News & Commentary
Content posted in May 2011
|
Sharing Relational Data In The Cloud
Databases are designed to share data, so it's easy to leverage built-in security for cloud services
'APT' Among Top Three Security Worries In 2011
nCircle survey finds wider understanding of risks, less financial support for security projects
A Tale Of Two Hacks
The similarities and differences in the Lockheed and RSA attacks
Targeted Attacks On U.S. Defense Contractors: Fallout From RSA Breach?
No one's saying for sure, but the timing of the attack and Lockheed's reported SecurID token updates have sparked plenty of speculation
DOD Says Cyber Attacks May Mean War
The Pentagon's forthcoming cyber strategy will formalize the possibility of a physical response to a virtual attack, according to published reports.
PBS Website Hacked With Fake News
Attackers exploit zero-day vulnerability in MoveableType in retaliation for a Frontline episode's portrayal of WikiLeaks leaker Bradley Manning.
Tablets Cut Into Hard Disk Drive Revenue
Growth is slowing for HDDs due to the increasing use of low-cost, portable devices and cloud storage, reports IHS iSuppli.
Dark Reading Revamps SMB Security Tech Center
As cybercriminals take aim at small businesses, Dark Reading offers new coverage
Lockheed Martin Suffers Massive Cyberattack
"Significant and tenacious" attack targeted multiple U.S. defense contractors and may have involved hack of RSA SecurID system.
Five Infamous Database Breaches So Far In 2011
An alarming trend of security companies getting hacked serves as a wake-up call that no one is immune
Product Watch: New Service Aims To Improved Botnet Detection Among Service Providers
Damballa CSP 1.6 automates subscriber notification and remediation of botnet infections
35 Million Google Profiles Captured In Database
A security researcher was able to collect information from Google Profiles and save millions of files in a SQL database in about a month.
Survey: Breaches Cost Some Healthcare Organizations $100K Per Day
Even with due diligence on HIPAA, HITECH requirements, healthcare organizations are still suffering patient-data breaches
More Sony Problems Reported; Company Launches ID Theft Service
Debix gets the call to help thousands of PlayStation Network users affected by breach.
DNS Filtering Legislation Would Derail DNSSEC, Experts Contend
Senate bill that aims to protect copyright infringement online could backfire security-wise, according to a who's who of Internet infrastructure and security experts
DHS Advances Einstein Cybersecurity Deployment
The Department of Homeland Security plans to hire IT experts who can support Einstein and other security technologies.
The Top Three Malware-Based Threats To Small And Midsize Businesses
SMBs wrestle to handle Zeus Attacks, website infections, and business-logic vulnerabilities
Five Big Security Problems SMBs Face -- And What To Do About Them
Digital issue of InformationWeek offers insights on security in small and midsize companies
Cookiejacking Attack Steals Website Access Credentials
All Internet Explorer users on all versions of Windows are at risk from zero-day attack that can steal any website cookie, allowing an attacker to impersonate their victim.
Google Fixes Authentication Flaw
Vulnerability leaves Android smartphones open to sidejacking
More Sony Problems Reported; Company Launches ID Theft Service
Debix gets the call to help thousands of PlayStation Network users affected by breach
Freebie Black Hole Exploit Kit Limited By Encoding
Obfuscated and encoded code prevents easy customization and creation of new versions
GlobalSign Markets Encryption Service To Healthcare
Healthcare organizations spend too much time on compliance, not enough on data security, according to a GlobalSign survey.
The Inconvenient Truth About Breaches
Assume you've been attacked and line up the tools and information to predict, detect, and respond to it, new Dark Reading Analytics Alert says
Apple Promises MacDefender Fix
The impact of rogue security software attacks like MacDefender has prompted Apple to issue advice about the malware and to commit to issuing a software fix.
3 Banks Service Majority Of Spam-Driven Sales
95% of spam-advertised products are monetized using merchant services from just a handful of banks, suggesting payment handling is the weak link in the global spam value chain.
Attackers Step Away From Mainstream, Target Lesser-Known Apps
Attackers Step Away From Mainstream, Target Lesser-Known Apps.
