Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in March 2010
Page 1 / 4   >   >>
'Fog of War' Led To Operation Aurora Malware Mistake
News  |  3/31/2010  | 
McAfee says some malware disclosed as part of Google attacks was actually a separate infection and unrelated to targeted attacks out of China
When To Choose: Preventive VS Reactive Security
Commentary  |  3/31/2010  | 
Information security is an area of IT that can have an extremely varied budget based on the parent organizations' belief of whether or not they'll be hacked. It's a mentality that seems silly if you've been in the infosec biz for a while because you most likely have realized by now that everyone gets hacked or has a data breach at some point.
Microsoft, Google Call For Internet Privacy Changes
News  |  3/31/2010  | 
The Digital Due Process coalition says the same legal requirements for offline criminal investigations should apply to online information
Survey Says: More Than Half of Software Companies Deploying Secure Coding Methods
Quick Hits  |  3/31/2010  | 
Microsoft's Secure Development Lifecycle (SDL) one of the most popular tools among firms that practice secure coding, Errata Security report finds
Google: Hackers Targeted Chinese And Vietnamese
News  |  3/31/2010  | 
A botnet focused on Vietnamese users was erroneously associated with the cyber attacks from China.
Microsoft, Google Want Internet Privacy Changes
News  |  3/31/2010  | 
The Digital Due Process coalition says the same legal requirements for offline criminal investigations should apply to online information.
Insiders Not The Real Database Threat
Commentary  |  3/31/2010  | 
The recent incident where an HSBC employee raided a corporate database of customer information and then attempted to sell information to French tax collectors has been characterized as a user-access control issue. But I don't agree.
April Fools: Cybercrooks' Pranks Are No Joke
Commentary  |  3/31/2010  | 
The April 1 eruption of spyware, scamware, malware links and other bad stuff is upon us again. Are you and your company ready?
Organizations Rarely Report Breaches to Law Enforcement
News  |  3/30/2010  | 
Meanwhile, FBI says it's making the process more private and more of a two-way street
Microsoft Issues Emergency Internet Explorer Patch
News  |  3/30/2010  | 
Active attacks exploiting zero-day bug were underway against IE6, IE7, and patch addresses other vulnerabilities in IE8
FAA Launches Real-Time Security Pilot With IBM
News  |  3/30/2010  | 
The Federal Aviation Administration is using InfoSphere Streams software from IBM to perform "predictive security analytics" on massive volumes of data
Microsoft Releases Emergency Internet Explorer Patch
News  |  3/30/2010  | 
The patch addresses 10 vulnerabilities in the Web browser; Internet Explorer 6 and 7 users are most at risk.
FAA Teams With IBM On Cybersecurity
News  |  3/30/2010  | 
The Federal Aviation Administration is using InfoSphere Streams software from IBM to perform "predictive security analytics" on massive volumes of data.
Get To Know The Storage I/O Chain
Commentary  |  3/30/2010  | 
Storage performance problems are often circular challenges. You fix one bottleneck and you expose another one. You can't really fix storage I/O, all you can do is get it to the point that people stop blaming storage for the performance problems in the data center. Getting there requires knowing the storage I/O chain.
Reports: Social Networking Apps Pervasive But Not Under Control
Quick Hits  |  3/30/2010  | 
Financial and healthcare organizations increase use of these apps in-house, and overall, social networkers still leaving their profiles wide open to abuse
Malware Takes Over Windows, Adobe Updaters
Quick Hits  |  3/29/2010  | 
Latest variants overwrite updater programs and replace them with malicious versions that contain identical icons, version details
OS X Gets Massive Patch, Microsoft Closes Zero-Day
Commentary  |  3/29/2010  | 
Apple drops a patch for a staggering 88 vulnerabilities while Microsoft closes a hole in certain versions of Internet Explorer that have been under attack for several weeks.
