Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in August 2010
<<   <   Page 2 / 4   >   >>
Choosing The Right Firewall For Your Small Business
Commentary  |  8/21/2010  | 
After the last post, Four Must-Have SMB Security Tools, readers had a lot of questions about selecting the right firewall for an SMB. Although I've answered each of those emails, those questions are a great segue to this topic: choosing the right firewall for your SMB.
Google Adds Developer Fee To Enhance Extension Security
News  |  8/20/2010  | 
It's only $5 but Google hopes the fee will limit abuses by malicious developers.
DoD Publicly Cites Chinese Cyberespionage Against U.S.
Quick Hits  |  8/20/2010  | 
Report says China's "information warfare units" include civilian computer experts
Tech Insight: Using Network Segmentation And Access Control To Isolate Attacks
News  |  8/20/2010  | 
The right network design can protect against hidden threats from embedded systems and rogue access points
Air Force To Tackle Supply Chain Security
News  |  8/20/2010  | 
The Air Force looks to mitigate supply chain vulnerabilities and attacks with a Center of Excellence and new technology.
Intel Buys McAfee: Is The PC Security Model Dead?
Commentary  |  8/20/2010  | 
When it comes to emerging platforms like smartphones, tablets, and embedded networked systems, the old model of separate antivirus security companies is officially dead. And Intel's purchase of McAfee puts a stake in it.
Tiger Team Sends DHS Suggestions On How To Better Safeguard Patient Privacy
News  |  8/20/2010  | 
19-page letter recommends that the HIT Policy Committee adopt the guidelines set out in the Fair Information Practices
Intel Buys (Overpays For?) McAFee For Growth
Commentary  |  8/20/2010  | 
Chipmaker Intel buys security software maker McAfee for $7.68 billion. The question is: why?
HHS Committee Sanctions Health IT Security Proposal
News  |  8/20/2010  | 
Contentious debate over how patients can opt out of data sharing nearly derailed the Department of Health and Human Services group's recommendations.
New Social Networking, Security Awareness Training Gets 'In Your Face'
Quick Hits  |  8/19/2010  | 
Defcon social engineering contest organizers launch security awareness training for nontechnical and technical users
Cameron Diaz Is The Web's Most Dangerous Celebrity
News  |  8/19/2010  | 
New McAfee report investigates the most trendy noteables for cyber attacks, finds Barack Obama and Sarah Palin are among the safest.
Intel To Purchase McAfee For $7.68 Billion In Cash
News  |  8/19/2010  | 
Security experts skeptical of hardware-based security strategy
What Storage Is Best For Server Virtualization?
Commentary  |  8/19/2010  | 
One of the biggest challenges to expanding a virtual server infrastructure is dealing with the storage challenges that often come with the deployment. The way storage is used in the virtual infrastructure is unlike most use cases. In this environment we want the same storage area to be accessed by almost every connecting server and each of those servers may have dozens of workloads trying to access that storage at the same time.
Intel To Buy Out McAfee For $7.68 Billion
News  |  8/19/2010  | 
The acquisition would allow Intel to offer a wide range of tightly bundled hardware and software security solutions.
Slideshow: Fashion Statements from DEFCON 2010
Slideshows  |  8/18/2010  | 
Tattoos, mohawks, sheep, and 'pimp' necklaces were just some of the scenes from the hacker conference in Las Vegas earlier this month.
Chrome, Safari See Surge In Vulnerabilities
News  |  8/18/2010  | 
Cenzic's Web application security report for the first half of the year blames WebKit problems and phone software bugs for Safari and Chrome flaws.
Researcher Cracks ReCAPTCHA
News  |  8/18/2010  | 
Homegrown algorithms for cheating Google's reCAPTCHA released earlier this month
Hospitals Worried About Breaches, Survey Shows
Quick Hits  |  8/18/2010  | 
But most plan to increase security spending this year over last year
Ferreting Out Rogue Access Points And Wireless Vulnerabilities
News  |  8/18/2010  | 
To comply with regulations, companies increasingly must scan their wireless networks -- a third of which have rogue APs or other insecurities
FBI Outsources Cybersecurity To Mantech
News  |  8/18/2010  | 
The nearly $100 million, five-year contract for round-the-clock intrusion-detection monitoring points to a managed-services trend among federal agencies.
Embedded Systems Can Mean Embedded Vulnerabilities
Commentary  |  8/18/2010  | 
I'll admit that I've been having a lot of fun with the VxWorks vulnerabilities lately, but it's important to step back and look at our networks to see what other devices could be sitting there waiting to be the next harbingers of doom.
Scareware Using Bing Results To Expand Attack
News  |  8/18/2010  | 
Mass rogue antivirus campaign tricking search engines to return malicious links using results from Microsoft's search engine.
Facebook Clickjacking Attack Spreading Through Share Button
News  |  8/18/2010  | 
"Funny T-Shirt Fails" scam costs victims a $5 weekly charge on their cell phone bill, finds Sophos.
Mass Drive-By Attack Used Web Widget
News  |  8/17/2010  | 
Attackers took a different spin on mass infection, and targeted hosting provider Network Solutions Inc.
Anti-Virus Suite Protection? Not Much
Commentary  |  8/17/2010  | 
It's no secret that anti-virus software doesn't do much to protect you against new and rapidly moving viruses, so it shouldn't come as much of a surprise that these suites don't do much good defending you against exploit code, either. A fresh evaluation from NSS Labs reveals just how vulnerable you really are.
Cybersecurity Tensions Between Public, Private Sector
News  |  8/17/2010  | 
Neither side is meeting the other's expectations for sharing information, according to a GAO report.
Firefox Flaw Facilitates Deception
News  |  8/17/2010  | 
Security companies see risk in a browser bug, but Mozilla's director of Firefox says users are safe.
