News & Commentary

Content posted in April 2010
Page 1 / 4   >   >>
Microsoft Issues Workaround For Serious SharePoint Vulnerability
Commentary  |  4/30/2010  | 
While not a complete patch, the software maker has issued guidance detailing how to mitigate a serious vulnerability that places corporate data at-risk to snooping and theft.
Hacker Of Sarah Palin's E-Mail Found Guilty
News  |  4/30/2010  | 
Palin calls violating the law for political gain 'repugnant.'
Sending Email, Web Security To The Cloud
Commentary  |  4/30/2010  | 
E-mail and Web security outsourcing are gaining more momentum as resource-strapped companies look for ways to tighten their IT belts. IT shops are constantly being asked to do more with less, and it's often security that gets more budget cuts since it's an IT area that doesn't contribute directly to a company making money.
IT Pros Doubt Security Of Virtualized Environments, Study Says
Quick Hits  |  4/30/2010  | 
Majority of survey respondents don't think current security tools and practices will cut it in the cloud
Storage Checkers Vs. Chess
Commentary  |  4/30/2010  | 
Checkers is a two dimensional game where all the pieces have the same ability. Its about covering space. Chess is a complex three dimensional game where all the pieces have different capabilities and there is one common target: the enemy's king. In storage some features begin to look like checkers because they have become so commonplace, but when you dig deeper you find that the capabilities of these features between vendors vary greatly.
Healthcare Not Up To Task Of Securing Electronic Medical Records, Experts Say
News  |  4/30/2010  | 
Healthcare organizations with established databases are typically behind other industries in how they secure their data stores
Apple CEO Steve Jobs Lashes Out Against Adobe's Flash
News  |  4/30/2010  | 
Flash had 'one of the worst security records in 2009,' says Jobs in a major offensive against Adobe
Al Qaeda Implicated In Cyberattacks
Commentary  |  4/30/2010  | 
Some papers recently became publicly available in the case of terrorism suspect Mohamedou Ould Slahi, accused of being one of Al-Qaeda's top recruiters. The papers revealed Al-Qaeda hacking activity, which demonstrates what proof of accountability in Internet attacks is, and how many of us jump to conclusions about countries, such as China, without it.
Symantec To Buy PGP, GuardianEdge For $370 Million
News  |  4/30/2010  | 
The data encryption firms offer technology for standards-based encryption of full-disks, removable media, files, folders and smartphones.
Symantec Takes $370 Million Plunge Into Encryption Market
News  |  4/29/2010  | 
Acquisitions of PGP, GuardianEdge will make security giant an immediate player, experts say
Study: Application Security Not An Enterprise Priority
Quick Hits  |  4/29/2010  | 
Seventy percent say their organizations don't consider application security a strategic initiative, Ponemon Institute survey finds
Researchers Lock Down The Hypervisor
News  |  4/29/2010  | 
Prototype prevents 'Blue Pill' and other types of malware-injection attacks against the hypervisor
Product Watch: BreakingPoint To Roll Out 'Cyber Tomography Machine'
News  |  4/29/2010  | 
New testing platform scores the security of an organization's overall infrastructure and its resiliency to attack
Data Breaches More Costly In U.S. Than Elsewhere
Commentary  |  4/29/2010  | 
Data breaches cost U.S. companies twice as much as they do in other countries, according to a new Ponemon Institute study. Which adds up to twice as many reasons not to get breached!
Fixing Storage Utilization Without A Refresh
Commentary  |  4/29/2010  | 
In the final part of our storage utilization series we address how to improve storage utilization without refreshing the storage itself. This is, unfortunately, the most difficult way to improve storage utilization.
Federal Agencies Wrestle With Cybersecurity's Harsh Realities
News  |  4/28/2010  | 
Sophistication of attacks, shortage of resources lead agency IT chiefs to focus less on perfect security -- and more on risk management
When It Comes To Data Breaches, U.S. Most Costly
Commentary  |  4/28/2010  | 
Research published today shows that the average cost of a data breach, globally, is about $3.43 million per incident and $142 per compromised record. But that's not the entire story.
San Francisco Password-Hijacker Found Guilty
Quick Hits  |  4/28/2010  | 
Terry Childs faces five-year prison sentence for locking out city bosses from network
Storm Worm Reappears
News  |  4/28/2010  | 
Slightly revamped version of original malware used by the infamous Storm botnet being actively spammed -- and spreading
Ex-IT Admin Convicted In San Francisco
News  |  4/28/2010  | 
The felony conviction could put former San Francisco network engineer Terry Childs in prison for up to five years for withholding passwords to the city's computer network.
Microsoft SIR, Dissected
Commentary  |  4/28/2010  | 
Microsoft published Version 8 of its Security Intelligence Report (SIR) this week. The report covers the second half of 2009 and is a massive piece of information with almost 250 pages.
Costs Of Data Breaches Much Higher In U.S. Than In Other Countries, Study Says
News  |  4/28/2010  | 
Legal requirements for disclosure, notification add high expense to data compromise, Ponemon research says
Medical Records Keep Getting Dumped
Commentary  |  4/27/2010  | 
Why were possibly thousands of private patient records found dumped outside the closed offices of a physical therapy center?
Report: Tier 1 Merchants Pay $122,000 More For PCI Assessments
Quick Hits  |  4/27/2010  | 
Ponemon Institute/Thales survey PCI DSS security assessment firms about next version of PCI
Security Services Improve, But Bargains Few
News  |  4/27/2010  | 
Enterprises more focused on quality and functionality of services than on cost, experts say
McAfee Offers Compensation To Enterprise Customers Hit By Faulty AV Update
News  |  4/27/2010  | 
Businesses affected by the errant AV update get free one-year subscription to automated security health-check platform
Senators Seek FTC Rules For Social Networking
News  |  4/27/2010  | 
Facebook's expanded information sharing has prompted a call for regulation.
