Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in July 2010
<<   <   Page 2 / 4   >   >>
Employees Flout Social Network Security Policies
News  |  7/23/2010  | 
Many people admit changing settings on business devices to access prohibited sites from the workplace, finds Cisco.
Healthcare Breaches Spin Out Of Control
Commentary  |  7/22/2010  | 
If the past week is any indication (and I'm afraid it is), health care companies are doing an abysmal job at protecting personal health care data.
Cybercrime Gets Social
News  |  7/22/2010  | 
Bad guys look to exploit social networks, games, and other fun things users do at work, Cisco research says
RSA Reports Address Rise In Enterprise Adoption Of Consumer Technologies
Quick Hits  |  7/22/2010  | 
Survey of IT and security pros shows most organizations giving end users more leeway and influence in social networking, gadgets
The Value Of A Storage Administrator
Commentary  |  7/22/2010  | 
Storage hardware and software manufacturers are trying to make the process of managing storage easier. There are simplified storage infrastructures, simplified storage management systems and software to monitor the storage environment, but reality is even the smallest of storage environments need someone focused on the task of making sure that everything is operating as planned.
Tokens A Tempting Option For Securing Cardholder Data
News  |  7/22/2010  | 
Tokenization might be the PCI Holy Grail, but the search for it could be just as circuitous
NIST Releases Virtualization Security Guidelines
News  |  7/22/2010  | 
The security of a virtualization solution is "heavily dependent" on the security of each of its components, according to the National Institute of Standards and Technology.
Air Force Accelerates, Streamlines Cybersecurity Hiring
News  |  7/22/2010  | 
Schedule A expedited hiring authority will allow the Air Force to fill almost 700 new cybersecurity positions without posting and publicizing the positions.
Glide Offers HTML5 iPad Web App
News  |  7/22/2010  | 
With its transcoding technology, Glide lets iPad users view Flash and Windows video.
Microsoft Launches 'Coordinated' Vulnerability Disclosure Program
News  |  7/22/2010  | 
Microsoft abandons controversial 'responsible disclosure' term, supporting public disclosure of unpatched bug details when attacks hit
DHS Releases Intrusion Detection Software
News  |  7/22/2010  | 
Suricata, developed by the Department of Homeland Security-funded Open Information Security Foundation, is available under the GPLv2 license.
Dell Shipped Malware Infected Motherboards
News  |  7/22/2010  | 
W32.Spybot worm discovered in flash memory on some replacement PowerEdge server motherboards.
Apple Safari Browser Surrenders Personal Data
News  |  7/22/2010  | 
A flaw in the implementation of Safari's AutoFill mechanism can be exploited to grab Mac users' names, street addresses, and e-mail addresses.
Black Hat: Mobile Flaws Get Attention
News  |  7/21/2010  | 
As security professionals converge in Las Vegas for Black Hat USA 2010, July 24-29, conference founder Jeff Moss says interest in mobile vulnerabilities is growing.
Report: Malware Purveyors Using Social Nets For Command And Control
Quick Hits  |  7/21/2010  | 
Banking Trojan is among the first to be controlled through public social network, RSA says
Google Seeks Redefinition Of 'Responsible Disclosure'
News  |  7/21/2010  | 
Arguing that speedy software fixes enhance user security, Google wants the security community to change vulnerability disclosure practices.
Security Pros Feel Underpaid, But In Some Cases Would Take A Pay Cut
News  |  7/21/2010  | 
New survey shows value IT security professionals place on job security, training, quality of life
Avoiding Accidental Data Leaks In Small Businesses
News  |  7/21/2010  | 
SMBs struggle to educate users, protect company data from unintentional breaches
Conquering Large Web Apps With Solid Methodology
Commentary  |  7/21/2010  | 
This is one of those weeks where I'm trying to wrap up as much as possible before I'm out of the office for Black Hat, BSides, and Defcon. One of those things on my list is a Web application assessment for a client that's a monstrous, open-source beast with subapplications bolted on from all over the place and tons of places for vulnerabilities to hide.
McAfee Releases Mac Security Tools
News  |  7/21/2010  | 
Internet Security and Family Protection for Apple Mac aimed at making Web browsing safer.
Cybersecurity Expert Shortage Puts U.S. At Risk
News  |  7/21/2010  | 
Presidential commission proposes overhauling certifications to increase cybersecurity professional quality and quantity.
Storage Protocol Explosion
Commentary  |  7/21/2010  | 
Today's Storage Manager is faced with more shared storage connectivity choices than ever. Off the top of my head there is SAS, iSCSI, NAS, AoE, FCoE and of course good old Fibre Channel. One would think that at some point there will be a shake out in storage but that doesn't seem to happen and when it does it seems like they are replaced with two or three new ones.
The Cash Drawer Lock Box And SMB Security
Commentary  |  7/21/2010  | 
Since information security first sprouted into its own industry, the small business market has been the red-headed stepchild of the newfound art.
Slideshow: Cloud Security Pros And Cons
Slideshows  |  7/20/2010  | 
Securing your business in the cloud can offer substantial savings and resources balanced by large and unexpected risks. In this review of cloud security silver linings and storms warnings, we look at some of the brightest and darkest security clouds.
Researcher Pinpoints Widespread Common Flaw Among VxWorks Devices
News  |  7/20/2010  | 
Diagnostics service feature in VxWorks OS kept activated in some VoIP, DSL, SCADA systems leaves them open to attack
Hackers Unite!
