News & Commentary
Content posted in June 2009
|
Zeus Trojan Variant Steals FTP Login Details
A new variant of the particularly malicious Zeus family of Trojans has surfaced and is compromising computers at an alarming rate.
'Net Parrot Effect
Iran. You remember the place? Before several celebrities died in the past week, Iran's election aftermath gripped national attention. The more I found out about the election situation, the demonstrations, and the crackdown, the more I felt as if I were reading a political thriller. That's when the ugly side of our hyper-connected society reared its ugly head.
'Mafiaboy': Cloud Computing Will Cause Internet Security Meltdown
Notorious black-hat hacker warns that cloud-based computing will be "extremely dangerous," and explains how he got into hacking at age 15
OWASP: Security Spending Remains Mostly Unchanged With Cloud Computing
New Open Web Application Security Project report finds enterprises aren't sufficiently verifying cloud providers' security, either
Social Networks Make Great Phishing Holes (And The Crooks Know It!)
The overwhelming popularity of Facebook, Twitter, and other social networks -- as well as the nature of their members' trust in them and their content -- is proving to be bonanza for phishers. So much so that social networking scams increased a stunning 241% between early 2008 and this year.
China Delays 'Green Dam' Mandate
China has pushed back its deadline requiring all PCs sold in the country to include Web filtering software known as Green Dam. No new deadline has been set.
5 Web Replacements For Traditional Tech Tools
New Web-based technology options like Box.net and Basecamp can help you get the job done quicker, easier, and less expensively. You've got nothing to lose but your resistance to change.
Social Network Users Increasingly Under Siege
We all knew this was coming. As Social Networks gained in popularity, they'd become more juicy targets. Now we're starting to see some data.
NAC Appliances Hardest Hit In Network Security By Economic Downturn, Report Says
But Infonetics expects the NAC appliance market to rebound big time by 2013, to around $700 million
Don't Let Legacy Media Foil Your Forensic Investigation
When performing incident response and forensics on a compromised system, the focus of analysis is on the most immediately available and relevant sources of evidence. Volatile data collected from a running system, the hard drive, network flow data, and logs collected on a central server all serve as useful sources for determining the particulars of the incidents. But what about incidents that go back further, requiring you to dig into backup tapes -- and potentially very old ones?
Web Filtering Company Reports Cyber Attack To FBI
The U.S.-based company that claims its programming code was unlawfully included in China's Green Dam software reports being targeted by a cyber attack.
Report: Social Networking Phishing Attacks Up More Than 240%
U.S. extends its lead as No. 1 country hosting phishing attacks, according to MarkMonitor's new brandjacking report
Maximizing Block I/O Dollars With Thin Provisioning
Getting the most out of every storage dollar is critical in this economy and as we discussed in our last entry, viable options for optimizing file based primary storage are available now but as of yet solutions that can compress and deduplicate block I/O storage are not yet readily available. But all is not lost, there are things you can do to lower your primary storage block I/O costs.
Botnet Alert: 90% Of Email Now Spam
Nine out of ten e-mails are now spam, according to the latest Symantec/MessageLabs Intelligence Report. And more than 83% of that spam is generated by botnets, relatively unaffected by large shutdowns of spam servers.
Sony Begins Shipping PCs With Green Dam Filter
Company beats Chinese government's July 1 deadline, but Sony disclaims responsibility for any damage caused by the Web filtering software.
Study: Social Network Users Put Their Data At Risk
Users of Facebook, LinkedIn, Twitter leave themselves -- and their wallets -- open to attack
Think PCI DSS Stinks? Here's Your Chance To Deodorize
There's been plenty of complaints about the Payment Card Industry Data Security Standard (PCI DSS), since it went into effect in 2005. Next week, stakeholders, will have a chance to do something about it.
Tech Insight: Database Security -- The First Three Steps
Protecting sensitive data means locating and enumerating the information in your databases -- and finding the right method to secure it
Most PC Users Have A Dozen Dangerous Apps
The average PC user has a dozen unpatched applications installed.
Booming Underground Economy Makes Spam A Hot Commodity, Expert Says
$10 might be enough to reach 1 million users, MessageLabs researcher warns
Massachusetts Worker Accused Of Using Database In ID Theft Scheme
Employee at medical cost management firm allegedly used doctors' personal information to obtain credit cards
EU Group: Social Networks, Thirty-Party App Developers Subject To EU Privacy Laws
I just took a close look at the Article 29 Data Protection Working Party's opinion report on online social networking. While some of its recommendations are what you'd expect, others came as a surprise.
The Iranian 'Proxy War'
Iranians are using proxies worldwide to circumvent government censorship.
Mobile Security: IT Pros Anything But Secure With Mobile Devices
Do as they say, not as they do might be a good description of the practices of IT professionals when it comes to mobile devices. A new survey from Credant shows that IT Professionals are not much better than anyone else when it comes to using a password to protect data stored on phones or other mobile devices.
Maximizing The Storage Budget - Capacity Optimization
In this economy, maximizing what you have and cost justifying what you need now becomes a much sought-after skill. The IT budget and the storage budget along with it are not growing in many organizations and I often hear that the budget is the same but they are not allowed to spend right now, which is worse than the budget being cut. Regardless spendable IT dollars are a precious commodity.
