Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in March 2010
Page 1 / 4   >   >>
'Fog of War' Led To Operation Aurora Malware Mistake
News  |  3/31/2010  | 
McAfee says some malware disclosed as part of Google attacks was actually a separate infection and unrelated to targeted attacks out of China
When To Choose: Preventive VS Reactive Security
Commentary  |  3/31/2010  | 
Information security is an area of IT that can have an extremely varied budget based on the parent organizations' belief of whether or not they'll be hacked. It's a mentality that seems silly if you've been in the infosec biz for a while because you most likely have realized by now that everyone gets hacked or has a data breach at some point.
Microsoft, Google Call For Internet Privacy Changes
News  |  3/31/2010  | 
The Digital Due Process coalition says the same legal requirements for offline criminal investigations should apply to online information
Survey Says: More Than Half of Software Companies Deploying Secure Coding Methods
Quick Hits  |  3/31/2010  | 
Microsoft's Secure Development Lifecycle (SDL) one of the most popular tools among firms that practice secure coding, Errata Security report finds
Google: Hackers Targeted Chinese And Vietnamese
News  |  3/31/2010  | 
A botnet focused on Vietnamese users was erroneously associated with the cyber attacks from China.
Microsoft, Google Want Internet Privacy Changes
News  |  3/31/2010  | 
The Digital Due Process coalition says the same legal requirements for offline criminal investigations should apply to online information.
Insiders Not The Real Database Threat
Commentary  |  3/31/2010  | 
The recent incident where an HSBC employee raided a corporate database of customer information and then attempted to sell information to French tax collectors has been characterized as a user-access control issue. But I don't agree.
April Fools: Cybercrooks' Pranks Are No Joke
Commentary  |  3/31/2010  | 
The April 1 eruption of spyware, scamware, malware links and other bad stuff is upon us again. Are you and your company ready?
Organizations Rarely Report Breaches to Law Enforcement
News  |  3/30/2010  | 
Meanwhile, FBI says it's making the process more private and more of a two-way street
Microsoft Issues Emergency Internet Explorer Patch
News  |  3/30/2010  | 
Active attacks exploiting zero-day bug were underway against IE6, IE7, and patch addresses other vulnerabilities in IE8
FAA Launches Real-Time Security Pilot With IBM
News  |  3/30/2010  | 
The Federal Aviation Administration is using InfoSphere Streams software from IBM to perform "predictive security analytics" on massive volumes of data
Microsoft Releases Emergency Internet Explorer Patch
News  |  3/30/2010  | 
The patch addresses 10 vulnerabilities in the Web browser; Internet Explorer 6 and 7 users are most at risk.
FAA Teams With IBM On Cybersecurity
News  |  3/30/2010  | 
The Federal Aviation Administration is using InfoSphere Streams software from IBM to perform "predictive security analytics" on massive volumes of data.
Get To Know The Storage I/O Chain
Commentary  |  3/30/2010  | 
Storage performance problems are often circular challenges. You fix one bottleneck and you expose another one. You can't really fix storage I/O, all you can do is get it to the point that people stop blaming storage for the performance problems in the data center. Getting there requires knowing the storage I/O chain.
Reports: Social Networking Apps Pervasive But Not Under Control
Quick Hits  |  3/30/2010  | 
Financial and healthcare organizations increase use of these apps in-house, and overall, social networkers still leaving their profiles wide open to abuse
Malware Takes Over Windows, Adobe Updaters
Quick Hits  |  3/29/2010  | 
Latest variants overwrite updater programs and replace them with malicious versions that contain identical icons, version details
OS X Gets Massive Patch, Microsoft Closes Zero-Day
Commentary  |  3/29/2010  | 
Apple drops a patch for a staggering 88 vulnerabilities while Microsoft closes a hole in certain versions of Internet Explorer that have been under attack for several weeks.
