News & Commentary

Content posted in March 2010
Page 1 / 4   >   >>
'Fog of War' Led To Operation Aurora Malware Mistake
News  |  3/31/2010  | 
McAfee says some malware disclosed as part of Google attacks was actually a separate infection and unrelated to targeted attacks out of China
When To Choose: Preventive VS Reactive Security
Commentary  |  3/31/2010  | 
Information security is an area of IT that can have an extremely varied budget based on the parent organizations' belief of whether or not they'll be hacked. It's a mentality that seems silly if you've been in the infosec biz for a while because you most likely have realized by now that everyone gets hacked or has a data breach at some point.
Microsoft, Google Call For Internet Privacy Changes
News  |  3/31/2010  | 
The Digital Due Process coalition says the same legal requirements for offline criminal investigations should apply to online information
Survey Says: More Than Half of Software Companies Deploying Secure Coding Methods
Quick Hits  |  3/31/2010  | 
Microsoft's Secure Development Lifecycle (SDL) one of the most popular tools among firms that practice secure coding, Errata Security report finds
Google: Hackers Targeted Chinese And Vietnamese
News  |  3/31/2010  | 
A botnet focused on Vietnamese users was erroneously associated with the cyber attacks from China.
Microsoft, Google Want Internet Privacy Changes
News  |  3/31/2010  | 
The Digital Due Process coalition says the same legal requirements for offline criminal investigations should apply to online information.
Insiders Not The Real Database Threat
Commentary  |  3/31/2010  | 
The recent incident where an HSBC employee raided a corporate database of customer information and then attempted to sell information to French tax collectors has been characterized as a user-access control issue. But I don't agree.
April Fools: Cybercrooks' Pranks Are No Joke
Commentary  |  3/31/2010  | 
The April 1 eruption of spyware, scamware, malware links and other bad stuff is upon us again. Are you and your company ready?
Organizations Rarely Report Breaches to Law Enforcement
News  |  3/30/2010  | 
Meanwhile, FBI says it's making the process more private and more of a two-way street
Microsoft Issues Emergency Internet Explorer Patch
News  |  3/30/2010  | 
Active attacks exploiting zero-day bug were underway against IE6, IE7, and patch addresses other vulnerabilities in IE8
FAA Launches Real-Time Security Pilot With IBM
News  |  3/30/2010  | 
The Federal Aviation Administration is using InfoSphere Streams software from IBM to perform "predictive security analytics" on massive volumes of data
Microsoft Releases Emergency Internet Explorer Patch
News  |  3/30/2010  | 
The patch addresses 10 vulnerabilities in the Web browser; Internet Explorer 6 and 7 users are most at risk.
FAA Teams With IBM On Cybersecurity
News  |  3/30/2010  | 
The Federal Aviation Administration is using InfoSphere Streams software from IBM to perform "predictive security analytics" on massive volumes of data.
Get To Know The Storage I/O Chain
Commentary  |  3/30/2010  | 
Storage performance problems are often circular challenges. You fix one bottleneck and you expose another one. You can't really fix storage I/O, all you can do is get it to the point that people stop blaming storage for the performance problems in the data center. Getting there requires knowing the storage I/O chain.
Reports: Social Networking Apps Pervasive But Not Under Control
Quick Hits  |  3/30/2010  | 
Financial and healthcare organizations increase use of these apps in-house, and overall, social networkers still leaving their profiles wide open to abuse
Malware Takes Over Windows, Adobe Updaters
Quick Hits  |  3/29/2010  | 
Latest variants overwrite updater programs and replace them with malicious versions that contain identical icons, version details
OS X Gets Massive Patch, Microsoft Closes Zero-Day
Commentary  |  3/29/2010  | 
Apple drops a patch for a staggering 88 vulnerabilities while Microsoft closes a hole in certain versions of Internet Explorer that have been under attack for several weeks.
