Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in June 2009
<<   <   Page 2 / 2
Security Incident Ratings Made Easy
Commentary  |  6/3/2009  | 
Management likes numbers. They get the the warm fuzzies when numbers can be graphed in a way that they can quickly discern what's going on. Of course, if the numbers are bad, then they may not feel those warm fuzzies. In the IT security world, we try to provide useful numbers to show what a great job we're doing, but it's hard to quantify thwarted attacks -- other than relying on numbers from an IPS and anti-malware system.
Accidental Data Leaks Are Still Data Leaks
Commentary  |  6/3/2009  | 
The inadvertent posting of sensitive U.S. nuclear information by the G.P.O. is a reminder to all of us that a) accidents happen and b) accidents involving digital copies of confidential information happen all too easily.
Tweet Your Vacation Status. Get Burglarized?
Commentary  |  6/2/2009  | 
Any of us who regularly use the micro blogging site Twitter do it all of the time: we broadcast our whereabouts in real time. It's kind of the point of the entire Twitter experience. Yet, this video podcaster believes he may have been robbed because of his Tweeting his vacation status.
EMC Bids For Data Domain - User Impact
Commentary  |  6/2/2009  | 
A week ago I wrote about the user impact of NetApp buying Data Domain. Today we are back at it with EMC making a bid for Data Domain. The first take away for a user: Data Domain has to be one of the safest technology purchases you can make. Clearly the company has something that other companies want, and it's not likely to go anywhere anytime soon.
Java Trouble Brewing For Apple
Commentary  |  6/2/2009  | 
Like most computer geeks with the latest toys, I can always find a way to play rather than work. My procrastination tendencies can sometimes lead to troubling results (just ask my girlfriend), so I often give vendors some leeway when it comes to patching vulnerabilities. But some vendors just don't get it.
Apple Plugs A Heap of Buffer Overflow Vulnerabilities
Commentary  |  6/1/2009  | 
The software maker plugs 10 significant security vulnerabilities in its QuickTime media player, as well as flaws within iTunes. A number of flaws could lead to denial of service conditions, or remote exploit. Looks like most of these flaws affect Mac OS X, Vista, as well as XP SP3.
BackTrack4 Sneak Peek Shows New Forensic Capabilities
Commentary  |  6/1/2009  | 
BackTrack 4 Pre Final Sneak Peek was released to Informer Blog subscribers last week. Informer, created by Johnny Long and his Hackers For Charity organization, is a fundraising program to help feed children in East Africa, and its blog "is designed to give subscribers a 'backstage pass' to the world of Information
Danger! Search Engines At Work!
Commentary  |  6/1/2009  | 
Some search terms and categories are more dangerous than others, and likelier to lead to malware according to a new report from McAfee. Among the most dangerous current category and term? Lyrics, of all things.
The .NET Browser Add-On Security Uproar
Commentary  |  6/1/2009  | 
Some Firefox users are screaming bloody murder over a Windows update that quietly adds an unwanted browser extension to their systems. Maybe it's time to step back and take a deep breath.
Can Backups Be Made Obsolete?
Commentary  |  6/1/2009  | 
Backups have long been a source of pain and frustration for enterprises of all sizes; they are constantly causing problems because the growth and value of data is increasing faster than the network's ability to deal with that data. The problem keeps many IT professionals awake at night and most surveys indicate a low confidence in the ability to recovery from a disaster, but how can backups be made obsolete?
<<   <   Page 2 / 2


Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7227
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.