News & Commentary

Content posted in April 2010
Page 1 / 4   >   >>
Microsoft Issues Workaround For Serious SharePoint Vulnerability
Commentary  |  4/30/2010  | 
While not a complete patch, the software maker has issued guidance detailing how to mitigate a serious vulnerability that places corporate data at-risk to snooping and theft.
Hacker Of Sarah Palin's E-Mail Found Guilty
News  |  4/30/2010  | 
Palin calls violating the law for political gain 'repugnant.'
Sending Email, Web Security To The Cloud
Commentary  |  4/30/2010  | 
E-mail and Web security outsourcing are gaining more momentum as resource-strapped companies look for ways to tighten their IT belts. IT shops are constantly being asked to do more with less, and it's often security that gets more budget cuts since it's an IT area that doesn't contribute directly to a company making money.
IT Pros Doubt Security Of Virtualized Environments, Study Says
Quick Hits  |  4/30/2010  | 
Majority of survey respondents don't think current security tools and practices will cut it in the cloud
Storage Checkers Vs. Chess
Commentary  |  4/30/2010  | 
Checkers is a two dimensional game where all the pieces have the same ability. Its about covering space. Chess is a complex three dimensional game where all the pieces have different capabilities and there is one common target: the enemy's king. In storage some features begin to look like checkers because they have become so commonplace, but when you dig deeper you find that the capabilities of these features between vendors vary greatly.
Healthcare Not Up To Task Of Securing Electronic Medical Records, Experts Say
News  |  4/30/2010  | 
Healthcare organizations with established databases are typically behind other industries in how they secure their data stores
Apple CEO Steve Jobs Lashes Out Against Adobe's Flash
News  |  4/30/2010  | 
Flash had 'one of the worst security records in 2009,' says Jobs in a major offensive against Adobe
Al Qaeda Implicated In Cyberattacks
Commentary  |  4/30/2010  | 
Some papers recently became publicly available in the case of terrorism suspect Mohamedou Ould Slahi, accused of being one of Al-Qaeda's top recruiters. The papers revealed Al-Qaeda hacking activity, which demonstrates what proof of accountability in Internet attacks is, and how many of us jump to conclusions about countries, such as China, without it.
Symantec To Buy PGP, GuardianEdge For $370 Million
News  |  4/30/2010  | 
The data encryption firms offer technology for standards-based encryption of full-disks, removable media, files, folders and smartphones.
Symantec Takes $370 Million Plunge Into Encryption Market
News  |  4/29/2010  | 
Acquisitions of PGP, GuardianEdge will make security giant an immediate player, experts say
Study: Application Security Not An Enterprise Priority
Quick Hits  |  4/29/2010  | 
Seventy percent say their organizations don't consider application security a strategic initiative, Ponemon Institute survey finds
Researchers Lock Down The Hypervisor
News  |  4/29/2010  | 
Prototype prevents 'Blue Pill' and other types of malware-injection attacks against the hypervisor
Product Watch: BreakingPoint To Roll Out 'Cyber Tomography Machine'
News  |  4/29/2010  | 
New testing platform scores the security of an organization's overall infrastructure and its resiliency to attack
Data Breaches More Costly In U.S. Than Elsewhere
Commentary  |  4/29/2010  | 
Data breaches cost U.S. companies twice as much as they do in other countries, according to a new Ponemon Institute study. Which adds up to twice as many reasons not to get breached!
Fixing Storage Utilization Without A Refresh
Commentary  |  4/29/2010  | 
In the final part of our storage utilization series we address how to improve storage utilization without refreshing the storage itself. This is, unfortunately, the most difficult way to improve storage utilization.
Federal Agencies Wrestle With Cybersecurity's Harsh Realities
News  |  4/28/2010  | 
Sophistication of attacks, shortage of resources lead agency IT chiefs to focus less on perfect security -- and more on risk management
When It Comes To Data Breaches, U.S. Most Costly
Commentary  |  4/28/2010  | 
Research published today shows that the average cost of a data breach, globally, is about $3.43 million per incident and $142 per compromised record. But that's not the entire story.
San Francisco Password-Hijacker Found Guilty
Quick Hits  |  4/28/2010  | 
Terry Childs faces five-year prison sentence for locking out city bosses from network
Storm Worm Reappears
News  |  4/28/2010  | 
Slightly revamped version of original malware used by the infamous Storm botnet being actively spammed -- and spreading
Ex-IT Admin Convicted In San Francisco
News  |  4/28/2010  | 
The felony conviction could put former San Francisco network engineer Terry Childs in prison for up to five years for withholding passwords to the city's computer network.
Microsoft SIR, Dissected
Commentary  |  4/28/2010  | 
Microsoft published Version 8 of its Security Intelligence Report (SIR) this week. The report covers the second half of 2009 and is a massive piece of information with almost 250 pages.
Costs Of Data Breaches Much Higher In U.S. Than In Other Countries, Study Says
News  |  4/28/2010  | 
Legal requirements for disclosure, notification add high expense to data compromise, Ponemon research says
Medical Records Keep Getting Dumped
Commentary  |  4/27/2010  | 
Why were possibly thousands of private patient records found dumped outside the closed offices of a physical therapy center?
