Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in May 2010
<<   <   Page 2 / 4   >   >>
Facebook 'Videos' Promise To Bare All -- But Bear Malware Instead
Quick Hits  |  5/24/2010  | 
Invitations to salacious or funny videos could lead to adware, Sophos warns
Defense-In-Depth Via Cloud Security Services
Commentary  |  5/24/2010  | 
Repeat after me: defense in depth. It's an archaic concept that hasn't gone out of style. The fact is it's even more critical to enterprises now than ever before. The proliferation of Web-borne threats is making IT shops everywhere re-evaluate their security strategies to deal with malware infections happening on systems that were "locked down" and running updated antivirus.
Selecting A Cloud Storage Provider
Commentary  |  5/24/2010  | 
In my last entry I discussed some of the circumstances that might lead a business to decide to use one cloud storage application over another. The other end of that equation is the actual provider. All cloud storage providers are not created equal and some research should be done before selecting the vendor that could potentially be storing your organization's digital assets for years to come.
Product Watch: Google Offers Encrypted Search
News  |  5/24/2010  | 
SSL search feature now in beta
What Oracle Gets In The Secerno Buy
Commentary  |  5/24/2010  | 
One key takeaway from Oracle's acquisition of Secerno is that the database giant now has a database activity monitoring (DAM) solution, closing a big gap in its current security capabilities.
Other Facebook Privacy Problems You May Not Know About
Commentary  |  5/23/2010  | 
While people are busy discussing Facebook's privacy policies about user data, it's the less-direct privacy issues that constantly nag at me. I haven't seen these discussed before, although I'm sure I'm not the only one to notice them.
Symantec To Buy VeriSign's Authentication Business For $1.28 Billion
News  |  5/21/2010  | 
VeriSign will refocus business on Internet infrastructure, naming services.
New Threat For Wireless Networks: Typhoid Adware
Quick Hits  |  5/21/2010  | 
Some users could become "carriers," unknowingly passing infections to others, university researchers say
Google Launches Encrypted Search
News  |  5/21/2010  | 
Google search results now come wrapped in a digital lock to keep them from prying eyes.
ID Theft Victims Spending Less In Cleanup Aftermath
News  |  5/21/2010  | 
New Identity Theft Resource Center (ITRC) report shows victims spending less time, money to clear their names
Vulnerability Scanning Do's And Don'ts
News  |  5/21/2010  | 
Legacy hardware, software, traffic patterns among critical vulnerability scanner considerations
IBM USB Security Conference Gift Gives Malware Too
Commentary  |  5/21/2010  | 
A USB drive given out by IBM at an Australian computer conference included some well known malware. And it was a security conference. Ooooooops!
Heartland Reaches $41 Million Settlement With MasterCard Over Data Breach
News  |  5/21/2010  | 
Settlement is an "appropriate and fair resolution" to litigation over security failure
Symantec Snags VeriSign for $1.28 Billion
Commentary  |  5/20/2010  | 
Symantec yesterday announced that it has signed an agreement to buy VeriSign's identity, authentication, and SSL certificate businesses. That essentially gets VeriSign out of the security business, but what does Symantec really get out of the deal?
Twitter iPhone App Worm TargetsiTweeters
Commentary  |  5/20/2010  | 
Success breeds contempt -- or at least con attempts, as a new worm aimed at stealing financial info from iPhone Twitter app users shows.
Oracle To Acquire Firewall Maker Secerno
News  |  5/20/2010  | 
The Secerno DataWall firewall appliance inspects commands, logs activities, and issues alerts to protect Oracle and other database systems.
Oracle To Buy Database Firewall Vendor Secerno
News  |  5/20/2010  | 
Acquisition gives Oracle 'whitelisting' method of database monitoring and protection for multiple database brands
When To Use Cloud Storage?
Commentary  |  5/20/2010  | 
When storage managers start to sift through the hype surrounding cloud storage and try to decide if and where cloud storage would make sense in their environment, they are often left dazed and confused. There are so many companies trying to jump on the cloud storage bandwagon that almost any new feature makes them "the" cloud storage provider. The goal of this entry is provide some ideas on when should a business use cloud storage.
Hacking Yourself Pays Off In Tighter Security
News  |  5/20/2010  | 
Whether you build your own penetration test team or hire a third party, pen testing is crucial for security.
Hacking Yourself Pays Off In Tighter Security
News  |  5/20/2010  | 
Whether you build your own penetration test team or hire a third party, pen testing is a crucial for security.
New Twitter Worm Abuses iPhone App News
Quick Hits  |  5/20/2010  | 
Trojan steals online banking and payment credentials, credit card PINs
Healthcare Data Risk Greatest From Human Error
News  |  5/19/2010  | 
Despite advances in security technology and regulations, human mistakes will likely continue to cause data security breaches that jeopardize patient privacy.
Symantec To Buy VeriSign's Authentication Business For $1.28 Billion
News  |  5/19/2010  | 
VeriSign will refocus business on Internet infrastructure, naming services
Hacking The Security Infrastructure
News  |  5/19/2010  | 
Researchers at Black Hat USA will demonstrate vulnerabilities, proof-of-concept attacks on popular firewalls, security management consoles
Facebook, Zynga Ink Five Year Deal
News  |  5/19/2010  | 
The agreement extends the Facebook Credits payment system to Zynga games like Mafia Wars and Farmville.
FTC Shuts Doors On Notorious Rogue Internet Service Provider
Quick Hits  |  5/19/2010  | 
3FN service specialized in hosting botnets, phishing sites, child pornography, and other illegal services, authorities say
iPhone 4.0 OS May Support Tethering
News  |  5/19/2010  | 
Developers with access to version 4.0 of Apple's iPhone operating system report finding an AT&T tethering feature.
