Commentary
Content posted in March 2011
|
NSA Investigating Nasdaq Hack
Last month when we covered the attack on the Nasdaq's Directors Desk collaboration platform, we said the incident posed plenty of questions, while the Nasdaq proffered (at least publicly) few answers. It seems the National Security Agency agrees.
Lizamoon SQL Injection: Dead From The Get-Go
The latest round of headline-grabbing SQL injection attacks aren't new, and they aren't very effective; in fact, Lizamoon might as well be called the little injection that couldn't
Schwartz On Security: Online Privacy Battles Advertising Profits
Do businesses have the right to make money from the unregulated buying and selling of personal information?
(Slightly) More Organizations Proactively Managing Security Efforts
Security vendor survey at the RSA Conference 2011 shows more organizations planning and coordinating their security efforts across security and IT operations teams and risk management groups. But don't plan on a party and fireworks celebration just yet - the improvements are minor.
Collecting The SSD Garbage
Solid state storage (SSS) is the performance alternative to mechanical hard disk drives (HDD). Flash memory, thanks to its reduced cost compared to DRAM, has become the primary way the (SSS) is delivered. Suppliers of flash systems, especially in the enterprise, have to overcome two flash deficiencies that, as we discussed in our last entry, will cause unpredictable performance and reduce reliability.
Microsoft Wins A Botnet Battle
The Rustok botnet was estimated to be one million PCs strong, underlining the dangers that malware can cause to businesses and consumers.
"Trusted" Sites Fail To Clean Malvertising Scourge
Reports indicate that users of Facebook and the European music service, Spotify, have been exposed recently to malvertising attacks.
Shocker! (Not Really): Users Apathetic When It Comes To Mobile Security
Survey conducted by the Ponemon Institute shows just how lax users really are when it comes to securing their smartphone devices.
Understanding SSD Vendor Talk
If you are either evaluating or getting ready to evaluate investing in solid state storage for your data center you are going to be faced with learning a new language, confronted with a new set of specs and a new set of debate around what features are most important. This will be the first entry in a series that will give you the decoder ring to understanding what Solid State Disk (SSD) vendors are talking about and what statistics are most important.
Are Industrial Control Systems The New Windows XP
Earlier this week a security researcher posted nearly three dozen vulnerabilities in industrial control system software to a widely read security mailing list. The move has Supervisory Control and Data Acquisition systems (SCADA) system operators scrambling, and the US CERT issuing warnings.
McAfee's DAM Acquisition
Sentrigo acquisition fills data center security hole in McAfee's offerings
Schwartz On Security: Advanced Threats Persist And Annoy
APTs are today's normal threat, and companies such as RSA must do better, even as the odds against them keep increasing.
A Deep Dive Into The Latest Threats
New series of blogs will examine what the latest malware or attack really means to your organization and what to do -- or not -- about it
RSA Breach Leaves Customers Bracing For Worst
RSA, the information security division of EMC Corp., disclosed in an open letter from RSA chief Art Coviello that the company was breached in what it calls an "extremely sophisticated attack." Some information about its security products was stolen. Customers are bracing for more details.
Trojan Attacks Remain Most Popular
Anti-malware vendor Panda Security's PandaLabs has found that the number of threats . . . surprise, surprise . . . have risen significantly year over year. What's interesting is how large a percentage of attacks Trojans have become.
Table Stakes
For years we wanted a seat at the executive table. Now that we have it, it's time to play the game or head home.
Storage Performance Challenges In Virtualized Environments
The storage infrastructure that supports a virtualized server environment can quickly become a roadblock to expansion. As the project grows, server virtualization places new performance and scaling demands on storage that many IT professionals have not had to deal with in the past. In this entry we will cover some of the causes of the problems and in upcoming entries we will discuss how to overcome those problems.
Dark Reading Launches New Tech Center On Advanced Threats
New subsite will offer more in-depth news coverage, analysis on next-generation threats
NERC Creates Cyber Assessment Task Force
The North American Electric Reliability Corporation (NERC) recently announced the formation of a Cyber Attack Task Force. The task force will be charged with identifying the potential impact of a coordinated cyber attack on the reliability of the bulk power system.