Violation Of Sensitive Data Storage Policy Led To Exposure Of Info On 3.3 Million Student Loan Recipients
News  |  3/29/2010  | 
Removable media device stolen from Educational Credit Management Corp.'s (ECMC) headquarters contained Social Security numbers, names, addresses, dates of birth of people who had received federal student loans
Windows 7 Less Vulnerable Without Admin Rights
News  |  3/29/2010  | 
Most Windows 7 vulnerabilities can be mitigated by administrative rights limitations, report from BeyondTrust finds
TJX, Heartland Hacker Hit With A Second 20-Year Prison Sentence
News  |  3/26/2010  | 
'Cybercrime pusher' Albert Gonzalez today was handed a 20-year prison sentence for his breach of Heartland Payment Systems, 7-Eleven
Which Storage Protocol Is Best For VMware?
Commentary  |  3/26/2010  | 
In a recent entry in his blog, StorageTexan asks "why someone would choose to go NFS instead of doing block based connectivity for things like VSPhere?" http://storagetexan.com/2010/03/25/the-debate-why-nfs-vs-block-access-for-osapplications/ and while I gave a brief opinion as a comment on his site, I thought I would take a little deeper dive here. Which storage protocol is best for VMware?
Tech Insight: Make The Secure Path Easy For Users
News  |  3/26/2010  | 
How to keep track of the systems and data on your network and make security policies simple, user-friendly
A Russian Strategist's Take On Information Warfare
Commentary  |  3/26/2010  | 
Today I'd like to introduce you to one of the main thinkers on information warfare, who most of you never heard of. S.P. Rastorguev (Расторгуев C.П.). He is a Russian strategist who unfortunately, as far as I can find, hasn't been translated.
Ransomware Continues To Soar
Commentary  |  3/26/2010  | 
New analysis on the ransomware trend shows how cyber thieves are increasingly holding systems hostage in an attempt to extort users.
EMR Data Theft Booming
News  |  3/26/2010  | 
Fraud resulting from exposure of electronic medical records has risen from 3% in 2008 to 7% in 2009, a 112% increase, researcher says.
SaaS Apps May Leak Data Even When Encrypted, Study Says
Quick Hits  |  3/26/2010  | 
'Side-channel' leaks could lead to exposure of sensitive information, researchers warn
Ninth State Department Insider Found Guilty Of Illegal Database Access
News  |  3/25/2010  | 
File clerk who snooped passport files of celebrities is latest to be discovered in two-year investigation
CEOs Paying Attention To Security, Study Says
News  |  3/25/2010  | 
CIO is the person most frequently held responsible for data protection, Ponemon survey says
Hacker Bypasses Windows 7 Anti-Exploit Features In IE 8 Hack
News  |  3/25/2010  | 
Microsoft's Data Execution Protection (DEP) and Address Space Randomization (ASLR) fail in hacks on IE 8, Firefox
How Safari Hacker Finds Bugs
Commentary  |  3/25/2010  | 
Multiple vulnerabilities in the mainstream browsers and other widely installed software came to light at the CanSecWest conference in Vancouver.
Toshiba Unveils 1TB 2.5 Inch HDD
News  |  3/25/2010  | 
The terabyte hard disk drive and a companion 750-GB model are targeted at mobile PCs, all-in-one desktops, televisions, and set-top boxes.
Yes, He Can--Hack Into President Obama's Twitter Account
News  |  3/25/2010  | 
'Hacker Croll' was able to access Obama's Twitter page and other users' accounts simply by guessing passwords
HSBC Database Breach Highlights Lack Of Accountability For IT Super Users
News  |  3/25/2010  | 
IT specialist had abused his database privileges to steal records of approximately 24,000 HSBC clients
House Bans File Sharing By Government Employees
News  |  3/25/2010  | 
Senate yet to consider the bill, which bans federal employees from using peer-to-peer networks at work or when accessing government networks at home.
President Obama's Twitter Account Hacked
News  |  3/25/2010  | 
French hacker is said to have guessed the President's password to illegally access his page on the micro-blogging service.
Hacker Cracks Internet Explorer 8 on Windows 7
Commentary  |  3/25/2010  | 
Despite the security measures included in Windows 7, two security researchers were able to defeat the security provided to users running Internet Explorer 8 on top of Microsoft's latest operating system.
