News & Commentary

Content posted in August 2009
Page 1 / 3   >   >>
Microsoft IIS Zero-Day Vulnerability Reported
News  |  8/31/2009  | 
Exploit code affecting the FTP module for certain versions of Microsoft IIS has been posted online. US-CERT recommends taking countermeasures.
Wikipedia Considers Coloring Untested Text
News  |  8/31/2009  | 
Registered Wikipedia users may soon have access to software that colors text deemed untrustworthy.
'Freakshow' Provides Inside Look At Real Malware Behind Big Breaches
News  |  8/31/2009  | 
Forensic specialists who investigated hacks of a hotel chain, casino, and restaurant share details on the sophisticated malware used to successfully steal confidential data
LA Fire Threatens Communications Towers
News  |  8/31/2009  | 
Cellular communications towers, as well as TV and radio broadcast towers atop Mount Wilson are at risk.
Intrepidus Launches PhishMe Malware Edition
News  |  8/31/2009  | 
Software-as-a-service (SaaS) solution train users against spear phishing attacks that involve emails that hyperlink to a website hosting malware, as well as those that include malicious file attachments
Zeus Trojan Uses IM Speed Distribution Of Stolen Data
Quick Hits  |  8/31/2009  | 
Jabber IM module built into Trojan sends compromised data quickly to mobile criminals
Data Breach Silence Breached: 5 Good Security Tips
Commentary  |  8/31/2009  | 
For every high profile big headline data breach, there are plenty of others that are kept quiet. A good piece in Informationweek takes a peek behind the curtain of quiet and offers some solid lessons in how to avoid having your data compromised.
The Foundation Of The Data Asset
Commentary  |  8/31/2009  | 
In my last entry we discussed Making Data an Asset. This entry will focus on where that data asset should be stored. What is needed is a strong storage foundation, one that is designed to last for years, if not decades, but also one that will store that data efficiently and of course be complimentary to the enterprise class indexing that we described in our last entry.
Snow Leopard's Toothless Trojan Defense
Commentary  |  8/31/2009  | 
Snow Leopard is the strongest business offering that Apple has ever fielded, but Apple remains in the dark ages when it comes to protection against malware and its unwillingness to work with third-party vendors to minimize the risk of bringing an Apple machine into a large business.
Hacking Oil Rigs
Commentary  |  8/30/2009  | 
When it comes to cyberwar, real cyberwar, perhaps the most damaging attacks won't come in the form of denial-of-service attacks, but be aimed directly at our energy supply.
Snow Leopard's Anti-Malware Lacks Roar
Commentary  |  8/29/2009  | 
A security firm's assessment of the malware protection capabilities that was leaked prior to Friday's release shows that Apple's Snow Leopard won't be chasing down much malware.
Trojan Could Enable Attackers To Eavesdrop On Skype Calls
Quick Hits  |  8/28/2009  | 
Exploit saves conversations as MP3 files to make detection more difficult, researchers say
Lessons From The Credit Union Penetration-Test Debacle
Commentary  |  8/28/2009  | 
Determining who is "in the loop" during a penetration test is an important step not always properly planned during the beginning phases of an engagement. The recent media release from the National Credit Union Association (NCUA) provides an excellent example of what can go wrong.
Filtering Network Attacks With A 'Netflix' Method
News  |  8/28/2009  | 
University of California at Irvine researchers devise new model for blacklisting network attackers
DHS Clarifies Laptop Border Searches
News  |  8/28/2009  | 
The new rules leave open the possibility that travelers may face penalties for refusing to provide passwords or encryption keys.
Identity Theft Ring Ensnared Fed Chairman Bernanke
News  |  8/27/2009  | 
Identity thieves may have drawn more attention that they wanted when they defrauded the nation's top banker.
Attack Of The Tweets: Major Twitter Flaw Exposed
News  |  8/27/2009  | 
U.K. researcher says vulnerability in Twitter API lets an attacker take over a victim's account -- with a tweet
Is Your Wi-Fi Network Open to Intrusion?
