Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in April 2008
Page 1 / 4   >   >>
You're Infected With Malware. And You Don't Care.
Commentary  |  4/30/2008  | 
Could it be true? Could there be thousands, if not more, Internet users infected with botnets, who know they're infected, and don't care enough to do anything about it?
Google Warns Users About Phishing
News  |  4/30/2008  | 
In advising users to be wary of clicking on links in e-mail messages or responding to requests for personal information, Google is trying to protect its own business.
Former UCLA Health Employee Charged With Selling Celeb Records To Media
News  |  4/30/2008  | 
The U.S. District Court indictment against a former administrative assistant does not appear related to leaks of Britney Spears' health information this year.
XP Service Pack Delay: What Else Is New?
Commentary  |  4/30/2008  | 
Microsoft's on-again/off-again extension of support for XP may or may not be on-again, but the latest delay of the latest long-awaited XP Service Pack delay may strike some of us as the last straw.
Large Businesses Wrestle With Web 2.0
News  |  4/30/2008  | 
New capabilities turn security policies and practices on end, panelists say
Software Lets Enterprises Encrypt, Restrict Use of CD/DVD Media
Quick Hits  |  4/30/2008  | 
New technology from Lumension encrypts data on CDs, prevents reading and writing without network authorization
When Bots Don't Care - Or Don't Know Enough to
News  |  4/30/2008  | 
Misguided apathy among consumers could be contributing to botnet proliferation
Will Code Viruses For Beer
Commentary  |  4/29/2008  | 
A controversial contest at this year's Defcon hacker conference promises to reward the most successful virus writers.
Webroot to Launch Enterprise Web Filtering Service
News  |  4/29/2008  | 
Content filtering will be marketed alongside email management service
Microsoft Adds Two to Forefront Family
News  |  4/29/2008  | 
Remote access, edge security products now under Forefront umbrella
'USB Hacksaw' Still Sharp, Expert Says
Quick Hits  |  4/29/2008  | 
Exploit allows hackers to dump data from thumb drives and email it to a remote location
Avoiding a Mesh Mess
News  |  4/29/2008  | 
Factor in security with Microsoft's new Live Mesh
New Scam: Hackers Use Phony Certificate To Seal Victims' ID-Fates
Commentary  |  4/28/2008  | 
A new approach to password/account info-theft appeals to users' desire for enhanced protection, rather than directly asking for info. The scam asks users to install an important digital security certificate -- which is, of course, anything but secure.
Microsoft Blames Poor Coding Practices For Massive SQL Injection Attack
News  |  4/28/2008  | 
U.S. CERT recommends disabling JavaScript and ActiveX because of attacks that have compromised legitimate Web sites using Microsoft IIS Web Server and Microsoft SQL Server.
Windows XP Service Pack 3
Commentary  |  4/28/2008  | 
While there's not a lot of big news or fanfare surrounding the imminent release of Windows XP Service Pack 3, there are a number of interesting security enhancements.
Those Social Networking Apps? Not as Safe as Your Employees Think
Commentary  |  4/28/2008  | 
There's lots of talk about the time-wasting element inherent in social networking sites like MySpace and Facebook. Along comes yet another reason for a smaller business to block these sites: Security, or lack thereof.
Wireless Vulnerabilities Present Enterprise-Wide Threats, Expert Says
News  |  4/28/2008  | 
Wireless is the greatest threat to corporate networks since the emergence of the Internet, AirPatrol CEO says
'Long-Term' Phishing Attack Underway
News  |  4/28/2008  | 
New phishing exploit doesn't bother asking for passwords, and its stealthy malware hides out on victim's machine
Societe Generale Goat Gets IT Consulting Job
Quick Hits  |  4/28/2008  | 
Man who singlehandedly cost financial services firm more than $7B is now giving advice
Interop Founder Dan Lynch Invests in Hot Security Startups
News  |  4/28/2008  | 
He was hacked by Kevin Mitnick in the '80s and recently had his identity stolen - but Lynch still has hope for making security strong and usable
Zero-Day Vulnerability Reported in Apple's QuickTime for Windows XP and Vista
News  |  4/25/2008  | 
Security consultancy GNUCitizen says an attacker could exploit the vulnerability by constructing a specially crafted QuickTime supported media file that allows remote code execution.
Astaro Survey Sez Your Security Spending Seems Recession-Proof. Really?
Commentary  |  4/25/2008  | 
The results of a recent survey of small and midsize business IT security spending plans are being interpreted/marekted as signs that your security spending is "recession proof." A closer look suggests something quite different.
Exostar Set to Launch Federated Identity Service for Aerospace
News  |  4/25/2008  | 
Service vets and authenticates customers and trading partners for its members
Tech Insight: DIY Penetration Testing
News  |  4/25/2008  | 
When to conduct your own penetration test or to farm it out to a third party
Men More Likely Than Women to Fall for Internet Fraud
Quick Hits  |  4/25/2008  | 
Guys lose $1.67 to every $1 lost by gals, ICCC says
Quick! Unplug Your Internet Connection!
Commentary  |  4/24/2008  | 
According to the security vendor Sophos, one Web page is infected with malicious software every five seconds. Yeah, but it's probably mom-and-pop and porn Web sites with all of the infections, you say. Think again.
Small And Midsize Businesses' IT Security Budgets 'Recession-Proof'
News  |  4/24/2008  | 
Despite overall economic difficulties, survey respondents say they still plan to invest in technology this year.
