Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Content posted in December 2009
<<   <   Page 2 / 2
Bank Phishing: It Doesn't Take Much For Phishers To Take A Lot
Commentary  |  12/7/2009  | 
Most people ignore -- and, one hopes, delete unopened -- those phishmails that pose as correspondence from legitimate banks. But even a fraction of a percentage of responses generates millions for the crooks.
KACE Adds Patch and Remediation To Strengthen Patch Management For Endpoint Security
Commentary  |  12/7/2009  | 
The new technology is designed to improve patching support and add automated patch management to KBOX systems management appliances.
Researcher: iPhone Data Easy To Cultivate
Commentary  |  12/6/2009  | 
While there hasn't been any attacks on iPhones that haven't been jailbroken, one researcher has shown that once a rogue application makes its way onto the device - there's not much it can't do with your data.
Global CIO: The Top 50 Tech Quotes From 2009
Commentary  |  12/5/2009  | 
What were the most-memorable, confrontational, insightful, and valuable comments in 2009? We've pulled together 50 of the best.
SMB Security Spending To Grow In 2010, Vendors Say. What Say You?
Commentary  |  12/4/2009  | 
Small and midsized businesses are "poised" for security growth in 2010, according to a recent panel of experts. But that same conversation included warnings that the growth would come while SMBs continue to slash budgets. Paradox? Not when you factor in the cloud and security services.
The Case For Specialized Hardware
Commentary  |  12/3/2009  | 
As we described in the last few entries, adding storage software to standard servers or even to virtual servers is making more sense for a variety of data centers because of the increased performance capabilities of the Intel processor family. Despite this there may still be times in certain environments where there is a need for specialized storage hardware.
Global CIO: Outsourcer HCL To Cut Insurer's Costs By $150 Million
Commentary  |  12/2/2009  | 
HCL is taking on an end-to-end chain of processes in a deal valued at $200 million that blends IT infrastructure and services with deep business processes and more.
Test Drive Of Metasploit's NeXpose Plug-In
Commentary  |  12/2/2009  | 
Rapid7's acquisition of the Metasploit Project caused a lot of heads to turn. Concerns were raised about the project's future, specifically that of the Metasploit Framework. I held back from saying anything at the time because I was hoping for the best. Yesterday marked the first Metasploit Framework release that shows promise of the future by including integration with Rapid7's NeXpose vulnerability scanner.
Firefox On Fire
Commentary  |  12/2/2009  | 
Firefox is hot. The latest numbers show it now owns one-fourth of the browser market right now. But fame, of course, comes with a price: A recent, separate report shows that Firefox accounted for nearly 45 percent of all Web vulnerabilities in the first half of this year.
Security Pro Market Heating Up
Commentary  |  12/2/2009  | 
The good news for IT security professionals is that demand for their skills is likely to increase in the next few months, according to Robert Half Technology. The challenging news for small and midsized businesses looking for security pros is that rising demand for their skills is going to make finding and hiring them harder.
What IBM's Acquisition Of Guardium Really Means
Commentary  |  12/2/2009  | 
IBM's acquisition of database activity monitoring (DAM) vendor Guardium has created a lot of buzz in the security industry. This is the first major acquisition in the database security market, the first time a large company has bet on DAM technology, and if the rumored sales price is accurate, then it suggests IBM paid a premium. And given the value this product can provide to IBM customers, it looks like a good investment.
Global CIO: Will SAP Move To Tiered Maintenance Fees?
Commentary  |  12/1/2009  | 
SAP's intentions are always difficult to discern, but it might be on the verge of revising the support/maintenance fees its customers love to hate.
New Ransomware Attack Underway
Commentary  |  12/1/2009  | 
Security researchers at CA have found a new so-called "ransomware" attack underway. There are many things you can say about malware writers. Most of it would be NSFW. But you can't say they don't work hard at what they do.
The Secret Sauce For Security Blogging
Commentary  |  12/1/2009  | 
I recently wrote in my personal blog about how some security blogs manage to engage their audience better than others and make their readers feel more in touch with what's happening -- on top of earning credibility.
<<   <   Page 2 / 2

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The 10 Most Impactful Types of Vulnerabilities for Enterprises Today
Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-03-17
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that w...
PUBLISHED: 2023-03-17
The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the &acirc;&euro;&tilde;pec_coupon[code]&acirc;&euro;&trade; parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenti...
PUBLISHED: 2023-03-17
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as critical. This issue affects the function view_student of the file admin/?page=students/view_student. The manipulation of the argument id with the input 3' AND (SELECT 2100 FROM (SELECT(...
PUBLISHED: 2023-03-17
A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=delete_img of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt le...
PUBLISHED: 2023-03-17
A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&amp;date_from=2023-02-17&amp;date_to=2023-03-17 of the component Report Handler. The manipula...