News & Commentary
Content posted in March 2010
|
'Fog of War' Led To Operation Aurora Malware Mistake
McAfee says some malware disclosed as part of Google attacks was actually a separate infection and unrelated to targeted attacks out of China
When To Choose: Preventive VS Reactive Security
Information security is an area of IT that can have an extremely varied budget based on the parent organizations' belief of whether or not they'll be hacked. It's a mentality that seems silly if you've been in the infosec biz for a while because you most likely have realized by now that everyone gets hacked or has a data breach at some point.
Microsoft, Google Call For Internet Privacy Changes
The Digital Due Process coalition says the same legal requirements for offline criminal investigations should apply to online information
Survey Says: More Than Half of Software Companies Deploying Secure Coding Methods
Microsoft's Secure Development Lifecycle (SDL) one of the most popular tools among firms that practice secure coding, Errata Security report finds
Google: Hackers Targeted Chinese And Vietnamese
A botnet focused on Vietnamese users was erroneously associated with the cyber attacks from China.
Microsoft, Google Want Internet Privacy Changes
The Digital Due Process coalition says the same legal requirements for offline criminal investigations should apply to online information.
Insiders Not The Real Database Threat
The recent incident where an HSBC employee raided a corporate database of customer information and then attempted to sell information to French tax collectors has been characterized as a user-access control issue. But I don't agree.
April Fools: Cybercrooks' Pranks Are No Joke
The April 1 eruption of spyware, scamware, malware links and other bad stuff is upon us again. Are you and your company ready?
Organizations Rarely Report Breaches to Law Enforcement
Meanwhile, FBI says it's making the process more private and more of a two-way street
Microsoft Issues Emergency Internet Explorer Patch
Active attacks exploiting zero-day bug were underway against IE6, IE7, and patch addresses other vulnerabilities in IE8
FAA Launches Real-Time Security Pilot With IBM
The Federal Aviation Administration is using InfoSphere Streams software from IBM to perform "predictive security analytics" on massive volumes of data
Microsoft Releases Emergency Internet Explorer Patch
The patch addresses 10 vulnerabilities in the Web browser; Internet Explorer 6 and 7 users are most at risk.
FAA Teams With IBM On Cybersecurity
The Federal Aviation Administration is using InfoSphere Streams software from IBM to perform "predictive security analytics" on massive volumes of data.
Get To Know The Storage I/O Chain
Storage performance problems are often circular challenges. You fix one bottleneck and you expose another one. You can't really fix storage I/O, all you can do is get it to the point that people stop blaming storage for the performance problems in the data center. Getting there requires knowing the storage I/O chain.
Reports: Social Networking Apps Pervasive But Not Under Control
Financial and healthcare organizations increase use of these apps in-house, and overall, social networkers still leaving their profiles wide open to abuse
Malware Takes Over Windows, Adobe Updaters
Latest variants overwrite updater programs and replace them with malicious versions that contain identical icons, version details
OS X Gets Massive Patch, Microsoft Closes Zero-Day
Apple drops a patch for a staggering 88 vulnerabilities while Microsoft closes a hole in certain versions of Internet Explorer that have been under attack for several weeks.
Violation Of Sensitive Data Storage Policy Led To Exposure Of Info On 3.3 Million Student Loan Recipients
Removable media device stolen from Educational Credit Management Corp.'s (ECMC) headquarters contained Social Security numbers, names, addresses, dates of birth of people who had received federal student loans
Windows 7 Less Vulnerable Without Admin Rights
Most Windows 7 vulnerabilities can be mitigated by administrative rights limitations, report from BeyondTrust finds
TJX, Heartland Hacker Hit With A Second 20-Year Prison Sentence
'Cybercrime pusher' Albert Gonzalez today was handed a 20-year prison sentence for his breach of Heartland Payment Systems, 7-Eleven
Which Storage Protocol Is Best For VMware?
In a recent entry in his blog, StorageTexan asks "why someone would choose to go NFS instead of doing block based connectivity for things like VSPhere?" http://storagetexan.com/2010/03/25/the-debate-why-nfs-vs-block-access-for-osapplications/
and while I gave a brief opinion as a comment on his site, I thought I would take a little deeper dive here. Which storage protocol is best for VMware?
Tech Insight: Make The Secure Path Easy For Users
How to keep track of the systems and data on your network and make security policies simple, user-friendly
A Russian Strategist's Take On Information Warfare
Today I'd like to introduce you to one of the main thinkers on information warfare, who most of you never heard of. S.P. Rastorguev (Расторгуев C.П.). He is a Russian strategist who unfortunately, as far as I can find, hasn't been translated.
Ransomware Continues To Soar
New analysis on the ransomware trend shows how cyber thieves are increasingly holding systems hostage in an attempt to extort users.
EMR Data Theft Booming
Fraud resulting from exposure of electronic medical records has risen from 3% in 2008 to 7% in 2009, a 112% increase, researcher says.
