Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in August 2010
Page 1 / 4   >   >>
Delaware Contractor Mistakenly Posts Personal Data Of 22,000 Employees
News  |  8/31/2010  | 
Data sent along with RFP was not randomized to hide sensitive information, officials say
Could USB Flash Drives Be Your Enterprise's Weakest Link?
News  |  8/31/2010  | 
The Pentagon last week conceded that a USB flash drive carried an attack program inside a classified U.S. military network. Could your company be next?
IBM Corrects Unpatched Vulnerability Numbers After Google Challenge
News  |  8/31/2010  | 
X-Force Team at IBM revises data on vendors with most unpatched bugs in recent IBM X-Force 2010 Mid-Year Trend and Risk Report
Dangerous Internet Explorer QuickTime Flaw Surfaces
Commentary  |  8/31/2010  | 
Spanish security researcher Ruben Santamarta has discovered a way to exploit Apple QuickTime on Microsoft Windows systems and bypass advanced security defenses to take complete control of targeted systems.
'BadB' Now Charged In RBS WorldPay ATM Case
Quick Hits  |  8/31/2010  | 
Alleged ID theft ringleader arrested earlier this month also implicated in massive payroll debit card account theft
China, Taiwan Nab 450 Suspects In Biggest Fraud Raid Ever
News  |  8/30/2010  | 
Cash, fraud "manuals" seized in alleged telecom fraud ring
Security Questions To Ask Your Cloud Provider
News  |  8/30/2010  | 
NeoSpire's director of security, Sean Bruton, discusses the realities of cloud security and the key questions to ask when assessing a hosted or cloud service provider's claims.
The Essentials Of Database Assessment
Commentary  |  8/30/2010  | 
The three fundamental database security operational practices are refining access control, database configuration settings, and patching. And by "operational" I mean you do them over and over to make sure they are right.
Cisco Reportedly Considering Skype Acquisition
News  |  8/30/2010  | 
Skype has launched its Connect 1.0 enterprise VoIP calling service and is preparing to float a $100 million IPO amid rumors that Cisco is considering a bid to acquire the company.
Enterprise Data Continues To Leak, Study Says
Quick Hits  |  8/30/2010  | 
More than one third of companies have experienced the loss of sensitive data in the last year
Major Disruption of Pushdo Botnet Wasn't The Original Goal
News  |  8/30/2010  | 
Botnet's spam traffic cut by 80 percent
Pushdo Botnet Crippled Via Coordinated Takedown
News  |  8/30/2010  | 
Security researchers have pushed large parts of the spam maker offline, but it may not decrease overall crimeware levels.
IT Security Unleashes Employee Complaints
News  |  8/30/2010  | 
Protecting enterprise data and systems while maintaining employee productivity is a delicate balance for CIOs, finds Robert Half survey.
Microsoft Software Security Development Lifecycle (SDL) Unleashed
Commentary  |  8/30/2010  | 
While many industry watchers may not acknowledge it, Microsoft has been one of the few software makers to put a serious, and highly public, effort behind the development of secure software. Now, much of what the company has learned about secure software development is going to be even more accessible.
E-mail Causes Most Enterprise Data Loss
News  |  8/30/2010  | 
Breaches associated with social media, video sharing, blogs are also on the rise, finds Proofpoint study.
Make Security About Security, Not Compliance
Commentary  |  8/30/2010  | 
The lack of follow-through and belief in any type of lifecycle for security is one that really bothers me when working with clients who are looking only to meet the minimum compliance requirements.
Are We Missing the Point?
Commentary  |  8/29/2010  | 
Recently there has been a lot of talk about nuclear weapons, terrorism, and peace treaties. At the end of the day, the question remains: how do we protect a country and its citizens from attack? If that is really the purpose of the summits and the meetings, why isn't cybersecurity part of the discussion -- more importantly, the insider threat?
