Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in January 2009
<<   <   Page 2 / 2
PCI Impact Brings Insurance Protection Offering
Commentary  |  1/12/2009  | 
What does it say about the impact of PCI regulations on small to midsize businesses when an insurance company begins offering "card-compromise" coverage?
Employee Data As Valuable As Customer Info... And Even More At Risk!
Commentary  |  1/12/2009  | 
Crooks are just as interested in your employees' confidential data as they are in your customers'. And according to PricewaterhouseCoopers, worker's info may be even easier to steal.
Microsoft's Light Patch Tuesday Offset By Oracle
Commentary  |  1/9/2009  | 
While Microsoft is slated to issue one patch next week, Oracle announced it will release an eye-popping 41 security vulnerability fixes that touch hundreds of applications. Oh joy.
Campus Net Abuzz With BCS Win
Commentary  |  1/9/2009  | 
Another year, another championship. Now, that's not meant to sound snobbish or trite, but the past few years have been very good for University of Florida athletic programs. Last night was a great example with the Gator football team wrapping up the BCS National Championship with a win against the Oklahoma Sooners. After seeing the preparatory buzz of activity yesterday, I expected to see more visible excitement as I walked a
CNN Gaza Spam Scam: Headlines Make Phishing Lines
Commentary  |  1/9/2009  | 
Spam phishers are at it again, trying to turn headlines and media sources into phish bait. This time it was the Gaza crisis, with supposedly legitimate CNN mail guiding the gullible to Trojan-bearing malware sites.
When It Comes To Development, Doesn't Anyone Learn From History?
Commentary  |  1/8/2009  | 
From the successful microblogging site Twitter to a Web site toll-payment system in New Zealand for a motorway that runs from Orewa to Puhoi, security still remains an afterthought.
Bombshells For The New Year
Commentary  |  1/8/2009  | 
The week after Christmas should be a quiet, reflective time to get organized for the new year while the security industry takes a little winter's rest. Uh -- not so much. This is the security industry, remember? Vendors may not roll out products during the holidays, but hackers never sleep.
Social Net Security: Phishers Fake LinkedIn Profiles
Commentary  |  1/8/2009  | 
Social networks' business potential is running smack into social networks' security issues, as witness this week's problems with Twitter and now, professional network LinkedIn.If your company and employees are using social nets there are some social net security practices they must, well, practice.
Security Spending May Increase In 2009
Commentary  |  1/8/2009  | 
Research firm Forrester predicts security spending, as a percentage of overall IT budgets, is set to rise this year.
You're Not Paranoid, Your Antivirus Just Doesn't Work Well
Commentary  |  1/7/2009  | 
Myth #2 of the "The Five Most Dangerous Security Myths" by PC World's Erik Larkin popped up in my inbox from a family member this morning. The second myth is, "Sure, the Web is today's Wild West, with digital guns blazing and no sheriff in sight. But as long as you use a goo
Green Is A 'Nice To Have'
Commentary  |  1/7/2009  | 
2009 is here and for IT, it's ugly. Storage projects will need to be justified with near instant ROI's. Over the next several entries we will look at projects you can undertake which will deliver that near-instant ROI, but first let's look at what Green IT's new role is during the economic downturn.
The Twitter Hack: One Thing You Need To Do
Commentary  |  1/6/2009  | 
As many of you know, the week has been off to a bad start for the Twitter microblogging site. While there's no absolute way to protect yourself when a vendor's security system fails, there is one crucial step you can take to limit your exposure.
People-Hacking
Commentary  |  1/6/2009  | 
My firm was recently hired to perform a network assessment for a fairly large bank. The emphasis on this engagement was circumventing physical controls and gaining access to the bank's internal network infrastructure. As with most financial institutions, we were asked to compromise remote locations (bank branches) and then make an attempt on the main office.
Twitter Hacks Raise Social Net Security Flags
Commentary  |  1/6/2009  | 
If you use Twitter, re-set your password before you do anything else. Then give some thought to what this week's Twitter hack says about how we use social networks, both in business and personally.
DLP Market Continues Its Consolidation
Commentary  |  1/5/2009  | 
CA's data loss prevention (DLP) vendor acquisition today clinches it: DLP vendors must either forge partnerships or be acquired to survive.
Security Spending Rises As Economy Sinks: Forrester
Commentary  |  1/5/2009  | 
The bad economy is good news for small and midsized business security budgets, according to a new report from Forrester. And, judging by some of Forrester's findings, the uptick comes just in time.
Browser Privacy Features Leave Users Exposed
Commentary  |  1/5/2009  | 
When using "private browsing mode" included in many of the current (and beta) Web browsers, do you know just how well it is working at preventing your Internet browsing from being tracked? What about the protection provided when you hit the button to clear your Web browsing history, cookies, and cached files?
Phishing For Tweets
Commentary  |  1/5/2009  | 
A new phishing scam that targets Twitter users is a backhanded compliment to the messaging service.
VeriSign Announced It Has Transitioned To Stronger Crypto
Commentary  |  1/4/2009  | 
Last week the IT security community lit up with the news that a team of researchers demonstrated how they could force digital certificates -- those digitally signed files that make it possible for software to vouch for its publisher -- and Web sites to safely identify themselves.
Are Web Site Defacements Really Cyber War?
Commentary  |  1/3/2009  | 
Almost every time there's a physical conflict, online "attacks" follow. And the recent spate of Palestinian Web site defacements are no exception. This sort of reaction on the Internet is certainly not new. In fact, we can only expect them to escalate.
DLP: An Important Tool In Protecting Data During Mergers & Acquisitions
Commentary  |  1/2/2009  | 
Data loss prevention (DLP) is a topic I've covered in the past because it's important in these times of targeted attacks and accidental data loss. It also tends to be a controversial topic since many people view it differently due to the variation in definitions of what the technology really is. For example, DLP vendors have solutions that range from basic content filtering at the network gateway to complex network- and host-based monitoring solutions, leaving the definition up to the vendor who
Security According To Google: Browser Security Handbook Made Public
Commentary  |  1/2/2009  | 
Google has released its own take on the nature of browser security -- and the ways in which browsers lack it.
<<   <   Page 2 / 2


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Machine Learning, AI & Deep Learning Improve Cybersecurity
Machine intelligence is influencing all aspects of cybersecurity. Organizations are implementing AI-based security to analyze event data using ML models that identify attack patterns and increase automation. Before security teams can take advantage of AI and ML tools, they need to know what is possible. This report covers: -How to assess the vendor's AI/ML claims -Defining success criteria for AI/ML implementations -Challenges when implementing AI
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-42002
PUBLISHED: 2022-10-01
SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete.
CVE-2022-39268
PUBLISHED: 2022-09-30
### Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end use...
CVE-2022-34428
PUBLISHED: 2022-09-30
Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service.
CVE-2022-34429
PUBLISHED: 2022-09-30
Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification.
CVE-2022-40923
PUBLISHED: 2022-09-30
A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file.