Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in April 2009
<<   <   Page 2 / 2
SCADA Security: What SCADA Security?
Commentary  |  4/7/2009  | 
SCADA, the control systems for such infrastructure services as water and energy, has us worried whenever critical infrastructure defense is mentioned. Why, then, is it the most insecure industry on the planet?
Public More Scared Of Digital Dangers Than National Security Threats
Commentary  |  4/7/2009  | 
A new study finds that Americans are more concerned about identity theft than they are about national security. Could be they're right. And right or wrong, there are lessons here that affect your customers, partners, and employees
Register.com Suffered Massive Denial-of-Service Attack
Commentary  |  4/6/2009  | 
Anyone dependent on domain name registrar and hosting company Register.com, for either hosting their Web site or e-mail, learned first hand the pain of a distributed denial-of-service attack.
The Week After: Conflicted About Conficker
Commentary  |  4/6/2009  | 
The title says it all. With so much hype surrounding last week's impending destruction of the Internet, I started out a bit lackadaisical when people asked me about Conficker. As the week progressed, I started to feel annoyed and slightly hostile because so many people were coming to me to ask what was going to happen and how should they protect themselves. In hindsight, I should be happy at the new awareness brought on by Conficker, but I'm not.
Scanning Flash Apps For Insecurities
Commentary  |  4/3/2009  | 
Did you know that a simple Flash application on your Website could be a backdoor into your network? I've always known of such insecurities in Flash applications, but until recently, I had only looked at some Flash-based malware using Flare to analyze suspected malicious SWF files. All that has all changed with HP's new SWFScan tool,
More Mailicious Sites Than Ever. More On The Way.
Commentary  |  4/3/2009  | 
The number of malicious sites detected in March jumped by almost 200% over February, according to a new report from MessageLabs. The increase consists primarily image-based malware: time to warn your employees (and everybody else) about the risks of image-sharing sites, including social nets.
Getting Physical With Workstation Security
Commentary  |  4/2/2009  | 
So often we as security professionals talk about the security of the machines we're responsible for, and the only time physical security comes up is during the discussion of laptops and server rooms. We're concerned about laptop theft and loss that could lead to the dreaded customer notification process. Or maybe we brag about the awesome security of our datacenter. What about user workstations? Is there an subconscious assumption they're safe since they're behind locked doors?
Home Worker Security Is Business Security
Commentary  |  4/2/2009  | 
The news that IBM will no longer reimburse home-based workers for their Internet connections makes you wonder if Big Blue is going to make home-workers and telecommuters responsible for their own security. And that raises the question of how far you should go to make sure your off-site employees are using sound security sound security practices and procedures.
Archiving Your Way To Efficiency
Commentary  |  4/2/2009  | 
In an earlier post, You Can't DeDupe IT Administration, I discuss the problem with optimizing primary storage. While it is incredibly valuable to be able to squeeze more data into less storage footprint, from an administrative standpoint you still have to manage the data, there is limited increase in efficiency. Archiving however, especially disk based archive can provide tremendous gains in efficiency.
Anticipating Government Overreaction To An Actual Conficker Attack
Commentary  |  4/1/2009  | 
Most governments tend to overreact, and the U.S. probably leads the pack. Fortunately, we survived Conficker on Wednesday, but what if it had resulted in a massive amount of damage? Would the government's response have done more damage than the worm?
Conficker Communicates With Command; Conficker Media Communicators Miss An Opportunity
Commentary  |  4/1/2009  | 
As generally anticipated in the tech press, the Conficker worm communicated with its controllers, downloading new instructions, but otherwise failing to cause problems. Problems, though, were what many in the mainstream press were looking for, and therein lies a problem itself.
Dark Reading Launches Security Services Tech Center
Commentary  |  4/1/2009  | 
Today Dark Reading launches a new feature: the Security Services Tech Center, a subsite of Dark Reading devoted to bringing you news, product information, opinion, and analysis of the "outsourced" security services and technologies available to augment your organization's IT defenses.
<<   <   Page 2 / 2


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21742
PUBLISHED: 2021-09-25
There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive information of users by accessing specific pages.
CVE-2020-20508
PUBLISHED: 2021-09-24
Shopkit v2.7 contains a reflective cross-site scripting (XSS) vulnerability in the /account/register component, which allows attackers to hijack user credentials via a crafted payload in the E-Mail text field.
CVE-2020-20514
PUBLISHED: 2021-09-24
A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/&lt;id&gt;.html allows authenticated attackers to delete all users.
CVE-2016-6555
PUBLISHED: 2021-09-24
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in ver...
CVE-2016-6556
PUBLISHED: 2021-09-24
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This iss...