For SMBs, Data Protection Is A Virtual Affair
News  |  8/27/2010  | 
Think you can't afford BC/DR to rival enterprise-class systems? If you have x86 virtualization installed, you might be surprised.
Practical Analysis: For SMB Backups, Think Hybrid Technology
Commentary  |  8/27/2010  | 
Building a system to protect your data can't be a one-size-fits-all endeavor.
Where In The World Is Safest To Go Online?
Quick Hits  |  8/27/2010  | 
Turkey and Russia have highest odds of web attacks, Japan is safest
Top Military Official Outlines Pentagon's Cyber Strategy
News  |  8/27/2010  | 
As cyber threats to government mount, the Department of Defense is developing a comprehensive strategy to deal with them.
Four Best Practices For Tokenization
News  |  8/27/2010  | 
Going beyond Visa's best practices guide
25% Of Malware Spread Via USB Drives
News  |  8/27/2010  | 
Email and peer-to-peer networks also rank as significant venues for malware attacks, which have increased slightly in the U.S. but declined in Europe, according to Panda Security.
Buy Storage From A Storage Vendor
Commentary  |  8/27/2010  | 
As a company gets larger it becomes increasingly difficult for it to innovate and storage is a market that thrives on innovation. It has not become commoditized like the server market despite multiple predictions to the contrary. Server vendors have repeatedly bought their way into storage attracted by the higher margins. My recommendation is to resist and buy your storage from a storage only, or at least mostly, vendor.
Trusted Identities In Cyberspace
News  |  8/26/2010  | 
Federal IT and security pros have a role in the development of an "identity ecosystem" in cyberspace that spans the government and business sectors.
Next In Cybersecurity Certifications
News  |  8/26/2010  | 
Cybersecurity certifications from organizations provide important benchmarks that are often a requirement for government jobs.
Trusted Identities In Cyberspace
News  |  8/26/2010  | 
Federal IT and security pros have a role in the development of an "identity ecosystem" in cyberspace that spans the government and business sectors.
Closing The Cybersecurity Gap In Government
News  |  8/26/2010  | 
In the face of unrelenting threats to systems and networks, federal agencies must find ways to attract qualified workers and develop new skills internally.
Closing The Cybersecurity Gap In Government
News  |  8/26/2010  | 
In the face of unrelenting threats to systems and networks, federal agencies must find ways to attract qualified workers and develop new skills internally.
The Case For Zero-Day Penetration Testing
Commentary  |  8/26/2010  | 
Penetration testing is a tightrope act where you balance existing knowledge with a mixture of freshly released- and zero-day knowledge. As a penetration tester, I often hear the argument that zero-day attacks do not belong in a test, that there is no time to prepare for them, so of course the target will be compromised. But I have the exact opposite philosophy: zero-day testing should occur to gauge an organization's response to such an attack. If mitigating controls are in place, an unknown att
Mariposa Botnet Operators Didn't Bite In 'Cookie-Stuffing' Offer
News  |  8/26/2010  | 
Ecommerce fraud technique steals commission, referral fees from website affiliates
Massive 'Fake AV' Attack Launched
News  |  8/26/2010  | 
Scareware campaign targets consumers' credit card information with bogus offers of free antivirus services, warns Sophos.
New DDoS Botnet Hits Nearly 200 Websites
Quick Hits  |  8/26/2010  | 
'YoyoDdos' botnet is waging distributed denial-of-service attacks on Chinese, U.S., other sites
Pentagon Confirms Flash Drive Breached Military Network
News  |  8/25/2010  | 
The previously classified incident explains the Defense Department's November 2008 ban on Flash drives and other removable media.
Careful With That Third-Party Web Widget
News  |  8/25/2010  | 
Smaller businesses are more likely to use third-party Web applications on their websites -- and they are less likely to scan such code
California Legislation Would Require Companies To Specify The Data Exposed In Breaches
News  |  8/25/2010  | 
New legislation sitting on Governor Arnold Schwarzenegger's desk raises issue of standard breach notifications
What Solid State Storage Form Factor Is Best?
