News & Commentary
Content posted in August 2008
|
BNY Mellon Data Breach Potentially Massive
It was in May when we noted an investigation launched by the authorities in the state of Connecticut into a backup tape lost by the Bank of New York Mellon. The results of that investigation are in, and they don't look good.
Storage Acquisitions
Brocade's purchase of Foundry Networks seems like a smart move, but technology acquisitions in general and storage acquisitions in specific never seem to pay off well. OK, never is a bit extreme, but it does seem rare and failure here hurts everyone. It distracts the buying company, often ruins the software from the bought company, and leaves users hanging in the balance.
Who Infected the International Space Station?
W32.Gammima.AG found on orbiting network, but nobody's saying how it got there
Bank's Lost Backup Tapes Contained IDs of 12 Million Clients
Headcount for Bank of New York Mellon's lost backup tapes rises from 4.2 million to 12 million personal identities
Procter & Gamble Taps IBM ISS For Cybersecurity Contract
The five-year deal includes monitoring and maintaining P&G's four existing IBM ISS Proventia SiteProtector management consoles used in Asia, Europe, and North America.
Best Western CIO Scott Gibson On The Data Breach That Wasn't
Gibson has been dealing with a small data breach that somehow snowballed into eight million records stolen and tagged as "one of the most audacious cyber-crimes ever."
Space Station Laptop Virus: This Isn't Rocket Science!
Then again maybe anti-virus precautions are rocket science, or should be, as witness a worm problem in a laptop onboard the International Space Station.
Report: Email Address Dictates Spam Volume
The first letter of your email address is one factor in your spam risk, a researcher says
Feds Shift Gears & Mandate DNSSEC for All Agencies
US government takes a harder line on securing DNS infrastructure, but DNSSEC still hotly debated
Web Application Hacks: Upping The Arms Race
It doesn't seem that long ago since Web applications attacks supplanted network and worm attacks. But they have, and now the attackers are finding ways to obfuscate these attacks. It's an ever-evolving arms race. And we have an updated Top 10 Web site vulnerabilities list.
NASA Security Badge Poses Safety Risk
The badge's metal clasps, if installed backwards, will become a projectile when the badge is opened creating a potential eye injury hazard.
Virus Found On Computer In Space Station
Citing security policies, NASA would not disclose details about how the virus got on a laptop on the International Space Station.
Spammers Use 'Hijacked' Babies To Lure Victims
The social engineering campaign includes an attached file, purportedly a photo of the recipient's child, but which is, of course, malware.
The 'Poor Man's Traffic Intercept'
A weakness in the Border Gateway Protocol makes the Internet's core infrastructure look about as watertight as a screen door.
Cloud Storage Migrations
Finishing up the migration series, let's talk about how you would migrate out of a storage cloud. With public storage clouds in particular, this can be a critical issue. These services are all in their infancy. What if you pick the wrong one, how can you get your data back?
Report: Popular Web Attacks Go Stealth
Attackers are increasingly using encoding to sneak their SQL injection, cross-site scripting attacks past Web security
Microsoft Offers Details on Privacy Features in IE8
New browser will allow user to better control access to surfing history, cookies
Hack Lets Researchers Silently Eavesdrop on IP Networks
New twist on an old BGP routing vulnerability could change the face of data theft, researchers say
Security Breach: More Laws Needed. Let's Add Health Care
Earlier this week, colleague Thomas Claburn covered the unfortunate trend that the tally of data breaches this year already has surpassed all breaches recorded for the entire year in 2007. This isn't entirely bad news, as I'll explain.
FAA Computer Glitch Causes National Flight Delays
The problems began when an Atlanta facility that processes flight plan information went down due to a software malfunction, FAA officials said.
Online Pharmacy Risks Rising, Report Finds
Criminals are trying to take advantage of consumer interest in low-cost medicines by offering counterfeit drugs and spamming to drive sales at online pharmacies.
National Cybersecurity Responsibilty: Public v. Private. Where Do You Stand?
A long article in today's Los Angeles Times raises -- and examines -- what should be a key national issue: who's most responsible for cybersecurity? The government or the private sector?
The Seven Deadliest Social Networking Hacks
Think you know who your real online friends are? You could be just a few hops away from a cybercriminal in today's social networks
User Buys Millions of Bank Records (& a PC) on eBay
Used computer reveals sensitive customer data that should have been wiped clean, eBay buyer says
This Year's Data Breaches Surpass 2007 Totals
The rising number of reported data breaches in the last eight months may just mean corporate security auditors are better at finding compromised systems, ITRC researchers suggest.
8 Million-Record Data Breach Claim 'Grossly Unsubstantiated,' Says Best Western
The hotel chain says that only 13 customer records may have been exposed, not the millions that a Scotland newspaper reported.
Best Western Disputes Depth Of Suspected Breach
Dispute the depth of the breach is an understatement. A Best Western spokeswoman just issued a statement to InformationWeek stating that the breach, so far, has only been confirmed to involve 13 guests at a single hotel.
