Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Author

 Keith Ferrell
RSS
E-Mail

Profile of Keith Ferrell

News & Commentary Posts: 437
Articles by Keith Ferrell
posted in January 2009

Click Fraud Rises As Economy Sinks

1/29/2009
Fake clicks on ad links are climbing as fast as the economy falls,up a full percentage point in the last three months of 2008, according to pay per click monitoring company Click Forensics.

Post a Comment

Monster.Com Loses Millions MORE Job Seekers' Records

1/26/2009
Monster.com has been hacked again, with possibly millions of customer records -- including names, phone numbers, e-mails, passwords and more -- stolen from its obviously poorly protected database. The company's handling of the news of the breach (the third in less than two years!) is as sloppy as its security.

Post a Comment

Record Breach! Heartland Leak May Affect Millions Of Credit Records

1/20/2009
Credit card processor Heartland Payment Systems admitted today that a 2008 malware-caused breach may have compromised millions -- maybe tens of millions -- of credit card records, including card holder names and card numbers. Early reports are that the breach was caused by a keystroke logger inside Heartland's network.

Post a Comment

Popup Phishing: Online Banking In-Session Phish Need No E-Mail Hook

1/14/2009
A new research report shows a new phishing vector -- one that can take place inside supposedly secure banking and other protected session, using a pop-up window rather an e-mail to fool their victims. According to researchers, every browser is vulnerable to the exploit. It's called in-session phishing, and it has the potential to be very troublesome.

Post a Comment

Social Net Security: Phishers Fake LinkedIn Profiles

1/8/2009
Social networks' business potential is running smack into social networks' security issues, as witness this week's problems with Twitter and now, professional network LinkedIn.If your company and employees are using social nets there are some social net security practices they must, well, practice.

Post a Comment
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-22199
PUBLISHED: 2021-06-16
SQL Injection vulnerability in phpCMS 2007 SP6 build 0805 via the digg_mod parameter to digg_add.php.
CVE-2020-22200
PUBLISHED: 2021-06-16
Directory Traversal vulnerability in phpCMS 9.1.13 via the q parameter to public_get_suggest_keyword.
CVE-2020-22201
PUBLISHED: 2021-06-16
phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary php commands via the pagesize parameter to yp/product.php.
CVE-2021-20483
PUBLISHED: 2021-06-16
IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197591.
CVE-2021-20488
PUBLISHED: 2021-06-16
IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passowrds of other users in the Windows AD enviornemnt when IBM Security Identity Manager Windows Password Synch Plug-in is deployed and configured. IBM X-Force ID: 197789.