Ping Rolls Out Cloud Identity Connectors For LinkedIn, Twitter And Microsoft Live
Ping Identity can now connect cloud businesses with six of the largest cloud service and social network sites
Scareware Is Evolving
That's right -- scareware is still proving an effective way for threat actors to make quick cash on the Internet
Half Of Lost Or Stolen Mobile Devices Store Sensitive Company Data
Carnegie Mellon, McAfee report finds that one-third of lost mobile device cases resulted in financial loss to the organization
Attackers Step Away From Mainstream, Target Lesser-Known Apps
After beating up Microsoft, Oracle, and Adobe, hackers draw a bead on smaller software vendors
Siemens To Issue Patches For SCADA Products 'In Next Few Weeks'
Says attacks would only affect plants without IT security systems
Researcher Challenges Siemens' Public Reaction To New SCADA Flaws
Initial solution suggested by Siemens to remedy the critical vulnerabilities failed.
Audio Captchas Easy To Defeat
Security researchers have designed automated software that regularly defeats most audio challenge-and-response systems on websites.
LinkedIn Faces Cookie Vulnerabilities
The social networking site is set to reduce the length of time before cookies expire and add HTTPS across its site.
Oracle 11G Available On AWS
When testing Oracle on Amazon AWS, consider how you will secure your data
Qakbot Malware Infections Spike
Worm that targets financial information infected 1,500 Massachusetts state PCs, potentially exposing 250,000 residents' personal details.
From Device to Device, From Site To Site
Obama administration's digital identities initiative relies on private industry to come together and make it work
Researcher Challenges Siemens' Public Reaction To New SCADA Flaws
Initial solution suggested by Siemens to remedy the critical vulnerabilities failed
Security Pros Keys To The Kingdom Leave Encrypted Data At Risk
Survey finds that, if abused, IT pros' access to encryption keys could do some serious damage to their organizations
Sony Data Breach Cleanup To Cost $171 Million
If identify theft or credit card fraud takes place, the company said its actual costs could rise substantially.
British Trade Union Overwhelmed By DDoS Attack
Poised for a strike vote, Public and Commercial Services Union site is virtually shut down
Sony A Poster Child For Self-Destructive Security
Sony has repeatedly made poor decisions in security and control -- costing the company billions of dollars and giving critical markets it once controlled to Apple, Microsoft, and Nintendo
Hacker Exposes NASA Security Hole
A Goddard Space Flight Center FTP server was breached by a Romanian whitehat hacker known as TinKode, who cracked a European Space Agency network a month ago.
Tech Insight: Finding And Securing Your Enterprise's Most Sensitive Data
The headlines are full of companies facing serious breaches. Here are some basic steps to protect your enterprise's critical data -- and stay out of the news
Most Common Cause Of Net Downtime Is Human Error, Study Says
Two-thirds of IT pros say misconfiguration of network devices is source of most security issues
Researchers Decide Not To Give SCADA Vulnerability Talk
Last-minute change in plans spurred by Siemens, government officials
Move To Cloud Means Closer Look At Encryption, Experts Say
Recent compromises in cloud environments spur new cryptography strategies
SanDisk To Acquire Enterprise SSD Maker
The $327 million offer for Pliant signifies an expansion from SanDisk's traditional retail flash memory base into solid state drives for industry.
Survey: Database Administrators, IT Security Still Not On The Same Page
DBAs lack understanding of change control, patch management, ISUG study says
|
White Papers
Video
3 Comments
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-15769
PUBLISHED: 2018-11-16
PUBLISHED: 2018-11-16
PUBLISHED: 2018-11-16
PUBLISHED: 2018-11-16
PUBLISHED: 2018-11-16
From DHS/US-CERT's National Vulnerability Database CVE-2018-15769
PUBLISHED: 2018-11-16
RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is...
CVE-2018-18955PUBLISHED: 2018-11-16
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resour...
CVE-2018-19311PUBLISHED: 2018-11-16
Centreon 3.4.x allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen.
CVE-2018-19312PUBLISHED: 2018-11-16
Centreon 3.4.x allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI.
CVE-2018-19318PUBLISHED: 2018-11-16
SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to change the username and password of the super administrator account.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This