Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in March 2009
<<   <   Page 2 / 2
5 Ways To Avoid Adware And Malware
Commentary  |  3/9/2009  | 
Think you're protected from adware and malware? Think again. But here are five tips to avoid leaving your computer vulnerable.
Symantec: New Conficker/Downadup Defends Itself Against Defenses
Commentary  |  3/9/2009  | 
Good news: the Conficker/Downadup worm infection seems to be shrinking. Bad news: the worm-makers have developed a new strategy aimed directly at defeating defenses erected against it.
New Dark Reading Tech Center Highlights Insider Threats
Commentary  |  3/9/2009  | 
Today marks the official launch of the Insider Threat Tech Center, a subsite of Dark Reading devoted to bringing you news, opinion, and analysis of the security threats that come from inside the organization -- and the technologies used to prevent them. This is the first of what we hope will be several Dark Reading Tech Centers, which are designed to provide you with a more focused view of specific issues, threats, and tec
Make Daylight Savings Time Daylight (And Nighttime!) Security Time
Commentary  |  3/6/2009  | 
The clock resets that come every spring and fall offer a convenient reminder to doublecheck security procedures and programs, patch status and also to remind your staff to change their passwords.
Offensive Computing: A Bad Idea That Never Dies
Commentary  |  3/5/2009  | 
Your network is getting scanned from some system on the other side of the country, or perhaps the globe. You traceroute the IP address, and discern the offending system is infected with a bot that's trying to infect you. You take a look at the device and see it's not patched for a multitude of OS vulnerabilities. Is it ethical (never mind legal) for you to take the system down with some exploits of your own?
Identity Finder: Tax Time Is Identity Protection Time -- And Not Just Online!
Commentary  |  3/5/2009  | 
As tax season moves into higher gear, so do criminals' efforts to liberate your personal information from your private files. According to one identity theft expert, our online identity protection vigilance needs to be matched by offline wariness as well.
Storage QoS For Virtualized Environments
Commentary  |  3/5/2009  | 
As the initial wave of virtualization projects come to a close, many are finding an odd result. CPU utilization is actually lower than when it started. Now users are looking to pile on more workloads but before they do they need to prioritize storage I/O performance to those workloads; they need a QoS for storage.
Lack Of Manpower Leads To Insecurity
Commentary  |  3/4/2009  | 
The "PHPBB Password Analysis" blog entry here on Dark Reading by Robert Graham offers some truly interesting insight into how users choose passwords -- great info for infosec pros and hackers alike. What I want to point out is something Robert mentions about the phpBB hack in his company's Errata Security blog that
Symantec: Norton 360 v. 3.0 Released Today
Commentary  |  3/4/2009  | 
Symantec's third iteration of its Norton 360 Internet security product offers online backup and data management tools as well the expected array of anti-virus, firewall and identity protection. All, the company says, at higher speed while making lower system demands. Marketed to home users, the package can be effective for small offices as well.
Is Antivirus Software Slipping?
Commentary  |  3/3/2009  | 
A "study," released by a security firm just yesterday, points out the well-known weakness in signature-based antivirus software. But does this mean you shouldn't rely on antivirus software?
iSCSI Strikes Back
Commentary  |  3/3/2009  | 
With all the talk about FCoE and NFS it seems that iSCSI has become the odd man out. All reports indicate that Dell continues to do well with the EqualLogic acquisition but what Hewlett-Packard is doing with its LeftHand Networks purchase remains unclear. Don't count iSCSI out yet, though -- companies are planning iSCSI storage solutions aimed r
Peter Parker's Uncle Ben Would Not Approve
Commentary  |  3/3/2009  | 
Note to Web browsers: With great power comes great responsibility.
Facebook Insecurity: The Worm Returns
Commentary  |  3/3/2009  | 
Facebook and other social network users need to be on the alert for the return of the Koobface worm, which sniffs out cookies associated with social nets, then uses that info to spread itself to other network members.
Breaking Out Of Your Zone
Commentary  |  3/2/2009  | 
There is a blog entry over at the Security Catalyst website titled "Running Outside the Zone" that I think all IT security pros should take the time to read, ponder and put into practice. I won't rehash all of the details here, but the gist of the post is that as an infosec professional, you need to get step outside your comfort zone once in a while. It helps you stay sharp, learn new skills and get better in some areas you'
Sophos: Downadup May Cause Friday the 13th / Southwest Airlines Problems
Commentary  |  3/2/2009  | 
The Downadup/Conficker infestation may be about wreak a little more havoc. Security firm Sophos says the botnet is gearing up for a Friday the 13th move, with Southwest Airlines among its possible targets.
<<   <   Page 2 / 2


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-34580
PUBLISHED: 2021-10-27
In mymbCONNECT24, mbCONNECT24 &lt;= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts.
CVE-2011-4126
PUBLISHED: 2021-10-27
Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing unprivileged users the ability to mount any device to anywhere.
CVE-2011-4574
PUBLISHED: 2021-10-27
PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor's high resolution timer (the RDTSC instruction). This instruction can be virtualized, and some virtual machine hosts have chosen to disable this instru...
CVE-2020-7867
PUBLISHED: 2021-10-27
An improper input validation vulnerability in Helpu solution could allow a local attacker to arbitrary file creation and execution without click file transfer menu. It is possible to file in arbitrary directory for user because the viewer program receive the file from agent with privilege of adminis...
CVE-2021-26610
PUBLISHED: 2021-10-27
The move_uploaded_file function in godomall5 does not perform an integrity check of extension or authority when user upload file. This vulnerability allows an attacker to execute an remote arbitrary code.