Commentary  |  7/20/2010  | 
I'm like the proverbial kid in a candy store. This my favorite time of year. Between Black Hat, Defcon, and BSides, you have feds, criminals, security experts, reporters, and everyone in between congregating in the city of sin. What's not to like? Here's a rundown of these events, my picks for talks not to be missed, and an invitation.
Adobe Plans Security Sandbox For Reader
News  |  7/20/2010  | 
Windows users can look forward to improved malware protection in Adobe's Reader software.
Adobe To 'Sandbox' PDF Files
Quick Hits  |  7/20/2010  | 
Upcoming security feature for Adobe Reader puts PDFs in protected mode
Semtek Announces PCI DSS De-scoping Of Major National Retailers
News  |  7/20/2010  | 
Deploying end-to-end encryption within large merchant's environments is considered the most difficult of all implementation use cases
Consortium Unveils Digital Entertainment Locker
News  |  7/20/2010  | 
Cloud-based UltraViolet platform allows consumers to buy and watch movies and TV shows on a host of Web-connected devices.
Reports: Turkish Hackers Have Stolen Personal Data Of More Than 100,000 Israelis
News  |  7/19/2010  | 
Israeli observers fear data thefts could be related to conflict between the two countries
SANS Raises Infocon Alert To Yellow In Light Of New Windows 'Shortcut' Attack Threat
News  |  7/19/2010  | 
Security experts closely monitoring spread of new zero-day threat
Microsoft Acknowledges Windows Shell Vulnerability
News  |  7/19/2010  | 
The zero-day vulnerability appears to be designed for industrial espionage.
Dell KACE Offers Free Secure Browser
News  |  7/19/2010  | 
To protect against web malware, Dell KACE's new free Secure Browser virtualizes a browser and restricts direct and cross-site access to dangerous or inappropriate websites.
Nonprofit Group Launches Open-Source IDS/IPS
Quick Hits  |  7/19/2010  | 
Suricata 1.0 will go head-to-head with popular Snort tool
Detection And Defense Of Windows Autorun Locations
Commentary  |  7/19/2010  | 
As an incident responder and forensic investigator, there's a truth we expect malware to always follow: Persistence is a must to survive. OK, exceptions exist. But the general rule of thumb is that malware seeks to persist, and it will hook itself into common areas on a victim Windows machine to do so.
SIEM Ain't DAM
Commentary  |  7/19/2010  | 
I've been getting questions about the difference between system information and event management (SIEM) and database activity monitoring (DAM) platforms. It's easy to get confused given their similarities in architecture. There's also a great deal of overlap in events that each collects and the way they handle information. Couple that with aggressive marketing claims, and it seems impossible to differentiate between the two platforms.
Microsoft Warns Of Critical Vulnerability
Commentary  |  7/18/2010  | 
Microsoft Friday warned its customers that attackers are targeting an unpatched and critical Windows vulnerability.
Mozilla Raises Security Bug Payout
Commentary  |  7/16/2010  | 
If you are a bug finder, finding security flaws in Mozilla software products, such as the Firefox web browser, just became much more profitable after the foundation raised its bug bounty from $500 to $3,000. But will this move help improve your security?
Single Trojan Accounted For More Than 10 Percent Of Malware Infections In First Half 2010
News  |  7/16/2010  | 
Top two threats both exploit the Windows Autorun feature, BitDefender study says
Firefox Home Arrives For iPhone
News  |  7/16/2010  | 
Unable to offer a mobile version of Firefox on the iPhone, Mozilla has managed to get Apple to accept an app that makes Firefox data available.
Enterprise Security Market To Grow Nearly 14 Percent In 2010, Study Says
Quick Hits  |  7/16/2010  | 
Outlook for 2011 also looks bullish, according to industry research firm Canalys
Malware Spreading Via USB Drives
News  |  7/16/2010  | 
The Stuxnet rootkit launches even with AutoRun and AutoPlay disabled and is known to affect Windows 7 Enterprise Edition x86 operating systems.
Does Data Retention Really Protect A Corporation?
Commentary  |  7/16/2010  | 
As I have gone through the series on developing a keep data for ever strategy, one of the criticisms has been about the risk to the organization. The conventional wisdom is that email stores and PST files are fertile ground for opposing counsel looking for evidence and by keeping that data forever you are exposing yourself to further risk. My opinion is that you are at no greater risk than with a strict r
Researcher Says Home Routers Are Vulnerable
Quick Hits  |  7/15/2010  | 
Black Hat presentation will demonstrate hacks that could work on many existing routers
Information Security Forum Delivers Tips For Reducing Security Risk In The Cloud At (ISC)2
News  |  7/15/2010  | 
Adrian Davis, a senior research consultant for the ISF, will examine the relationship between cloud provision and outsourcing
Certgate Unveils Security Solution For Mobile Devices
News  |  7/15/2010  | 
certgate Voice Encryptor resists spyware and malware attacks on mobile phones as well as 'man-in-the-middle' attacks
White House Issues Progress Report On Cybersecurity
News  |  7/15/2010  | 
Obama administration looks to raise awareness in private sector
Web Services, Cybercrime-Solver
News  |  7/15/2010  | 
NIST researchers propose designing Web services that preserve evidence of attacks and then, using that data, reconstruct series of Web service invocations that took place during the course of the attacks
Sophos: U.S. Leads List Of Spam Originators
News  |  7/15/2010  | 
In addition, Sophos study found 97% of all e-mail received by business e-mail servers are now spam
<<   <   Page 2 / 4   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21195
PUBLISHED: 2021-04-09
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.