Violation Of Sensitive Data Storage Policy Led To Exposure Of Info On 3.3 Million Student Loan Recipients
News  |  3/29/2010  | 
Removable media device stolen from Educational Credit Management Corp.'s (ECMC) headquarters contained Social Security numbers, names, addresses, dates of birth of people who had received federal student loans
Windows 7 Less Vulnerable Without Admin Rights
News  |  3/29/2010  | 
Most Windows 7 vulnerabilities can be mitigated by administrative rights limitations, report from BeyondTrust finds
TJX, Heartland Hacker Hit With A Second 20-Year Prison Sentence
News  |  3/26/2010  | 
'Cybercrime pusher' Albert Gonzalez today was handed a 20-year prison sentence for his breach of Heartland Payment Systems, 7-Eleven
Which Storage Protocol Is Best For VMware?
Commentary  |  3/26/2010  | 
In a recent entry in his blog, StorageTexan asks "why someone would choose to go NFS instead of doing block based connectivity for things like VSPhere?" and while I gave a brief opinion as a comment on his site, I thought I would take a little deeper dive here. Which storage protocol is best for VMware?
Tech Insight: Make The Secure Path Easy For Users
News  |  3/26/2010  | 
How to keep track of the systems and data on your network and make security policies simple, user-friendly
A Russian Strategist's Take On Information Warfare
Commentary  |  3/26/2010  | 
Today I'd like to introduce you to one of the main thinkers on information warfare, who most of you never heard of. S.P. Rastorguev (Расторгуев C.П.). He is a Russian strategist who unfortunately, as far as I can find, hasn't been translated.
Ransomware Continues To Soar
Commentary  |  3/26/2010  | 
New analysis on the ransomware trend shows how cyber thieves are increasingly holding systems hostage in an attempt to extort users.
EMR Data Theft Booming
News  |  3/26/2010  | 
Fraud resulting from exposure of electronic medical records has risen from 3% in 2008 to 7% in 2009, a 112% increase, researcher says.
SaaS Apps May Leak Data Even When Encrypted, Study Says
Quick Hits  |  3/26/2010  | 
'Side-channel' leaks could lead to exposure of sensitive information, researchers warn
Ninth State Department Insider Found Guilty Of Illegal Database Access
News  |  3/25/2010  | 
File clerk who snooped passport files of celebrities is latest to be discovered in two-year investigation
CEOs Paying Attention To Security, Study Says
News  |  3/25/2010  | 
CIO is the person most frequently held responsible for data protection, Ponemon survey says
Hacker Bypasses Windows 7 Anti-Exploit Features In IE 8 Hack
News  |  3/25/2010  | 
Microsoft's Data Execution Protection (DEP) and Address Space Randomization (ASLR) fail in hacks on IE 8, Firefox
How Safari Hacker Finds Bugs
Commentary  |  3/25/2010  | 
Multiple vulnerabilities in the mainstream browsers and other widely installed software came to light at the CanSecWest conference in Vancouver.
Toshiba Unveils 1TB 2.5 Inch HDD
News  |  3/25/2010  | 
The terabyte hard disk drive and a companion 750-GB model are targeted at mobile PCs, all-in-one desktops, televisions, and set-top boxes.
Yes, He Can--Hack Into President Obama's Twitter Account
News  |  3/25/2010  | 
'Hacker Croll' was able to access Obama's Twitter page and other users' accounts simply by guessing passwords
HSBC Database Breach Highlights Lack Of Accountability For IT Super Users
News  |  3/25/2010  | 
IT specialist had abused his database privileges to steal records of approximately 24,000 HSBC clients
House Bans File Sharing By Government Employees
News  |  3/25/2010  | 
Senate yet to consider the bill, which bans federal employees from using peer-to-peer networks at work or when accessing government networks at home.
President Obama's Twitter Account Hacked
News  |  3/25/2010  | 
French hacker is said to have guessed the President's password to illegally access his page on the micro-blogging service.
