News & Commentary
Content posted in March 2010
|
'Fog of War' Led To Operation Aurora Malware Mistake
McAfee says some malware disclosed as part of Google attacks was actually a separate infection and unrelated to targeted attacks out of China
When To Choose: Preventive VS Reactive Security
Information security is an area of IT that can have an extremely varied budget based on the parent organizations' belief of whether or not they'll be hacked. It's a mentality that seems silly if you've been in the infosec biz for a while because you most likely have realized by now that everyone gets hacked or has a data breach at some point.
Microsoft, Google Call For Internet Privacy Changes
The Digital Due Process coalition says the same legal requirements for offline criminal investigations should apply to online information
Survey Says: More Than Half of Software Companies Deploying Secure Coding Methods
Microsoft's Secure Development Lifecycle (SDL) one of the most popular tools among firms that practice secure coding, Errata Security report finds
Google: Hackers Targeted Chinese And Vietnamese
A botnet focused on Vietnamese users was erroneously associated with the cyber attacks from China.
Microsoft, Google Want Internet Privacy Changes
The Digital Due Process coalition says the same legal requirements for offline criminal investigations should apply to online information.
Insiders Not The Real Database Threat
The recent incident where an HSBC employee raided a corporate database of customer information and then attempted to sell information to French tax collectors has been characterized as a user-access control issue. But I don't agree.
April Fools: Cybercrooks' Pranks Are No Joke
The April 1 eruption of spyware, scamware, malware links and other bad stuff is upon us again. Are you and your company ready?
Organizations Rarely Report Breaches to Law Enforcement
Meanwhile, FBI says it's making the process more private and more of a two-way street
Microsoft Issues Emergency Internet Explorer Patch
Active attacks exploiting zero-day bug were underway against IE6, IE7, and patch addresses other vulnerabilities in IE8
FAA Launches Real-Time Security Pilot With IBM
The Federal Aviation Administration is using InfoSphere Streams software from IBM to perform "predictive security analytics" on massive volumes of data
Microsoft Releases Emergency Internet Explorer Patch
The patch addresses 10 vulnerabilities in the Web browser; Internet Explorer 6 and 7 users are most at risk.
FAA Teams With IBM On Cybersecurity
The Federal Aviation Administration is using InfoSphere Streams software from IBM to perform "predictive security analytics" on massive volumes of data.
Get To Know The Storage I/O Chain
Storage performance problems are often circular challenges. You fix one bottleneck and you expose another one. You can't really fix storage I/O, all you can do is get it to the point that people stop blaming storage for the performance problems in the data center. Getting there requires knowing the storage I/O chain.
Reports: Social Networking Apps Pervasive But Not Under Control
Financial and healthcare organizations increase use of these apps in-house, and overall, social networkers still leaving their profiles wide open to abuse
Malware Takes Over Windows, Adobe Updaters
Latest variants overwrite updater programs and replace them with malicious versions that contain identical icons, version details
OS X Gets Massive Patch, Microsoft Closes Zero-Day
Apple drops a patch for a staggering 88 vulnerabilities while Microsoft closes a hole in certain versions of Internet Explorer that have been under attack for several weeks.
Violation Of Sensitive Data Storage Policy Led To Exposure Of Info On 3.3 Million Student Loan Recipients
Removable media device stolen from Educational Credit Management Corp.'s (ECMC) headquarters contained Social Security numbers, names, addresses, dates of birth of people who had received federal student loans
Windows 7 Less Vulnerable Without Admin Rights
Most Windows 7 vulnerabilities can be mitigated by administrative rights limitations, report from BeyondTrust finds
TJX, Heartland Hacker Hit With A Second 20-Year Prison Sentence
'Cybercrime pusher' Albert Gonzalez today was handed a 20-year prison sentence for his breach of Heartland Payment Systems, 7-Eleven
Which Storage Protocol Is Best For VMware?
In a recent entry in his blog, StorageTexan asks "why someone would choose to go NFS instead of doing block based connectivity for things like VSPhere?" http://storagetexan.com/2010/03/25/the-debate-why-nfs-vs-block-access-for-osapplications/
and while I gave a brief opinion as a comment on his site, I thought I would take a little deeper dive here. Which storage protocol is best for VMware?
Tech Insight: Make The Secure Path Easy For Users
How to keep track of the systems and data on your network and make security policies simple, user-friendly
A Russian Strategist's Take On Information Warfare
Today I'd like to introduce you to one of the main thinkers on information warfare, who most of you never heard of. S.P. Rastorguev (Расторгуев C.П.). He is a Russian strategist who unfortunately, as far as I can find, hasn't been translated.
