Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in September 2010
<<   <   Page 2 / 5   >   >>
Disney Introduces Social Media Site
News  |  9/24/2010  | 
Let The Memories Begin offers guests a site to share photo, video or text memories and allows Disney to use the content in advertising and marketing.
Gen. Alexander Calls For 'Secure, Protected Zone' On Internet For Nation's Networks
News  |  9/24/2010  | 
'The question is, how do we do it,' said the director of the new U.S. Cyber Command and the National Security Agency
What Solid State Form Factor Is Best - Integration
Commentary  |  9/24/2010  | 
Returning to our Solid State Form factor series; this entry we are going to begin the discussion about solid state integration. There are really two parts of the integration discussion; how will you integrate solid state disk into your storage infrastructure and the other is how will your vendor integrate solid state disk into their storage system? We'll tackle the vendor issue first since it may directl
The Top Five Ways Attackers Target Small Businesses -- And What You Can Do About It
News  |  9/24/2010  | 
SMBs are becoming a favorite target for cybercriminals. Is your organization taking the right steps to stop them?
'Here You Have' A Lesson
Commentary  |  9/24/2010  | 
It's been interchangeably called spam, or a targeted attack that spun out of control, or a form of cyber-jihad with alleged geopolitical implications. But regardless of what you call it, the "Here You Have" email worm is an excellent example of just how well today's security can work. Here are a few justifications for that optimism.
Stuxnet Heralds New Generation of Targeted Attacks
News  |  9/23/2010  | 
Power plants no longer considered immune to infection, and targeted attacks become more precise
AMD Lowers Q3 Sales Forecast
News  |  9/23/2010  | 
Intel and AMD both cut forecasts for the third quarter citing weaker than expected sales of processors for consumers PCs.
Facebook Suffers Slowdowns, Access Problems
News  |  9/23/2010  | 
The popular social network acknowledges some users may have difficulty accessing the site, but has yet to provide details of the cause.
Google, YouTube Win Copyright Ruling In Spain
News  |  9/23/2010  | 
Aggrieved media companies keep claiming copyright infringement but courts keep siding with Google.
Report: Government Agencies Lag In DNSSEC Adoption
Quick Hits  |  9/23/2010  | 
New report shows DNSSEC adoption slow within the .gov community, with many missing federal mandate deadline
Red Hat Boasts 20% Gain In 2Q Earnings
News  |  9/23/2010  | 
Strong renewals, new project spending, expansion, and cross-selling credited for rise in revenue over 2009.
Cyber Command Director: U.S. Needs To Secure Critical Infrastructure
News  |  9/23/2010  | 
General Keith Alexander says the new U.S. Cyber Command will work to protect the nation's key industries and defense networks from devastating cyber attacks.
Different Flavors Of The Insider Threat
Commentary  |  9/22/2010  | 
There are different categories of insider threats, based on the level of access the employee has. There are four types: pure insider, insider associate, insider affiliate, and outside affiliate. Each of these categories also has different motives. Understanding each is a key to building proper preventive and detective defenses.
WAN Security: Your Next Assignment
News  |  9/22/2010  | 
Firewalls and IDS aren't enough. WAN security pros must embrace data-centric protection.
For Small Businesses, Social Networking Poses New Security Risks
News  |  9/22/2010  | 
Many SMBs could be infected before they can develop adequate policies, experts say
After HP Acquisition, ArcSight Lays Groundwork For Future At User Conference
News  |  9/22/2010  | 
HP exec says "a new approach is needed" for security
Samsung Epic 4G First To Access Media Hub
News  |  9/22/2010  | 
Sprint has launched a series of "epic mini movies" that showcase the Android handset's entertainment capabilities and the download speeds of the carrier's 4G network.
Most Third-Party Software Fails Security Tests
News  |  9/22/2010  | 
Veracode report shows eight of 10 applications at risk of failing PCI compliance audit
Most Websites Have Serious Vulnerabilities To Attack, Study Says
Quick Hits  |  9/22/2010  | 
Large sites have an average of 13 serious vulnerabilities; smaller sites have slightly fewer
FBI Awards $40 Million To BAE For Cybersecurity
News  |  9/22/2010  | 
Contract will provide risk assessments and monitor data security for the Federal Bureau of Investigation's IT systems.
The Cookies You Can't Remove
Commentary  |  9/22/2010  | 
They say that some things last forever, like diamonds or true love or Twinkies. But should browser cookies used for tracking be added to that list?
Oracle Intros Healthcare Security Governor
News  |  9/22/2010  | 
Tool leverages other Oracle identity management and data mining products to offer retrospective and real-time fraud detection for medical organizations.
Product Watch: eEye Revives Free Zero-Day Vulnerability Tracker Site
News  |  9/22/2010  | 
Aims to be a 'one-stop shop' for zero-day vulnerabilities, analysis
Web-Based Spam Detection With Google Alerts
Commentary  |  9/22/2010  | 
Search engines are great, powerful tools. They can help find an answer when you've tried everything you can think of. They can also help find information about a company you may be performing a penetration test on.
Google Could Drive Mobile Two-Factor Authentication Model
News  |  9/21/2010  | 
New Google Apps offering could overcome previous barriers to multifactor authentication
Apple To Acquire Polar Rose Face Recognition Firm
News  |  9/21/2010  | 
The facial recognition software made by the Swedish company can be used in the cloud, on a computer or on iPhone and Android smartphones.
Twitter Attack An XSS Wake-Up Call
News  |  9/21/2010  | 
Attackers targeted once-patched cross-site scripting flaw on Twitter's website that had re-emerged after a site update
Accuvant Acquires Cybersecurity Firm Ciphent
News  |  9/21/2010  | 
Purchase by security consulting firm aims to grab a share of increased spending by federal agencies.
