Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in June 2009
<<   <   Page 3 / 3
Adobe Launches Its Own 'Patch Tuesday'
News  |  6/9/2009  | 
First quarterly patch fixes 13 critical bugs in Reader and Acrobat
Study: Most Employees Disobey Security Policies
Quick Hits  |  6/9/2009  | 
New Ponemon Institute report finds end users are evading security controls at an increasing rate
Black Hat Founder Tapped To Advise Homeland Security
News  |  6/8/2009  | 
Jeff Moss, founder of the Black Hat and Defcon security conferences, is one of 16 people appointed to the Department of Homeland Security Advisory Council, as the government casts a wide net for perspectives on cybersecurity.
New Wiki Promises Breach Training For Business Execs
Quick Hits  |  6/8/2009  | 
BreachCenter.com hopes to play host to discussions on breach prevention, response
Alleged T-Mobile Data Offered To Highest Bidder
News  |  6/8/2009  | 
A note offering the data for sale says that the company's databases, confidential documents, and financial documents were stolen.
T-Mobile Investigating Claims It Was Breached
News  |  6/8/2009  | 
Online post offers sensitive data from wireless provider to the "highest bidder," but security experts are skeptical the breach is severe
Tech Insight: How To Choose An Integrated Security Services Provider
News  |  6/8/2009  | 
"Suites" of security services may look good on paper, but do they really do what they promise?
Hacking Challenge Shows XSS Still King
Commentary  |  6/8/2009  | 
Last week, another company got egg on its face by running a "we're-so-secure-you-can't-hack-our-stuff contest." When are companies going to learn claims like that always backfire?
Trend Micro Tightens Defenses Against SMB Data Leaks
Commentary  |  6/8/2009  | 
The latest version of Trend Micro's data loss protection (DLP) package, LeakProof 5.0, comes in two flavors: one for monitoring users and confidential data, the other covering those elements, but also providing tools for protecting intellectual property as well as confidential information.
Cloud Storage's Next Move: Archive
Commentary  |  6/8/2009  | 
Cloud storage for the most part is being used today as a backup medium or for collaboration, but the next big step and where cloud storage may be at it's best is an archive repository to meet the enterprise's growing data retention and compliance demands.
Hackers Claim To Have Pwned US T-Mobile. As In: Everything.
Commentary  |  6/8/2009  | 
It's not the kind of forum post an executive would like to see created about their company. It's not a leaked rumor about an upcoming product or service, or even a ranting upset customer. Nope. It's a group claiming to have controlled portions of your IT network for a long time. And they published what looks to be proof of the breach. T-Mobile is investigating.
Former Hacker Named To Homeland Security Advisory Council
Commentary  |  6/7/2009  | 
The Obama administration has said it wanted to bring a new approach to government, and a renewed emphasis on national cybersecurity efforts. And maybe that's what the administration was shooting for when it appointed Jeff Moss (also known as "Dark Tangent") and founder of the annual DefCon and Black Hat hacker conferences to the Homeland Security Council.
Trust And Web Ad Services
Commentary  |  6/5/2009  | 
Well-respected, highly secure Websites commonly infect the people who surf them. So if they are so secure, then why does this keep happening?
What Is Deduplication And Why Should You Care?
Commentary  |  6/5/2009  | 
A couple of days ago I was speaking at an event in Dallas and was reminded that sometimes those of us in storage get too wrapped up in, well, storage and that IT professionals have other things to worry about than just storage. I asked the audience how many of them had done anything with deduplication. Only 30% had, although 100% wanted to know more.
The 6 Worst Cloud Security Mistakes
News  |  6/5/2009  | 
A look at the most common missteps when choosing a cloud-based service -- and how to avoid them
EFF Web Service Tracks Changes In Privacy Policies At Popular Websites
Quick Hits  |  6/5/2009  | 
Electronic Frontier Foundation's TOSBack.org will shed light on changes in service and privacy policies on such sites as Facebook, Google, and eBay
Disaster Recovery: Location, Location, Location
Commentary  |  6/5/2009  | 
A comment from a reader offers a reminder that effective disaster recovery planning -- and successful DR in the event of disaster -- requires more than just IT and personnel planning. You have to know where those resources are going to be able to work.
