News & Commentary

Content posted in June 2009
Page 1 / 3   >   >>
Zeus Trojan Variant Steals FTP Login Details
News  |  6/30/2009  | 
A new variant of the particularly malicious Zeus family of Trojans has surfaced and is compromising computers at an alarming rate.
'Net Parrot Effect
Commentary  |  6/30/2009  | 
Iran. You remember the place? Before several celebrities died in the past week, Iran's election aftermath gripped national attention. The more I found out about the election situation, the demonstrations, and the crackdown, the more I felt as if I were reading a political thriller. That's when the ugly side of our hyper-connected society reared its ugly head.
'Mafiaboy': Cloud Computing Will Cause Internet Security Meltdown
News  |  6/30/2009  | 
Notorious black-hat hacker warns that cloud-based computing will be "extremely dangerous," and explains how he got into hacking at age 15
OWASP: Security Spending Remains Mostly Unchanged With Cloud Computing
Quick Hits  |  6/30/2009  | 
New Open Web Application Security Project report finds enterprises aren't sufficiently verifying cloud providers' security, either
Social Networks Make Great Phishing Holes (And The Crooks Know It!)
Commentary  |  6/30/2009  | 
The overwhelming popularity of Facebook, Twitter, and other social networks -- as well as the nature of their members' trust in them and their content -- is proving to be bonanza for phishers. So much so that social networking scams increased a stunning 241% between early 2008 and this year.
China Delays 'Green Dam' Mandate
News  |  6/30/2009  | 
China has pushed back its deadline requiring all PCs sold in the country to include Web filtering software known as Green Dam. No new deadline has been set.
5 Web Replacements For Traditional Tech Tools
Commentary  |  6/29/2009  | 
New Web-based technology options like Box.net and Basecamp can help you get the job done quicker, easier, and less expensively. You've got nothing to lose but your resistance to change.
Social Network Users Increasingly Under Siege
Commentary  |  6/29/2009  | 
We all knew this was coming. As Social Networks gained in popularity, they'd become more juicy targets. Now we're starting to see some data.
NAC Appliances Hardest Hit In Network Security By Economic Downturn, Report Says
News  |  6/29/2009  | 
But Infonetics expects the NAC appliance market to rebound big time by 2013, to around $700 million
Don't Let Legacy Media Foil Your Forensic Investigation
Commentary  |  6/29/2009  | 
When performing incident response and forensics on a compromised system, the focus of analysis is on the most immediately available and relevant sources of evidence. Volatile data collected from a running system, the hard drive, network flow data, and logs collected on a central server all serve as useful sources for determining the particulars of the incidents. But what about incidents that go back further, requiring you to dig into backup tapes -- and potentially very old ones?
Web Filtering Company Reports Cyber Attack To FBI
News  |  6/29/2009  | 
The U.S.-based company that claims its programming code was unlawfully included in China's Green Dam software reports being targeted by a cyber attack.
Report: Social Networking Phishing Attacks Up More Than 240%
Quick Hits  |  6/29/2009  | 
U.S. extends its lead as No. 1 country hosting phishing attacks, according to MarkMonitor's new brandjacking report
Maximizing Block I/O Dollars With Thin Provisioning
Commentary  |  6/29/2009  | 
Getting the most out of every storage dollar is critical in this economy and as we discussed in our last entry, viable options for optimizing file based primary storage are available now but as of yet solutions that can compress and deduplicate block I/O storage are not yet readily available. But all is not lost, there are things you can do to lower your primary storage block I/O costs.
Botnet Alert: 90% Of Email Now Spam
Commentary  |  6/29/2009  | 
Nine out of ten e-mails are now spam, according to the latest Symantec/MessageLabs Intelligence Report. And more than 83% of that spam is generated by botnets, relatively unaffected by large shutdowns of spam servers.
Sony Begins Shipping PCs With Green Dam Filter
News  |  6/29/2009  | 
Company beats Chinese government's July 1 deadline, but Sony disclaims responsibility for any damage caused by the Web filtering software.