Commentary  |  8/27/2009  | 
Security has been an ongoing concern among wireless LANs users since their emergence in the middle 1990s. While vendors have worked diligently to close up any holes, new ones seem to emerge on a regular period, and one is now coming to light that could impact many small and medium businesses.
Cybercriminals: Taking The Road Less Traveled
Commentary  |  8/27/2009  | 
If you were a criminal, what data would you be looking for? The most obvious answer is to look for the types of data that give you direct access to cash: bank accounts, brokerage accounts, credit cards. Like Willie Sutton, you'd go where the money is, right? And that's why some of the stiffest security defenses surround this sort of account data.
5 Security Lessons From Real-World Data Breaches
News  |  8/27/2009  | 
We break the code of silence on data breaches to show how criminals operate -- and how you can thwart them.
Making Data An Asset
Commentary  |  8/27/2009  | 
Data is often looked at as a liability; something that has to be stored, protected and preserved. Data storage has led to massively expanding storage environments and such initiatives as archive. Protection has led to incredibly elaborate backup and recovery schemes and preservation has led to eDiscovery and compliance. All of these processes are reactive, how can the view of data be changed to proactive, to using data as an asset?
Q&A: DHS Cybersecurity Chiefs Speak Out
News  |  8/27/2009  | 
The Department of Homeland Security aims to grow its cybersecurity workforce and technical capabilities, Phil Reitinger and Greg Schaffer say.
CD-ROM 'Attack' Threatens Credit Unions
Quick Hits  |  8/27/2009  | 
National Credit Union Association warned credit unions nationwide of new, creative yet simple scam that uses phishing and malicious CD-ROM disks -- but it may be a false alarm
Printer Security? Yep: Printer Security!
Commentary  |  8/27/2009  | 
The news that IEEE has released new standards for networked printer security is a good reminder that it's not just the computers and servers on your network that pose risks.
New IEEE Printer Security Standard Calls For Encryption, Authentication, Electronic 'Shredding'
News  |  8/26/2009  | 
Printers finally getting security attention, but locking them down depends on actual implementation, configuration, experts say
Attacking Customers, Employees With SQL Injection
Commentary  |  8/26/2009  | 
In the security world, providing "what-if" scenarios can be good, but real-world examples are often required to get people to sit up and listen.
New Malicious Web Links Up More Than 500 Percent In First Half 2009
Quick Hits  |  8/26/2009  | 
Vulnerabilities level off, phishing is down, IBM XForce report says
Google Taps Mobile Phones For Traffic Data
News  |  8/26/2009  | 
The search giant says user privacy is protected because data stays anonymous.
OOOPS Factors: Accidental Data Leaks Are Biggest Business Threat
Commentary  |  8/26/2009  | 
A new IDC/RSA report shows that the the accidental data leak is the insider threat businesses feel is most likely to happen. Not a lot of comfort in that, if you think about it.
IDC Report: Most Insider Leaks Happen By Accident
News  |  8/25/2009  | 
Unintentional leaks may cause more damage than internal fraud, research study says
Is Snow Leopard Coming With Antivirus?
Commentary  |  8/25/2009  | 
Apple security firm Intego posted a hint that Snow Leopard, the new Macintosh operating system that is due for release this Friday, may contain some level of anti-malware detection.
PCI Council Releases Recommendations For Preventing Card-Skimming Attacks
News  |  8/25/2009  | 
New best practices are aimed at helping retailers -- especially small merchants -- but security experts say skimming risk runs deeper
Jessica Biel Searches Deemed Most Dangerous
News  |  8/25/2009  | 
Searching for celebrities may be one of the most effective ways to infect your computer.
White House Overhauls Cybersecurity Reporting
News  |  8/25/2009  | 
Federal agencies will be required to submit standardized cybersecurity reports via new software, rather than spreadsheets.