Ransomware Continues To Soar
New analysis on the ransomware trend shows how cyber thieves are increasingly holding systems hostage in an attempt to extort users.
EMR Data Theft Booming
Fraud resulting from exposure of electronic medical records has risen from 3% in 2008 to 7% in 2009, a 112% increase, researcher says.
SaaS Apps May Leak Data Even When Encrypted, Study Says
'Side-channel' leaks could lead to exposure of sensitive information, researchers warn
Ninth State Department Insider Found Guilty Of Illegal Database Access
File clerk who snooped passport files of celebrities is latest to be discovered in two-year investigation
CEOs Paying Attention To Security, Study Says
CIO is the person most frequently held responsible for data protection, Ponemon survey says
Hacker Bypasses Windows 7 Anti-Exploit Features In IE 8 Hack
Microsoft's Data Execution Protection (DEP) and Address Space Randomization (ASLR) fail in hacks on IE 8, Firefox
How Safari Hacker Finds Bugs
Multiple vulnerabilities in the mainstream browsers and other widely installed software came to light at the CanSecWest conference in Vancouver.
Toshiba Unveils 1TB 2.5 Inch HDD
The terabyte hard disk drive and a companion 750-GB model are targeted at mobile PCs, all-in-one desktops, televisions, and set-top boxes.
Yes, He Can--Hack Into President Obama's Twitter Account
'Hacker Croll' was able to access Obama's Twitter page and other users' accounts simply by guessing passwords
HSBC Database Breach Highlights Lack Of Accountability For IT Super Users
IT specialist had abused his database privileges to steal records of approximately 24,000 HSBC clients
House Bans File Sharing By Government Employees
Senate yet to consider the bill, which bans federal employees from using peer-to-peer networks at work or when accessing government networks at home.
President Obama's Twitter Account Hacked
French hacker is said to have guessed the President's password to illegally access his page on the micro-blogging service.
Hacker Cracks Internet Explorer 8 on Windows 7
Despite the security measures included in Windows 7, two security researchers were able to defeat the security provided to users running Internet Explorer 8 on top of Microsoft's latest operating system.
Report: Most Targeted Attacks Originate From China
While the majority of targeted email attacks come from U.S. email servers, the actual machines sending the emails reside mostly in China as well as Romania
Feds Focus On Cybersecurity Monitoring, Reporting
As the House introduces a cybersecurity overhaul bill, federal CIO Vivek Kundra broadly outlines new reporting requirements for federal agencies.
Cyber Attacks Reported By 100% Of Executives
A study conducted by the Ponemon Institute and sponsored by IBM shows growing recognition among C-titles executives of the importance of data protection.
Twitter: Spam Reduced To 1% Of Tweets Per Day
Spammy tweets decline, but researchers say 10 percent of active Twitter users still are spammers
Google Bolsters Gmail Security
New security feature provides notification of unusual account activity
Senate Committee OKs Cybersecurity Act
Bill includes amendments for how the president and private sector can work together to help secure critical infrastructure
March Madness: Hoop Dreams Spawn Malware Nightmares
Some interesting stats from security firm Zscaler, Cisco Scansafe and eSoft point out the surge in business bandwidth consumption during NCAA games -- and warn that unwary searching for bracket listings could result in malware being dunked into your system.
Cybersecurity Bill Passes Senate Committee
Senators supporting the legislation, aimed at protecting the U.S. from cyberattacks, stress the need to enact it as soon as possible.
CEOs Paying Attention To Security, Study Says
CIO is the person most frequently held responsible for data protection, Ponemon survey says
Legislators Propose International Cybercrime Cooperation Laws -- With Teeth
Hatch, Gillibrand say foreign countries need 'carrots and sticks' to learn proper cyber behavior
Effort Will Measure Costs Of Monitoring, Managing Network Security
Open-source Network Security Operations Quant goes live
Proceed Gradually With Fibre Channel Over Ethernet
There has been some concern recently of Fibre Channel Over Ethernet's (FCoE's) readiness to be deployed as an IT infrastructure. While the technology will continue to develop, it should be suitable for many environments. No one should be suggesting that the move to FCoE is a total rip-and-replace, but more of a gradual move as the opportunity arises.
The Top 10 U.S. Cities At Risk For Cybercrime
Seattle ranks No. 1 most vulnerable city in cybercrime incidents, according to new Symantec Norton, Sperling's BestPlaces report
Cyber Cities Attract Cyber Crooks -- Ya THINK?
Symantec's new list of the top cities for cyber crime risks rounds up the usual suspects (the more cyber-savvy the city, the more crooks that come there) -- and offers some important reminders no matter where you work and live.
|
White Papers
Video
0 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security — even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-10839
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
From DHS/US-CERT's National Vulnerability Database CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This