Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in June 2009
Page 1 / 3   >   >>
Zeus Trojan Variant Steals FTP Login Details
News  |  6/30/2009  | 
A new variant of the particularly malicious Zeus family of Trojans has surfaced and is compromising computers at an alarming rate.
'Net Parrot Effect
Commentary  |  6/30/2009  | 
Iran. You remember the place? Before several celebrities died in the past week, Iran's election aftermath gripped national attention. The more I found out about the election situation, the demonstrations, and the crackdown, the more I felt as if I were reading a political thriller. That's when the ugly side of our hyper-connected society reared its ugly head.
'Mafiaboy': Cloud Computing Will Cause Internet Security Meltdown
News  |  6/30/2009  | 
Notorious black-hat hacker warns that cloud-based computing will be "extremely dangerous," and explains how he got into hacking at age 15
OWASP: Security Spending Remains Mostly Unchanged With Cloud Computing
Quick Hits  |  6/30/2009  | 
New Open Web Application Security Project report finds enterprises aren't sufficiently verifying cloud providers' security, either
Social Networks Make Great Phishing Holes (And The Crooks Know It!)
Commentary  |  6/30/2009  | 
The overwhelming popularity of Facebook, Twitter, and other social networks -- as well as the nature of their members' trust in them and their content -- is proving to be bonanza for phishers. So much so that social networking scams increased a stunning 241% between early 2008 and this year.
China Delays 'Green Dam' Mandate
News  |  6/30/2009  | 
China has pushed back its deadline requiring all PCs sold in the country to include Web filtering software known as Green Dam. No new deadline has been set.
5 Web Replacements For Traditional Tech Tools
Commentary  |  6/29/2009  | 
New Web-based technology options like Box.net and Basecamp can help you get the job done quicker, easier, and less expensively. You've got nothing to lose but your resistance to change.
Social Network Users Increasingly Under Siege
Commentary  |  6/29/2009  | 
We all knew this was coming. As Social Networks gained in popularity, they'd become more juicy targets. Now we're starting to see some data.
NAC Appliances Hardest Hit In Network Security By Economic Downturn, Report Says
News  |  6/29/2009  | 
But Infonetics expects the NAC appliance market to rebound big time by 2013, to around $700 million
Don't Let Legacy Media Foil Your Forensic Investigation
Commentary  |  6/29/2009  | 
When performing incident response and forensics on a compromised system, the focus of analysis is on the most immediately available and relevant sources of evidence. Volatile data collected from a running system, the hard drive, network flow data, and logs collected on a central server all serve as useful sources for determining the particulars of the incidents. But what about incidents that go back further, requiring you to dig into backup tapes -- and potentially very old ones?
Web Filtering Company Reports Cyber Attack To FBI
News  |  6/29/2009  | 
The U.S.-based company that claims its programming code was unlawfully included in China's Green Dam software reports being targeted by a cyber attack.
Report: Social Networking Phishing Attacks Up More Than 240%
Quick Hits  |  6/29/2009  | 
U.S. extends its lead as No. 1 country hosting phishing attacks, according to MarkMonitor's new brandjacking report
Maximizing Block I/O Dollars With Thin Provisioning
Commentary  |  6/29/2009  | 
Getting the most out of every storage dollar is critical in this economy and as we discussed in our last entry, viable options for optimizing file based primary storage are available now but as of yet solutions that can compress and deduplicate block I/O storage are not yet readily available. But all is not lost, there are things you can do to lower your primary storage block I/O costs.
Botnet Alert: 90% Of Email Now Spam
Commentary  |  6/29/2009  | 
Nine out of ten e-mails are now spam, according to the latest Symantec/MessageLabs Intelligence Report. And more than 83% of that spam is generated by botnets, relatively unaffected by large shutdowns of spam servers.
Sony Begins Shipping PCs With Green Dam Filter
News  |  6/29/2009  | 
Company beats Chinese government's July 1 deadline, but Sony disclaims responsibility for any damage caused by the Web filtering software.
Study: Social Network Users Put Their Data At Risk
Quick Hits  |  6/27/2009  | 
Users of Facebook, LinkedIn, Twitter leave themselves -- and their wallets -- open to attack
Think PCI DSS Stinks? Here's Your Chance To Deodorize
Commentary  |  6/26/2009  | 
There's been plenty of complaints about the Payment Card Industry Data Security Standard (PCI DSS), since it went into effect in 2005. Next week, stakeholders, will have a chance to do something about it.
