Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in May 2011
Sharing Relational Data In The Cloud
Commentary  |  5/31/2011  | 
Databases are designed to share data, so it's easy to leverage built-in security for cloud services
A Tale Of Two Hacks
Commentary  |  5/31/2011  | 
The similarities and differences in the Lockheed and RSA attacks
Dark Reading Revamps SMB Security Tech Center
Commentary  |  5/31/2011  | 
As cybercriminals take aim at small businesses, Dark Reading offers new coverage
Scareware Is Evolving
Commentary  |  5/24/2011  | 
That's right -- scareware is still proving an effective way for threat actors to make quick cash on the Internet
Oracle 11G Available On AWS
Commentary  |  5/24/2011  | 
When testing Oracle on Amazon AWS, consider how you will secure your data
From Device to Device, From Site To Site
Commentary  |  5/23/2011  | 
Obama administration's digital identities initiative relies on private industry to come together and make it work
Sony A Poster Child For Self-Destructive Security
Commentary  |  5/20/2011  | 
Sony has repeatedly made poor decisions in security and control -- costing the company billions of dollars and giving critical markets it once controlled to Apple, Microsoft, and Nintendo
Schwartz On Security: Developers Battle Piracy Channels
Commentary  |  5/18/2011  | 
Business Software Alliance report finds widespread software piracy, but experts say market pressures are to blame.
Reduce Your Android Security Risks
Commentary  |  5/17/2011  | 
Threats against Google's mobile platform have increased 400% in the last year, but common sense will protect users against many of the attacks.
Success, Failure And The Advanced Threat
Commentary  |  5/16/2011  | 
You can't judge the sophistication of an attack by its success or failure
Mobile Security Needs Executive Involvement
Commentary  |  5/13/2011  | 
IT managers need a plan for managing a highly variable fleet of devices through mobile device management, according to panelists at InformationWeek Analytics Live sessions at Interop 2011.
Schwartz On Security: Sony Must Do More
Commentary  |  5/12/2011  | 
Forget free ID theft monitoring. Sony should release its police reports, so that 101 million people can obtain a free credit freeze to proactively battle ID thieves.
Presidential Alerts Soon Mandatory On Your Phone
Commentary  |  5/10/2011  | 
The U.S. Government and major wireless carriers announced a new messaging system that supplements the current emergency system. While some alerts will be optional, presidential alerts will be mandatory.
Secure Access To Relational Data
Commentary  |  5/10/2011  | 
How to secure relational data in cloud data centers
If An ESIM Falls In The Woods, Does Anyone Care?
Commentary  |  5/10/2011  | 
To the operationally minded, the loss of security monitoring capabilities will almost always play second fiddle to availability for Internet and internetworked resources
A National Monitoring Infrastructure
Commentary  |  5/10/2011  | 
It's theoretically possible, but who could orchestrate such a huge collaborative endeavor, and would it be possible to bring both private and public data under government oversight?
We Will Get Fooled Again
Commentary  |  5/6/2011  | 
It's time to start a quiet revolution against security marketing buffoonery
How To Respond To The Sony Attacks
Commentary  |  5/4/2011  | 
How to protect yourself from similar database attacks
Dark Reading's First Five Years: A Look Back -- And Ahead
Commentary  |  5/3/2011  | 
Taking a moment to celebrate DR's fifth anniversary of publication
U.S. Intelligence Connects The Dots On Bin Laden
Commentary  |  5/3/2011  | 
Intelligence agencies are leveraging new surveillance technologies and IT architectures to facilitate information sharing in their anti-terrorism and other national security efforts.
Police Car DVR P0wnage
Commentary  |  5/3/2011  | 
Another security failure in an embedded technology leads to unanticipated risks for police forces and a vendor denial


Tor Weaponized to Steal Bitcoin
Dark Reading Staff 10/18/2019
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
State of SMB Insecurity by the Numbers
Ericka Chickowski, Contributing Writer,  10/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18387
PUBLISHED: 2019-10-23
Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details.
CVE-2019-18212
PUBLISHED: 2019-10-23
XMLLanguageService.java in XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows a remote attacker to write to arbitrary files via Directory Traversal.
CVE-2019-18213
PUBLISHED: 2019-10-23
XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF (as well as SMB connection initiation that can lead to NetNTLM challenge/response cap...
CVE-2019-18384
PUBLISHED: 2019-10-23
An issue was discovered on TerraMaster FS-210 4.0.19 devices. An authenticated remote non-administrative user can read unauthorized shared files, as demonstrated by the filename=*public*%25252Fadmin_OnlyRead.txt substring.
CVE-2019-18385
PUBLISHED: 2019-10-23
An issue was discovered on TerraMaster FS-210 4.0.19 devices. An unauthenticated attacker can download log files via the include/makecvs.php?Event= substring.