Microsoft Squashing Six Critical "June Bugs" in IE, Windows, and Office Apps
Commentary  |  6/4/2009  | 
The software maker said today that it deliver a total of ten patches next week, which is about average for a Patch Tuesday. Six of the 10, however, are rated critical.
Disclosure Helps Bad Guys -- But Not The Way You'd Think
Commentary  |  6/4/2009  | 
When publicly disclosing new attack techniques or simplifying older ones, many researchers -- including myself -- have been accused of indirectly assisting the bad guys by schooling them in their evil ways. Admittedly, we can never really be sure we're not helping them, but at the same time, we can't be certain the bad guys don't already know what we do.
Hackers Arrested In China After Feud Causes Major Outage
News  |  6/4/2009  | 
DDoS feud between underground gaming services allegedly caused temporary Internet outage across more than 20 provinces
RIM Issues Patch For BlackBerry Vulnerability
News  |  6/4/2009  | 
Enterprise BlackBerry smartphone users could be at risk if they open a maliciously crafted PDF, Research In Motion says.
Hacking Tool Lets A VM Break Out And Attack Its Host
News  |  6/4/2009  | 
'Cloudburst' memory-corruption exploit released with Immunity's new version of Canvas penetration testing software
For SMBs, Being Security-Savvy Doesn't Always Mean Doing It Yourself
Commentary  |  6/4/2009  | 
When it comes to security, most security professionals -- indeed, most Dark Reading readers -- are do-it-yourselfers. They do their own research, find their own bugs, and remediate their own systems. It's almost a rite of passage -- if you have to ask for help, you can't be a real security pro. But I wonder, sometimes, if this attitude doesn't hurt small and midsize businesses, in which having even one full-time security professional is more than many can afford. Such businesses are ju
Wisconsin-Based Healthcare Provider Chooses Symantec Solution For HIPAA Compliance
News  |  6/4/2009  | 
Aspirus implements Symantec backup and recovery, endpoint managemen,t and endpoint security software products
Trojan Attack On Multiple ATMs Steals Data, PINs
Quick Hits  |  6/4/2009  | 
Researchers find malware code that lets an attacker take full control of the cash machines
More Than 530,000 Patients Notified In Data Ransom Scare
Quick Hits  |  6/3/2009  | 
"Kidnapper" who held data for ransom still at large, Virginia authorities say
Security Incident Ratings Made Easy
Commentary  |  6/3/2009  | 
Management likes numbers. They get the the warm fuzzies when numbers can be graphed in a way that they can quickly discern what's going on. Of course, if the numbers are bad, then they may not feel those warm fuzzies. In the IT security world, we try to provide useful numbers to show what a great job we're doing, but it's hard to quantify thwarted attacks -- other than relying on numbers from an IPS and anti-malware system.
Report: Cybercrime Riches Are Hard To Come By
News  |  6/3/2009  | 
Researchers from Microsoft say stolen goods offered for sale in IRC channels are tough to monetize, and industry estimates of underground profits are "exaggerated"
Accidental Data Leaks Are Still Data Leaks
Commentary  |  6/3/2009  | 
The inadvertent posting of sensitive U.S. nuclear information by the G.P.O. is a reminder to all of us that a) accidents happen and b) accidents involving digital copies of confidential information happen all too easily.
Government Accidently Posts Sensitive Nuclear Documents Online
News  |  6/3/2009  | 
The 267-page document contains addresses and descriptions of civilian nuclear sites around the country.
Study: Web Trackers Systematically Compromise Users' Privacy
News  |  6/3/2009  | 
Website monitoring practices take advantage of many loopholes in privacy regulations, UC-Berkeley study says
Tweet Your Vacation Status. Get Burglarized?
Commentary  |  6/2/2009  | 
Any of us who regularly use the micro blogging site Twitter do it all of the time: we broadcast our whereabouts in real time. It's kind of the point of the entire Twitter experience. Yet, this video podcaster believes he may have been robbed because of his Tweeting his vacation status.