Tech Insight: Database Security -- The First Three Steps
News  |  6/26/2009  | 
Protecting sensitive data means locating and enumerating the information in your databases -- and finding the right method to secure it
Most PC Users Have A Dozen Dangerous Apps
News  |  6/26/2009  | 
The average PC user has a dozen unpatched applications installed.
Booming Underground Economy Makes Spam A Hot Commodity, Expert Says
News  |  6/25/2009  | 
$10 might be enough to reach 1 million users, MessageLabs researcher warns
Massachusetts Worker Accused Of Using Database In ID Theft Scheme
Quick Hits  |  6/25/2009  | 
Employee at medical cost management firm allegedly used doctors' personal information to obtain credit cards
EU Group: Social Networks, Thirty-Party App Developers Subject To EU Privacy Laws
Commentary  |  6/25/2009  | 
I just took a close look at the Article 29 Data Protection Working Party's opinion report on online social networking. While some of its recommendations are what you'd expect, others came as a surprise.
The Iranian 'Proxy War'
Commentary  |  6/25/2009  | 
Iranians are using proxies worldwide to circumvent government censorship.
Mobile Security: IT Pros Anything But Secure With Mobile Devices
Commentary  |  6/25/2009  | 
Do as they say, not as they do might be a good description of the practices of IT professionals when it comes to mobile devices. A new survey from Credant shows that IT Professionals are not much better than anyone else when it comes to using a password to protect data stored on phones or other mobile devices.
Maximizing The Storage Budget - Capacity Optimization
Commentary  |  6/25/2009  | 
In this economy, maximizing what you have and cost justifying what you need now becomes a much sought-after skill. The IT budget and the storage budget along with it are not growing in many organizations and I often hear that the budget is the same but they are not allowed to spend right now, which is worse than the budget being cut. Regardless spendable IT dollars are a precious commodity.
Could The Cloud Lead To An Even Bigger 9/11?
Commentary  |  6/25/2009  | 
Late last week I attended an event sponsored by IBM/Lotus and Technology Review. A very credible "End of the U.S." doomsday scenario tied to the public cloud was outlined that I believe warrants further thought.
FTC Issues Final Order In CVS Caremark Data Security Case
News  |  6/24/2009  | 
Pharmacy giant to pay penalties for mishandling customer data, violating HIPAA regulations
Study: Security Concerns Keep Users From Taking Full Advantage Of Mobile Devices
Quick Hits  |  6/24/2009  | 
Sixty-five percent of customers worry that their devices may not be safe, particularly for financial transactions
Security Poised To Grab Bigger Piece Of IT Pie, Gartner Says
News  |  6/23/2009  | 
Analyst firm offers view of security market as it prepares for summit next week
Defense Secretary Orders Cyberspace Command
News  |  6/23/2009  | 
Initiative aims to unify offense and defense in cyberspace under U.S. military command and enable responses "in Internet time rather than bureaucratic time."
Green Dam Deadline Remains Unchanged Despite U.S. Objections
News  |  6/23/2009  | 
Chinese authorities claim that putting Green Dam censorware on all new PCs sold in the country is necessary to limit young people's exposure to "harmful information."
Forewarned Is Forearmed, Right?
Commentary  |  6/23/2009  | 
Next-gen Web apps and virtualization are two topics much on the collective mind of CIOs and line-of-business leaders. Of course, they're seeing dollar signs from slick eye-candy RIAs and cramming 20 VMs on each physical server. Security? Meh.
CISOs Say Insiders Are Greatest Threat To Data
Quick Hits  |  6/23/2009  | 
In study, 80 percent say they're more concerned about employees and contractors
Microsoft Security Essentials Beta Now Available
News  |  6/23/2009  | 
Once known as "Morro," Microsoft Security Essentials is the anti-malware component of Microsoft's subscription security service, Windows Live OneCare.
Microsoft Puts Limits On Free Antivirus Downloads!
Commentary  |  6/23/2009  | 
Microsoft's free antivirus and security suite, Microsoft Security Essentials, releases today, sort of. Incredibly, while millions of users have anticipated the release, only 75,000 downloads will be permitted.
Inside China's Spam Crisis
News  |  6/22/2009  | 
Approximately 70% of all domains used in spam since the beginning of 2009 have a Chinese top-level domain.
Rollout: Egress Offers Rights Management As A Service
News  |  6/22/2009  | 
Switch encrypts data, restricts access, but only in Windows environments.