SaaS Apps May Leak Data Even When Encrypted, Study Says
'Side-channel' leaks could lead to exposure of sensitive information, researchers warn
Ninth State Department Insider Found Guilty Of Illegal Database Access
File clerk who snooped passport files of celebrities is latest to be discovered in two-year investigation
CEOs Paying Attention To Security, Study Says
CIO is the person most frequently held responsible for data protection, Ponemon survey says
Hacker Bypasses Windows 7 Anti-Exploit Features In IE 8 Hack
Microsoft's Data Execution Protection (DEP) and Address Space Randomization (ASLR) fail in hacks on IE 8, Firefox
How Safari Hacker Finds Bugs
Multiple vulnerabilities in the mainstream browsers and other widely installed software came to light at the CanSecWest conference in Vancouver.
Toshiba Unveils 1TB 2.5 Inch HDD
The terabyte hard disk drive and a companion 750-GB model are targeted at mobile PCs, all-in-one desktops, televisions, and set-top boxes.
Yes, He Can--Hack Into President Obama's Twitter Account
'Hacker Croll' was able to access Obama's Twitter page and other users' accounts simply by guessing passwords
HSBC Database Breach Highlights Lack Of Accountability For IT Super Users
IT specialist had abused his database privileges to steal records of approximately 24,000 HSBC clients
House Bans File Sharing By Government Employees
Senate yet to consider the bill, which bans federal employees from using peer-to-peer networks at work or when accessing government networks at home.
President Obama's Twitter Account Hacked
French hacker is said to have guessed the President's password to illegally access his page on the micro-blogging service.
Hacker Cracks Internet Explorer 8 on Windows 7
Despite the security measures included in Windows 7, two security researchers were able to defeat the security provided to users running Internet Explorer 8 on top of Microsoft's latest operating system.
Report: Most Targeted Attacks Originate From China
While the majority of targeted email attacks come from U.S. email servers, the actual machines sending the emails reside mostly in China as well as Romania
Feds Focus On Cybersecurity Monitoring, Reporting
As the House introduces a cybersecurity overhaul bill, federal CIO Vivek Kundra broadly outlines new reporting requirements for federal agencies.
Cyber Attacks Reported By 100% Of Executives
A study conducted by the Ponemon Institute and sponsored by IBM shows growing recognition among C-titles executives of the importance of data protection.
Twitter: Spam Reduced To 1% Of Tweets Per Day
Spammy tweets decline, but researchers say 10 percent of active Twitter users still are spammers
Google Bolsters Gmail Security
New security feature provides notification of unusual account activity
Senate Committee OKs Cybersecurity Act
Bill includes amendments for how the president and private sector can work together to help secure critical infrastructure
March Madness: Hoop Dreams Spawn Malware Nightmares
Some interesting stats from security firm Zscaler, Cisco Scansafe and eSoft point out the surge in business bandwidth consumption during NCAA games -- and warn that unwary searching for bracket listings could result in malware being dunked into your system.
Cybersecurity Bill Passes Senate Committee
Senators supporting the legislation, aimed at protecting the U.S. from cyberattacks, stress the need to enact it as soon as possible.
CEOs Paying Attention To Security, Study Says
CIO is the person most frequently held responsible for data protection, Ponemon survey says
Legislators Propose International Cybercrime Cooperation Laws -- With Teeth
Hatch, Gillibrand say foreign countries need 'carrots and sticks' to learn proper cyber behavior
Effort Will Measure Costs Of Monitoring, Managing Network Security
Open-source Network Security Operations Quant goes live
Proceed Gradually With Fibre Channel Over Ethernet
There has been some concern recently of Fibre Channel Over Ethernet's (FCoE's) readiness to be deployed as an IT infrastructure. While the technology will continue to develop, it should be suitable for many environments. No one should be suggesting that the move to FCoE is a total rip-and-replace, but more of a gradual move as the opportunity arises.
The Top 10 U.S. Cities At Risk For Cybercrime
Seattle ranks No. 1 most vulnerable city in cybercrime incidents, according to new Symantec Norton, Sperling's BestPlaces report
Cyber Cities Attract Cyber Crooks -- Ya THINK?
Symantec's new list of the top cities for cyber crime risks rounds up the usual suspects (the more cyber-savvy the city, the more crooks that come there) -- and offers some important reminders no matter where you work and live.
|
White Papers
Video
8 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Now, we come here to play Paw-ke Man Go!"
Latest Comment: "Now, we come here to play Paw-ke Man Go!"
Current Issue
The Year in Security 2018This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2019-6497
PUBLISHED: 2019-01-20
PUBLISHED: 2019-01-20
PUBLISHED: 2019-01-20
PUBLISHED: 2019-01-18
PUBLISHED: 2019-01-18
From DHS/US-CERT's National Vulnerability Database CVE-2019-6497
PUBLISHED: 2019-01-20
Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter.
CVE-2018-18908PUBLISHED: 2019-01-20
The Sky Go Desktop application 1.0.19-1 through 1.0.23-1 for Windows performs several requests over cleartext HTTP. This makes the data submitted in these requests prone to Man in The Middle (MiTM) attacks, whereby an attacker would be able to obtain the data sent in these requests. Some of the requ...
CVE-2019-6496PUBLISHED: 2019-01-20
The ThreadX-based firmware on Marvell Avastar Wi-Fi devices allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of...
CVE-2019-3773PUBLISHED: 2019-01-18
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
CVE-2019-3774PUBLISHED: 2019-01-18
Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2019 UBM, All rights reserved
Tweet This