Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in March 2009
<<   <   Page 3 / 3
TRUSTe: Majority Of Small Businesses Have NO Privacy Policy
Commentary  |  3/10/2009  | 
A new survey of small businesses found that close to 60% of the 1,700 businesses polled had no privacy policy whatsoever and, according to privacy verification company TRUSTe, many of the other businesses simply grabbed their privacy policy from online sources.
Do Breach Notification Laws Work? Yes
Commentary  |  3/9/2009  | 
Apparently a good number of consumers who receive letters notifying them that their financial or credit card information has been breached are tossing the notifications without taking action. Does this mean these notices are worthless?
U.S. Cybersecurity Director Resigns, Blames NSA
News  |  3/9/2009  | 
Rod Beckstrom criticizes the NSA's dominance of most of the nation's cybersecurity initiatives.
National Cybersecurity Chief Quits In Dispute Over NSA's Role
Quick Hits  |  3/9/2009  | 
NCSC director Rod Beckstrom also complains of funding issues
Hazy Forecast For Cloud Computing Forensics
Commentary  |  3/9/2009  | 
The security of cloud computing is an area I've been following at a distance because I don't currently have any clients who have seriously considered moving any of their data and services into the "cloud." Something caught my eye on Friday, however, that piqued my interest in how security and forensic investigators may handle incidents that involve data and systems in the cloud.
No User Action Required In Newly Discovered PDF Attack
News  |  3/9/2009  | 
Malicious PDF sitting on hard drive can generate attacks exploiting unpatched Adobe Reader and Acrobat flaw, researcher finds
5 Ways To Avoid Adware And Malware
Commentary  |  3/9/2009  | 
Think you're protected from adware and malware? Think again. But here are five tips to avoid leaving your computer vulnerable.
Symantec: New Conficker/Downadup Defends Itself Against Defenses
Commentary  |  3/9/2009  | 
Good news: the Conficker/Downadup worm infection seems to be shrinking. Bad news: the worm-makers have developed a new strategy aimed directly at defeating defenses erected against it.
New Dark Reading Tech Center Highlights Insider Threats
Commentary  |  3/9/2009  | 
Today marks the official launch of the Insider Threat Tech Center, a subsite of Dark Reading devoted to bringing you news, opinion, and analysis of the security threats that come from inside the organization -- and the technologies used to prevent them. This is the first of what we hope will be several Dark Reading Tech Centers, which are designed to provide you with a more focused view of specific issues, threats, and tec
Reports: Security Pros Shift Attention From External Hacks To Internal Threats
News  |  3/9/2009  | 
Majority of IT and security execs say insider vulnerabilities worry them most
Insider Accused Of Stealing Data On 80,000 New York Cops
Quick Hits  |  3/6/2009  | 
Civilian allegedly made off with eight backup tapes containing pension data on most of the NYPD
Make Daylight Savings Time Daylight (And Nighttime!) Security Time
Commentary  |  3/6/2009  | 
The clock resets that come every spring and fall offer a convenient reminder to doublecheck security procedures and programs, patch status and also to remind your staff to change their passwords.
Tech Insight: How To Prevent Dangerous Leaks From Your Metadata
News  |  3/6/2009  | 
Three steps for protecting that easily accessible data about your files
Offensive Computing: A Bad Idea That Never Dies
Commentary  |  3/5/2009  | 
Your network is getting scanned from some system on the other side of the country, or perhaps the globe. You traceroute the IP address, and discern the offending system is infected with a bot that's trying to infect you. You take a look at the device and see it's not patched for a multitude of OS vulnerabilities. Is it ethical (never mind legal) for you to take the system down with some exploits of your own?
Microsoft Patch Day Won't Fix Excel Vulnerability
News  |  3/5/2009  | 
The vulnerability that Microsoft warned about just over a week ago affects files that use the old .xls binary format but not the newer .xlsx format.
Next Generation 'War-Dialing' Tool On Tap
News  |  3/5/2009  | 
Metasploit creator about to release free phone-system auditing tool that can scan 10,000 phone numbers in an eight-hour period
German Authorities Shut Down Cybercrime Ring's Web Forum
Quick Hits  |  3/5/2009  | 
Forum sold identity-theft tools, swapped information about malware and manufacturing phony credit cards
Identity Finder: Tax Time Is Identity Protection Time -- And Not Just Online!
Commentary  |  3/5/2009  | 
As tax season moves into higher gear, so do criminals' efforts to liberate your personal information from your private files. According to one identity theft expert, our online identity protection vigilance needs to be matched by offline wariness as well.
