Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in March 2009
<<   <   Page 2 / 2
5 Ways To Avoid Adware And Malware
Commentary  |  3/9/2009  | 
Think you're protected from adware and malware? Think again. But here are five tips to avoid leaving your computer vulnerable.
Symantec: New Conficker/Downadup Defends Itself Against Defenses
Commentary  |  3/9/2009  | 
Good news: the Conficker/Downadup worm infection seems to be shrinking. Bad news: the worm-makers have developed a new strategy aimed directly at defeating defenses erected against it.
New Dark Reading Tech Center Highlights Insider Threats
Commentary  |  3/9/2009  | 
Today marks the official launch of the Insider Threat Tech Center, a subsite of Dark Reading devoted to bringing you news, opinion, and analysis of the security threats that come from inside the organization -- and the technologies used to prevent them. This is the first of what we hope will be several Dark Reading Tech Centers, which are designed to provide you with a more focused view of specific issues, threats, and tec
Make Daylight Savings Time Daylight (And Nighttime!) Security Time
Commentary  |  3/6/2009  | 
The clock resets that come every spring and fall offer a convenient reminder to doublecheck security procedures and programs, patch status and also to remind your staff to change their passwords.
Offensive Computing: A Bad Idea That Never Dies
Commentary  |  3/5/2009  | 
Your network is getting scanned from some system on the other side of the country, or perhaps the globe. You traceroute the IP address, and discern the offending system is infected with a bot that's trying to infect you. You take a look at the device and see it's not patched for a multitude of OS vulnerabilities. Is it ethical (never mind legal) for you to take the system down with some exploits of your own?
Identity Finder: Tax Time Is Identity Protection Time -- And Not Just Online!
Commentary  |  3/5/2009  | 
As tax season moves into higher gear, so do criminals' efforts to liberate your personal information from your private files. According to one identity theft expert, our online identity protection vigilance needs to be matched by offline wariness as well.
Storage QoS For Virtualized Environments
Commentary  |  3/5/2009  | 
As the initial wave of virtualization projects come to a close, many are finding an odd result. CPU utilization is actually lower than when it started. Now users are looking to pile on more workloads but before they do they need to prioritize storage I/O performance to those workloads; they need a QoS for storage.
Lack Of Manpower Leads To Insecurity
Commentary  |  3/4/2009  | 
The "PHPBB Password Analysis" blog entry here on Dark Reading by Robert Graham offers some truly interesting insight into how users choose passwords -- great info for infosec pros and hackers alike. What I want to point out is something Robert mentions about the phpBB hack in his company's Errata Security blog that
Symantec: Norton 360 v. 3.0 Released Today
Commentary  |  3/4/2009  | 
Symantec's third iteration of its Norton 360 Internet security product offers online backup and data management tools as well the expected array of anti-virus, firewall and identity protection. All, the company says, at higher speed while making lower system demands. Marketed to home users, the package can be effective for small offices as well.
Is Antivirus Software Slipping?
Commentary  |  3/3/2009  | 
A "study," released by a security firm just yesterday, points out the well-known weakness in signature-based antivirus software. But does this mean you shouldn't rely on antivirus software?
iSCSI Strikes Back
Commentary  |  3/3/2009  | 
With all the talk about FCoE and NFS it seems that iSCSI has become the odd man out. All reports indicate that Dell continues to do well with the EqualLogic acquisition but what Hewlett-Packard is doing with its LeftHand Networks purchase remains unclear. Don't count iSCSI out yet, though -- companies are planning iSCSI storage solutions aimed r
Peter Parker's Uncle Ben Would Not Approve
Commentary  |  3/3/2009  | 
Note to Web browsers: With great power comes great responsibility.
Facebook Insecurity: The Worm Returns
Commentary  |  3/3/2009  | 
Facebook and other social network users need to be on the alert for the return of the Koobface worm, which sniffs out cookies associated with social nets, then uses that info to spread itself to other network members.
Breaking Out Of Your Zone
Commentary  |  3/2/2009  | 
There is a blog entry over at the Security Catalyst website titled "Running Outside the Zone" that I think all IT security pros should take the time to read, ponder and put into practice. I won't rehash all of the details here, but the gist of the post is that as an infosec professional, you need to get step outside your comfort zone once in a while. It helps you stay sharp, learn new skills and get better in some areas you'
Sophos: Downadup May Cause Friday the 13th / Southwest Airlines Problems
Commentary  |  3/2/2009  | 
The Downadup/Conficker infestation may be about wreak a little more havoc. Security firm Sophos says the botnet is gearing up for a Friday the 13th move, with Southwest Airlines among its possible targets.
<<   <   Page 2 / 2


Commentary
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
Edge-DRsplash-10-edge-articles
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23394
PUBLISHED: 2021-06-13
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
CVE-2021-34682
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
CVE-2021-31811
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31812
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-32552
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.