Botnet Threat: More Visibility Needed
According to a report released by The European Network and Information Security Agency the current ways botnets are measured are lacking - and it just may be hurting the fight against the zombie plague.
The Promise -- And Danger -- Of Social Networking During Disaster
It's time to consider a social networking-based Emergency Broadcast System
The Truth About Malvertising
We tend to think of malvertising as short lived, one-oft attacks that somehow managed to momentarily breach the ad network's defenses. The reality is, malvertising is more norm than anomaly and can easily persist on major ad networks for months, even years, at a time.
Watch Where You Swipe
We tend to focus attention toward online data and identity theft and forget that we can be targeted just as easily offline.
How I've Become One With The Rest Of The World
I'm not quitting the security game, but I want to get experience outside of the choir
Establishing Tiered Recovery Points
Our last entry introduced the concept of tiered recovery points. In this entry we will go into more detail about tiered recovery points. There are typically three types of recovery points you want; instant or close to it, also know as high availability. Within a few hours via some sort of disk or tape backup and finally recovering something old, an archive. Each of these tiers need to be established and
Database Lockdown In The Cloud
In the cloud, we turn things around a bit and focus on data security rather than the database container
Dealing With Recovery Transfer Time
In our last entry we discussed lessons to be learned from the Gmail crash. In an upcoming entry we'll cover establishing the tiered recovery points. These three tiers of recovery; high availability (HA), backup and archive provide a similar goal; application availability. What separates them is the time it takes to put the data back in place so the application can return to service. Dealing with recove
Hypervisor Security: Don't Trust, Verify
Combating vulnerabilities (and passing audits) is a matter of starting from the root and working up.
A New Spin On Fraud Prevention
Most online fraud stems from electronic transactions not associating the identity of the user with the card or account
What We Can Learn From The Gmail Crash
Google's Gmail had a glitch introduced that caused 30,000 users or so to loose email, chat and contacts from their Gmail accounts. The cause appears to be a bug in a software update. The current piling on by some storage vendors is humorous. As my mother used to say "people in glass houses shouldn't throw stones". Instead of doing that, lets learn from this experience so we can keep this from
Security Certifications: Valuable Or Worthless?
New survey asks information security pros whether certifications have shaped their careers
Why I'm Quitting Security (Part 1)
In hacker-on-hacker attacks, the security community turns on itself, which breeds distrust
Automatic Storage Optimization
It will come as no shock to any storage manager that the capacity of the data that you need to store is growing. The problem is that your budget is not, or at least not as fast as your need for storage. The speed of growth also means that traditional techniques may no longer be effective. You need the storage system to just handle it, in other words storage optimization needs to be automatic.
|
White Papers
Video
0 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: John has always been trying creative ways to solve the pebcak issue...
Latest Comment: John has always been trying creative ways to solve the pebcak issue...
Current Issue
Flash Poll
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security — even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-18324
PUBLISHED: 2018-10-15
PUBLISHED: 2018-10-15
PUBLISHED: 2018-10-15
PUBLISHED: 2018-10-15
PUBLISHED: 2018-10-15
From DHS/US-CERT's National Vulnerability Database CVE-2018-18324
PUBLISHED: 2018-10-15
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has XSS via the admin/fileManager2.php fm_current_dir parameter, or the admin/index.php module, service_start, service_fullstatus, service_restart, service_stop, or file (within the file_editor) parameter.
CVE-2018-18322PUBLISHED: 2018-10-15
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Command Injection via shell metacharacters in the admin/index.php service_start, service_restart, service_fullstatus, or service_stop parameter.
CVE-2018-18323PUBLISHED: 2018-10-15
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local File Inclusion via directory traversal with an admin/index.php?module=file_editor&file=/../ URI.
CVE-2018-18319PUBLISHED: 2018-10-15
** DISPUTED ** An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because api.php has an eval call, as demonstrated by the /6/api.php?function=command&class=remote&Cc='ls' URI. NOTE: the vendor indicates that Merli...
CVE-2018-18320PUBLISHED: 2018-10-15
** DISPUTED ** An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because exec.php has a popen call. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allo...
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This