% per day as spammers try to rebuild the infrastructure they lost at McColo.
BorderWare: Dynamic Inspection Tackles Bad Site Explosion
Commentary  |  3/30/2009  | 
URL filters, however robust, wall off only a small per centage of malware sites and inappropriate content. How do you keep your employees -- and your business -- from being tagged by the larger universe of dangerous sites? Filtering on the fly is BorderWare's solution.
Despite Hype, Security Pros Not Panicked About External Threats
News  |  3/30/2009  | 
Most security pros worried about insiders and don't believe their systems will be infected from outside
Conficker Detection: Let Me Count The Ways
Commentary  |  3/30/2009  | 
The Internet has been abuzz with information about Conficker. First, it was something along the lines of the sky is falling and will land on April 1st. Then, we were told that April 1st wasn't a big deal because nearly all of the doom and gloom prophecies from the media were about features already in Conficker. Today, we saw a mass release of updates and a couple of new tools for detecting systems alr
New Free Scanners Available For Detecting Conficker Worm Infections
News  |  3/30/2009  | 
Researchers exploit worm's weakness and build network scanner technology that finds and cleans up victims' machines
'GhostNet' Infiltrates 1,300-Plus Computers Across More Than 100 Countries
Quick Hits  |  3/30/2009  | 
Canadian researchers discover a global cyberespionage network that targets attacks and can gain full control of hacked systems
Conficker: Loathing the FUD and Misunderstanding
Commentary  |  3/28/2009  | 
Despite having the code to analyze, and Conficker being in its third-generation: it seems the experts really don't know what's going to happen when Conficker.C strikes on April 1.
New Rootkit Attack Hard To Kill
News  |  3/27/2009  | 
BIOS-based hack demonstrated by Core Security Technologies evades antivirus software
Conficker April Fool's Attack: Hype From Hell Or Real Hellfire?
Commentary  |  3/27/2009  | 
The latest buzz about Conficker, the worm that's burrowed into millions of computers worldwide is that next Wednesday, April 1, may be it, the day the worm turns and wreaks havoc beyond belief. Emphasis on may be, as in: Maybe. Possibly. Perhaps.
Protecting Against The Politics Of Layer 8
Commentary  |  3/27/2009  | 
Discussions regarding security metrics appear nearly every other week on at least one of the mailing lists I follow. How do you measure your effectiveness as a security team, and what's the ROI of this security product? The list goes on. What I'd like to see is the number of breaches due to layer 8, specifically the political part of that "layer."
Companies Trash Security Policies Along With Sensitive Data
Quick Hits  |  3/27/2009  | 
Careless disposal could turn dumpsters into gold mines for data thieves, experts say
Conficker Worm Worries Exaggerated
News  |  3/27/2009  | 
The worm, which attempts to exploit a Microsoft vulnerability that was patched last October, has been evolving.
Social Networks Blurring The Line Into Citizen Journalism
Commentary  |  3/27/2009  | 
In 2006, Israel sent forces into Southern Lebanon during what is now known as the 2006 Lebanon War. Israel had security concerns about missiles harming its civilian population, but what it didn't bargain for was military citizen journalism.
Is Storage Commoditization Important?
Commentary  |  3/27/2009  | 
Is commodity storage good for the enterprise and if it is who should be delivering it? A recent post by Hitachi Data Systems, Hu Yoshida claims that I missed an important point in a recent blog that I wrote here about storage virtualization; the ability for virtualization to
Firms Taking Web App Security (More) Seriously
Commentary  |  3/26/2009  | 
Anyone in IT, who hasn't been living under a hard drive for the past decade, knows that poor application development processes have littered the Internet and corporate networks alike with trashy code that makes systems too susceptible to attack. Some companies, according to a new survey, are taking quality code more seriously.
Notorious Conficker Worm Still Alive And Infecting Unpatched PCs
News  |  3/26/2009  | 
Wily worm still confounds researchers, but no official botnet activity reported as of yet
Obama Cybersecurity Team Consults Rights Groups
News  |  3/26/2009  | 
Civil liberties, privacy, education, and public-private partnerships are at the forefront of the government's cybersecurity initiatives.
Top-Down Password Protection
News  |  3/26/2009  | 
New tools can corral administrator-level access, but plan ahead to avoid costly downtime.
Mozilla Pounces On New Firefox Zero-Day Exploit
Quick Hits  |  3/26/2009  | 
Vulnerability discovered in Firefox 3.0.x browsers considered critical
Data Held Hostage! Ransomware Scam Wants Your Money
Commentary  |  3/26/2009  | 
A new approach to an old wrinkle in cybercrime is showing up: data held hostage. The new ransomware tactic appears to be an evolution, and an aggressive one, of the scareware fake anti-virus scam.
You Can't DeDupe IT Administration
Commentary  |  3/26/2009  | 
Primary Storage Optimization is about putting more data in the same amount of physical space. Server Virtualization is about putting more virtual servers in the same physical space. These are great advances for the data center, but they do little if anything to make the IT staff more efficient and all the cost savings may go right out the window when you have to hire more people.
Scareware Morphs Into Ransomware
News  |  3/25/2009  | 
Vundo malware now encrypts users' files and then charges a fee to decrypt them
DSL Modems Becoming Botnet Zombies
News  |  3/25/2009  | 
Cybercriminals are using the PSYB0T botnet to take advantage of vulnerabilities in the NetComm NB5 modem-router.
Liar, Liar: New Service Uses Voice Analysis To Detect Truthfulness
Quick Hits  |  3/25/2009  | 
LiarCard analyzes and "hacks" emotions in voice calls
DIY Forensics & Incident Response Lab
Commentary  |  3/25/2009  | 
Continuing with the do-it-yourself lab theme, let's turn to the areas of incident response (IR) and forensics, and how they can benefit from an in-house security training lab. The most detrimental attitude I've run into is, "Oh, I've been to training on product X, so I'm prepared." WRONG!
A Cloud Can Save You Money...But What If the Cloud Goes Broke?
Commentary  |  3/25/2009  | 
I've been talking quite a bit about whether or not (not) users of cloud services can prove compliance with security, privacy and e-discovery laws. (Blog piece here. Alert issue here.) Now a story at The Register has me thinking about yet another issue--the inescapable question of financial stability.
A Cloud Might Save You Money...But What If The Cloud Goes Broke?
Commentary  |  3/25/2009  | 
I've been talking quite a bit about whether or not (not) users of cloud services can prove compliance with security, privacy, and e-discovery laws. Now a story from The Register has me thinking about yet another issue -- the inescapable question of a service provider's financial stability.
DIY Pentesting Lab
Commentary  |  3/24/2009  | 
In Friday's Tech Insight, I provided arguments for creating your own internal security lab and some of the benefits to both the business and the IT security professionals. This week, I want to provide more direction on what you'll need depending on your goal and focus of the lab. Today, we'll be looking at suggestions for security teams looking to learn more about and get their hands dirty wit
Router-Based Botnet On The Loose
Quick Hits  |  3/24/2009  | 
Researchers discover spreading of new botnet malware that targets DSL home routers and modems
Counterfeit Software Brings More Business Problems Than Just Being Illegit
Commentary  |  3/24/2009  | 
According to Microsoft, a third of businesses have bought counterfeit software, many without knowing it. And many of those businesses have found that in addition being illegal, counterfeit programs bring both technical problems and malware.
Hacking The Router Patching Conundrum
News  |  3/24/2009  | 
Now that recent research proves that exploiting Cisco routers isn't as hard as once thought, the pressure is on for enterprises that don't regularly patch to change their ways -- without upsetting the network infrastructure
Serious, Stealthy, Deadly BIOS Attack
Commentary  |  3/23/2009  | 
After covering IT security for well more than a decade, few new attacks scare the freckles off of my back. This persistent BIOS attack, as demonstrated by Alfredo Ortega and Anibal Sacco from Core Security Technologies is one of these new attack techniques.
Stuck In The Middle, Security Departments Turn To Outsourcing
News  |  3/23/2009  | 
More than half of enterprises are now using third-party security services, studies say
Microsoft Offers Free Tool For ID'ing Most Risky Bugs In Windows Applications
Quick Hits  |  3/23/2009  | 
New !exploitable Crash Analyzer helps developers focus on vulnerabilities most open to abuse
Phishing Gets Automated And We're All Getting Targeted
Commentary  |  3/23/2009  | 
Phishing expeditions business and personal data are rising to record levels, with fake anti-malware campaigns alone increasing by 225% in the last six months of 2008. Password-stealing Web sites jumped 827% IN 2008. The reason? The phishers are investing in automation.
Tech Insight: A DIY Security Testing Lab
News  |  3/20/2009  | 
When tough economic times do away with security training and other professional networking opportunities, it's time to roll up your sleeves and do it yourself
Panda: If You're Not In The Security Business Should You Be Handling Your Own Security?
Commentary  |  3/20/2009  | 
Panda Security's Managed Office Protection Security-as-a-Service outreach to small and midsized businesses includes lower cost of ownership and increased functionality. In a recent conversation, a Panda threat researcher posed a provocative question: If security isn't your core business,why are you managing your own security?
Vulnerability Found In Intel CPU Caching
Quick Hits  |  3/20/2009  | 
Flaw could allow attackers to remotely control Intel-based devices or extract data from memory
Small Business: The New Black In Cybercrime Targets
News  |  3/19/2009  | 
Enticed by poor defenses of mom-and-pop shops, hackers turn away from hardened defenses of banks and large enterprises
Cenzic: Top 10 Security Threats. Web Apps And Browser Lead The List.
Commentary  |  3/19/2009  | 
80% of security vulnerabilities related to the Web are applications, according to a new report from Cenzic, Inc. Chief among the vulnerable? Browsers, with Microsoft's Internet Explorer and Mozilla's Firefox leading the list b a long shot.
Lowering Your Security Expectations
Commentary  |  3/19/2009  | 
The security experts on a panel presented by the Secure Enterprise Network Consortium "painted a gloomy picture of the cybersecurity landscape," according to Federal Computer Week. The reason behind this is supposedly the ever-changing computing environment and threats that make it impossible for the best solutions to stay relevant. Instead, they are "likely to remain piecemeal and temporary." Haven'
SEC Settles With Stock Spammers
News  |  3/19/2009  | 
Agreement calls for two Houston men to pay about $3 million to the government.
Page 1 / 3   >   >>


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-13435
PUBLISHED: 2018-08-16
** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method to disable passcode authentication. NOTE: the vendor indicates that this is not an attack of interest w...
CVE-2018-13446
PUBLISHED: 2018-08-16
** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.1 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. ...
CVE-2018-14567
PUBLISHED: 2018-08-16
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.
CVE-2018-15122
PUBLISHED: 2018-08-16
An issue found in Progress Telerik JustAssembly through 2018.1.323.2 and JustDecompile through 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object (such as DLL or EXE) with an embedded resource file by clicking on the resource.
CVE-2018-11509
PUBLISHED: 2018-08-16
ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell.