Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in March 2011
Page 1 / 4   >   >>
NSA Investigating Nasdaq Hack
Commentary  |  3/31/2011  | 
Last month when we covered the attack on the Nasdaq's Directors Desk collaboration platform, we said the incident posed plenty of questions, while the Nasdaq proffered (at least publicly) few answers. It seems the National Security Agency agrees.
Lizamoon SQL Injection: Dead From The Get-Go
Commentary  |  3/31/2011  | 
The latest round of headline-grabbing SQL injection attacks aren't new, and they aren't very effective; in fact, Lizamoon might as well be called the little injection that couldn't
Trend Micro Nukes Zeus Botnet Server
News  |  3/31/2011  | 
PayPal, eBay, and the customers of at least 15 banks were targeted by the eliminated botnet.
Microsoft Blames Poor Development Practices For Security Risks
News  |  3/31/2011  | 
Windows and Internet Explorer are at greater risk of attacks because developers don't use mitigation technologies built into the software, said Microsoft.
Most Windows Applications Use Microsoft's DEP
News  |  3/31/2011  | 
SDL Progress Report from Microsoft shows one-third of popular consumer apps using ASLR
Searching For Security's Yardstick
News  |  3/30/2011  | 
Despite rising threats, most security organizations still don't have clear metrics for measuring their performance -- or their enterprises' security posture
Comodo Hack Highlights Chinks In Net Infrastructure
News  |  3/30/2011  | 
The certificate authority's issuance of valid certs to a supposedly Iranian hacker causes experts to question the capability of the certificate infrastructure to respond to attacks
NASA Servers At High Risk Of Cyber Attack
News  |  3/30/2011  | 
Auditors were able to pull encryption keys, passwords, and user account information over the Internet from systems that help control spacecraft and process critical data.
Schwartz On Security: Online Privacy Battles Advertising Profits
Commentary  |  3/30/2011  | 
Do businesses have the right to make money from the unregulated buying and selling of personal information?
Comodo Reports Two More Registration Authorities Hacked
News  |  3/30/2011  | 
The digital certificate issuer has deactivated the affected accounts and begun to implement security and validation reforms.
(Slightly) More Organizations Proactively Managing Security Efforts
Commentary  |  3/30/2011  | 
Security vendor survey at the RSA Conference 2011 shows more organizations planning and coordinating their security efforts across security and IT operations teams and risk management groups. But don't plan on a party and fireworks celebration just yet - the improvements are minor.
BP Loses Laptop With Gulf Claimant Data
News  |  3/30/2011  | 
The missing computer, containing personally identifiable information on 13,000 people, was password-protected, but not encrypted.
'Silos' Of Security Processes Still Not Integrated, Study Says
Quick Hits  |  3/30/2011  | 
Log management, compliance reporting, real-time monitoring, forensic investigation, and incident response still not coordinated, according to SenSage study
'Cree.py' Social Engineering Tool Pinpoints A Person's Physical Location
Quick Hits  |  3/29/2011  | 
Free tool automates process of pulling geolocation, other information on 'targets'
SecurID Breach Warning Signs In The Audit Logs
News  |  3/29/2011  | 
SANS Internet Storm Center on what to look out for in your ACE server logs in the aftermath of the RSA SecurID breach
Rustock Takedown Cut Spam By 33%
News  |  3/29/2011  | 
Bagel and other botnets seem to be picking up the slack, according to Symantec.
In Ironic Twist, MySQL's Own Database Is Hacked Via SQL Injection
News  |  3/28/2011  | 
Open-source database company's customer names, passwords revealed following database attack
Do Not Track Momentum Mounts
News  |  3/28/2011  | 
Legislation to be proposed by Senator John Kerry and analysis of business comments to the FTC may point toward stronger privacy protections.
Bank Of America Customers In Michigan Report Account Theft
Quick Hits  |  3/28/2011  | 
Thousands might be affected; origin of electronic theft still uncertain
Iranian Claims Credit For Comodo Hack
News  |  3/28/2011  | 
Mozilla apologizes for not publicizing the attack more quickly and criticizes Comodo's security.
'Comodo Hacker' Says He Acted Alone
News  |  3/28/2011  | 
The plot thickens: In an effort to back up his claims, alleged hacker dumps apparent evidence of pilfered database from breached Comodo reseller, as well as Mozilla add-on site certificate
Collecting The SSD Garbage
Commentary  |  3/28/2011  | 
Solid state storage (SSS) is the performance alternative to mechanical hard disk drives (HDD). Flash memory, thanks to its reduced cost compared to DRAM, has become the primary way the (SSS) is delivered. Suppliers of flash systems, especially in the enterprise, have to overcome two flash deficiencies that, as we discussed in our last entry, will cause unpredictable performance and reduce reliability.
Netgear Intros Gateway Security Appliance For SMBs
News  |  3/28/2011  | 
The ProSecure UTM150 unified threat management appliance polices Web traffic to help protect company networks against employee-introduced risks from social media or malicious links.
Microsoft Wins A Botnet Battle
Commentary  |  3/28/2011  | 
The Rustok botnet was estimated to be one million PCs strong, underlining the dangers that malware can cause to businesses and consumers.
"Trusted" Sites Fail To Clean Malvertising Scourge
Commentary  |  3/27/2011  | 
Reports indicate that users of Facebook and the European music service, Spotify, have been exposed recently to malvertising attacks.
Shocker! (Not Really): Users Apathetic When It Comes To Mobile Security
Commentary  |  3/26/2011  | 
Survey conducted by the Ponemon Institute shows just how lax users really are when it comes to securing their smartphone devices.