Violation Of Sensitive Data Storage Policy Led To Exposure Of Info On 3.3 Million Student Loan Recipients
News  |  3/29/2010  | 
Removable media device stolen from Educational Credit Management Corp.'s (ECMC) headquarters contained Social Security numbers, names, addresses, dates of birth of people who had received federal student loans
Windows 7 Less Vulnerable Without Admin Rights
News  |  3/29/2010  | 
Most Windows 7 vulnerabilities can be mitigated by administrative rights limitations, report from BeyondTrust finds
TJX, Heartland Hacker Hit With A Second 20-Year Prison Sentence
News  |  3/26/2010  | 
'Cybercrime pusher' Albert Gonzalez today was handed a 20-year prison sentence for his breach of Heartland Payment Systems, 7-Eleven
Which Storage Protocol Is Best For VMware?
Commentary  |  3/26/2010  | 
In a recent entry in his blog, StorageTexan asks "why someone would choose to go NFS instead of doing block based connectivity for things like VSPhere?" http://storagetexan.com/2010/03/25/the-debate-why-nfs-vs-block-access-for-osapplications/ and while I gave a brief opinion as a comment on his site, I thought I would take a little deeper dive here. Which storage protocol is best for VMware?
Tech Insight: Make The Secure Path Easy For Users
News  |  3/26/2010  | 
How to keep track of the systems and data on your network and make security policies simple, user-friendly
A Russian Strategist's Take On Information Warfare
Commentary  |  3/26/2010  | 
Today I'd like to introduce you to one of the main thinkers on information warfare, who most of you never heard of. S.P. Rastorguev (Расторгуев C.П.). He is a Russian strategist who unfortunately, as far as I can find, hasn't been translated.
Ransomware Continues To Soar
Commentary  |  3/26/2010  | 
New analysis on the ransomware trend shows how cyber thieves are increasingly holding systems hostage in an attempt to extort users.
EMR Data Theft Booming
News  |  3/26/2010  | 
Fraud resulting from exposure of electronic medical records has risen from 3% in 2008 to 7% in 2009, a 112% increase, researcher says.
SaaS Apps May Leak Data Even When Encrypted, Study Says
Quick Hits  |  3/26/2010  | 
'Side-channel' leaks could lead to exposure of sensitive information, researchers warn
Ninth State Department Insider Found Guilty Of Illegal Database Access
News  |  3/25/2010  | 
File clerk who snooped passport files of celebrities is latest to be discovered in two-year investigation
CEOs Paying Attention To Security, Study Says
News  |  3/25/2010  | 
CIO is the person most frequently held responsible for data protection, Ponemon survey says
Hacker Bypasses Windows 7 Anti-Exploit Features In IE 8 Hack
News  |  3/25/2010  | 
Microsoft's Data Execution Protection (DEP) and Address Space Randomization (ASLR) fail in hacks on IE 8, Firefox
How Safari Hacker Finds Bugs
Commentary  |  3/25/2010  | 
Multiple vulnerabilities in the mainstream browsers and other widely installed software came to light at the CanSecWest conference in Vancouver.
Toshiba Unveils 1TB 2.5 Inch HDD
News  |  3/25/2010  | 
The terabyte hard disk drive and a companion 750-GB model are targeted at mobile PCs, all-in-one desktops, televisions, and set-top boxes.
Yes, He Can--Hack Into President Obama's Twitter Account
News  |  3/25/2010  | 
'Hacker Croll' was able to access Obama's Twitter page and other users' accounts simply by guessing passwords
HSBC Database Breach Highlights Lack Of Accountability For IT Super Users
News  |  3/25/2010  | 
IT specialist had abused his database privileges to steal records of approximately 24,000 HSBC clients
House Bans File Sharing By Government Employees
News  |  3/25/2010  | 
Senate yet to consider the bill, which bans federal employees from using peer-to-peer networks at work or when accessing government networks at home.
President Obama's Twitter Account Hacked
News  |  3/25/2010  | 
French hacker is said to have guessed the President's password to illegally access his page on the micro-blogging service.
