News & Commentary

Content posted in September 2007
Page 1 / 5   >   >>
Would You Hire This Hacker?
Commentary  |  9/28/2007  | 
Convicted hacker Robert Moore started serving his two-year prison sentence yesterday. He has high hopes that a security company will scoop him up when he gets out. The question is: Would you hire this man?
No Excuse: Security Lessons From T.J. MAXX Data Breach
Commentary  |  9/28/2007  | 
Maybe the company should change its name to T.J. LAX -- lax security practices let the hacked retailer's data breach go from bad to worse to bad beyond belief while nobody did anything to remedy the situation.
Attackers Kill Anti-Fraud Site
News  |  9/28/2007  | 
Fraudwatchers.org buckles, collapses under weight of month-long denial-of-service attack
iHack With an iPhone
News  |  9/28/2007  | 
Your iPhone isn't just hot-looking - it's also a potential hacking weapon
Retail Security: No Sale
News  |  9/28/2007  | 
Despite harsh lessons at TJX and redoubled efforts by credit card companies to push PCI, customer data remains at risk
Bradford Networks' NAC Secures 1M Users
News  |  9/28/2007  | 
Bradford Networks' NAC secures 1M users during back-to-school rush
Akonix Publishes September IM Threat Report
News  |  9/28/2007  | 
Akonix's Threat Center tracks 33 IM attacks
CyberDefender Adds Remote Support
News  |  9/28/2007  | 
CyberDefender debuts new Internet security suites
Your Health Is None of Your Damn Business
Quick Hits  |  9/28/2007  | 
Workers at Wyoming hospital reprimanded for breaking HIPAA rules to look at their own health records
Microsofties Check Out Vulnerability Auction Site at Blue Hat
News  |  9/28/2007  | 
WabiSabiLabi participates in closed-door Microsoft summit of security researchers and Microsoft staff
Hackers Exploit Crisis in Burma
News  |  9/28/2007  | 
Email links to Dalai Lama's genuine Website, but attachment is malicious
Disaster Recovery: Plan for Recovery, Not for Disaster
Commentary  |  9/27/2007  | 
So many elements to business IT operations -- so many elements that can get sliced, diced, slammed, flooded, flamed, hacked, attacked, smashed and just plain hammered that your disaster recovery plan has to be universal to be effective.
Is Your Domain Name Safe From Porn Pirates?
Commentary  |  9/27/2007  | 
Avast. Pirates be boldly thievin' for themselves any toothsome domain name what puts a glint in their good eye. Recall the pair of scurvy dogs who battled for years over the rights to sex.com.
Startup Wins License for Secure Biometrics Token
News  |  9/27/2007  | 
Technology promises to protect privacy of user whose biometric data is stolen or copied
Comodo Unveils Free Security Tools
News  |  9/27/2007  | 
Comodo helps consumers stay safe online with new Website visual trust indicator and free desktop security tools
Cybercriminals on Your Doorstep
News  |  9/27/2007  | 
Latest scams range from legit-looking auction sites to looking you in the eye while they steal your money
Malware Plays Defense
News  |  9/27/2007  | 
New exploits can tell when they're being sandboxed for analysis
Verizon Business to Host Security Webinar
News  |  9/27/2007  | 
Experts address strategies for strengthening identity and access management programs
Quantum Secure Launches SAFE Agent
News  |  9/27/2007  | 
Quantum Secure launches SAFE Agent for Sun Microsystems' Java Identity Manager
Ounce Adds Classic ASP Support
News  |  9/27/2007  | 
Ounce Labs extends analysis capabilities with support for classic ASP
Survey: Who's Responsible for Compliance?
News  |  9/27/2007  | 
Polivec study shows growing acceptance of regulatory compliance but disagreement on who's responsible and who pays
Virus, Phishing Rise in Sept.
News  |  9/27/2007  | 
2nd wave of C-Level targeted attacks with increased sophistication
Video Shows Hack of US Power Grid
Quick Hits  |  9/27/2007  | 
A graphic dramatization made for the Department of Homeland Security simulates potential impact of a cyberterrorist attack on utility grids
Getting to the Real Endpoint of Endpoint Security
Commentary  |  9/26/2007  | 
Endpoint device and access control for small to midsize businesses is itself becoming a big business, with vitually every major security vendor offering device and access control programs tailored -- and increasingly priced -- for the market.