Study: Social Network Users Put Their Data At Risk
Quick Hits  |  6/27/2009  | 
Users of Facebook, LinkedIn, Twitter leave themselves -- and their wallets -- open to attack
Think PCI DSS Stinks? Here's Your Chance To Deodorize
Commentary  |  6/26/2009  | 
There's been plenty of complaints about the Payment Card Industry Data Security Standard (PCI DSS), since it went into effect in 2005. Next week, stakeholders, will have a chance to do something about it.
Tech Insight: Database Security -- The First Three Steps
News  |  6/26/2009  | 
Protecting sensitive data means locating and enumerating the information in your databases -- and finding the right method to secure it
Most PC Users Have A Dozen Dangerous Apps
News  |  6/26/2009  | 
The average PC user has a dozen unpatched applications installed.
Booming Underground Economy Makes Spam A Hot Commodity, Expert Says
News  |  6/25/2009  | 
$10 might be enough to reach 1 million users, MessageLabs researcher warns
Massachusetts Worker Accused Of Using Database In ID Theft Scheme
Quick Hits  |  6/25/2009  | 
Employee at medical cost management firm allegedly used doctors' personal information to obtain credit cards
EU Group: Social Networks, Thirty-Party App Developers Subject To EU Privacy Laws
Commentary  |  6/25/2009  | 
I just took a close look at the Article 29 Data Protection Working Party's opinion report on online social networking. While some of its recommendations are what you'd expect, others came as a surprise.
The Iranian 'Proxy War'
Commentary  |  6/25/2009  | 
Iranians are using proxies worldwide to circumvent government censorship.
Mobile Security: IT Pros Anything But Secure With Mobile Devices
Commentary  |  6/25/2009  | 
Do as they say, not as they do might be a good description of the practices of IT professionals when it comes to mobile devices. A new survey from Credant shows that IT Professionals are not much better than anyone else when it comes to using a password to protect data stored on phones or other mobile devices.
Maximizing The Storage Budget - Capacity Optimization
Commentary  |  6/25/2009  | 
In this economy, maximizing what you have and cost justifying what you need now becomes a much sought-after skill. The IT budget and the storage budget along with it are not growing in many organizations and I often hear that the budget is the same but they are not allowed to spend right now, which is worse than the budget being cut. Regardless spendable IT dollars are a precious commodity.
Could The Cloud Lead To An Even Bigger 9/11?
Commentary  |  6/25/2009  | 
Late last week I attended an event sponsored by IBM/Lotus and Technology Review. A very credible "End of the U.S." doomsday scenario tied to the public cloud was outlined that I believe warrants further thought.
FTC Issues Final Order In CVS Caremark Data Security Case
News  |  6/24/2009  | 
Pharmacy giant to pay penalties for mishandling customer data, violating HIPAA regulations
Study: Security Concerns Keep Users From Taking Full Advantage Of Mobile Devices
Quick Hits  |  6/24/2009  | 
Sixty-five percent of customers worry that their devices may not be safe, particularly for financial transactions
Security Poised To Grab Bigger Piece Of IT Pie, Gartner Says
News  |  6/23/2009  | 
Analyst firm offers view of security market as it prepares for summit next week
Defense Secretary Orders Cyberspace Command
News  |  6/23/2009  | 
Initiative aims to unify offense and defense in cyberspace under U.S. military command and enable responses "in Internet time rather than bureaucratic time."
Green Dam Deadline Remains Unchanged Despite U.S. Objections
News  |  6/23/2009  | 
Chinese authorities claim that putting Green Dam censorware on all new PCs sold in the country is necessary to limit young people's exposure to "harmful information."
Forewarned Is Forearmed, Right?
Commentary  |  6/23/2009  | 
Next-gen Web apps and virtualization are two topics much on the collective mind of CIOs and line-of-business leaders. Of course, they're seeing dollar signs from slick eye-candy RIAs and cramming 20 VMs on each physical server. Security? Meh.
CISOs Say Insiders Are Greatest Threat To Data
Quick Hits  |  6/23/2009  | 
In study, 80 percent say they're more concerned about employees and contractors
Microsoft Security Essentials Beta Now Available
News  |  6/23/2009  | 
Once known as "Morro," Microsoft Security Essentials is the anti-malware component of Microsoft's subscription security service, Windows Live OneCare.
Microsoft Puts Limits On Free Antivirus Downloads!