Could The Cloud Lead To An Even Bigger 9/11?
Late last week I attended an event sponsored by IBM/Lotus and Technology Review. A very credible "End of the U.S." doomsday scenario tied to the public cloud was outlined that I believe warrants further thought.
FTC Issues Final Order In CVS Caremark Data Security Case
Pharmacy giant to pay penalties for mishandling customer data, violating HIPAA regulations
Study: Security Concerns Keep Users From Taking Full Advantage Of Mobile Devices
Sixty-five percent of customers worry that their devices may not be safe, particularly for financial transactions
Security Poised To Grab Bigger Piece Of IT Pie, Gartner Says
Analyst firm offers view of security market as it prepares for summit next week
Defense Secretary Orders Cyberspace Command
Initiative aims to unify offense and defense in cyberspace under U.S. military command and enable responses "in Internet time rather than bureaucratic time."
Green Dam Deadline Remains Unchanged Despite U.S. Objections
Chinese authorities claim that putting Green Dam censorware on all new PCs sold in the country is necessary to limit young people's exposure to "harmful information."
Forewarned Is Forearmed, Right?
Next-gen Web apps and virtualization are two topics much on the collective mind of CIOs and line-of-business leaders. Of course, they're seeing dollar signs from slick eye-candy RIAs and cramming 20 VMs on each physical server. Security? Meh.
CISOs Say Insiders Are Greatest Threat To Data
In study, 80 percent say they're more concerned about employees and contractors
Microsoft Security Essentials Beta Now Available
Once known as "Morro," Microsoft Security Essentials is the anti-malware component of Microsoft's subscription security service, Windows Live OneCare.
Microsoft Puts Limits On Free Antivirus Downloads!
Microsoft's free antivirus and security suite, Microsoft Security Essentials, releases today, sort of. Incredibly, while millions of users have anticipated the release, only 75,000 downloads will be permitted.
Inside China's Spam Crisis
Approximately 70% of all domains used in spam since the beginning of 2009 have a Chinese top-level domain.
Rollout: Egress Offers Rights Management As A Service
Switch encrypts data, restricts access, but only in Windows environments.
Maltego: Going On The Offensive *And* Defensive To Defend Against Social Networks
You know the military's ol' mantra about "loose lips sink ships"? Well, it's being redefined by sites like Twitter, Flickr, and Facebook, according to a great article from Federal Computer Week that discusses the threats social networks pose to operational security.
Parking Meters: The Next Big Hack?
Security researcher prepares to outline vulnerabilities at upcoming Black Hat conference
Make Storage Strategic
How does your organization look at storage in the data center? Is it something you have to live with or is it something that can increase the organization's revenue or improve customer satisfaction? How do you make storage strategic to your organization?
U.S. State Dept. Condemns China's Green Dam Filter As Boycott Brews
China is insisting that computer makers install Web-filtering software known as Green Dam on all PCs sold in the country after July 1.
Free Microsoft Antivirus, Security Suite Arrives Tomorrow
Tuesday is the day for release of the free public beta of Microsoft Security Essentials, Microsoft's security and anti-virus suite. The price is certainly right. Question is, will the program change the security landscape? Bigger questions is whether or not it provides the security your business needs.
Facebook Scam: I'm Stranded In London. Send Money!
Facebook users are facing a new threat, 419 scams in chat form, masquerading as friends.
Decommissioned Storage Justifies Encryption
There are many reasons to justify storage encryption; tapes falling off the back of a truck on the way to a vault for disaster recovery purposes is one, but when it comes to disk encryption not many have made the effort to encrypt disk based data. While that disk array is in your environment it should be relatively secure, except from internal threats, but what about when you decommission a storage array?
MasterCard Imposes Tougher PCI Auditing Requirements On Midlevel Merchants
Level 2 merchants will now be required to undergo a third-party, on-site audit, MasterCard says
DNSSEC Showing More Signs Of Progress
The Domain Name System (DNS) security protocol is finally making inroads on the Internet infrastructure front, but big hurdles remain for widespread, smooth adoption
Data Leakage Through Nontraditional Networks
Securing our company's data is our job. We build up layers of defense to protect it when it is housed within our corporate network and corporate computer systems. Firewalls, VPNs, encryption, and data leakage prevention all help in some way to protect the data that we don't want anyone else to have. Sometimes, however, we are stuck in the situation where we don't control the network or systems that portions of our data ends up on.
Relaunched Google Search Service Fingers Malware-Spreading Advertisers
'Anti-Malvertising' lets Website owners perform background checks on potential online advertisers
Twitter Worm InvitesTweet Trouble
The latest Twitter worm arrives in the form of an invite -- but it's an invitation only to trouble.
iPhone 3.0 Software Sports Snazzy New Features, Sure: It Also plugs a Whopping 46 Security Flaws
The nearly four dozen security holes filled in the iPhone 3.0 software published by Apple yesterday have gone nearly ignored with all of the buzz surrounding the new features. But these flaws aren't anything you want to put on hold.
|
White Papers
Video
0 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security — even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-10839
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
From DHS/US-CERT's National Vulnerability Database CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This