Hacker Cracks Internet Explorer 8 on Windows 7
Commentary  |  3/25/2010  | 
Despite the security measures included in Windows 7, two security researchers were able to defeat the security provided to users running Internet Explorer 8 on top of Microsoft's latest operating system.
Report: Most Targeted Attacks Originate From China
Quick Hits  |  3/25/2010  | 
While the majority of targeted email attacks come from U.S. email servers, the actual machines sending the emails reside mostly in China as well as Romania
Feds Focus On Cybersecurity Monitoring, Reporting
News  |  3/25/2010  | 
As the House introduces a cybersecurity overhaul bill, federal CIO Vivek Kundra broadly outlines new reporting requirements for federal agencies.
Cyber Attacks Reported By 100% Of Executives
News  |  3/24/2010  | 
A study conducted by the Ponemon Institute and sponsored by IBM shows growing recognition among C-titles executives of the importance of data protection.
Twitter: Spam Reduced To 1% Of Tweets Per Day
News  |  3/24/2010  | 
Spammy tweets decline, but researchers say 10 percent of active Twitter users still are spammers
Google Bolsters Gmail Security
News  |  3/24/2010  | 
New security feature provides notification of unusual account activity
Senate Committee OKs Cybersecurity Act
News  |  3/24/2010  | 
Bill includes amendments for how the president and private sector can work together to help secure critical infrastructure
March Madness: Hoop Dreams Spawn Malware Nightmares
Commentary  |  3/24/2010  | 
Some interesting stats from security firm Zscaler, Cisco Scansafe and eSoft point out the surge in business bandwidth consumption during NCAA games -- and warn that unwary searching for bracket listings could result in malware being dunked into your system.
Cybersecurity Bill Passes Senate Committee
News  |  3/24/2010  | 
Senators supporting the legislation, aimed at protecting the U.S. from cyberattacks, stress the need to enact it as soon as possible.
CEOs Paying Attention To Security, Study Says
Quick Hits  |  3/24/2010  | 
CIO is the person most frequently held responsible for data protection, Ponemon survey says
Legislators Propose International Cybercrime Cooperation Laws -- With Teeth
News  |  3/23/2010  | 
Hatch, Gillibrand say foreign countries need 'carrots and sticks' to learn proper cyber behavior
Effort Will Measure Costs Of Monitoring, Managing Network Security
News  |  3/23/2010  | 
Open-source Network Security Operations Quant goes live
Proceed Gradually With Fibre Channel Over Ethernet
Commentary  |  3/23/2010  | 
There has been some concern recently of Fibre Channel Over Ethernet's (FCoE's) readiness to be deployed as an IT infrastructure. While the technology will continue to develop, it should be suitable for many environments. No one should be suggesting that the move to FCoE is a total rip-and-replace, but more of a gradual move as the opportunity arises.
The Top 10 U.S. Cities At Risk For Cybercrime
Quick Hits  |  3/23/2010  | 
Seattle ranks No. 1 most vulnerable city in cybercrime incidents, according to new Symantec Norton, Sperling's BestPlaces report
Cyber Cities Attract Cyber Crooks -- Ya THINK?
Commentary  |  3/23/2010  | 
Symantec's new list of the top cities for cyber crime risks rounds up the usual suspects (the more cyber-savvy the city, the more crooks that come there) -- and offers some important reminders no matter where you work and live.
Page 1 / 4   >   >>

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-10-22
BQE BillQuick Web Suite 2018 through 2021 before allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include ...
PUBLISHED: 2021-10-22
Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Configuration module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username input field.
PUBLISHED: 2021-10-22
Aplioxio PDF ShapingUp contains a buffer overflow which allows attackers to cause a denial of service (DoS) via a crafted PDF file.
PUBLISHED: 2021-10-22
Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file.
PUBLISHED: 2021-10-22
Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the 'path' parameter of the 'list' and 'download' exception-handling.