Message From Hackers: Enjoy The Summer Break Because Winter Attacks Will Be Harsh
Quick Hits  |  8/25/2009  | 
More than 80 percent are more active over the winter holidays, according to newly released survey of hackers at Defcon17
When Mass SQL Injection Worms Evolve...Again
Commentary  |  8/24/2009  | 
In the past, I've described how mass SQL injection worms took the Web completely by storm. Two years ago, SQL injection attacks evolved from sentient, one-off, targeted data-stealing exploits, like in the breaches at Hannaford Brothers and Heartland, to fully automated, unauthenticated
Government Finalizing Medical Data Breach Notification Rules
Commentary  |  8/24/2009  | 
Medical data breaches are on the rise. Much in the same way that credit card breach notifications skyrocketed following California's enactment of SB 1386, California's medical breach laws are doing the same now with patient data. Unlike financial breaches, however, federal rules are now coming into play.
Newly Discovered Vulnerability Could Threaten Cisco Wireless LANs
News  |  8/24/2009  | 
Flaw in Cisco Over-The-Air-Provisioning could allow attackers to gain control of wireless access points, AirMagnet researchers say
Project Honey Pot Files Lawsuit Against Spammers
Quick Hits  |  8/24/2009  | 
Group hopes to collect information that will lead to identification of unknown bank scammers
Hacker Ring Tied To Major Breaches Just Tip Of The Iceberg
News  |  8/24/2009  | 
TJX-Heartland attacker and cohorts also reportedly hacked ATM machines in 7-Elevens, but their wide net is likely just one of many
Your Cloud Insurance Policy
Commentary  |  8/24/2009  | 
Security is all about managing risk -- looking at the threats, evaluating the likelihood that they will affect you, and determining what the impact would be. But in the end, do the numbers really make us feel warm and fuzzy? I didn't think so.
Federal Agencies Pursue Cybersecurity Common Ground
News  |  8/24/2009  | 
NIST is working with defense and intelligence agencies to develop cybersecurity specifications that could be applied across government.
Getting To The Last Copy Of Data
Commentary  |  8/24/2009  | 
One of the storage management challenges we see every day in customer data centers is there are too many copies of data in circulation. Ironically its this fact that built much of the value and motivation behind data deduplication. It should not be this way. Why should you get to a last copy of data?
Employers Crack Down On Social Networking, Web Surfing At Work
Quick Hits  |  8/21/2009  | 
More than three-quarters of organizations now block social net sites, ScanSafe says
Tech Insight: SQL Injection Demystified
News  |  8/21/2009  | 
Attackers are using the old standby SQL injection en masse -- a look at the attack and how to protect your applications from it
What Are Botmasters Thinking?
Commentary  |  8/21/2009  | 
They're thinking that bots are where the money is, according to a fascinating piece over at Dark Reading. Did you know, for instance, that the average bot is worth between a dime and quarter on the market? You gotta sell a lotta bots at that price to make real money -- and people are making real money doing just that.
Radisson Hotels Computers Compromised
News  |  8/20/2009  | 
A hacker appears to have had access to guest information at a limited number of hotels for several months.
Eight Indicted For $22M Identity Theft Scam Against AT&T, T-Mobile
News  |  8/20/2009  | 
Defendants allegedly hijacked customers' identities to steal millions of dollars in wireless gear
Botmaster: It's All About Infecting, Selling Big Batches of Bots
News  |  8/20/2009  | 
Undercover Cisco researcher told the going rate for a single bot is 10- to 25 cents
Lawsuit Seeks End To Bank Cybercrime Secrecy
News  |  8/20/2009  | 
Business bank accounts are being looted in a surge of cybercrime, leaving companies with serious losses.
Page 1 / 3   >   >>


One in Three SOC Analysts Now Job-Hunting
Kelly Jackson Higgins, Executive Editor at Dark Reading,  2/12/2018
Encrypted Attacks Continue to Dog Perimeter Defenses
Ericka Chickowski, Contributing Writer, Dark Reading,  2/14/2018
Can Android for Work Redefine Enterprise Mobile Security?
Satish Shetty, CEO, Codeproof Technologies,  2/13/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: One agent too many was installed on Bob's desktop.
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.