Survey Says You Sweat Security More Than Cost. Do You?
A new survey of midsize businesses finds that while IT costs are important to you, security is even more so. In fact, security was ranked as the top IT concern for midmarket players.
Migration Relief
In my last entry on migration migraines we discussed the challenges of moving from one primary storage provider to another and went through a few solutions. One of the best methods to make migrations easier is to keep the amount of data on primary storage at a minimum, but what do you do about archives that will grow to petabytes in size?
Best Western Denies Report of Massive Data Breach
Scottish newspaper says flaw exposed personal records of 8M hotel chain customers since 2007; Best Western says report is 'grossly unsubstantiated'
Fedora, Red Hat Servers Compromised
Popular Linux implementation will require changes in signing keys
UPDATE: Best Western Refutes (Some) Claims Of Hacker Compromise
Shortly after our post, Best Western Hotel Chain Pwned, which is based on the story that appeared here, Best Western e-mailed us a response that raises more questions than it answers. That statement, which is available
Best Western Hotel Chain Pwned
According to news reports that started to surface over the weekend, Best Western, one of the world's largest hotel chains -- if not the largest -- is investigating a breach that purportedly has placed millions of its guests' data at-risk, and in the hands of Russian mobsters.
Radio Implants And GPS To Thwart Kidnappers? Don't Think So
In the face of rising kidnappings in Mexico, a number of more affluent Mexicans are opting to have minute radio transmitters implanted under their skin so they can, presumably, be located by the authorities if they're ever kidnapped. This is a bad idea.
Poisoned DNS Woes Grow
It's been weeks since Dan Kaminsky revealed that the Domain Name System (DNS) that underlies the Internet's address routing system was dangerously flawed. It's been a slightly shorter time since patches were released, and yet unpatched DNS vulnerabilities still exist and are beginning to be exploited. Why aren't we surprised?
Memory Stick With 84,000 Prisoner Records Lost In U.K.
U.K. Home Secretary Jacqui Smith blames PA Consulting, a contractor that stored the data on the memory stick in violation of its contract.
Migration Migraines
Moving data between tiers of storage has gotten easier as a result of global file systems and simplified archive software, but upgrading to a new platform ... that is just plain ugly.
Life Insurer Takes New Approach to Two-Factor Authentication
Cryptocard technology helps Kansas City Life get the handle on a thorny access problem
ID Theft Ringleader Gets Three Days in Jail
Man convicted of leading Canada's largest identity theft conspiracy is virtually sentenced to time served
Survey: Mid-Sized Firms Shape Up for Security
Security outweighs cost reduction as firms' biggest concern
Brazilian Indicted For Operating Shadow Botnet
Rather the taking advantage of a software vulnerability, the botnet grew using social engineering -- IM recipients downloaded the malicious files willingly.
FEMA's Phone System Hacked
Someone with unauthorized access placed over 400 calls through FEMA's National Emergency Training Center in Emmitsburg, Md. to several countries in the Middle East.
DNS Flaw Used To Poison Chinese ISP's Server
China Netcom subscribers who mistype a Web address are redirected to a page with malicious code.
FEMA Phones Get Hacked
If you are going to hack a phone system, do you really want to hack DHS? That's what happened this weekend when someone made hundreds of illegal calls from a Federal Emergency Management Agency (FEMA) Private Branch Exchange (PBX) to the Middle East and Asia. It appears that it was the usual culprits of poor change control and misconfigurations that left FEMA's digital doors open.
Is This the End of the Pre-Recorded Telemarketing Call?
New FTC rules redefine consumers' privacy rights
Device Shields Implant Patients From 'Body Hacking'
Cloaking device can prevent pacemakers from remote tampering, hacking
The Security And Privacy Of Healthcare Data
Despite the aim of the Health Insurance Portability and Accountability Act to bolster the security and privacy of patient information, a majority of health-care providers believe more should -- and can -- be done. And a newly formed consortium of industry leaders plans to do something about it.
|
White Papers
Video
3 Comments
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-19349
PUBLISHED: 2018-11-17
PUBLISHED: 2018-11-17
PUBLISHED: 2018-11-17
PUBLISHED: 2018-11-17
PUBLISHED: 2018-11-17
From DHS/US-CERT's National Vulnerability Database CVE-2018-19349
PUBLISHED: 2018-11-17
In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php.
CVE-2018-19350PUBLISHED: 2018-11-17
In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element.
CVE-2018-19341PUBLISHED: 2018-11-17
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at FoxitReader...
CVE-2018-19342PUBLISHED: 2018-11-17
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation starting at U3DBrowser+0x00000000...
CVE-2018-19343PUBLISHED: 2018-11-17
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read), obtain sensitive information, or possibly have unspecified other impact via a U3D sample because of a "Data from Faul...
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This