McAfee And PlumChoice DoubleTeam For Remote Business Tech Services
Commentary  |  4/24/2008  | 
The latest alliance targeting small and midsize business tech-needs is McAfee's just-announced linkup with PlumChoice to provide on-demand tech services to, well, to you.
Securing the Internet's DNS
News  |  4/24/2008  | 
Internet's .arpa, .org, and .uk domains soon to adopt DNSSEC
Tape Loss Stuns UK Retail Giant
News  |  4/24/2008  | 
It's a tale of the (stolen) tapes over at major British pharmacist Boots
Dish Says Hacker Hired to Break Into Its Network
Quick Hits  |  4/24/2008  | 
Satellite TV drama unfolds in lawsuit over piracy
Focus On Managing Risk, Not Gruntwork
Commentary  |  4/23/2008  | 
With large enterprises sporting hundreds of applications, firewalls, routers, and other networking devices -- and more than 139 newly announced vulnerabilities each week -- how do they know what vulnerabilities actually matter?
Are EMC And IBM Reliable Storage Bellwethers?
Commentary  |  4/23/2008  | 
Their success is no guarantee of success for other vendors, but dismal results from these two companies would augur poorly for the rest of the storage industry, to say the least. And quite apart from my glass half-empty outlook, I'm not sure how much weight to give the recent positive financial performance from EMC and IBM.
Hard Drive Encryption Becomes Loaded-Laptop Hard Drive Feature
Commentary  |  4/23/2008  | 
With nearly three-quarters of a million laptop and notebook computers lost or stolen each year, there's a better than good argument for equipping yourself and your remote staff with encrypted disks on their portable gear.
Border Agents Can Search Laptops Without Cause, Court Rules
News  |  4/23/2008  | 
The 3-0 decision is likely to extend to cell phones and other personal electronic devices.
Companies May Be Held Liable for Deals With Terrorists, ID Thieves
News  |  4/23/2008  | 
New and little-known regulations could mean fines, or even jail time, for companies that do business with bad guys
Researchers Infiltrate and 'Pollute' Storm Botnet
News  |  4/23/2008  | 
European botnet experts devise a method that disrupts stubborn peer-to-peer botnets like Storm
JavaScript Injection Attack Infects 'Hundreds of Thousands' of Websites
Quick Hits  |  4/23/2008  | 
United Nations, UK government sites are among the victims
Market's Message to Security Pros: Adapt or Die
News  |  4/23/2008  | 
Shifts in economy, business are forcing re-prioritization in the IT security department, studies say
Physical Security Breaches Trump Vulnerabilities
Commentary  |  4/22/2008  | 
When it comes to publicly disclosed breaches, chances are the root cause was a stolen system, not a hack.
Security Vulnerabilities Reported At Obama, Clinton Web Sites
News  |  4/22/2008  | 
Researchers said cross-site scripting problems found on the sites could result in anything from a harmless pop-up window to exposure to malicious software.
Infected Web Pages Nearly Triple
News  |  4/22/2008  | 
Sophos says that it discovered a new infected Web page every 5 seconds. In 2007, the company says, it saw new infected Web pages every 14 seconds.
New Malware Page Every Five Seconds: Sophos
Commentary  |  4/22/2008  | 
Sophos released its Q1 2008 threat report today, and the news ain't good. In fact, it's three times as bad as last year -- that's how fast the threats are increasing. And increasing every five seconds.
Microsoft Report: Physical Data Theft, Trojans Up; Bug Disclosure Down
News  |  4/22/2008  | 
Trojan attacks jump by 300 percent, but publicly disclosed vulnerabilities reach three-year ebb
eBay Turns Up the Heat on Fraudsters
Quick Hits  |  4/22/2008  | 
Special cookies will help online marketplace separate legitimate sellers from identity thieves
Crank Up The Volume
Commentary  |  4/22/2008  | 
If storage were an audio receiver, we'd be flirting with that "9" or "10" mark on that big black dial. But we're talking capacity here (and maybe speed), as vendors appear to bend the rules of physics by cramming more bytes than any space or drive should be able to accommodate.
Microsoft's Security Development Life Cycle (SDL) Metrics: Microsoft Can Do Better
Commentary  |  4/21/2008  | 
Microsoft can, and should, provide more insight into how well its security development life cycle is working.
Ooops -- Microsoft Nags More Office Users Than It Meant To
Commentary  |  4/21/2008  | 
Microsoft's latest attempt to track down illegitimate copies of its programs -- in this case Office -- went a bit (and way more than a bit) farther than the company intended last week when it released an Office piracy detector worldwide, instead of to the four countries the program targeted.
New Tool Lets Enterprises Manage Security on Multiple Linux Servers
News  |  4/21/2008  | 
Trusted Computer Solutions readies software that can 'lock down' servers running Red Hat, CentOS, or Oracle Enterprise Linux
Page 1 / 4   >   >>

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-07-01
An issue in the languages config file of HongCMS v3.0 allows attackers to getshell.
PUBLISHED: 2022-07-01
An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell.
PUBLISHED: 2022-07-01
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
PUBLISHED: 2022-07-01
PDFAlto v0.4 was discovered to contain a heap buffer overflow via the component /pdfalto/src/pdfalto.cc.
PUBLISHED: 2022-07-01
JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c.