Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in August 2010
<<   <   Page 4 / 4
Researchers Throw Down Vulnerability-Disclosure Gauntlet
News  |  8/4/2010  | 
TippingPoint's Zero Day Initiative (ZDI) program institutes deadline of six months for vendors to fix bugs -- or else the bugs get published
EEMBC Undertakes Design Of Industry-Standard Network Security Performance Benchmarks
News  |  8/4/2010  | 
Industry lacks common method to test and validate DPI throughput for network security products
Data Retention Policies Absent Or Partially Implemented
News  |  8/4/2010  | 
Almost 90% of IT and legal pros value data retention plans, but less than half their organization have them and many fail to follow through with required technology, finds Applied Research survey.
Majority Of IS Pros OK With Government Online Spying: Sophos
News  |  8/4/2010  | 
In addition, 49% think "crippling denial of service attacks against another country's communication or financial websites" is OK during wartime
Cyveillance Finds AV Vendors Detect Less Than 19 Percent Of Malware
News  |  8/4/2010  | 
Further testing reveals that even after 30 days, detection rates averaged only 61.7%
Holy Zeus! Popular Botnet Rules As New Exploits Come Online
News  |  8/4/2010  | 
Trusteer, AVG identify new botnets with different features, both built on Zeus technology
DHS Ramping Up Defense Of Critical Control Systems
News  |  8/4/2010  | 
The discovery of the first worm to target networks controlling power plants points has prompted an expansion of specialized forensic teams to combat the cybersecurity threat.
ID Fraudsters Tapping Children's Social Security Numbers, Report Says
Quick Hits  |  8/4/2010  | 
New scam often goes undetected until minors' credit ratings are wrecked, report says
Cloud-Based Denial Of Service Attacks Looming, Researchers Say
News  |  8/4/2010  | 
Two consultants use a handful of virtual servers in Amazon's EC2 cloud to take down an SMB's network
Commerce Department Seeks Advice On Cybersecurity
News  |  8/4/2010  | 
Businesses, academics and the general public have been asked for input on cybersecurity's economic impact, authentication and identity-management technologies, research and development priorities and more.
Advocates Propose Child ID Theft Prevention Database
News  |  8/4/2010  | 
Database, to be shared with credit reporting agencies, would verify if a social security number belongs to a minor.
The Truth About iSCSI
Commentary  |  8/4/2010  | 
Over the next several entries we are going to explore several of the protocols that are available to IT managers as they try to select a protocol for use in their environments. First up is iSCSI. The protocol it seems most will look to first because it is believed to be both cost effective and easier to use then the currently more commonplace fibre channel. The truth about iSCSI though is that it is a real storage protocol and it needs to be treated like one.
On iPhone, Jailbreaking, And Security
Commentary  |  8/3/2010  | 
It may not be the fashionable decision, but I choose not to jailbreak my iPhone. That's primarily out of security concerns. However, it turns out that Jailbreaking (read: pwning) an iPhone is now as simple as visiting a web page.
iPhone Jailbreak Worries Security Experts
News  |  8/3/2010  | 
Security firms are expressing concern that the first Web-based "jailbreak" for the iOS devices relies on two security vulnerabilities.
Building Botnets For Fun And Profit
News  |  8/3/2010  | 
Creating a botnet business can be lucrative -- and isn't as hard as you might think, Black Hat speaker says
Researcher Reads RFID Tag From Hundreds Of Feet Away
News  |  8/3/2010  | 
Demonstration raises privacy and security concerns with RFID EPC Class 1 Generation 2 used in some passport cards, inventory tags, and driver's licenses
CipherOptics Simplifies PCI Compliance Over Public Networks And Internet
News  |  8/3/2010  | 
CipherOptics’ Virtual IP technology allows customers to secure PCI regulated data over public and private networks simultaneously
IT Pros Use Personal Email, Storage Devices To Move Company Files
Quick Hits  |  8/3/2010  | 
New survey shows how convenience typically wins over security
U.S. Challenged By Global Cybersecurity
News  |  8/3/2010  | 
Federal government must coordinate efforts across agencies to provide a united front on policy, standards, and strategy, says Government Accountability Office.
Ghost In The Machine: Database Weaknesses Expose SAP Deployments
News  |  8/3/2010  | 
Attacker can create a nearly undetectable user account in SAP once he gains unauthorized access, Black Hat USA researcher says
SonicWall Launches Simpler, More Affordable Remote Access
News  |  8/3/2010  | 
The Secure Remote Access 1200 offers users and IT administrators manageable connections between the office and remote desktops, laptops and mobile devices.
Using The 36 Stratagems For Social Engineering
Commentary  |  8/3/2010  | 
I attended several great presentations during last week's BSides and Defcon. HD's VxWorks, egyp7's phpterpreter, and David Kennedy's SET talks were a few of my favorites, with great content and demos, but one that I found especially refreshing and fun was Jayson Street's "Deceiving the Heavens to Cross the Sea: Using the 36 Stratagems for Social Engineering."
Metasploit To Get More Powerful Web Attack Features
News  |  8/2/2010  | 
Rapid7 sponsors open-source w3af Web assessment and exploit project
Design Flaws Make All Browsers Vulnerable, Black Hat Speaker Says
Quick Hits  |  8/2/2010  | 
In series of hacks, researcher demonstrates inherent flaws in currently-used browsers
UK Government Stays With IE6
News  |  8/2/2010  | 
Experts say Microsoft Internet Explorer 6 is a security risk and should be replaced with newer browser.
Managing The Mixed Storage Environment
Commentary  |  8/2/2010  | 
In my last entry we covered the value of just having one device to manage. What if that is not realistic for your environment? Either you selected a storage system that won't scale, you have business reasons for multiple units or the environment is just too large, it needs to diverse to put everything on one storage platform. You need tools to allow the different systems to be managed more easily.
VxWorks Vulnerability Tools Released
Commentary  |  8/2/2010  | 
If you haven't started scanning your network for UDP port 17185, then you better start now. This past week at BSides Las Vegas and Defcon, HD Moore, CSO of Rapid7 and Metasploit chief architect for the Metasploit project, demonstrated an exploit against VxWorks that affects hundreds of products from many different manufacturers.
<<   <   Page 4 / 4


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-34580
PUBLISHED: 2021-10-27
In mymbCONNECT24, mbCONNECT24 &lt;= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts.
CVE-2011-4126
PUBLISHED: 2021-10-27
Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing unprivileged users the ability to mount any device to anywhere.
CVE-2011-4574
PUBLISHED: 2021-10-27
PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor's high resolution timer (the RDTSC instruction). This instruction can be virtualized, and some virtual machine hosts have chosen to disable this instru...
CVE-2020-7867
PUBLISHED: 2021-10-27
An improper input validation vulnerability in Helpu solution could allow a local attacker to arbitrary file creation and execution without click file transfer menu. It is possible to file in arbitrary directory for user because the viewer program receive the file from agent with privilege of adminis...
CVE-2021-26610
PUBLISHED: 2021-10-27
The move_uploaded_file function in godomall5 does not perform an integrity check of extension or authority when user upload file. This vulnerability allows an attacker to execute an remote arbitrary code.