Big New Features In New Metasploit Framework
Commentary  |  5/19/2010  | 
The penetration testing world saw a couple of exciting announcements yesterday. The first one I want to mention because it's one of my favorite tools -- Burp Suite Professional. It's a great tool for Web application penetration testing, and a new update was just released. But of course the big news that has everyone talking are the Metasploit releases.
Yahoo To Acquire Associated Content
News  |  5/19/2010  | 
The deal to purchase the online content company may be worth $90 million to $100 million.
Facebook Readies Simpler Privacy Options
News  |  5/19/2010  | 
Possibilities include changing default settings on the site
Dasient Helps Publishers Stop Malicious Ads
News  |  5/18/2010  | 
The start-up's anti-malvertising service promises better tools for dealing with infected ads.
Product Watch: Fortify Offers To Help Enterprises Move Apps To The Cloud
News  |  5/18/2010  | 
New scorecard, tools, white papers designed to help enterprises identify vulnerabilities before apps are migrated to cloud environs
Hardware Lockdown Initiative Cracks Down On Cloning, Counterfeiting
News  |  5/18/2010  | 
Cisco joins seven other vendors in new Hardware Intrinsic Security (HIS) effort
Upstart Takes Aim At Malvertising Attacks
News  |  5/18/2010  | 
Dasient provides telemetry on infected Web ads, unveils new service to shorten life of malvertisements
When Social Engineering Tests Fail
Commentary  |  5/18/2010  | 
Our company, Secure Network, has performed numerous security assessments and penetration tests, many of which involved social engineering. That's when we test our clients' employees to see if they adhere to security policies. Even with all of the planning that goes on beforehand, these engagements sometimes can go wrong.
USB Worm, Customized Targeted Attacks Dominate First Quarter
Quick Hits  |  5/18/2010  | 
McAfee report shows increase in targeted attacks
AutRun Worms Top McAfee Malware Threat List
Commentary  |  5/18/2010  | 
AutRun worms introduced into networks via removable devices topped McAfee's Q1 threat report, with a USB worm at the head of the malware class.
Product Watch: Sourcefire Rolls Out SSL Appliance
News  |  5/18/2010  | 
Hardware device works with IPS to inspect SSL-encrypted traffic for malicious intent, data leakage
Goldman Sachs Lawsuit Shows Need For DAM
Commentary  |  5/18/2010  | 
When Goldman Sachs was hit with a lawsuit by Ipreo Networks, I got a call from Dark Reading contributor Ericka Chickowski to talk about the alleged misuse of the "BigDough" database. Specific details on this case remain scarce, but threats to Customer Relationship Management (CRM) systems and SaaS based data services are well known.
How To Make Hosted Web Security Services Work
News  |  5/17/2010  | 
Outsourcing Web security functions sounds good on paper, but how do you make hosted services work in your organization? A new Dark Reading report offers some answers
MySpace Simplifies Privacy Controls
News  |  5/17/2010  | 
Struggling social network MySpace says it will simplify its privacy controls so users can select one privacy setting for all the information in their profile.
Microsoft Modernizes Hotmail
News  |  5/17/2010  | 
To counter Gmail's rapid growth, Microsoft has given Hotmail a major tune-up.
Most Developers Still Review Code In Person, Study Says
Quick Hits  |  5/17/2010  | 
While much of development relies on widespread geographies, review process hasn't changed, survey indicates
Microsoft Settles $200 Million VPN Patent Case
News  |  5/17/2010  | 
VirnetX had claimed Microsoft was infringing on two of its patents on automatic and secure virtual private network technology.
Five Ways To (Physically) Hack A Data Center
News  |  5/17/2010  | 
Many data centers contain easy-to-exploit physical vulnerabilities that don't require hacking into the network
Lessons From The Volcano
Commentary  |  5/17/2010  | 
I had a chance to fly rather close to Iceland's Eyjafjallajokull volcano last week. On a flight back from Frankfurt, the pilot somehow got permission to divert from the scheduled flight path as we crossed Iceland to give us a closer look of the volcano.
Build-A-Botnet Kits Let Anyone Steal Data
Commentary  |  5/17/2010  | 
At the recent Cisco Networks Solution Forum held in Toronto, a Cisco product manager stated, "You don't need to be tech savvy" to steal data. It's a sad but true reality that isn't much of an eye opener for many of us who watch users get their accounts compromised day in and day out due to social engineering and malware. We've seen the results of easy-to-use exploit toolkits.
Product Watch: AT&T Launches New Cloud-Based Email Security Offering
News  |  5/17/2010  | 
New AT&T Secure E-mail Gateway Service uses McAfee's global threat intelligence technology
Knowing Your Recovery Will Work, Understanding Images
Commentary  |  5/17/2010  | 
In my last entry the idea of image based backup was introduced as a way to improve recovery confidence. If you take the advice of the first entry in this series and focus on service level agreements (SLA) instead of backups you can narrow down the truly critical machines that you know must be recovered. With im
Automobiles Growing Vulnerable To Hacks
Commentary  |  5/16/2010  | 
Carmakers are rolling automobiles off the assembly line with plenty of fancy new high-tech features. Unfortunately, security is -- once again -- treated as an afterthought.
<<   <   Page 2 / 4   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24028
PUBLISHED: 2021-04-14
An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.
CVE-2021-29370
PUBLISHED: 2021-04-13
A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website.
CVE-2021-3460
PUBLISHED: 2021-04-13
The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.
CVE-2021-3462
PUBLISHED: 2021-04-13
A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.
CVE-2021-3463
PUBLISHED: 2021-04-13
A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error.