Storage QoS For Virtualized Environments
Commentary  |  3/5/2009  | 
As the initial wave of virtualization projects come to a close, many are finding an odd result. CPU utilization is actually lower than when it started. Now users are looking to pile on more workloads but before they do they need to prioritize storage I/O performance to those workloads; they need a QoS for storage.
'Tigger' Trojan Keeps Security Researchers Hopping
News  |  3/4/2009  | 
Unusual characteristics may make new malware tough to stop, experts say
Lack Of Manpower Leads To Insecurity
Commentary  |  3/4/2009  | 
The "PHPBB Password Analysis" blog entry here on Dark Reading by Robert Graham offers some truly interesting insight into how users choose passwords -- great info for infosec pros and hackers alike. What I want to point out is something Robert mentions about the phpBB hack in his company's Errata Security blog that
White House Issues Interim Statement On Cybersecurity Review
Quick Hits  |  3/4/2009  | 
Sixty-day review will result in recommendations for administration's cybersecurity organization
Gartner: Nearly 8 Percent Of U.S. Adults Lost Money To Financial Fraud In '08
News  |  3/4/2009  | 
Data breaches were major cause of consumer losses, followed by physical theft and phishing attacks
Symantec: Norton 360 v. 3.0 Released Today
Commentary  |  3/4/2009  | 
Symantec's third iteration of its Norton 360 Internet security product offers online backup and data management tools as well the expected array of anti-virus, firewall and identity protection. All, the company says, at higher speed while making lower system demands. Marketed to home users, the package can be effective for small offices as well.
Is Antivirus Software Slipping?
Commentary  |  3/3/2009  | 
A "study," released by a security firm just yesterday, points out the well-known weakness in signature-based antivirus software. But does this mean you shouldn't rely on antivirus software?
E-Commerce Fraud Leads To Lost Customers
News  |  3/3/2009  | 
Compared with the average consumer, victims of financial fraud are twice as likely to change their shopping, payment, and e-commerce behavior, a Gartner study finds.
Only 1 Percent of SSL-Secured Sites Use Extended Validation SSL
News  |  3/3/2009  | 
Calls for widespread EV SSL implementation are on the rise as SSL threats increase
iSCSI Strikes Back
Commentary  |  3/3/2009  | 
With all the talk about FCoE and NFS it seems that iSCSI has become the odd man out. All reports indicate that Dell continues to do well with the EqualLogic acquisition but what Hewlett-Packard is doing with its LeftHand Networks purchase remains unclear. Don't count iSCSI out yet, though -- companies are planning iSCSI storage solutions aimed r
Peter Parker's Uncle Ben Would Not Approve
Commentary  |  3/3/2009  | 
Note to Web browsers: With great power comes great responsibility.
New Gmail Flaw Lets Attacker Control 'Change Password' Function
Quick Hits  |  3/3/2009  | 
Cross-site request forgery (CSRF) vulnerability lets an attacker change Gmail user passwords and hack Gmail accounts -- but Google says it's tough to exploit
Facebook Insecurity: The Worm Returns
Commentary  |  3/3/2009  | 
Facebook and other social network users need to be on the alert for the return of the Koobface worm, which sniffs out cookies associated with social nets, then uses that info to spread itself to other network members.
P2P Leak Exposes Sensitive Data On Marine One
Quick Hits  |  3/2/2009  | 
Blueprints of president's helicopter exposed via open P2P connection in Iran
Breaking Out Of Your Zone
Commentary  |  3/2/2009  | 
There is a blog entry over at the Security Catalyst website titled "Running Outside the Zone" that I think all IT security pros should take the time to read, ponder and put into practice. I won't rehash all of the details here, but the gist of the post is that as an infosec professional, you need to get step outside your comfort zone once in a while. It helps you stay sharp, learn new skills and get better in some areas you'
Study: Antivirus Software Catches About Half Of Malware, Misses 15 Percent Altogether
News  |  3/2/2009  | 
Newly released data from Damballa finds nearly 5 percent of machines in enterprises are bot-infected
No New Payment Processor Data Breach After All
News  |  3/2/2009  | 
Visa says notice to card issuers was part of a known breach, but won't reveal which one
Sophos: Downadup May Cause Friday the 13th / Southwest Airlines Problems
Commentary  |  3/2/2009  | 
The Downadup/Conficker infestation may be about wreak a little more havoc. Security firm Sophos says the botnet is gearing up for a Friday the 13th move, with Southwest Airlines among its possible targets.
<<   <   Page 3 / 3


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30485
PUBLISHED: 2021-04-11
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.