Many Retailers Will Not Make PCI Compliance Deadline
News  |  9/26/2007  | 
Problems with applications, access management leave credit card processors facing fines - and vulnerabilities
Metasploit Adds iPhone Hacking Tools
News  |  9/26/2007  | 
Popular pen-test tool now comes with Apple iPhone payloads
Call for Leading Lights Entries
News  |  9/26/2007  | 
September 28 entry deadline for Light Reading's Leading Lights Awards is coming up!
Trend Micro Unveils TM Internet Security 2008
News  |  9/26/2007  | 
New Trend Micro Internet Security products strengthen personal information protection and deliver enhanced performance
Hackers Post Names, Credit Card Info on eBay
Quick Hits  |  9/26/2007  | 
Auction site says incident is a hack, not a leak
ArcSight Debuts PCI Protection
News  |  9/26/2007  | 
ArcSight debuts comprehensive, scalable and cost-effective PCI protection solution
Watson SCS Offers Free IT Security Assessment
News  |  9/26/2007  | 
IBM partner Watson SCS offers complimentary IT security assessment
Uplinkearth Partners With Comodo
News  |  9/26/2007  | 
Uplinkearth partners with Comodo to provide SSL certificates, such as the newly released EV SSL certificates
Peter Tippett to Keynote Tradeshow
News  |  9/26/2007  | 
Security pioneer from Verizon Business to keynote at virtual security tradeshow
Brabeion Joins PCI Alliance
News  |  9/26/2007  | 
Brabeion Software joins PCI Security Vendor Alliance and helps major retailers meet PCI data security standard deadlines
Blue Lane Adds Support for VMware
News  |  9/26/2007  | 
Blue Lane delivers unmatched protection and network flow visibility for VMware Infrastructure 3 environments
VARs Adopt Consolidated Network Security
News  |  9/26/2007  | 
VARs adopting consolidated network security solutions as corporate demand escalates
Canadian Government Sheds Light On TJX Breach
News  |  9/25/2007  | 
Attack was conducted via wireless links at two Miami Marshall's stores, investigation reveals
San Jacinto College Uses Mirage's NAC
News  |  9/25/2007  | 
San Jacinto College seeks to protect from threats introduced by peer-to-peer file sharing
Virtual Civil Disobedience
News  |  9/25/2007  | 
Now that n.runs has opened the floodgates by putting its hacking tool back online, who'll step up next?
Cigital Secures Marriott International
News  |  9/25/2007  | 
Cigital develops data encryption solution for Marriott International
VeriSign Flexes DNS Security Muscle
News  |  9/25/2007  | 
Internet DNS server host upgrades its infrastructure as DNS attacks continue to hammer the Net
Code Green Launches DLP Appliance
News  |  9/25/2007  | 
Code Green Networks launches industry's first data loss prevention appliance for small businesses and branch offices
BreakingPoint Unveils Application Traffic Generator
News  |  9/25/2007  | 
BreakingPoint Systems unveils world's fastest application traffic generator
Former CheckPoint VP Joins Insightix
News  |  9/25/2007  | 
Bill Lavelle joins Insightix as vice president of sales in the Americas
Apple: Bypassing AT&T Can Break Your iPhone
Quick Hits  |  9/25/2007  | 
Trying to use another service could be the death of your favorite new gadget
Mexico City Airport Adds New ID Solution
News  |  9/25/2007  | 
Mexico City International Airport uses Bioscrypt's identity and access management solution in new state-of-the-art terminal
Sophos Update Blocks Remote Connection Tools
News  |  9/25/2007  | 
Sophos helps organizations block unauthorized remote connection tools
NeoScale, Bridgehead Announce New Encryption
News  |  9/25/2007  | 
Combined solution provides enterprise-wide data protection and robust encryption with enterprise key management for hospital data on tape
VeriSign Completes Milestones
News  |  9/25/2007  | 
VeriSign completes key milestones in initiative to strengthen and diversify global Internet infrastructure
Study: Poor ID, Access Management in UK
News  |  9/25/2007  | 
New independent survey by Siemens Insight Consulting uncovers security policy lapses in UK business
Page 1 / 5   >   >>


13 Russians Indicted for Massive Operation to Sway US Election
Kelly Sheridan, Associate Editor, Dark Reading,  2/16/2018
One in Three SOC Analysts Now Job-Hunting
Kelly Jackson Higgins, Executive Editor at Dark Reading,  2/12/2018
Encrypted Attacks Continue to Dog Perimeter Defenses
Ericka Chickowski, Contributing Writer, Dark Reading,  2/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: One agent too many was installed on Bob's desktop.
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.