Cyber Attack Hits European Commission
News  |  3/25/2011  | 
Malware was blamed for the "major" breach, launched on the eve of a summit focusing on euro instability, the war in Libya, and nuclear safety.
Consumerization Of IT: Security Is No Excuse
News  |  3/25/2011  | 
At most companies, you can't just say "no" to consumer devices. Here's a plan to take the lead on information security issues.
McAfee Buyout of Sentrigo Sends Database Security Market In New Direction
News  |  3/25/2011  | 
Database security isn't just for database companies anymore, observers say
ANSI And Shared Assessments Launch Study On Financial Impact Of Breached Patient Data
Quick Hits  |  3/25/2011  | 
Study could help healthcare companies justify additional security spending
Understanding SSD Vendor Talk
Commentary  |  3/25/2011  | 
If you are either evaluating or getting ready to evaluate investing in solid state storage for your data center you are going to be faced with learning a new language, confronted with a new set of specs and a new set of debate around what features are most important. This will be the first entry in a series that will give you the decoder ring to understanding what Solid State Disk (SSD) vendors are talking about and what statistics are most important.
Consumerization Of IT: Security Is No Excuse
News  |  3/25/2011  | 
At most companies, you can't just say "no" to consumer devices. Here's a plan to take the lead on information security issues.
Dark Reading Report: How Malware Authors Battle To Evade Detection
News  |  3/24/2011  | 
A look at the new, ingenious ways bad guys use to frustrate analysts and evade automated security tools
Social Engineering 'Capture The Flag' Contest Returns To DefCon
Quick Hits  |  3/24/2011  | 
Changes to this year's contest include some volunteer, high-profile target companies
Are Industrial Control Systems The New Windows XP
Commentary  |  3/24/2011  | 
Earlier this week a security researcher posted nearly three dozen vulnerabilities in industrial control system software to a widely read security mailing list. The move has Supervisory Control and Data Acquisition systems (SCADA) system operators scrambling, and the US CERT issuing warnings.
Flawed Website Certificate Validation Process Led To Comodo Hack
News  |  3/24/2011  | 
Certificate authority points to Iran as likely attacker, while security experts say certificate registration and validation process needs repair
Gmail, Hotmail Pose Government Security Risk
News  |  3/24/2011  | 
Australian auditor recommends blocking Webmail on government networks to prevent insider and external threats.
DHS Outlines Cybersecurity Strategy
News  |  3/24/2011  | 
Automation, interoperability, and authentication are the building blocks for a secure network defense, says the Department of Homeland Security.
Iran Fingered For Fraudulent Comodo SSL Certificates
News  |  3/24/2011  | 
Gmail, Hotmail, and Skype are among the domains affected by fraudulently obtained digital certificates, said Comodo.
McAfee's DAM Acquisition
Commentary  |  3/23/2011  | 
Sentrigo acquisition fills data center security hole in McAfee's offerings
SCADA Attack Code Released For 35 Vulnerabilities
News  |  3/23/2011  | 
Systems from Siemens, Iconics, 7-Technologies, and DATAC have security holes in their supervisory control and data acquisition software, leading the Industrial Control Systems Cyber Emergency Response Team to issue security warnings.
Federal Cyber Attacks Rose 39% In 2010
News  |  3/23/2011  | 
While total incidents reported to US-CERT were down, government networks experienced more attacks than in 2009, according to a Congressional report.
Hackers Take Schools To School
Quick Hits  |  3/23/2011  | 
Nearly two-thirds of schools suffer two breaches or more per year, Panda Security study says
McAfee To Acquire Database Security Vendor Sentrigo
News  |  3/23/2011  | 
Intel's McAfee is taking on industry heavyweights Oracle and IBM with its move to shape an enterprise database security platform.
Schwartz On Security: Advanced Threats Persist And Annoy
Commentary  |  3/23/2011  | 
APTs are today's normal threat, and companies such as RSA must do better, even as the odds against them keep increasing.
ICS-CERT Issues Warnings On Vulnerabilities In Siemens, Other SCADA Products
Quick Hits  |  3/22/2011  | 
Researcher discloses 34 vulnerabilities, releases proof-of-concept attack code for four process control server software product lines
SecurID Customers Left To Assume The Worst
News  |  3/22/2011  | 
With scant details about RSA's hack, SecurID customers begin preparing to shore up defenses in case of multifactor authentication failure
Feds Bust Stock 'Pump And Dump' Botnet Scheme
News  |  3/22/2011  | 
Authorities said a group used hacking, spam, and malware to artificially inflate securities prices and then sell shares at a profit.
Adobe Patches Critical Security Flaw
News  |  3/22/2011  | 
With attackers actively exploiting the bug to remotely execute code, Adobe recommends that all Flash, Reader, and Acrobat users upgrade immediately.
Hospital Hacker 'GhostExodus' Sentenced To 9 Years
News  |  3/22/2011  | 
Contract security guard installed malware on sensitive hospital systems to attack the Anonymous hacking collective.
Page 1 / 4   >   >>

7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Take me to your BISO 
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-10
IBM Cloud Pak for Security (CP4S) and could allow a user to obtain sensitive information or perform actions they should not have access to due to incorrect authorization mechanisms. IBM X-Force ID: 198919.
PUBLISHED: 2021-05-10
IBM Control Desk and is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199228.
PUBLISHED: 2021-05-10
IBM Cloud Pak for Security (CP4S) and is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force I...
PUBLISHED: 2021-05-10
Ticketer is a command based ticket system cog (plugin) for the red discord bot. A vulnerability allowing discord users to expose sensitive information has been found in the Ticketer cog. Please upgrade to version 1.0.1 as soon as possible. As a workaround users may unload the ticketer cog to disable...
PUBLISHED: 2021-05-10
An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.