Report: Tier 1 Merchants Pay $122,000 More For PCI Assessments
Quick Hits  |  4/27/2010  | 
Ponemon Institute/Thales survey PCI DSS security assessment firms about next version of PCI
Security Services Improve, But Bargains Few
News  |  4/27/2010  | 
Enterprises more focused on quality and functionality of services than on cost, experts say
McAfee Offers Compensation To Enterprise Customers Hit By Faulty AV Update
News  |  4/27/2010  | 
Businesses affected by the errant AV update get free one-year subscription to automated security health-check platform
Senators Seek FTC Rules For Social Networking
News  |  4/27/2010  | 
Facebook's expanded information sharing has prompted a call for regulation.
CIA Unveils Five-Year Strategy Plan
News  |  4/27/2010  | 
CIA 2015, released this week, seeks to ensure the agency remains in step with current national security challenges, such as cyber threats
Trusting 'Trusted' Sites Again
Commentary  |  4/27/2010  | 
I've been teaching a user security awareness and training course to faculty and staff at our university. One of the great aspects of the class is the discussions that develop out of the participants' questions, like the security of social networks and how to use wireless securely while on the road. Lately, I've been getting one question more and more often: How do I know if a site is safe?
CIA Boosting Cybersecurity Investment
News  |  4/27/2010  | 
Preventing and fighting cyber threats is one of three priorities in the agency's five-year plan.
Supreme Court To Review Video Game Law
News  |  4/26/2010  | 
At issue is whether video games deserve the free speech protection afforded other forms of expression.
More Than 40 Percent Of U.K. Users Say They Have Been Fraud Victims
Quick Hits  |  4/26/2010  | 
More than one-third of victims say they were never reimbursed by their banks
Microsoft: Enterprises Hit Hardest By Worms; Consumers By Trojans And Adware
News  |  4/26/2010  | 
Rogue AV was the common denominator threat to all users, according to findings in the new Microsoft Security Intelligence Report
Bad Guys Take Aim At iPad Users
News  |  4/26/2010  | 
Scam involves spam e-mail messages addressed to iPad users
FCC Takes Control Of Public Safety Network
News  |  4/26/2010  | 
The Federal Communication Commission intends to save $18 billion on its nationwide broadband public safety network by piggybacking on commercial network build-outs.
Apple iPad Used As Scam Bait
News  |  4/26/2010  | 
Cybercriminals are sending out malicious e-mail that targets iPad users, a sure sign that the device has been selling well.
What To Look For In A Primary Storage Refresh
Commentary  |  4/26/2010  | 
In our last entry we covered how the potential to increase storage utilization may help justify a storage refresh. If you are in a position to refresh your primary storage platform or you think the last entry may help you do that a little sooner than normal, what should you be looking for in your next storage platform?
FBI Names Cyber Division Chief
News  |  4/26/2010  | 
Gordon Snow has experience working on counterterrorism and cybercrimes in Silicon Valley and led the effort to draft a government-wide Cyber Counterintelligence Plan.
McAfee's Mess, SEC's Sex Problem And What SMBs Can Learn From Each
Commentary  |  4/26/2010  | 
Last week's McAfee release of a virus def file that didn't play well (to say the least!) with Windows XP SP3, along with unrelated revelations about the amount of pornsurfing going on at the SEC offers the chance to think a little bit about each problem -- and what your business has done and can do to avoid getting tagged by similar ones.
How Well Do Hospitals Protect Your Data? Abysmally
Commentary  |  4/24/2010  | 
A just released survey of about 200 compliance executives in hospitals from around the country shows that data breaches and medical identity theft continue to soar.
Google Sued Over Search Suggestion
News  |  4/23/2010  | 
A Wisconsin resident blames Google for Web content that links her name to a drug for sexual dysfunction.
Qakbot Worm Steals 2 GB Of Confidential Data Per Week, Researchers Say
Quick Hits  |  4/23/2010  | 
Data-stealing W32.Qakbot worm continues to penetrate enterprises, Symantec says
Blippy Leaks Four Credit Card Numbers
News  |  4/23/2010  | 
Social exhibitionism meets Google Search and learns that one can share too much information.
Tech Insight: When To Pull The Outsourcing Trigger
News  |  4/23/2010  | 
Outsourcing security functions can work -- if the conditions are right
WinMagic eStore Sells SecureDoc FDE For $99
News  |  4/23/2010  | 
eStore protects all data on Windows or Mac desktops, laptops, tablets and removable media
Cybercriminal Advertising: 1.5 Million Stolen Facebook Accounts For Sale
News  |  4/23/2010  | 
Going price starts at $25 for package of 1,000 accounts
Crippling McAfee Virus Update Could Have Long-Term Fallout
News  |  4/22/2010  | 
McAfee says it didn't fully test errant DAT file on XP Service Pack 3; some tens of thousands of PCs reportedly hit
DHS Fills Key Cybersecurity Posts
News  |  4/22/2010  | 
Department of Homeland Security hires fill leadership gaps at US-CERT and the National Cyber Security Division, two of the most important players in the nation's critical security infrastructure.
Pair Of Fines Levied On Breached Companies Show Real Costs Of Database Hacks
News  |  4/22/2010  | 
Fidelity National Information Services subsidiary, Davidson & Company each penalized hundreds of thousands of dollars by regulatory agencies
New Policy Revamps Agencies' Approach To FISMA Compliance
News  |  4/22/2010  | 
Guidance takes a 'three-tiered approach'
Page 1 / 4   >   >>


Facebook Aims to Make Security More Social
Kelly Sheridan, Associate Editor, Dark Reading,  2/20/2018
SEC: Companies Must Disclose More Info on Cybersecurity Attacks & Risks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  2/22/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.