Hacker Cracks Internet Explorer 8 on Windows 7
Commentary  |  3/25/2010  | 
Despite the security measures included in Windows 7, two security researchers were able to defeat the security provided to users running Internet Explorer 8 on top of Microsoft's latest operating system.
Report: Most Targeted Attacks Originate From China
Quick Hits  |  3/25/2010  | 
While the majority of targeted email attacks come from U.S. email servers, the actual machines sending the emails reside mostly in China as well as Romania
Feds Focus On Cybersecurity Monitoring, Reporting
News  |  3/25/2010  | 
As the House introduces a cybersecurity overhaul bill, federal CIO Vivek Kundra broadly outlines new reporting requirements for federal agencies.
Cyber Attacks Reported By 100% Of Executives
News  |  3/24/2010  | 
A study conducted by the Ponemon Institute and sponsored by IBM shows growing recognition among C-titles executives of the importance of data protection.
Twitter: Spam Reduced To 1% Of Tweets Per Day
News  |  3/24/2010  | 
Spammy tweets decline, but researchers say 10 percent of active Twitter users still are spammers
Google Bolsters Gmail Security
News  |  3/24/2010  | 
New security feature provides notification of unusual account activity
Senate Committee OKs Cybersecurity Act
News  |  3/24/2010  | 
Bill includes amendments for how the president and private sector can work together to help secure critical infrastructure
March Madness: Hoop Dreams Spawn Malware Nightmares
Commentary  |  3/24/2010  | 
Some interesting stats from security firm Zscaler, Cisco Scansafe and eSoft point out the surge in business bandwidth consumption during NCAA games -- and warn that unwary searching for bracket listings could result in malware being dunked into your system.
Cybersecurity Bill Passes Senate Committee
News  |  3/24/2010  | 
Senators supporting the legislation, aimed at protecting the U.S. from cyberattacks, stress the need to enact it as soon as possible.
CEOs Paying Attention To Security, Study Says
Quick Hits  |  3/24/2010  | 
CIO is the person most frequently held responsible for data protection, Ponemon survey says
Legislators Propose International Cybercrime Cooperation Laws -- With Teeth
News  |  3/23/2010  | 
Hatch, Gillibrand say foreign countries need 'carrots and sticks' to learn proper cyber behavior
Effort Will Measure Costs Of Monitoring, Managing Network Security
News  |  3/23/2010  | 
Open-source Network Security Operations Quant goes live
Proceed Gradually With Fibre Channel Over Ethernet
Commentary  |  3/23/2010  | 
There has been some concern recently of Fibre Channel Over Ethernet's (FCoE's) readiness to be deployed as an IT infrastructure. While the technology will continue to develop, it should be suitable for many environments. No one should be suggesting that the move to FCoE is a total rip-and-replace, but more of a gradual move as the opportunity arises.
The Top 10 U.S. Cities At Risk For Cybercrime
Quick Hits  |  3/23/2010  | 
Seattle ranks No. 1 most vulnerable city in cybercrime incidents, according to new Symantec Norton, Sperling's BestPlaces report
Cyber Cities Attract Cyber Crooks -- Ya THINK?
Commentary  |  3/23/2010  | 
Symantec's new list of the top cities for cyber crime risks rounds up the usual suspects (the more cyber-savvy the city, the more crooks that come there) -- and offers some important reminders no matter where you work and live.
Page 1 / 4   >   >>

Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Now, we come here to play Paw-ke Man Go!"
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-01-20
Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter.
PUBLISHED: 2019-01-20
The Sky Go Desktop application 1.0.19-1 through 1.0.23-1 for Windows performs several requests over cleartext HTTP. This makes the data submitted in these requests prone to Man in The Middle (MiTM) attacks, whereby an attacker would be able to obtain the data sent in these requests. Some of the requ...
PUBLISHED: 2019-01-20
The ThreadX-based firmware on Marvell Avastar Wi-Fi devices allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of...
PUBLISHED: 2019-01-18
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
PUBLISHED: 2019-01-18
Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.