Twitter Worm Fixed
News  |  9/21/2010  | 
A cross-site scripting flaw that allowed several worms to spread on Twitter has been repaired.
Hacking, Not Partying, At The Frats: 1 In 5 College Students Have Hacked
Quick Hits  |  9/21/2010  | 
One-third say hacking is 'cool,' though nearly half have had their own social networking or email accounts compromised
Twitter Under Attack
Commentary  |  9/21/2010  | 
There's a cross-site site scripting flaw aggressively spreading across the social networking site Twitter. I know, I was hacked first thing this morning. . .
Virtual Desktops And Storage - Dealing With Boot Storms
Commentary  |  9/21/2010  | 
Virtual desktop environments are different than virtual server environments when discussing performance. To the virtual desktop environment we need to be able to provide acceptable performance consistent, but moderate, performance throughout the day to a set of endpoints (desktops and laptops) that have similar I/O patterns. This is different than server virtualization which has highly random I/O patterns and needs very high performance at peak moments throughout the day.
Turn Workers Into Security Partners
News  |  9/20/2010  | 
Rather than just protect employees or protect against them, security managers should rely on users to help defend the business
The What And The Why Of Professional Penetration Testing
Commentary  |  9/20/2010  | 
Welcome to the first in a series of posts on professional penetration testing. During the course of the next few entries, I will shed light on the often confusing and rarely straightforward world of penetration testing based on my experience during the past decade as both a professional penetration tester and a manager of penetration testing teams.
NIST Research Could Boost Mobile Device Security
News  |  9/20/2010  | 
An electron spinning technique could pave the way for a new generation of wireless device signals that are difficult for enemies to intercept, according to researchers at the National Institutes of Standards and Technology.
Missing The Insider Threat
Commentary  |  9/20/2010  | 
"I trust everyone. It is the devil inside that I do not trust" is a great line from the movie "The Italian Job." Every single person has the potential to do harm if the right circumstances occur. Yes, this includes employees.
NC State, IBM Researchers Create 'Stealth' Hypervisor Security Tool
News  |  9/20/2010  | 
Tool will ultimately be offered as open source
Stuxnet Updates Through P2P Communications
News  |  9/20/2010  | 
Symantec finds that peer-to-peer networks can propagate the malware, even though its command and control systems are now offline.
Piracy Activists Attack Entertainment Industry Sites
News  |  9/20/2010  | 
Distributed denial of service strikes hit Motion Picture Association of America, Recording Industry Association of America over the weekend.
Adobe Accelerates Fix For Flash Flaw
News  |  9/20/2010  | 
Repair for the critical vulnerability, which is being actively exploited, will be released Monday rather than later this month.
Protegrity Gets Aggressive
Commentary  |  9/20/2010  | 
Last week Protegrity announced it had filed patent infringement suits against NuBridges and Voltage Security Inc., its main competitors. Patent infringements suits are nothing new with technology companies, but this one was a little odd in that the suits were actually filed in May.
Google Bolsters Apps With Two-Step Verification
News  |  9/20/2010  | 
Protection will be available first to Google Apps Premiere, Government, and Education edition users, at no extra charge
Yahoo CEO Touts Alibaba Investment
News  |  9/20/2010  | 
Carol Bartz says Yahoo's 39% stake in the China e-commerce leader is great for business, refuses comment on tension between the firms.
A Lesson From Steve Jobs' Email
Commentary  |  9/20/2010  | 
We've all had one of these moments: You get an email and quickly respond without putting much thought into it. Then you end up wishing you'd taken more time.
Fraudsters Attempt To Steal Interpol Chief's Identity Via Facebook
Quick Hits  |  9/19/2010  | 
Interpol Secretary General Noble says bold criminals tried to impersonate him online
Steady Bleed: State of HealthCare Data Breaches
Commentary  |  9/19/2010  | 
Study reveals that, for many healthcare providers, patient data breaches continue - month after month - at an alarming rate.
Google Apps Adds Two-Step Verification
News  |  9/17/2010  | 
Enhanced security is now available to Google Apps enterprise customers via their mobile phones.
Security Exploits Increasingly Complex
News  |  9/17/2010  | 
A study from HP TippingPoint finds that web applications are still an attack magnet, but hackers now appear to be collaborating more closely to spot new flaws.
Protection Efforts Superficial
News  |  9/17/2010  | 
Database security is a growing concern.
Former Contractors Indicted For Leaking U.S. Nuclear Secrets
Quick Hits  |  9/17/2010  | 
Man and wife who worked at Los Alamos National Labs allegedly tried to sell secrets to FBI agent posing as Venezuelan official
<<   <   Page 2 / 5   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27491
PUBLISHED: 2021-07-30
Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,The Ypsomed mylife Cloud discloses password hashes during the registration process.
CVE-2021-27495
PUBLISHED: 2021-07-30
Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,he Ypsomed mylife Cloud reflects the user password during the login process after redirecting the user from a HTTPS endpoint to a HTTP endpoint.
CVE-2021-32807
PUBLISHED: 2021-07-30
The module `AccessControl` defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of `Script (Python)` objects. The policies defined in `AccessControl` severely restrict acce...
CVE-2021-22521
PUBLISHED: 2021-07-30
A privileged escalation vulnerability has been identified in Micro Focus ZENworks Configuration Management, affecting version 2020 Update 1 and all prior versions. The vulnerability could be exploited to gain unauthorized system privileges.
CVE-2021-34629
PUBLISHED: 2021-07-30
The SendGrid WordPress plugin is vulnerable to authorization bypass via the get_ajax_statistics function found in the ~/lib/class-sendgrid-statistics.php file which allows authenticated users to export statistic for a WordPress multi-site main site, in versions up to and including 1.11.8.