Report: Most Targeted Attacks Originate From China
Quick Hits  |  3/25/2010  | 
While the majority of targeted email attacks come from U.S. email servers, the actual machines sending the emails reside mostly in China as well as Romania
Feds Focus On Cybersecurity Monitoring, Reporting
News  |  3/25/2010  | 
As the House introduces a cybersecurity overhaul bill, federal CIO Vivek Kundra broadly outlines new reporting requirements for federal agencies.
Cyber Attacks Reported By 100% Of Executives
News  |  3/24/2010  | 
A study conducted by the Ponemon Institute and sponsored by IBM shows growing recognition among C-titles executives of the importance of data protection.
Twitter: Spam Reduced To 1% Of Tweets Per Day
News  |  3/24/2010  | 
Spammy tweets decline, but researchers say 10 percent of active Twitter users still are spammers
Google Bolsters Gmail Security
News  |  3/24/2010  | 
New security feature provides notification of unusual account activity
Senate Committee OKs Cybersecurity Act
News  |  3/24/2010  | 
Bill includes amendments for how the president and private sector can work together to help secure critical infrastructure
March Madness: Hoop Dreams Spawn Malware Nightmares
Commentary  |  3/24/2010  | 
Some interesting stats from security firm Zscaler, Cisco Scansafe and eSoft point out the surge in business bandwidth consumption during NCAA games -- and warn that unwary searching for bracket listings could result in malware being dunked into your system.
Cybersecurity Bill Passes Senate Committee
News  |  3/24/2010  | 
Senators supporting the legislation, aimed at protecting the U.S. from cyberattacks, stress the need to enact it as soon as possible.
CEOs Paying Attention To Security, Study Says
Quick Hits  |  3/24/2010  | 
CIO is the person most frequently held responsible for data protection, Ponemon survey says
Legislators Propose International Cybercrime Cooperation Laws -- With Teeth
News  |  3/23/2010  | 
Hatch, Gillibrand say foreign countries need 'carrots and sticks' to learn proper cyber behavior
Effort Will Measure Costs Of Monitoring, Managing Network Security
News  |  3/23/2010  | 
Open-source Network Security Operations Quant goes live
Proceed Gradually With Fibre Channel Over Ethernet
Commentary  |  3/23/2010  | 
There has been some concern recently of Fibre Channel Over Ethernet's (FCoE's) readiness to be deployed as an IT infrastructure. While the technology will continue to develop, it should be suitable for many environments. No one should be suggesting that the move to FCoE is a total rip-and-replace, but more of a gradual move as the opportunity arises.
The Top 10 U.S. Cities At Risk For Cybercrime
Quick Hits  |  3/23/2010  | 
Seattle ranks No. 1 most vulnerable city in cybercrime incidents, according to new Symantec Norton, Sperling's BestPlaces report
Cyber Cities Attract Cyber Crooks -- Ya THINK?
Commentary  |  3/23/2010  | 
Symantec's new list of the top cities for cyber crime risks rounds up the usual suspects (the more cyber-savvy the city, the more crooks that come there) -- and offers some important reminders no matter where you work and live.
Page 1 / 4   >   >>

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Incorporating a Prevention Mindset into Threat Detection and Response
Threat detection and response systems, by definition, are reactive because they have to wait for damage to be done before finding the attack. With a prevention-mindset, security teams can proactively anticipate the attacker's next move, rather than reacting to specific threats or trying to detect the latest techniques in real-time. The report covers areas enterprises should focus on: What positive response looks like. Improving security hygiene. Combining preventive actions with red team efforts.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-05-24
Opencast is a free and open source solution for automated video capture and distribution at scale. Prior to Opencast 10.14 and 11.7, users could pass along URLs for files belonging to organizations other than the user's own, which Opencast would then import into the current organization, bypassing o...
PUBLISHED: 2022-05-24
GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite `TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC` is agreed and the server uses 512 bit GOST secret keys are vulnerable to buffer overflow. GOST engine version 3.0...
PUBLISHED: 2022-05-24
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. Prior to version 6.1.11, he USBX DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. In particular cases this may allow an attacker to bypass security features or...
PUBLISHED: 2022-05-24
The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure of ...
PUBLISHED: 2022-05-24
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.