Maltego: Going On The Offensive *And* Defensive To Defend Against Social Networks
Commentary  |  6/22/2009  | 
You know the military's ol' mantra about "loose lips sink ships"? Well, it's being redefined by sites like Twitter, Flickr, and Facebook, according to a great article from Federal Computer Week that discusses the threats social networks pose to operational security.
Parking Meters: The Next Big Hack?
Quick Hits  |  6/22/2009  | 
Security researcher prepares to outline vulnerabilities at upcoming Black Hat conference
Make Storage Strategic
Commentary  |  6/22/2009  | 
How does your organization look at storage in the data center? Is it something you have to live with or is it something that can increase the organization's revenue or improve customer satisfaction? How do you make storage strategic to your organization?
U.S. State Dept. Condemns China's Green Dam Filter As Boycott Brews
News  |  6/22/2009  | 
China is insisting that computer makers install Web-filtering software known as Green Dam on all PCs sold in the country after July 1.
Free Microsoft Antivirus, Security Suite Arrives Tomorrow
Commentary  |  6/22/2009  | 
Tuesday is the day for release of the free public beta of Microsoft Security Essentials, Microsoft's security and anti-virus suite. The price is certainly right. Question is, will the program change the security landscape? Bigger questions is whether or not it provides the security your business needs.
Facebook Scam: I'm Stranded In London. Send Money!
Commentary  |  6/21/2009  | 
Facebook users are facing a new threat, 419 scams in chat form, masquerading as friends.
Decommissioned Storage Justifies Encryption
Commentary  |  6/19/2009  | 
There are many reasons to justify storage encryption; tapes falling off the back of a truck on the way to a vault for disaster recovery purposes is one, but when it comes to disk encryption not many have made the effort to encrypt disk based data. While that disk array is in your environment it should be relatively secure, except from internal threats, but what about when you decommission a storage array?
MasterCard Imposes Tougher PCI Auditing Requirements On Midlevel Merchants
Quick Hits  |  6/19/2009  | 
Level 2 merchants will now be required to undergo a third-party, on-site audit, MasterCard says
DNSSEC Showing More Signs Of Progress
News  |  6/19/2009  | 
The Domain Name System (DNS) security protocol is finally making inroads on the Internet infrastructure front, but big hurdles remain for widespread, smooth adoption
Data Leakage Through Nontraditional Networks
Commentary  |  6/19/2009  | 
Securing our company's data is our job. We build up layers of defense to protect it when it is housed within our corporate network and corporate computer systems. Firewalls, VPNs, encryption, and data leakage prevention all help in some way to protect the data that we don't want anyone else to have. Sometimes, however, we are stuck in the situation where we don't control the network or systems that portions of our data ends up on.
Relaunched Google Search Service Fingers Malware-Spreading Advertisers
News  |  6/19/2009  | 
'Anti-Malvertising' lets Website owners perform background checks on potential online advertisers
Twitter Worm InvitesTweet Trouble
Commentary  |  6/19/2009  | 
The latest Twitter worm arrives in the form of an invite -- but it's an invitation only to trouble.
iPhone 3.0 Software Sports Snazzy New Features, Sure: It Also plugs a Whopping 46 Security Flaws
Commentary  |  6/18/2009  | 
The nearly four dozen security holes filled in the iPhone 3.0 software published by Apple yesterday have gone nearly ignored with all of the buzz surrounding the new features. But these flaws aren't anything you want to put on hold.
Page 1 / 3   >   >>

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Incorporating a Prevention Mindset into Threat Detection and Response
Threat detection and response systems, by definition, are reactive because they have to wait for damage to be done before finding the attack. With a prevention-mindset, security teams can proactively anticipate the attacker's next move, rather than reacting to specific threats or trying to detect the latest techniques in real-time. The report covers areas enterprises should focus on: What positive response looks like. Improving security hygiene. Combining preventive actions with red team efforts.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-05-24
Opencast is a free and open source solution for automated video capture and distribution at scale. Prior to Opencast 10.14 and 11.7, users could pass along URLs for files belonging to organizations other than the user's own, which Opencast would then import into the current organization, bypassing o...
PUBLISHED: 2022-05-24
GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite `TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC` is agreed and the server uses 512 bit GOST secret keys are vulnerable to buffer overflow. GOST engine version 3.0...
PUBLISHED: 2022-05-24
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. Prior to version 6.1.11, he USBX DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. In particular cases this may allow an attacker to bypass security features or...
PUBLISHED: 2022-05-24
The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure of ...
PUBLISHED: 2022-05-24
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.