News & Commentary
Content posted in September 2009
|
Microsoft Tests Container Approach In Chicago Data Center
Microsoft's new data center in Chicago runs servers packed in shipping containers to let it quickly add or remove capacity as it tries to compete with Google in online services.
Which Botnet Is Worst? Report Offers New Perspective On Spam Growth
Rustock might be biggest, but Grum is worst offender, MessageLabs study says
New Trojan Evades Banks' Anti-Fraud Systems
'URLZone' calculates how much money to steal from a victim's account without raising suspicion
U.K. Account Takeover Attacks Increased 207 Percent Last Year, Report Says
Online banking fraud increases 132 percent as cybercriminals shift tactics
Password-Stealing Malware Spikes
McAfee's recent report on malware has staggering numbers that are simply hard to believe, yet because I've been battling daily the very bots, Trojans, and scareware they researchers are talking about, I can't help but agree.
Cyber-Crime No Longer Smash and Grab
Typically, banking customers discovered they'd been victimized by cyber-crime when they discovered their bank accounts emptied. No more. According to this report, online thieves are getting craftier at covering their tracks to go undetected for longer stretches of time.
Internet Has Never Been More Dangerous, Report Says
The Anti-Phishing Working Group reports record levels of fake antivirus software and other malware.
Stupid IRS Spam
I believe that anyone who uses the Internet on a regular basis has to know that most e-mail messages are spam, and possibly part of a fraud scheme. I also realize that some people are more aware than others, and that some criminals are clever. But the current spread of an email message that claims to be from the IRS accusing a person of fraud demonstrates that naivete that runs deep on the Internet.
Disaster Recovery: SMBs Think They're Ready. Symantec Says They're Not.
A new Symantec study of small and midsized business disaster recovery preparedness reveals a dramatic disconnect between DR beliefs and DR realities. Namely, most businesses are convinced they're prepared to recover from a disaster. Wrong.
Making Server Virtualization Storage More Scalable
Storage scalability in a virtualized environment is quickly becoming a concern for some data centers. Unlike the very predictable single server world which had a single application, single NIC card and single host bus adapter, the virtualized host can have dozens of virtual machines and multiple network interface cards. This leads to a very unpredictable and random workload that can push storage controllers to their limits.
IRS virus demonstrates stupidity is rampant
The proliferation of the current IRS virus demonstrates stupidity is rampant on the Internet.
Microsoft Bing Ads Warn About Scams
As part of its ongoing security push, Microsoft is teaming up with the government and Western Union to run search ads to educate users about potential online fraud.
Conficker Showdown: No End In Sight
Reinfected machines likely part of the 5.5 to 6 million-strong Conficker headcount
Microsoft Rolls Out Free AV
Microsoft Security Essentials (MSE) changes AV market landscape
Taming The Threat From Within: Report
New Dark Reading report offers insight on how to keep your network safe from e-business partner risks
Microsoft Offers Free Security Essentials
New antivirus service could pose threat to paid entrants in the multibillion dollar PC security industry.
Security By Geography: Stop A Country With A Click
I'm hoping that it's more than a mere reinforcement of America's most unfortunate xenophobic tendencies, but TechGuard Security's new PoliWall ESE security appliances take a geographic approach to SMB security by filtering IP according to their country of origin.
Dutch ISPs Sign Anti-Botnet Treaty
Netherlands ISPs last month launched a joint effort to fight malware-infected computers and botnets -- fondly described by locals as a "treaty."
Metasploit Adds Exploit For Unpatched Windows SMBv2 Bug
The upcoming stable release of Metasploit Framework version 3.3 is brimming with awesome new features that will make a lot of penetration testers happy. New features include the ability to take screenshots of exploited systems, while others add raw power, like being able to exploit the unpatched SMBv2 vulnerability in Windows Vista and Server 2008.
Is Mac Security Software Necessary?
Verizon is offering security software to its Internet service customers who use Macs. But is that something Mac users really need?
New NIST Report Sheds Some Light On Security Of The Smart Grid
First draft of Cyber Security Coordination Task Group report released
Nature Versus Hacker: Digital 'Ants' Swarm Malware In Research Project
Method mimics how ants in nature fight threats en masse, digital ants successfully spot computer worm
Reducing The Storage Costs In Server Virtualization
One of the most expensive components of a server virtualization project is the storage which it is attached to. This is one of the reasons that VMworld seems more like a storage event than a server virtualization event. One of the key themes from vendors at this years event was reducing the storage costs in server virtualization projects.
Hacking Gets Physical
The guilty plea entered into federal court last week, by a contract IT worker, for disrupting a computer system used to monitor off-shore oil platforms shows that illegal hacking is likely to increasingly danger the physical world.
SMB Security Provider Sees $1 Billion Markets Becoming $100 Million Markets
Walter Scott, CEO of Malta-based GFI Software, says that a combination of decreasing bandwidth costs and increasingly cost-conscious small and midsize companies are changing the security landscape.
Wolfe's Den Podcast: Trend Micro Takes Security To The Cloud
Eva Chen, CEO and co-founder of Trend Micro, talks about what cloud-computing users should do to secure their data and how her company is itself using the cloud to protect against the explosion of malware.
PCI DSS Update Could Include Virtualization Security
PCI Virtualization Special Interest Group (SIG) is drafting guidelines and a mapping tool for applying PCI to virtualized systems
Online Bank Fraud: 5 Riskpoints Your Business Needs To Worry About
How much do you know about the security habits, practices, technologies policies of your business's online bank and other financial services and institutions? Odds are, if Terry Austin of Guardian Analytics is right, it's nowhere near enough.
BeEF: XSS Vuln To Hack In Less Than 20 Characters
As I'm finishing another successful Web application penetration test, I'm kicking myself for not noticing a new release of one of my all-time favorite Web hacking tools, the Browser Exploitation Framework (BeEF). BeEFis a fantastic tool for getting across to developers and Web admins the seriousness of vulnerabilities like cross-site scripting (XSS).
Cybercriminals Offer 43 Cents For An Infected Mac
Sophos researcher offers a peek at the inner workings of an infamous Russian affiliate network
Debit Or Credit? Neither
I stopped using my debit card altogether a couple of years ago out of an intense fear that I would never recoup the losses if my card were skimmed in the grocery-store line or compromised at TJ Maxx. Now I casually slide my checkbook onto the card reader stand and perform that rare act of putting pen to paper while trying to avoid the annoyed stares of shoppers behind me in line who may lose a few seconds off of their shopping time because I didn't use plastic.
Spuds And Spam: Idaho No. 1 Most Spammed State
MessageLabs reveals list of U.S. states that get the most spam
Survey Says: PCI DSS Compliance Not Strategic
That's right. A survey conducted by the Ponemon Institute, and backed by security firm Imperva, says that the vast majority of firms don't view the Payment Card Industry Data Security Standard (PCI DSS) as a strategic initiative.
Up To 9 Percent Of Machines In An Enterprise Are Bot-Infected
Most are members of tiny, unknown botnets built for targeting victim organizations
Spammers To Idaho: You're The Tops!
Spam targeting is one of those categories you don't want to be Number One in, but somebody has to be. According to a new report from MessageLabs, the top spam targets in the U.S. live in Idaho. But the rest of the states aren't that much better off.
Full Disk Encryption Evolves
The Opal standard paves the way for hardware-based encryption.
Implementing Power Efficient Drives
Most green storage methods really allow you to store more data in the same physical space, for the same amount of power consumption. To get serious about power efficiency you have to be able to turn things off. The ideal way to do this is have the drives either spin down or turn them off, but there is limited information about implementing power efficient drives.
Med Students 'Unprofessional' On Social Networking Sites
Today's Facebook and YouTube posts might catch up with tomorrow's doctors, a study published in a medical journal suggests.
Microsoft Posts Fix For SMB Vulnerability
A fix is available for the vulnerability in Microsoft's Sever Message Block software.
Google Urges Cooperation Against Bad Ads, Malware
A malicious ad surfaced in Google search results just as Google called for a more concerted industry effort against such scams.
Scareware And Bots Require Layered Defenses
Defense in depth is not a new idea in security, but the importance of taking a layered approach is more important than ever. The current rise in infections by bots and scareware, along with recent reports on anti-malware endpoint protection, demonstrate how we need to be doing more at every layer.
Couple's Lawsuit Against Bank Over Breach To Move Forward
Case raises questions about banks' liability in breach of customers' online accounts
Department Of Defense Putting Data At Risk
Data deletion policies aren't being properly followed across the board, risking exposure of personal or sensitive data, report says.
PCI More Of A 'Check-Box' Than Security For Most Retailers
New survey shows less than one-third of small businesses are PCI-compliant, while 70 of large businesses are
Credit Card Compliance Still Poorly Practiced
A new survey from Imperva and the Ponemon Institute finds that despite the rising number of data breaches, many companies still do not fully adhere to compliance standards. And many of those that are protecting credit card information are neglecting security when it comes to other, equally sensitive data. Smaller businesses may be having the most trouble with the standards.
Security Software Market Remains Strong
While the growth of the security software market took a hit this year, along with most every other market segment, it's still pegged to grow 8 percent, year over year, according to a market research firm. There's also stronger growth ahead.
The Search For A Perfect Corporate Password Policy
What qualifies as a safe and sane password policy for your business? A recent blog post serves up some interesting answers to this question.
Trend Micro Gets Top Spot In New Anti-Malware Test
But even the best-performing product blocked only 70 percent of malware, NSS says
New Free Web Application Firewall 'Lives' In The App
Open-source project aims to put WAF control into application developers' hands
DoD Preparing To Lift USB Ban
'Authorized' users and only DoD-approved, DoD-purchased thumb drives and other USB devices will be allowed
|
White Papers
Video
10 Comments
Current Issue
5 Emerging Cyber Threats to Watch for in 2019Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2019-1659
PUBLISHED: 2019-02-21
PUBLISHED: 2019-02-21
PUBLISHED: 2019-02-21
PUBLISHED: 2019-02-21
PUBLISHED: 2019-02-21
From DHS/US-CERT's National Vulnerability Database CVE-2019-1659
PUBLISHED: 2019-02-21
A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime Infrastructure (PI) could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the Secure Sockets Layer (SSL) tunnel established between ISE and PI. The vulnerability is due to...
CVE-2019-8983PUBLISHED: 2019-02-21
MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 1 of 2).
CVE-2019-8984PUBLISHED: 2019-02-21
MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 2 of 2).
CVE-2018-20122PUBLISHED: 2019-02-21
The web interface on FASTGate Fastweb devices with firmware through 0.00.47_FW_200_Askey 2017-05-17 (software through 1.0.1b) exposed a CGI binary that is vulnerable to a command injection vulnerability that can be exploited to achieve remote code execution with root privileges. No authentication is...
CVE-2018-6687PUBLISHED: 2019-02-21
Loop with Unreachable Exit Condition ('Infinite Loop') in McAfee GetSusp (GetSusp) 3.0.0.461 and earlier allows attackers to DoS a manual GetSusp scan via while scanning a specifically crafted file . GetSusp is a free standalone McAfee tool that runs on several versions of Microsoft Windows.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2019 UBM, All rights reserved
Tweet This