Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in April 2010
<<   <   Page 2 / 4   >   >>
Rapid 7 Rolls Out First Commercial Metasploit Product
Quick Hits  |  4/22/2010  | 
Metasploit Express combines open source platform with user-friendly interface and new back-end
Health Insurer Notifies More Than 409,000 Of Potential Breach
News  |  4/21/2010  | 
Sensitive medical records found on previously leased digital copier, company says
More Than One-Third Of Network Devices Show Vulnerabilities, Study Says
Quick Hits  |  4/21/2010  | 
Average device shows more than 40 configuration violations, according to research
White House Updates Cybersecurity Orders
News  |  4/21/2010  | 
The three-pronged approach should help federal agencies do away with wasteful compliance spending and encourage improved security, say White House officials.
Facebook Opens Up Social Tools To Broader Web
News  |  4/21/2010  | 
At its developer conference, the soc-net powerhouse let loose plug-ins which will extend its platform throughout the Web and potentially strengthen its hand versus Google.
Product Watch: Microsoft Scraps Forefont Protection Manager Product
News  |  4/21/2010  | 
Software giant says it's aligning security management with systems and application management
CSRF Attacks Get New PoC Creation Tool
Commentary  |  4/21/2010  | 
Cross site request forgery (CSRF) is a powerful attack that can have devastating consequences. It's not a new attack, but new tools are released every year because Web developers don't always write secure code that can prevent these attacks. Often, CSRF vulnerabilities go undetected because automated scanners have difficulty detecting them.
Justifying An Early Storage Refresh
Commentary  |  4/21/2010  | 
Our last entry covered ways to increase storage utilization. There are three options; live with under-utilization (easy but costly), refresh your current storage (easy but potentially expensive) or making what you have more efficient (potentially time consuming but potentially inexpensive). Most data centers have a schedule to refresh their current storage systems at some point in the future. In this ent
New Hack Pinpoints Cell Phone User's Location, Personal And Business Relationships
News  |  4/21/2010  | 
Researchers demonstrate a technique that exploits the cell phone infrastructure to compromise cell user's privacy
Why Employees Break Security Policy (And What You Can Do About It)
News  |  4/20/2010  | 
Companies that monitor network behavior say many employees still break rules in order to get their jobs done
Report: Targeted Attacks Evolve, New Malware Variants Spike By 100 Percent
Quick Hits  |  4/20/2010  | 
New Symantec Global Internet Threat Report shows evolution of targeted attacks, prevalence of Web-borne attacks, increase in malware variants in 2009
Network Solutions Hack Highlights Hosting Risks
Commentary  |  4/20/2010  | 
Website hosting vendor Network Solutions Inc. (NSI) has been forced to cleanse its customer Websites after a few "thousand" sites where attacked after an unspecified number of NSI's shared servers were infiltrated.
Network Solutions Cleaning Up After Second Round Of Attacks
News  |  4/20/2010  | 
'A few thousand' websites infected in attacks; meanwhile, NSI suffers email service disruption today as well
PCI: Data Token Alternatives
Commentary  |  4/20/2010  | 
When a merchant cannot -- or will not -- replace credit card numbers with tokens provided by its payment processor, how does it secure it database to be PCI-compliant?
Google Scolded By Privacy Officials
News  |  4/20/2010  | 
Buzz, the company's social networking arm for Gmail, continues to elicit criticism
Google Tool Reveals Government Hunger For Data
News  |  4/20/2010  | 
Official demands sent to Google for data and for its removal are now on display.
Google Scolded By Privacy Officials
News  |  4/20/2010  | 
Buzz, the company's social networking mechanism for Gmail, continues to elicit criticism.
Google Chrome Attracting Hacker Attention
Commentary  |  4/20/2010  | 
The good news: at a recent security conference, Google Chrome got kudos as the hardest to browser hack. The bad news: a new hack is targeting possibly overconfident Chrome users and tagging them with malware.
California Senate Moves On New Data Breach Law
Commentary  |  4/19/2010  | 
With 2003's landmark data breach notification law, SB-1386, California set the tone for the wave of state breach notification laws that would follow. Today, more states have similar laws than don't. Last week, the California Senate approved SB-1166 which aims to add more detail to the existing law.
IT Isn't Keeping Up With End Users, Study Says
Quick Hits  |  4/19/2010  | 
Most organizations unable to keep up with users' job responsibilities and access rights, Ponemon study says
Secure P2P Scheme Leverages Social Networks
News  |  4/19/2010  | 
Anonymous and unobservable IM and VoIP could be possible under a proposed network architecture called Drac.
Log Review Checklist For Responders Under Fire
Commentary  |  4/19/2010  | 
Checklists are one of the most important things for first responders to have access to when responding to an incident. The reasons are many, and most of them tend to fall back on the human nature of the first responder. Incident response can impose a lot of stress on an individual, whether from management or the sheer criticality of the potentially hacked resource, it can be easy to miss a step or remember a command incorrectly when under fire.