Malware Spewing Widget Hacks 500,000 Websites
News  |  8/17/2010  | 
Security expert estimates that up to 5 million domains parked by Network Solutions are actively serving threats.
Spyware Hidden In Android Snake Tap Game
News  |  8/17/2010  | 
Free app is paired with GPS Spy, software that monitors a targeted device's location.
HP To Buy Fortify
Quick Hits  |  8/17/2010  | 
Deal seals already tight relationship between the two vendors, sets the stage for an HP-IBM showdown
Database Threat Modeling And Strip Poker
Commentary  |  8/17/2010  | 
Threat modeling used to be an arcane process handed down from one security expert to another. But it's the single most valuable skill I have learned in security. It involves looking at every system interface or function and trying to find different ways to break it.
Inside Verizon's Insider Threat Data
News  |  8/16/2010  | 
Verizon Business' latest Data Breach Investigations Report shows insiders as a growing threat -- but increase comes from a selective data set
Facebook 'Dislike Button' Flagged As Scam
News  |  8/16/2010  | 
A 'Dislike' button spreading on Facebook is a rogue app designed to capture personal information and collect survey revenue.
Dell To Acquire 3PAR For $1.15 Billion
News  |  8/16/2010  | 
EMC's status as Dell's longtime storage partner is unclear, but adding 3PAR's high-end data storage offering may boost the PC maker's moves into IT services and cloud computing.
NASA In Position To Foster Global Cybersecurity
News  |  8/16/2010  | 
Symantec's CTO, speaking at the first-ever NASA IT Summit, said the U.S. needs to collaborate more closely with other nations to protect critical infrastructure worldwide.
Gartner: Security Software Market To Grow 11 Percent This Year
Quick Hits  |  8/16/2010  | 
Security will continue to be fastest-growing enterprise software segment, new report says
Passwords Quickly Hacked With PC Graphics Cards
News  |  8/16/2010  | 
Georgia Tech researchers find that high-end, readily available graphics processing units are powerful enough to easily crack secret codes.
Botnet Operator Comes Clean About Casino Scam
News  |  8/16/2010  | 
Busted GhostMarket.net member posted on an underground forum how he stole nearly $30,000 with credit card fraud.
Advanced Persistent Threat: The Insider Threat
Commentary  |  8/16/2010  | 
APT is the buzzword everyone is using. Companies are concerned about it, the government is being compromised by it, and consultants are using it in every presentation they give. But people fail to realize that the vulnerabilities these threats compromises are the insider -- not the malicious insider, but the accidental insider who clicks on the wrong link.
Apple Worker Arrested On Kickback Charges
News  |  8/16/2010  | 
Paul Shin Devine allegedly disclosed company secrets to Asian suppliers in exchange for payments of more than $1 million.
Is Dell Set To Become A Storage Juggernaut?
Commentary  |  8/16/2010  | 
Dell today announced its intention to buy 3PAR. Assuming for a moment that everything goes through and Dell is successful at the integration strategy they suddenly become a force to be reckoned with in the storage industry. The combination of 3PAR, EqualLogic, Ocarina Networks all supported by Perot Services makes for a compelling combination.
Analysis: Healthcare Breach Costs May Reach $800 Million
Commentary  |  8/15/2010  | 
According to an analysis by the Health Information Trust Alliance (HITRUST), regulated health care organizations that have reported health information breaches of 500 or more people could cumulatively spend upwards of $1 billion in related costs.
The Value Of Bursting
Commentary  |  8/13/2010  | 
Having things burst in the data center does not seem like a very good idea but the term really applies to allowing components of the data center to expand on the fly when there is a peak load and then contract when it has passed. The value of bursting is that it will allow you not to have to design infrastructures for the norm not the worst case, saving capital.
VA Posts Data Breach Reports Online
News  |  8/13/2010  | 
Monthly updates show the different ways data has leaked out of the agency, including lost or stolen hardware and misdirected emails.
Feds Strengthen Cybersecurity Workforce Plans
News  |  8/13/2010  | 
As the pressure mounts on government to keep its systems secure, efforts to improve the federal cybersecurity, particular hiring practices for cybersecurity pros, are pushing forward.
More Than 20 Million Americans Have More Than One SSN On Record, Study Says
Quick Hits  |  8/13/2010  | 
Data entry errors, falsifications suggest that SSNs might not be effective as unique identifiers
Strategic Security Survey: Global Threat, Local Pain
Slideshows  |  8/13/2010  | 
Highlights of exclusive InformationWeek Analytics research as it appears in "Global Threat, Local Pain," our report assessing whether the high-profile infiltration of corporate networks worldwide (Google China leaps to mind) is forcing execs to reconsider their security strategies and pony up related resources.
Six Healthcare Data Breaches That Might Make Security Pros Sick
News  |  8/13/2010  | 
Most of the healthcare industry's biggest compromises could have been avoided, experts say
Gaining A Foothold By Exploiting VxWorks Vulns
Commentary  |  8/13/2010  | 
The VxWorks vulnerabilities recently announced in Las Vegas during the BSides and Defcon security conferences have opened a can of worms for hundreds of vendors, and even more consumers and companies using the vulnerable products -- the majority of whom have no idea they're vulnerable and potentially exposed to external attackers.
A Peek At The Next Version Of PCI
News  |  8/12/2010  | 
Clarifications but no big changes -- and that's what concerns some security experts
<<   <   Page 2 / 4   >   >>


Commentary
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
Edge-DRsplash-10-edge-articles
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23394
PUBLISHED: 2021-06-13
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
CVE-2021-34682
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
CVE-2021-31811
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31812
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-32552
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.