News & Commentary
Content posted in April 2009
|
Despite Economy, Security Salaries Are On The Rise
More than half of IT security pros got a raise in the past year, study says
Spam Close To 2 Year High: 85% Of Mail Now Spam
Nobody really expected spam levels to stay low after the McColo takedown last year and, as a new MessageLabs report shows, they haven't. In fact, spam levels are as high as they've been in 19 months, crossing the 85% level for the first time since September '87.
New Tools Emerge To Ease Enterprise Fear Of Firewall Swapping
Replacing one vendor's firewall with another risks network disruption and could opens security holes, leaving many organizations to stick with the same firewall maker
Cloud Security Needs Its Rainmaker
The Cloud Security Alliance (CSA) made its inaugural splash at last week's RSA Security Conference 2009 in San Francisco. The group kicked off an ambitious white paper that attempts to define everything from the architecture of cloud services to the impact of cloud services on litigation and encryption. It was a herculean effort to try to get this off the ground. And there is still much more work to do -- especially in the one area the group left out.
Cloud Antivirus Promises A New Approach From Panda Security
The free software is designed to scan the cloud to collect antivirus signatures, leading to faster protection from the newest viruses and less load on end-user computers.
Trend Micro Acquires Third Brigade
Buyout expected to boost Trend's cloud security, regulatory compliance offerings
Microsoft Alters Windows AutoRun Amid Conficker Concerns
As Conficker shows no signs of going away, software giant makes worm tougher to spread via USB
Panda Security Offers Free 'Cloud Antivirus'
The antivirus company says its approach protects against malware 100 times faster than traditional signature-based solutions.
Adobe Exploit Sheds Light On Bigger Risk Management Issue
Batten down the hatches: It's zero-day exploitation time for Adobe Reader and Acrobat. But according to Adobe's blog post yesterday, "we are currently not aware of any reports of exploits in the wild for this issue."
Is that the kind of statement you would feel comfortable taking to your CIO or CIS
Application Aware Storage and Protection
In storage, its easy to forget that it is all about the application, especially when it comes to protection and more importantly recovery of that application. There is a wide variety of storage data protection from basic RAID to snapshots. There is an even wider variety of data protection software that provides multiple levels of protection, but between the two there is only rudimentary understanding of the application.
bMighty bSecure Virtual Event: SMB Security On A Budget - Today!
When times get tough, it's all too tempting to push security concerns aside -- especially at small and midsize companies with shrinking IT budgets. Fortunately, you don't have to make that mistake, there are ways to address security issues without breaking the bank. Today -- Wednesday, April 29 -- the bMighty bSecure virtual event brings together business and security experts to show you how
Swine Flu Fears Fanned By Spammers
Some of these messages contain no malware or malicious links and appear to be information harvesting campaigns.
Federal Reserve IT Analyst Arrest Highlights Internal Threat
I've always had a pick with the trite and hackneyed marketing hype among IT security vendors who repeated the "insiders conduct the most attacks," or "Insiders are the greatest risk." This most recent arrest stokes the debate that was rekindled with the recent release of Verizon Business' 2009 Data Breach Investigations Report.
Adobe Reader, Acrobat Hit With Another Zero-Day
Popular PDF plug-in becoming favorite target for attackers, prompting some security experts to recommend open-source alternatives
Fed Bank IT Worker Charged With Insider Data Theft
IT employee allegedly used administrative access to collect co-workers' personal data and obtain bank loans in their names
SANS Tells Congress: Feds' Checkbook Is Cyberdefense 'Weapon'
Security experts in Senate hearing today debate whether the White House or Department of Homeland Security should head up U.S. cybersecurity strategy and operations
Swine Flu Outbreak Brings Out Swineflu Web Scams
Swine Flu's making headlines and making people nervous, which is leading people to look for swineflu information on the Web. No surprise that the cybercrooks are setting up swine flu scam addresses and sites.
Just Because Security Budget Takes A Hit, Doesn't Mean Security Has To
At last week's RSA Conference in San Francisco, there was as much talk about the economy as there was on IT security. And while the show appeared to pull a healthy number of attendees, at times the show floor seemed filled with more vendor reps and consultants, than IT buyers. But a few studies released last week show while vendor's may like to hype fear, the infosec economy certainly isn't all gloom and doom.