Increasing Storage Utilization Rates
Commentary  |  4/19/2010  | 
In a recent entry by John Foley he discusses some of the pros and cons for leveraging cloud computing to increase IT efficiency in the Federal Government. One of the more startling statements is how low utilization of storage is. Of course low utilization is not the sole problem of Federal IT, the private sector has its challenges with storage utilization as well. What can be done to inc
Fort Hood Shootings Spark IT Upgrades
News  |  4/19/2010  | 
Defense Secretary Robert Gates has ordered the deployment of two information sharing systems in order to help curb internal security threats.
Politically Motivated Attacks Could Force Enterprises To Reshape Defenses
News  |  4/19/2010  | 
Targeted attacks could happen to any organization for myriad reasons, report says
Researcher Demonstrates How To Counterattack Against A Targeted Attack
News  |  4/19/2010  | 
Proof-of-concept turns the tables on attackers who wage targeted attacks on enterprises
OWASP Issues Top 10 Web Application Security Risks List
News  |  4/19/2010  | 
Final version of Top 10, published today, focuses on actual risks versus vulnerabilities
Apple Sued Over iPhone Liquid Sensors
News  |  4/19/2010  | 
Customers' inability to verify liquid sensor data, the lawsuit claims, make Apple's warranty coverage an illusion.
Researcher To Demonstrate Uncrackable Encryption Key
Quick Hits  |  4/16/2010  | 
Scientist at Tel Aviv University builds key transmission system based on lasers, fiber optics
Apple Market Strongest In California
News  |  4/16/2010  | 
Despite its relatively small share of the PC market, Apple's overall market penetration makes it a major player in many parts of the country.
Taking Penetration Testing In-House
News  |  4/16/2010  | 
Weighing the risks and benefits of do-it-yourself pen testing
Google Unveils Cloud Print
News  |  4/16/2010  | 
The upcoming Chrome OS will push printing beyond the desktop.
Product Watch: Free Tool Detects PCI Violations
News  |  4/16/2010  | 
Software detects improperly stored credit card data, other PCI violations
NSA Director Tells Senate He Won't Overstep In Role As U.S. Cyber Command Director
News  |  4/16/2010  | 
'This is not about efforts to militarize cyberspace,' says Lt. Gen. Keith Alexander during his confirmation hearing
New Full Disclosure, Website Vulnerabilities Database
Commentary  |  4/16/2010  | 
The biggest news in security circles in the past day or so is the new full disclosure site, Vulnerable Sites DB database.
Attacking Electronic Door Access Control Systems
Commentary  |  4/16/2010  | 
A friend recently pointed me to some research he has been doing with embedded door access control systems, as well as some of the vulnerabilities he has uncovered. Some of his findings were recently disclosed at Carolinacon, with more to come during his presentation at Hack in the Box.
Bridging The Gap Between Training And Operations
Commentary  |  4/15/2010  | 
The EDUCAUSE Security Professionals Conference is a great conference for IT staff from higher education to meet and learn about deploying and managing security tools like OSSEC and Bro IDS, hear how others are dealing with compliance issues, and network with other professionals interested in security.
Google Revenues Beat Estimates
News  |  4/15/2010  | 
Despite strong first quarter results, the company's stock slipped on worries about costs.
Google: Virus-Packing Spam Rose Despite Botnet Takedowns
Quick Hits  |  4/15/2010  | 
Postini email security team logged massive surge in viruses in Q4 2009
IE 8 Security Features Could Be Turned Against Users, Researchers Say
News  |  4/15/2010  | 
At Black Hat Europe, presenters show how filters designed to prevent cross-site scripting can be used to launch those very attacks
SAP, Other ERP Applications At Risk Of Targeted Attacks
News  |  4/15/2010  | 
Black Hat Europe researcher demonstrates techniques for inserting 'backdoors' into popular enterprise resource planning apps that aren't properly secured
States' Rights Come to Security Forefront
News  |  4/15/2010  | 
Massachusetts' new data protection law reaches beyond its borders. Are you ready?
Databases At Risk Of Man-In-The-Middle Attacks
News  |  4/15/2010  | 
Without encryption of database traffic, Oracle and other databases face man-in-the-middle attack threats
Former NSA Official Leaked Secrets Via Hushmail
News  |  4/15/2010  | 
The indictment returned in Maryland on Thursday suggests how easy it is to copy and paste secrets.
States' Rights Come to Security Forefront
News  |  4/15/2010  | 
Massachusetts' new data protection law reaches beyond its borders. Are you ready?
Senators Question Cyber Command Nominee
News  |  4/15/2010  | 
Gen. Keith Alexander told legislators he'll work closely with the president and Homeland Security to protect U.S. military networks against cyber attacks.
FCoE Poised For Adoption
Commentary  |  4/15/2010  | 
FCoE adoption is getting ready to pick up steam. That's my take from Storage Networking World (SNW). The FCoE sessions and labs seemed well attended. This means that users are getting ready to deploy the technology, and of course, some already have.
Enterprises See Risks In Cloud
News  |  4/15/2010  | 
Cloud infrastructures aren't yet reliable or secure enough for mission critical apps, say users.
Websites Vulnerable To New Clickjacking Techniques
Commentary  |  4/15/2010  | 
At Black Hat Europe, UK-based security researcher Paul Stone has demonstrated new and seemingly powerful attacks that dupe users into activating malicious links on Web sites without their even knowing it.
<<   <   Page 2 / 4   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30485
PUBLISHED: 2021-04-11
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.