Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in May 2009
<<   <   Page 3 / 3
Web 2.0 Environs Are Now Hackers' Favorite Target
Quick Hits  |  5/6/2009  | 
Next-gen collaborative sites now account for 21 percent of all Web hacks, report says
Backdoors In The Network: Modems, WiFi, & Cellular
Commentary  |  5/6/2009  | 
War-dialing received a revival in March with HD Moore's release of WarVOX, a tool that leverages VoIP to speed up the calling of phone numbers to find modems, faxes, and voice systems. Finding modems can help enterprises find backdoors into their network setup by a rogue employee. Likewise, it can help penetration testers find forgotten or lesser-known ways into a target's network through a poorly secured modems.
Inflight Insecurity Update: Gogo Responds
Commentary  |  5/6/2009  | 
Inflight Internet Access provider Gogo took some issue with today's earlier post, and it's worth taking a look at the issues the company raises.
SMBs Often Hit Hardest By Botnets
News  |  5/6/2009  | 
Bot infections, spam can be 'silent killer' for SMBs due to drain on email servers, network resources
Google Chrome Update Scheme Beats Firefox, Safari, Opera
News  |  5/6/2009  | 
By automatically updating the browser every five hours, Google Chrome provides greater security than its competitors, according to a new study.
Inflight Insecurity? Netragard Says Airborne Web Service Easily Hacked
Commentary  |  5/6/2009  | 
According to anti-hacking company Netragard, Gogo, the unencrypted inflight Internet access service, puts user data at risk.
Viral Art: A Gallery Of Security Threats
News  |  5/5/2009  | 
Visually, online threats such as viruses, worms, and Trojans can be as beautiful as they are menacing to individual PC users, enterprises, and IT security professionals.
When It Comes To Getting Hacked, Organizations Fatalistic
Commentary  |  5/5/2009  | 
According to a British Telecom survey, to be released later this week, 94 percent of the 200 IT professionals surveyed from around the globe expect to suffer a breach.
Former Security Chiefs Advise Caution In Reorganizing Cybersecurity Effort
News  |  5/5/2009  | 
Powell, Garcia, and Schmidt say wholesale reorganization may not be necessary
BT Study: Most Enterprises Expect To Get Hacked This Year
News  |  5/5/2009  | 
A soon-to-be released ethical hacking report finds 60 percent of organizations budget for penetration testing
Pirated Windows 7 Holds Trojan: P2Pers Beware!
Commentary  |  5/5/2009  | 
A copy of Windows 7 leaked before today's Release Candidate code availability from Microsoft contains a trojan. Yet even with Windows 7 available from Microsoft's site, odds are that malware-bearing torrent copies will continue to circulate. Make sure your employees steer clear.
McAfee Report: Bot Infections Jump 50 Percent Over Last Year
Quick Hits  |  5/5/2009  | 
Botnets have added nearly 12 million new IP addresses since January, with Conficker malware representing only around 1 percent of all infections
NoScript Developer Apologizes For Meddling With AdBlock
News  |  5/4/2009  | 
His methods caused a furor in the Mozilla community over the weekend because he did not provide clear notification about what his software was doing.
Pandemic Security: Is Your Business Ready For Swine Flu And Other Real Viruses?
Commentary  |  5/4/2009  | 
Whether or not the H1N1 swine flu reaches pandemic proportions, its presence should remind everyone that in addition to health issues, influenza and other sources of largescale personnel outages raise some serious business security concerns.
Time Synchronization: The Devil Is In The Details
Commentary  |  5/4/2009  | 
One of the coolest birthday gifts I received this year was a Kindle, which is letting me finally tap into the collection of unread e-books sitting on my laptop. One of them is the first in a series called "Stealing the Network: How to Own the Box." The chapter I'm reading reminded me of a pet peeve of mine that drives me nuts during incident response: time synchronization.
Researchers Take Over Dangerous Botnet
News  |  5/4/2009  | 
Computer scientists at the University of California-Santa Barbara expose details of infamous botnet known for stealing financial data after temporarily wresting control of it
Virginia Health Data Potentially Held Hostage
News  |  5/4/2009  | 
An extortion demand seeks $10 million to return more than 8 million patient records allegedly stolen from Virginia Department of Health Professions.
Heartland Payment Systems' PCI Compliance Is Reinstated
Quick Hits  |  5/4/2009  | 
Visa gives payment services provider the green light following 2008 megabreach
DAS VS. SAN
Commentary  |  5/4/2009  | 
Remember the Storage Area Network vs. Network Attached Storage debate? There were books written about it, articles and forum debates (this is before we had blogs). Eventually NAS vendors like NetApp become SAN vendors and SAN vendors either created their own gateway NAS front ends as did EMC or partnered with someone that offered a NAS Gateway like ONStor or B
Security's Past Gives Hints To Its Future
Commentary  |  5/4/2009  | 
Julius Caesar didn't see the need for a bodyguard when he went to the floor of the Roman senate on a March day in 44 B.C. That little oversight cost him 23 stab wounds and the throne of the empire. More than 1,900 years later, Abe Lincoln entered the presidential box at Ford's Theater in Washington, D.C. -- again, no bodyguard seemed necessary. We all know how that decision turned out.
At Last Minute, FTC Postpones Enforcement Of Red Flags Rule
Quick Hits  |  5/1/2009  | 
Enterprises given till Aug. 1 to comply with rules for securing personal data
Tech Insight: Back To Basics For Securing Your Outgoing Traffic
News  |  5/1/2009  | 
One way to leverage your existing infrastructure amid security budget constraints is egress filtering using your existing network devices
The Irony Of Preventing Security Failures
Commentary  |  5/1/2009  | 
It used to be that we were judged by not suffering security incidents. But today everyone gets hit, so we are now judged by how we deal with a breach. But what if nothing happens because we stopped it? That may be the most dangerous option in the long term.
Security Outsourcing: The Right Move For SMBs?
Commentary  |  5/1/2009  | 
Making The Security Outsourcing Decision, a detailed and thorough report just out from our colleagues at Dark Reading, takes a hard look at what may be most important IT decision your company faces: Should you turn your security needs over to an outside company?
<<   <   Page 3 / 3


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30485
PUBLISHED: 2021-04-11
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.