Commentary  |  6/23/2009  | 
Microsoft's free antivirus and security suite, Microsoft Security Essentials, releases today, sort of. Incredibly, while millions of users have anticipated the release, only 75,000 downloads will be permitted.
Inside China's Spam Crisis
News  |  6/22/2009  | 
Approximately 70% of all domains used in spam since the beginning of 2009 have a Chinese top-level domain.
Rollout: Egress Offers Rights Management As A Service
News  |  6/22/2009  | 
Switch encrypts data, restricts access, but only in Windows environments.
Maltego: Going On The Offensive *And* Defensive To Defend Against Social Networks
Commentary  |  6/22/2009  | 
You know the military's ol' mantra about "loose lips sink ships"? Well, it's being redefined by sites like Twitter, Flickr, and Facebook, according to a great article from Federal Computer Week that discusses the threats social networks pose to operational security.
Parking Meters: The Next Big Hack?
Quick Hits  |  6/22/2009  | 
Security researcher prepares to outline vulnerabilities at upcoming Black Hat conference
Make Storage Strategic
Commentary  |  6/22/2009  | 
How does your organization look at storage in the data center? Is it something you have to live with or is it something that can increase the organization's revenue or improve customer satisfaction? How do you make storage strategic to your organization?
U.S. State Dept. Condemns China's Green Dam Filter As Boycott Brews
News  |  6/22/2009  | 
China is insisting that computer makers install Web-filtering software known as Green Dam on all PCs sold in the country after July 1.
Free Microsoft Antivirus, Security Suite Arrives Tomorrow
Commentary  |  6/22/2009  | 
Tuesday is the day for release of the free public beta of Microsoft Security Essentials, Microsoft's security and anti-virus suite. The price is certainly right. Question is, will the program change the security landscape? Bigger questions is whether or not it provides the security your business needs.
Facebook Scam: I'm Stranded In London. Send Money!
Commentary  |  6/21/2009  | 
Facebook users are facing a new threat, 419 scams in chat form, masquerading as friends.
Decommissioned Storage Justifies Encryption
Commentary  |  6/19/2009  | 
There are many reasons to justify storage encryption; tapes falling off the back of a truck on the way to a vault for disaster recovery purposes is one, but when it comes to disk encryption not many have made the effort to encrypt disk based data. While that disk array is in your environment it should be relatively secure, except from internal threats, but what about when you decommission a storage array?
MasterCard Imposes Tougher PCI Auditing Requirements On Midlevel Merchants
Quick Hits  |  6/19/2009  | 
Level 2 merchants will now be required to undergo a third-party, on-site audit, MasterCard says
DNSSEC Showing More Signs Of Progress
News  |  6/19/2009  | 
The Domain Name System (DNS) security protocol is finally making inroads on the Internet infrastructure front, but big hurdles remain for widespread, smooth adoption
Data Leakage Through Nontraditional Networks
Commentary  |  6/19/2009  | 
Securing our company's data is our job. We build up layers of defense to protect it when it is housed within our corporate network and corporate computer systems. Firewalls, VPNs, encryption, and data leakage prevention all help in some way to protect the data that we don't want anyone else to have. Sometimes, however, we are stuck in the situation where we don't control the network or systems that portions of our data ends up on.
Relaunched Google Search Service Fingers Malware-Spreading Advertisers
News  |  6/19/2009  | 
'Anti-Malvertising' lets Website owners perform background checks on potential online advertisers
Twitter Worm InvitesTweet Trouble
Commentary  |  6/19/2009  | 
The latest Twitter worm arrives in the form of an invite -- but it's an invitation only to trouble.
iPhone 3.0 Software Sports Snazzy New Features, Sure: It Also plugs a Whopping 46 Security Flaws
Commentary  |  6/18/2009  | 
The nearly four dozen security holes filled in the iPhone 3.0 software published by Apple yesterday have gone nearly ignored with all of the buzz surrounding the new features. But these flaws aren't anything you want to put on hold.
Page 1 / 3   >   >>


13 Russians Indicted for Massive Operation to Sway US Election
Kelly Sheridan, Associate Editor, Dark Reading,  2/16/2018
Facebook Aims to Make Security More Social
Kelly Sheridan, Associate Editor, Dark Reading,  2/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.