News & Commentary

Content posted in May 2010
Page 1 / 4   >   >>
FBI Busts $100 Million 'Scareware' Gang
Commentary  |  5/31/2010  | 
The three men who were indicted are alleged to have been part of an illegal scheme that spanned 60 countries and sold victims $100 million worth of bogus software that purported to fix system problems that apparently didn't exist.
Facebook Privacy Protection: Symantec's Six Steps
Commentary  |  5/31/2010  | 
Symantec has offered six steps to protecting your privacy on Facebook -- and the fact that the tips are so obvious, basic and self-evident doesn't make them any less worthwhile. In fact, their obviousness may make them among the most valuable tips to offer employees doing anything on the Internet.
Adobe Contemplates Monthly Patch Cycle
Commentary  |  5/30/2010  | 
While Apple has turned up the heat on Adobe by refusing the Flash platform on the iPhone and iPad platform - Adobe's customers have been coming under increasing fire from attackers for using its Flash and Adobe Reader applications. Now the company is considering taking a move from Microsoft's playbook and switching to a monthly patch cycle.
Symantec Tips For Guarding Facebook Privacy
News  |  5/28/2010  | 
With Facebook's constant privacy policy changes, Symantec has offered users six tips to aide users in protecting their personal information on the social network.
Senate Staffer Named To White House Cybersecurity Role
News  |  5/28/2010  | 
Sameer Bhalotra, a former Senate intelligence committee cybersecurity staffer, will become a top advisor to cybersecurity coordinator Howard Schmidt, likely focusing on strategy.
Researchers Uncover Bot Sales Network
Quick Hits  |  5/28/2010  | 
Internet portal offers bots designed for a variety of activities at a wide range of prices, PandaLabs says
Feds Bust 'Scareware' Ring
News  |  5/28/2010  | 
Three men allegedly used fake antivirus warnings and advertisements to sell $100 million worth of bogus software.
Tech Insight: The Enterprise Hacks Back!
News  |  5/28/2010  | 
Have you ever been tempted to strike back against a hacker? Read this before you make the wrong move
IBM Distributes Malware At Security Conference
News  |  5/28/2010  | 
Promotional USB thumb drives carried an unintended freebie: a keystroke-monitoring Windows worm.
Botnet Black Market Means Malice For Rent
Commentary  |  5/28/2010  | 
For less than seventy bucks you can hire a botnet for a day, and for under ten you can grab one for an hour. Welcome to the world of commodity cybercrime.
NewsFeed: FBI Busts 'Scareware' Gang That Bilked Victims Of More Than $100 Million
News  |  5/28/2010  | 
Global cybercrime scheme yielded sales of more than 1 million phony software purchases from victims in 60 countries
The Roll Down Hill Effect Of Primary Storage Deduplication
Commentary  |  5/28/2010  | 
The adoption rate of deduplication in primary storage has been relatively low so far in primary storage. There are concerns on user's minds about performance impact, data integrity and how much capacity savings they will see. Clearly each of these concerns need to be addressed. When it comes to capacity savings though, there is a key component of capacity savings that might get overlooked, the roll down hill effect of proper primary storage deduplication.
Pssst...Want To Rent A Botnet?
News  |  5/28/2010  | 
Sellers are freely hawking their wares via online forums and banner advertising, according to iDefense VeriSign’s security intelligence service
Cheap Botnets A Boon To Hackers
News  |  5/27/2010  | 
Easy access to cheap botnet rentals and sophisticated attack tools are lowering the barriers to entry for criminals who can’t code.
Cisco Warns Of Security Flaws In Building Management System
News  |  5/27/2010  | 
Multiple vulnerabilities could enable attackers to access power, HVAC, and physical security systems
Payment Systems Group Issues End-To-End Encryption Guidelines
News  |  5/27/2010  | 
POS vendor group rolls out requirements for encrypting card data, ahead of PCI group
Symantec Norton Everywhere Aims Beyond PCs
News  |  5/27/2010  | 
Software aims to secure smartphones, handheld, and consumer devices with Internet connectivity.
Cybercriminals Deploy Special Trojan To Verify Stolen Credentials
Quick Hits  |  5/27/2010  | 
Researchers find database with 44 million stolen gaming credentials
Young Adults Least Trusting Of Social Networks
News  |  5/27/2010  | 
People ages 18 to 29 more often than their elders take steps like deleting comments and changing privacy settings to control their online reputations.
Amazon Ties Wal-Mart In Online Music Share
News  |  5/26/2010  | 
Apple iTunes remains the leading U.S. music retailer with 28% market share, but Amazon increased by 3% to tie Wal-Mart for second place at 12% of all music purchased.
Gartner Predicts 13% Growth In Business PC Sales
News  |  5/26/2010  | 
Overall worldwide PC sales will increases 22% in 2010 according to Gartner with the global business PC market predicted to grow 13.1% from 2009.
Anti-Clickjacking Defenses 'Busted' In Top Websites
News  |  5/26/2010  | 
New research easily bypasses popular frame-busting technique
Researchers Find New Ways To Eavesdrop Via Mobile Devices
Quick Hits  |  5/26/2010  | 
'Bugbots' could enable listeners to tap other users' devices to overhear conversations, study says
Apple Facing Music Antitrust Inquiry
News  |  5/26/2010  | 
The Department of Justice is said to be looking into Apple's business tactics in the music industry.
Security's Top 4 Social Engineers Of All Time
Commentary  |  5/26/2010  | 
My team here at Secure Network was recently discussing who we considered the best social engineers of all time. My colleagues and I each made a list and defended our candidates based on the creativity, innovation, and the public impact they had made. Here are our final top four social engineers from number four to number one, and why we chose them.
