Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in April 2009
<<   <   Page 3 / 3
Conficker Worm Arms Itself To Steal And Spam
News  |  4/9/2009  | 
The new variant, designated Conficker.E, is arriving through the worm's P2P connectivity.
SMB Security Spending Holding Steady, SMB Vulnerabilities Holding Steady Too
Commentary  |  4/9/2009  | 
A new Symantec survey indicates that small and midsized business security budgets are either holding at established levels or growing slightly, despite t6he economic downturn. Good thing, too, because the survey also found high levels of vulnerabilities, including a third of businesses running no anti-virus protection.
Giving Government Power To Unplug The Internet
News  |  4/9/2009  | 
In the best-case scenario, that power could enable a president to prevent cyberattacks on the power grid, air traffic control systems or the root of the Internet.
Rolling Review: StealthWatch System For Network Behavior Analysis
News  |  4/9/2009  | 
Lancope appliances provide deep threat analysis that's easy to see.
Efficiency A Key Objective For 2009
Commentary  |  4/9/2009  | 
2009, more so than any year, IT professionals are looking for ways to drive out costs. Technologies like deduplication, compression and server virtualization all try to lower the IT expenditures and these technologies have been successful at doing just that. The challenge however is that each of these technologies potentially compounds the challenge of making IT Operations more efficient by putting more workload in the same space.
WSJ's Meatless 'Spies' Story
Commentary  |  4/8/2009  | 
Wednesday's Wall Street Journal article reporting that the U.S. power grid had been infiltrated by Chinese and Russian "cyberspies" likely caused a few people to choke on their Cheerios. But it left the security community -- already jaded with stories of SCADA and power-grid vulnerabilities, and with assumptions that the grid had been hacked a long time ago -- hungry for more.
The Rocky Road To More Secure Code
News  |  4/8/2009  | 
Secure application development initiatives are all the rage now, but will developers get 'religion'?
Cloakware Survey: Acceptable Security Controls A Rarity
News  |  4/8/2009  | 
Most companies rely on antiquated security procedures that don't account for widespread corporate layoffs or the realities of a more virtual workforce, according to study of 12,500 U.S. infosec pros
U.S. Electrical Grid Breached By Cyber Spies
News  |  4/8/2009  | 
The intrusions were detected by U.S. intelligence agencies. In November, a congressional advisory committee warned that Chinese cyberattacks were increasing.
F-Response 3.09 Preview
Commentary  |  4/8/2009  | 
I've written a little about F-Response before. It's an incident response and forensic tool that gives investigators and responders the ability to access a running computer system's hard drive and physical memory in a read-only manner. Your analysis workstation connects over iSCSI to the target machine, and you can use practically any forensic tool to conduct analysis and imaging. I have used it with Forensic Toolkit (FTK), Encase, FTK Imager, Memoryze, and X-Ways. It's a great "enabler" tool tha
Survey: Small Firms Recognize Insider Risk, But Don't Act
News  |  4/8/2009  | 
Symantec report finds most breaches at small to midsize businesses caused by people, not malware
Microsoft: Rogue AV Found On 10 Million Machines
Quick Hits  |  4/7/2009  | 
Scareware more pervasive than thought, while data breaches more about lost and stolen equipment than hackers, according to new Microsoft Security Intelligence Report
SCADA Security: What SCADA Security?
Commentary  |  4/7/2009  | 
SCADA, the control systems for such infrastructure services as water and energy, has us worried whenever critical infrastructure defense is mentioned. Why, then, is it the most insecure industry on the planet?
Researchers To Unleash Backbone-Hacking Tools At Black Hat Europe
News  |  4/7/2009  | 
Tools automate attacks on Multiprotocol Label Switching (MPLS) and Ethernet carrier networks
SANS Survey: Log Data Not 'Just For Geeks' Anymore
Quick Hits  |  4/7/2009  | 
More IT/security professionals are collecting log data than ever before, new report says
Public More Scared Of Digital Dangers Than National Security Threats
Commentary  |  4/7/2009  | 
A new study finds that Americans are more concerned about identity theft than they are about national security. Could be they're right. And right or wrong, there are lessons here that affect your customers, partners, and employees
Register.com Suffered Massive Denial-of-Service Attack
Commentary  |  4/6/2009  | 
Anyone dependent on domain name registrar and hosting company Register.com, for either hosting their Web site or e-mail, learned first hand the pain of a distributed denial-of-service attack.
Facebook, Microsoft Partner To Fight Koobface Worm
News  |  4/6/2009  | 
The Koobface virus, which spreads through social networking sites, has been added to Microsoft's Malicious Software Removal Tool.
The Week After: Conflicted About Conficker
Commentary  |  4/6/2009  | 
The title says it all. With so much hype surrounding last week's impending destruction of the Internet, I started out a bit lackadaisical when people asked me about Conficker. As the week progressed, I started to feel annoyed and slightly hostile because so many people were coming to me to ask what was going to happen and how should they protect themselves. In hindsight, I should be happy at the new awareness brought on by Conficker, but I'm not.
Startup Promises Centralized Security, Control For Virtual Environments
News  |  4/6/2009  | 
New virtualization security firm HyTrust partners with VMWare, Citrix, Cisco, and Symantec
Report: Americans More Worried About Fraud Than Personal Safety
Quick Hits  |  4/5/2009  | 
Financial fraud fears eclipse national security worries in Unisys' latest security poll
Microsoft Issues PowerPoint Security Advisory
News  |  4/3/2009  | 
Microsoft said it's aware only of limited, targeted attempts to exploit this vulnerability, which could allow an attacker to execute code remotely.
Zero-Day PowerPoint Attacks Under Way
News  |  4/3/2009  | 
Microsoft warns of targeted exploits of unpatched flaw that could let attackers take control of victim's computer
Scanning Flash Apps For Insecurities
Commentary  |  4/3/2009  | 
Did you know that a simple Flash application on your Website could be a backdoor into your network? I've always known of such insecurities in Flash applications, but until recently, I had only looked at some Flash-based malware using Flare to analyze suspected malicious SWF files. All that has all changed with HP's new SWFScan tool,
More Mailicious Sites Than Ever. More On The Way.
Commentary  |  4/3/2009  | 
The number of malicious sites detected in March jumped by almost 200% over February, according to a new report from MessageLabs. The increase consists primarily image-based malware: time to warn your employees (and everybody else) about the risks of image-sharing sites, including social nets.
Hannaford Bros. Lawsuit In Hands Of Federal Judge
Quick Hits  |  4/3/2009  | 
Ruling determines if damages could be awarded to potentially millions of victims whose debit and credit cards were stolen in grocery chain's massive data breach
Public Search Engines Mine Private Facebook Details
News  |  4/2/2009  | 
New research finds publicly accessible Facebook profile information revealing
OpenDNS Reports 500,000 Machines Infected By Conficker
Quick Hits  |  4/2/2009  | 
April Fool's Day was mostly quiet -- but the number of machines hit by Conficker.C are starting to roll in
Getting Physical With Workstation Security
Commentary  |  4/2/2009  | 
So often we as security professionals talk about the security of the machines we're responsible for, and the only time physical security comes up is during the discussion of laptops and server rooms. We're concerned about laptop theft and loss that could lead to the dreaded customer notification process. Or maybe we brag about the awesome security of our datacenter. What about user workstations? Is there an subconscious assumption they're safe since they're behind locked doors?
Home Worker Security Is Business Security
Commentary  |  4/2/2009  | 
The news that IBM will no longer reimburse home-based workers for their Internet connections makes you wonder if Big Blue is going to make home-workers and telecommuters responsible for their own security. And that raises the question of how far you should go to make sure your off-site employees are using sound security sound security practices and procedures.
Archiving Your Way To Efficiency
Commentary  |  4/2/2009  | 
In an earlier post, You Can't DeDupe IT Administration, I discuss the problem with optimizing primary storage. While it is incredibly valuable to be able to squeeze more data into less storage footprint, from an administrative standpoint you still have to manage the data, there is limited increase in efficiency. Archiving however, especially disk based archive can provide tremendous gains in efficiency.
Anticipating Government Overreaction To An Actual Conficker Attack
Commentary  |  4/1/2009  | 
Most governments tend to overreact, and the U.S. probably leads the pack. Fortunately, we survived Conficker on Wednesday, but what if it had resulted in a massive amount of damage? Would the government's response have done more damage than the worm?
Congress Presses Credit Card Companies On PCI Failures
Quick Hits  |  4/1/2009  | 
House subcommittee hearing highlights rift between retailers, credit card firms over PCI
Black Hat Europe Researcher Hacks Database Servers
News  |  4/1/2009  | 
New tool to be unleashed at Amsterdam conference uses SQL injection to gain a foothold into the underlying database server
Conficker Communicates With Command; Conficker Media Communicators Miss An Opportunity
Commentary  |  4/1/2009  | 
As generally anticipated in the tech press, the Conficker worm communicated with its controllers, downloading new instructions, but otherwise failing to cause problems. Problems, though, were what many in the mainstream press were looking for, and therein lies a problem itself.
Dark Reading Launches Security Services Tech Center
Commentary  |  4/1/2009  | 
Today Dark Reading launches a new feature: the Security Services Tech Center, a subsite of Dark Reading devoted to bringing you news, product information, opinion, and analysis of the "outsourced" security services and technologies available to augment your organization's IT defenses.
How To Make The Right Choice About Security Outsourcing
News  |  4/1/2009  | 
New report offers in-depth look at security services alternatives -- and how to evaluate them
<<   <   Page 3 / 3


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30485
PUBLISHED: 2021-04-11
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.