Commentary  |  8/25/2010  | 
Solid state storage comes in several form factors. Each has its value to both suppliers and to users of the technology. In the data center there seems to be three popular choices emerging; solid state disk drives, PCIe solid state cards and solid state appliances or memory arrays. Choosing the right one for your environment is critical in making sure that you get the most out of your solid state investment.
IBM Report: Stealthy Attacks, Vulnerability Disclosures Rise
Quick Hits  |  8/25/2010  | 
X-Force report says 35 percent of vulnerabilities affecting virtualization servers also affect the hypervisor
Vulnerability Disclosures Increase By 36% In 2010
News  |  8/25/2010  | 
IBM report finds "escape to hypervisor" attacks a growing virtualization concern.
Microsoft Issues Advisory On New DLL Hijacking Attack
Quick Hits  |  8/24/2010  | 
Third-party, Microsoft apps could harbor flaws that let attacker remotely run code on targeted machines
DNSSEC Will Drive Certificate Market
News  |  8/24/2010  | 
While DNNSEC will improve domain authentication, certificates still needed to verify the brand
Facebook Spam Conversion Rate Hits 47%
News  |  8/24/2010  | 
Return rate far exceeds e-mail, but people are starting to develop a resistance to clicking on Facebook and Twitter virally spreading links, finds F-Secure.
Microsoft Confirms Windows DLL Hijacking Vulnerabilities
News  |  8/24/2010  | 
Proof-of-concept code for the remote execution attack hits the wild; numerous applications at risk.
What Storage Is Best For Server Virtualization, Part II
Commentary  |  8/24/2010  | 
In my last entry and the first part of this series we discussed some of the key capabilities to look for when selecting a server virtualization strategy, but as a friend of mine pointed out I never really declared one storage type the best. In this entry we will start to give you some steps to follow in making that selection.
Fixed iTunes Flaw Linked To Broad Set Of Vulnerabilities
News  |  8/23/2010  | 
A Windows DLL hijacking vulnerability is believed to affect dozens of applications, including at least four from Microsoft.
Mobile Devices Threaten Enterprises From Within
News  |  8/23/2010  | 
Security researchers are focusing increasingly on mobile devices. The result: your next insider attack could come from a smartphone
United Nations Website Contains SQL Injection Flaws Three Years After Hack, Researcher Says
News  |  8/23/2010  | 
Bug used in infamous 2007 defacement fixed, but additional SQL injection bugs remain
DHS To Automate Terror Watchlist
News  |  8/23/2010  | 
Watchlist Service will replace the current manual process for sending information from the Terrorist Screening Database to the DHS
Adobe Patches Zero Day Vulnerabilities
News  |  8/23/2010  | 
Out-of-cycle updates fix bugs in Reader and Acrobat affecting Windows, Mac, and Unix.
CloudAudit Gets Real
Commentary  |  8/22/2010  | 
For enterprises, one of the biggest challenges with cloud computing include transparency into the operational, policy and regulatory, and security controls of cloud providers. For cloud providers, one of their pressing challenges is answering all of the audit and information gathering requests from customers and prospects. CloudAudit aims to change that.
Page 1 / 4   >   >>

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-07-04
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, where a user with high privileges can chain another vulnerability to this vulnerability, causing an integer overflow, possibly leading to code execution, escalation of privileges, denial of service, compromised integrity, and informat...
PUBLISHED: 2022-07-04
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmbiosPei, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure.
PUBLISHED: 2022-07-04
NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with elevated privileges and a preconditioned heap can exploit an out-of-bounds write vulnerability, which may lead to code execution, denial of service, data integrity impact, and information disclosure.
PUBLISHED: 2022-07-04
NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global data can exploit improper validation of an array index to cause code execution, which may lead to denial of service, data integrity impact, and information disclosu...
PUBLISHED: 2022-07-04
NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other ...