Privacy Policies Matter. No, Really. They Do.
Forces as dissimilar as the Federal Trade Commission and Google seem to be aligning to reinforce the importance of protecting the privacy of your company's online customers.
Security Suffers Cuts In Recession, But Fares Better Than The Rest Of IT
Layoffs, cutbacks aren't as painful in security, but they are happening, studies say
Security Vendors Offer More Freebies, Deals To Existing Customers
Under increasing budget constraints and intensifying threats, organizations are asking their vendors for free, enhanced features and better deals -- and they're getting them
The Real Costs Of Laptop Loss
How many movies have you seen where the bad guy is just about to get caught and interrogated when he bites down on a cyanide capsule and dies almost instantaneously? It's a pretty common scene that I've seen in movies as recent as "The Watchmen." Similar solutions, like virtual cyanide capsules, exist that can address lost or stolen electronic devices, and a study released by Intel and the Ponemon Institute last week highlights the importance of those products.
RSA's Five Big Takeaways
Swag was scarce, attendee counts were down, and a few vendors opted not to exhibit this year, but last week's annual RSA Conference in San Francisco was still the obligatory get-together for security experts and vendors, sprinkled with loads of product and partner announcements and high-profile keynote speakers.
The trouble with a show as large as the RSA Conference, of course, is that you can't see it all. So here's a synopsis of just some of the more memorable moments:
At RSA, Security Pros Don't Practice What They Preach
AirPatrol study finds almost 100 unauthorized WiFi access points at convention
Will SSD Delay FCoE?
In a recent entry we discussed the impact of Solid State Disk (SSD) on the IO infrastructure. Where SSD may have the most significant impact is on the adoption of 8GB fibre vs. Fibre Channel over Ethernet (FCoE). SSD has a performance profile that is worthy of the 10GB speeds of FCoE but will FCoE be adopted quickly enough by IT prior to SSD on 8GB Fibre establishing a foot hold?
The High Cost Of Not Spending On Security
Slashing your security budget might be tempting in these tight times, but a security breach will cost you far more than you save. Recent IT spending surveys show that many tech leaders see security as a top priority whereas others are trimming security spending and putting their organizations at increased risk of a security breach.
Conficker Making Its Move, Finally
After months of hype and, admit it it, hysteria, the Conficker worm has finally been getting getting down to work, spewing spam and pushing popups warning that the user's computers are infected (Ya think?) with viruses.
Splunk, GlassHouse Launch Joint Security Management Service
Partnership challenges SIEM, uses Splunk search engine to find source of security problems
Taking Some Of The Sting Out Of Data Breaches
Anyone who has suffered a recent data breach involving regulatory or legislative data knows the investigation can be an excruciating process. The investigation is subject to time constraints as to how long it takes time to prepare and notify affected individuals. Statutes may apply to the company requiring customers to be notified within X number of days. And, of course, breaches never occur when it's convenient for the victim. So what can you do to streamline the investigative process and make
SANS: Newest WLAN Hacks Come From Afar
Expert warns of deadly combination of long-distance remote and wireless hacking to get inside an organization
Many Users Say They'd Sell Company Data For The Right Price
In subway survey, 37 percent of workers say they could be bought
Poll: 65% Of Consumers Want Local Government To Do More About Cybercrime
Cybercrime considered "serious" by 70 percent of U.S. adults
Security Expert Calls For New Model For 'Demonetizing' Cybercrime, Botnets
Current approach focused on fighting attacks is not working, says SecureWorks' Joe Stewart
Social Networks A New Security Frontline
USA Today ran an interesting story about how cybercriminals are using social media in greater numbers to attack users. What started as a trickle last year has quickly sprung to an open fire hydrant, as criminals turn to low-paid grunts to crack captchas.
Savvis Launches Web App Firewall Service
New service could help companies meet WAF requirement under PCI
What Part Of Disaster Recovery Don't You Understand? (bMighty Wants To Know!)
Disaster Recovery planning and preparation remains one of the great vulnerabilities of small and midsized businesses (and plenty of big businesses, too). Why do so many businesses avoid taking the time and spending the money to prep themselves for disasters that may never happen? The three most common answers are in that question.