Despite Breaches, Universities Feel Good About Security Progress
Quick Hits  |  6/2/2009  | 
Almost half of universities report breaches, but most say damage was limited
EMC Bids For Data Domain - User Impact
Commentary  |  6/2/2009  | 
A week ago I wrote about the user impact of NetApp buying Data Domain. Today we are back at it with EMC making a bid for Data Domain. The first take away for a user: Data Domain has to be one of the safest technology purchases you can make. Clearly the company has something that other companies want, and it's not likely to go anywhere anytime soon.
Java Trouble Brewing For Apple
Commentary  |  6/2/2009  | 
Like most computer geeks with the latest toys, I can always find a way to play rather than work. My procrastination tendencies can sometimes lead to troubling results (just ask my girlfriend), so I often give vendors some leeway when it comes to patching vulnerabilities. But some vendors just don't get it.
Report: Mass Injection Attack Affects 40,000 Websites
Quick Hits  |  6/1/2009  | 
Exploit appears similar, but unrelated, to Gumblar, researchers say
Apple Plugs A Heap of Buffer Overflow Vulnerabilities
Commentary  |  6/1/2009  | 
The software maker plugs 10 significant security vulnerabilities in its QuickTime media player, as well as flaws within iTunes. A number of flaws could lead to denial of service conditions, or remote exploit. Looks like most of these flaws affect Mac OS X, Vista, as well as XP SP3.
What Obama's Cybersecurity Plans Mean For Businesses
News  |  6/1/2009  | 
Administration's new cybersecurity policies could yield new security regulations and incentives for enterprises, experts say
BackTrack4 Sneak Peek Shows New Forensic Capabilities
Commentary  |  6/1/2009  | 
BackTrack 4 Pre Final Sneak Peek was released to Informer Blog subscribers last week. Informer, created by Johnny Long and his Hackers For Charity organization, is a fundraising program to help feed children in East Africa, and its blog "is designed to give subscribers a 'backstage pass' to the world of Information
Danger! Search Engines At Work!
Commentary  |  6/1/2009  | 
Some search terms and categories are more dangerous than others, and likelier to lead to malware according to a new report from McAfee. Among the most dangerous current category and term? Lyrics, of all things.
The .NET Browser Add-On Security Uproar
Commentary  |  6/1/2009  | 
Some Firefox users are screaming bloody murder over a Windows update that quietly adds an unwanted browser extension to their systems. Maybe it's time to step back and take a deep breath.
Can Backups Be Made Obsolete?
Commentary  |  6/1/2009  | 
Backups have long been a source of pain and frustration for enterprises of all sizes; they are constantly causing problems because the growth and value of data is increasing faster than the network's ability to deal with that data. The problem keeps many IT professionals awake at night and most surveys indicate a low confidence in the ability to recovery from a disaster, but how can backups be made obsolete?
<<   <   Page 3 / 3


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27491
PUBLISHED: 2021-07-30
Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,The Ypsomed mylife Cloud discloses password hashes during the registration process.
CVE-2021-27495
PUBLISHED: 2021-07-30
Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,he Ypsomed mylife Cloud reflects the user password during the login process after redirecting the user from a HTTPS endpoint to a HTTP endpoint.
CVE-2021-32807
PUBLISHED: 2021-07-30
The module `AccessControl` defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of `Script (Python)` objects. The policies defined in `AccessControl` severely restrict acce...
CVE-2021-22521
PUBLISHED: 2021-07-30
A privileged escalation vulnerability has been identified in Micro Focus ZENworks Configuration Management, affecting version 2020 Update 1 and all prior versions. The vulnerability could be exploited to gain unauthorized system privileges.
CVE-2021-34629
PUBLISHED: 2021-07-30
The SendGrid WordPress plugin is vulnerable to authorization bypass via the get_ajax_statistics function found in the ~/lib/class-sendgrid-statistics.php file which allows authenticated users to export statistic for a WordPress multi-site main site, in versions up to and including 1.11.8.