CIA Unveils Five-Year Strategy Plan
News  |  4/27/2010  | 
CIA 2015, released this week, seeks to ensure the agency remains in step with current national security challenges, such as cyber threats
Trusting 'Trusted' Sites Again
Commentary  |  4/27/2010  | 
I've been teaching a user security awareness and training course to faculty and staff at our university. One of the great aspects of the class is the discussions that develop out of the participants' questions, like the security of social networks and how to use wireless securely while on the road. Lately, I've been getting one question more and more often: How do I know if a site is safe?
CIA Boosting Cybersecurity Investment
News  |  4/27/2010  | 
Preventing and fighting cyber threats is one of three priorities in the agency's five-year plan.
Supreme Court To Review Video Game Law
News  |  4/26/2010  | 
At issue is whether video games deserve the free speech protection afforded other forms of expression.
More Than 40 Percent Of U.K. Users Say They Have Been Fraud Victims
Quick Hits  |  4/26/2010  | 
More than one-third of victims say they were never reimbursed by their banks
Microsoft: Enterprises Hit Hardest By Worms; Consumers By Trojans And Adware
News  |  4/26/2010  | 
Rogue AV was the common denominator threat to all users, according to findings in the new Microsoft Security Intelligence Report
Bad Guys Take Aim At iPad Users
News  |  4/26/2010  | 
Scam involves spam e-mail messages addressed to iPad users
FCC Takes Control Of Public Safety Network
News  |  4/26/2010  | 
The Federal Communication Commission intends to save $18 billion on its nationwide broadband public safety network by piggybacking on commercial network build-outs.
Apple iPad Used As Scam Bait
News  |  4/26/2010  | 
Cybercriminals are sending out malicious e-mail that targets iPad users, a sure sign that the device has been selling well.
What To Look For In A Primary Storage Refresh
Commentary  |  4/26/2010  | 
In our last entry we covered how the potential to increase storage utilization may help justify a storage refresh. If you are in a position to refresh your primary storage platform or you think the last entry may help you do that a little sooner than normal, what should you be looking for in your next storage platform?
FBI Names Cyber Division Chief
News  |  4/26/2010  | 
Gordon Snow has experience working on counterterrorism and cybercrimes in Silicon Valley and led the effort to draft a government-wide Cyber Counterintelligence Plan.
McAfee's Mess, SEC's Sex Problem And What SMBs Can Learn From Each
Commentary  |  4/26/2010  | 
Last week's McAfee release of a virus def file that didn't play well (to say the least!) with Windows XP SP3, along with unrelated revelations about the amount of pornsurfing going on at the SEC offers the chance to think a little bit about each problem -- and what your business has done and can do to avoid getting tagged by similar ones.
How Well Do Hospitals Protect Your Data? Abysmally
Commentary  |  4/24/2010  | 
A just released survey of about 200 compliance executives in hospitals from around the country shows that data breaches and medical identity theft continue to soar.
Google Sued Over Search Suggestion
News  |  4/23/2010  | 
A Wisconsin resident blames Google for Web content that links her name to a drug for sexual dysfunction.
Qakbot Worm Steals 2 GB Of Confidential Data Per Week, Researchers Say
Quick Hits  |  4/23/2010  | 
Data-stealing W32.Qakbot worm continues to penetrate enterprises, Symantec says
Blippy Leaks Four Credit Card Numbers
News  |  4/23/2010  | 
Social exhibitionism meets Google Search and learns that one can share too much information.
Tech Insight: When To Pull The Outsourcing Trigger
News  |  4/23/2010  | 
Outsourcing security functions can work -- if the conditions are right
WinMagic eStore Sells SecureDoc FDE For $99
News  |  4/23/2010  | 
eStore protects all data on Windows or Mac desktops, laptops, tablets and removable media
Cybercriminal Advertising: 1.5 Million Stolen Facebook Accounts For Sale
News  |  4/23/2010  | 
Going price starts at $25 for package of 1,000 accounts
Crippling McAfee Virus Update Could Have Long-Term Fallout
News  |  4/22/2010  | 
McAfee says it didn't fully test errant DAT file on XP Service Pack 3; some tens of thousands of PCs reportedly hit
DHS Fills Key Cybersecurity Posts
News  |  4/22/2010  | 
Department of Homeland Security hires fill leadership gaps at US-CERT and the National Cyber Security Division, two of the most important players in the nation's critical security infrastructure.
Pair Of Fines Levied On Breached Companies Show Real Costs Of Database Hacks
News  |  4/22/2010  | 
Fidelity National Information Services subsidiary, Davidson & Company each penalized hundreds of thousands of dollars by regulatory agencies
New Policy Revamps Agencies' Approach To FISMA Compliance
News  |  4/22/2010  | 
Guidance takes a 'three-tiered approach'
Page 1 / 4   >   >>


New Bluetooth Hack Affects Millions of Vehicles
Dark Reading Staff 11/16/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17948
PUBLISHED: 2018-11-20
An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3.
CVE-2018-1779
PUBLISHED: 2018-11-20
IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated attacker to cause a denial of service due to not setting limits on JSON payload size. IBM X-Force ID: 148802.
CVE-2018-19367
PUBLISHED: 2018-11-20
Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case.
CVE-2018-19335
PUBLISHED: 2018-11-20
Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug reports.
CVE-2018-19334
PUBLISHED: 2018-11-20
Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axis) can be used to obtain sensitive information about the content of bug reports.