Cybersecurity Balancing Act
Government IT pros struggle to meet mandates as computer system threats keep growing.
InformationWeek Analytics: Endpoint Security And DLP
A smart mix of policies, education, and new technologies like data loss prevention can help IT balance access and protection.
DeDupe Team Up
There is a growing trend in storage lately, the concept of a manufacturer tapping another developer to help them compete in the market. This allows two smaller suppliers to team up against the larger suppliers. One of the best examples of this is NAS vendors adding deduplication functionality to their systems.
10 After-Tax-Filing Security Tips
Filing your taxes isn't the end of the story. You've also got to be sure that you the electronic information you submit doesn't fall prey to identity theft. Think it can't happen to you? Tell that to the 10 million Americans who had their identity stolen last year.
Microsoft Details Windows 7 Security
Features in upcoming OS reflect Microsoft's strategy of end-to-end trust
Third-Party App Updates, Unite!
Unite, unite, UNITE! It's a great fight song being preached by Secunia at this week's RSA Conference. In "Secunia Pushes For Standard That Updates Consumer Apps," here on Dark Reading, Secunia's effort to unify patching was discussed with some interesting statistics from the recent Microsoft Incident Report. According to the report, 90 percent of vulnerabilities present on Windows system
Researchers Find Massive Botnet On Nearly 2 Million Infected Consumer, Business, Government PCs
More than 70 government-owned domains hit, and nearly half of the overall infections are in the U.S.
Symantec Rolls Out Small Business Offerings
Company also announces acquisition of Web security gateway appliance maker Mi5
Being Secure While Being Green
Tossing out digital devices with data on them is a security risk. Disposing of digital devices improperly, with or without data present, is an environmental risk.
NSA Does Not Want To Lead U.S. Cybersecurity Efforts. This Is Good News
Lt. Gen. Keith Alexander told a packed security audience here at the RSA Conference 2009 that the National Security Agency wants to help support the nation's critical IT security infrastructure efforts as part of a "team" effort. And that the NSA isn't interesting in the job of running the security of the critical IT security infrastructure.
Aladdin Introduces Clientless Smartcard Authentication Solution For Online Services
Aladdin eToken PRO Anywhere combines certificate-based authentication with plug-and-play simplicity
Analyzing Security Psychology
The integration of psychology into the security strategic-thinking process is critical for the advancement of information security. The human element influences all security controls because all of these controls seek to regulate human behavior.
NSA Director: Agency Not Interested In Running U.S. Cybersecurity
Lt. Gen. Keith Alexander tells security industry audience the National Security Agency wants to act as technical support in a "team" effort
Disappointed In Thin?
In a recent review of Symantec's 2009 Stop Buying Storage Survey, an odd result on thin provisioning might get overlooked. 42% of users are essentially disappointed in their thin provisioning investment, and another 37% only indicated seeing moderate improvement. If you aren't in the small group that saw significant improvement, you may have invested in the wrong thin provisioning technology.
|
White Papers
Video
3 Comments
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-19220
PUBLISHED: 2018-11-12
PUBLISHED: 2018-11-12
PUBLISHED: 2018-11-12
PUBLISHED: 2018-11-12
PUBLISHED: 2018-11-12
From DHS/US-CERT's National Vulnerability Database CVE-2018-19220
PUBLISHED: 2018-11-12
An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to execute arbitrary PHP code via the host parameter to the install/ URI.
CVE-2018-19221PUBLISHED: 2018-11-12
An issue was discovered in LAOBANCMS 2.0. It allows SQL Injection via the admin/login.php guanliyuan parameter.
CVE-2018-19222PUBLISHED: 2018-11-12
An issue was discovered in LAOBANCMS 2.0. It allows a /install/mysql_hy.php?riqi=0&i=0 attack to reset the admin password, even if install.txt exists.
CVE-2018-19223PUBLISHED: 2018-11-12
An issue was discovered in LAOBANCMS 2.0. It allows XSS via the first input field to the admin/type.php?id=1 URI.
CVE-2018-19224PUBLISHED: 2018-11-12
An issue was discovered in LAOBANCMS 2.0. /admin/login.php allows spoofing of the id and guanliyuan cookies.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This