Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in April 2010
<<   <   Page 4 / 4
Customers Sue Countrywide Financial Over Theft And Sale Of Personal Data
News  |  4/7/2010  | 
Class-action suit seeks $20 million as well as answers about company's involvement
Apple iPhone OS 4.0 May Bring Ad API
News  |  4/7/2010  | 
Developers are hoping to see support for XMPP, an iTunes Sales Data API, and improved Parental Controls.
PCI Database Security Primer
Commentary  |  4/6/2010  | 
I have written a lot about compliance in that past three months, but most of the guidance has been generic. Now I want to talk about database security specifically in relation to the Payment Card Industry (PCI) Data Security Standard, and consider compliance more from an architectural standpoint as opposed to a tools- or policy-based perspective.
Many U.S. Government Agencies Have Been Attacked, Survey Says
Quick Hits  |  4/6/2010  | 
Three-quarters of federal IT decision-makers say likelihood of a foreign attack is 'high'
Data Stolen From India, UN, Dalai Lama Traced To China
News  |  4/6/2010  | 
A report on cloud-based cybercrime details the activities of a gang of computer hackers believed to be operating out of Sichuan Province in China.
Researcher Details New Class Of Cross-Site Scripting Attack
News  |  4/6/2010  | 
'Meta-Information XSS' exploits commonly used network administration utilities
Western Digital Intros 600GB SATA HDD
News  |  4/6/2010  | 
The latest VelociRaptor doubles the storage of WD's fastest SATA hard disk drive.
Space Shuttle Suffers Radar Outage
News  |  4/6/2010  | 
Operational "anomaly" means Discovery astronauts will have to dock with space station without help from electronics system.
What Is Zero Detect?
Commentary  |  4/6/2010  | 
There is a term you are going to start hearing more of in storage circles; Zero Detect. Some storage systems that offer thin provisioning are adding the ability to detect areas of a volume that have been zeroed out so they can reclaim that space and use it elsewhere. Zero detect becomes a critical component as we advance the capabilities of thin provisioning.
Web Probes On Defense Contractors Rising
News  |  4/6/2010  | 
Rapidly increasing rates of industrial espionage against the U.S. defense industry puts military technology at risk, report says.
iPad Cripples iWork Documents
News  |  4/6/2010  | 
Users discover Apple's new tablet-style computer includes only a stripped down version of the company's office software.
Mobile App Use To Soar This Year
News  |  4/6/2010  | 
Samsung's Bada operating system and Microsoft's Windows Phone 7 are expected to help drive demand for mobile applications.
Cyberattack Looming, Federal IT Pros Believe
News  |  4/6/2010  | 
More than half of federal IT professionals surveyed believe the potential is "high" for a cyberattack against critical IT infrastructure in the next year.
iPad Hacked, Jailbroken
Commentary  |  4/5/2010  | 
Unless you've been disconnected from the Internet, TV, and the free world - you know that Apple released the iPad. It only took about a day for a well-known iPhone OS hacking group -- the iPhone Dev team -- to Jailbreak the device using an unpatched security flaw.
Companies Fall Short On Protecting Sensitive Data, Study Says
Quick Hits  |  4/5/2010  | 
Compliance-driven programs detract from efforts to secure real intellectual property, Forrester Research finds
Software Research Promises Faster Apps
News  |  4/5/2010  | 
A new approach to memory management allows computer code to operate more efficiently on multicore processors and can reduce the overhead of security checks.
N.J. Supreme Court Rules Employers Can't Always Read Personal Email
News  |  4/5/2010  | 
Employees who use password-protected, third-party services can have a reasonable expectation of privacy, court says
AT&T, GE, Google, Intel Seek White House Energy Push
News  |  4/5/2010  | 
Dozens of technology companies and other organizations are asking the President to back policies that make energy consumption data more widely available.
Conficker Dead -- Long Live Conficker
Commentary  |  4/5/2010  | 
Whether or not the Conficker worm is essentially dead, just lying low or somewhere in-between, the lessons of the massive botnet are likely to live on for a long time. Bad news is that there are lessons learned by the botnet makers, too.
iPad Sales To Top 7 Million This Year
News  |  4/5/2010  | 
Factors that could boost sales in the future include swift feature enhancements and the addition of Flash support.
IT Spending On Cloud Ratcheting Up
News  |  4/2/2010  | 
A Sandhill Group survey shows enterprise interest in -- and IT spending on -- cloud computing accelerating over the next three years.
Share -- Or Keep Getting Pwned
Commentary  |  4/2/2010  | 
Forget the bad guys: Sometimes it seems like the security industry doesn't trust itself. There's too much internal hoarding of intelligence for privacy or competitive reasons and too little sharing of information among researchers, victims, and law enforcement about real attacks. All this does is give the cybercriminals an edge.
More Heartland Heartache: Florida Credit Union Says 12K More Debit Card Accounts Exposed
Quick Hits  |  4/2/2010  | 
MidFlorida Federal Credit Union, which previously issued 5,000 new cards to its members last year, now has more accounts affected by Heartland Payment Systems breach
Password Brute Forcing Tool Gets Major Update
Commentary  |  4/2/2010  | 
Brute-force password guessing attacks are very common. If you operate a publicly accessible SSH server, then you know firsthand just how common it is with constant poking for weak passwords on accounts like root, admin, and test. When the attackers do find a weak password and gain access, they will typically download their tools and start scanning for more weak passwords from the newly compromised server.
Database Security Suffers From Leadership Gap
News  |  4/2/2010  | 
Monitoring, hardening data stores is often the job of multiple people, and there's no central coordination
Conficker Botnet 'Dead In the Water,' Researcher Says
News  |  4/1/2010  | 
But there are still 6.5 million machines infected, and worm continues to spread
'MULE' Prototype Uses Location For Authentication
Quick Hits  |  4/1/2010  | 
CMU research creates Mobile User Location-Specific Encryption
Breaking The Capacity Addiction
Commentary  |  4/1/2010  | 
One of the complaints I hear about the new Apple iPad is that it does not have enough storage capacity, with high end units only offering 64GBs of storage. As a storage guy from the 5MB hard drive days, this reaction sometimes makes me shake my head in dismay.
Senator Calls For Privacy Hearings
News  |  4/1/2010  | 
Judiciary chairman Leahy says current laws governing electronic communications are outdated and inadequate
Senator Calls For Privacy Hearings
News  |  4/1/2010  | 
Judiciary chairman Leahy says currently laws governing electronic communications are outdated and inadequate.
<<   <   Page 4 / 4


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30485
PUBLISHED: 2021-04-11
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.