Facebook Promises Less Public Information, More Control
News  |  5/26/2010  | 
To quell the complaints of critics, Facebook has reworked its privacy controls to make them easier to understand.
Product Watch: Facebook Reveals New Privacy Setting Changes
News  |  5/26/2010  | 
But social network's privacy policies remain unchanged, security experts say
Not Too Late To Learn From Defcon CTF Qualifiers
Commentary  |  5/26/2010  | 
This past weekend was the return of the wildly popular Defcon Capture the Flag qualifiers. "Quals," the commonly used nickname, is an entire weekend of non-stop online security challenges that test everything from simple trivia to advanced reverse engineering and exploit development.
Mercedes Revs iPad Tool For Dealers
News  |  5/26/2010  | 
The iPad's Safari browser, rather than a custom app, is being used to deliver loan and leasing software to salespeople.
Want Better Security? Reward Your Provider
News  |  5/26/2010  | 
Security services contracts that offer incentives to notify clients about breaches produce better results, study says
BoxTone Intros Mobile Management Tool
News  |  5/26/2010  | 
Mobile Service Management (MSM) software centrally controls enterprise mobile applications, devices, and platforms including iPhone, Android, Blackberry and Symbian.
McAfee To Buy Trust Digital
News  |  5/26/2010  | 
The deal arms McAfee with enterprise mobile management and security software including the capability to manage enterprise iPhones.
Space Shuttle Atlantis Booms Adieu
News  |  5/26/2010  | 
Spacecraft completes final mission as NASA's shuttle program draws to a close.
Tape and Disk Better Together
Commentary  |  5/26/2010  | 
I have seen a few surveys recently that tape penetration in data centers remains very high, less than 15% of data centers have become tapeless, of course that means that 85% of environments still have tape. In my conversations with IT managers most are planning to keep it. Most see the role of disk in the backup process to augment or at best compliment tape. What's needed then is a way to make tape and disk better together.
Researchers: UK's Chip and PIN Payment System Flawed
Commentary  |  5/25/2010  | 
Researchers published a paper detailing an attack of intermediate difficulty that they say makes it possible for criminals to use any "Chip and PIN" smart card that they take into their possession.
Terracotta Releases Ehcache 2.1
News  |  5/25/2010  | 
Ehcache 2.1 governs the distributed random access memories of a server cluster on behalf of Java applications.
Microsoft Researchers Propose Privacy Sensor 'Widget'
News  |  5/25/2010  | 
Tool could help prevent surreptitious snooping, data-gathering from webcams, microphones, GPSes
'Tabnapping' Attack Simplifies Phishing
News  |  5/25/2010  | 
With a bit of malicious JavaScript code, Web browser tabs can be altered when hidden from view.
Product Watch: New Patents Help Upstart Make A Ruckus In Wireless Security Management
News  |  5/25/2010  | 
New technologies promise to simplify the configuration and administration of Wi-Fi security
AT&T Launches Times Square WiFi Hotzone
News  |  5/25/2010  | 
The mobile hotspot is AT&T's latest idea to alleviate the pressure of a 5000% increase in its mobile data traffic, most of it caused by iPhone users.
Sourcefire Expands Real-Time Application Awareness
News  |  5/25/2010  | 
Capability provides users with increased network visibility
Twitter For iPhone Attracts Malware
News  |  5/25/2010  | 
Hackers are deploying Trojans within links in tweets. One aims to swipe users' banking information.
Default Database Passwords Still In Use
News  |  5/25/2010  | 
Researchers urge review of database accounts against list of more than 1,000 default user name and password combinations
VA Security Compromised By Medical Devices
News  |  5/25/2010  | 
Malware has infected more than 122 medical devices in the last 14 months, a Veterans Affairs official told Congress.
Military To Develop Stealth Internet Communications Technology
News  |  5/25/2010  | 
The Defense Advanced Research Projects Agency will fund research on securing Web-based communications from being corrupted or intercepted by enemies.
Symantec Broadens SMB Protection Services
Commentary  |  5/25/2010  | 
Symantec's expansion of its SMB security and protection services in the latest edition of its Protection Suite, aims to offer a single-vendor solution for small and midsized business security, protection, endpoint, messaging, mobile, backup and recovery.
Twitter Bans Outside Advertising
News  |  5/25/2010  | 
Promoted Tweets are the only form of third-party advertising that can be injected into user timelines.
IE 6 Accounts For More Than One-Fourth Of All Enterprise Web Traffic
Quick Hits  |  5/25/2010  | 
But use of the aged and vulnerable version of Internet Explorer gradually declining, report says
Patient Data Dump Nets Urgent Care Center $50,000 Fine
Commentary  |  5/24/2010  | 
Here's another egregious example of a health care provider being nothing less than reckless with patient data.
Apple Safari 'Carpet Bomb' Flaw Remains Unfixed Two Years Later
News  |  5/24/2010  | 
Google Chrome also prone to similar attacks
Page 1 / 4   >   >>


Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-2607
PUBLISHED: 2018-05-21
jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting vulnerability in console notes (SECURITY-382). Jenkins allows plugins to annotate build logs, adding new content or changing the presentation of existing content while the build is running. Malicious Jenkins users...
CVE-2018-1108
PUBLISHED: 2018-05-21
kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated.
CVE-2018-11330
PUBLISHED: 2018-05-21
An issue was discovered in Pluck before 4.7.6. There is authenticated stored XSS because the character set for filenames is not properly restricted.
CVE-2018-11331
PUBLISHED: 2018-05-21
An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the set of disallowed filetypes for uploads in missing some applicable ones such as .phtml and .htaccess.
CVE-2018-7687
PUBLISHED: 2018-05-21
The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys.