Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Author

 Keith Ferrell
RSS
E-Mail

Profile of Keith Ferrell

News & Commentary Posts: 437
Articles by Keith Ferrell
posted in June 2009

Botnet Alert: 90% Of Email Now Spam

6/29/2009
Nine out of ten e-mails are now spam, according to the latest Symantec/MessageLabs Intelligence Report. And more than 83% of that spam is generated by botnets, relatively unaffected by large shutdowns of spam servers.

Post a Comment

Mobile Security: IT Pros Anything But Secure With Mobile Devices

6/25/2009
Do as they say, not as they do might be a good description of the practices of IT professionals when it comes to mobile devices. A new survey from Credant shows that IT Professionals are not much better than anyone else when it comes to using a password to protect data stored on phones or other mobile devices.

Post a Comment

Free Microsoft Antivirus, Security Suite Arrives Tomorrow

6/22/2009
Tuesday is the day for release of the free public beta of Microsoft Security Essentials, Microsoft's security and anti-virus suite. The price is certainly right. Question is, will the program change the security landscape? Bigger questions is whether or not it provides the security your business needs.

Post a Comment

New Company Targets Web-Based Malware And Blacklists

6/17/2009
Dasient, a security startup started up by former Google engineers, among others, is targeting malware that has your Web sites targeted, as well as monitoring your sites for their presence on blacklists. That last, as any business that's been blacklisted can attest, can be deadly.

Post a Comment

Twitter Security Flaws: One A Day For A Month!

6/16/2009
Twitter may be taking the world by tweetstorm (or it may be doomed) but one security researcher says that the social network carries a mess of vulnerabilities. A month's worth, in fact, and he intends to prove it, once a day, this July.

Post a Comment

IT Snooping: Too Much Ado About Something?

6/12/2009
There's been a lot of buzz lately about internal threats, and like most buzz, some of it's on-target. But some of it seems designed to make us paranoid about our employees -- to what end? Do we need to distrust everyone on our IT staffs and, by implication, everyone in our companies? And where does that get us?

Post a Comment

Trend Micro Tightens Defenses Against SMB Data Leaks

6/8/2009
The latest version of Trend Micro's data loss protection (DLP) package, LeakProof 5.0, comes in two flavors: one for monitoring users and confidential data, the other covering those elements, but also providing tools for protecting intellectual property as well as confidential information.

Post a Comment

Disaster Recovery: Location, Location, Location

6/5/2009
A comment from a reader offers a reminder that effective disaster recovery planning -- and successful DR in the event of disaster -- requires more than just IT and personnel planning. You have to know where those resources are going to be able to work.

Post a Comment

Accidental Data Leaks Are Still Data Leaks

6/3/2009
The inadvertent posting of sensitive U.S. nuclear information by the G.P.O. is a reminder to all of us that a) accidents happen and b) accidents involving digital copies of confidential information happen all too easily.

Post a Comment

Danger! Search Engines At Work!

6/1/2009
Some search terms and categories are more dangerous than others, and likelier to lead to malware according to a new report from McAfee. Among the most dangerous current category and term? Lyrics, of all things.

Post a Comment
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13873
PUBLISHED: 2021-05-12
A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers (pre-authentication) to bypass the admin page via a leaked password-reset token of the admin. (As an admin, an attacker can upload a PHP shell and execute remote code on the...
CVE-2020-35198
PUBLISHED: 2021-05-12
An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
CVE-2021-23872
PUBLISHED: 2021-05-12
Privilege Escalation vulnerability in the File Lock component of McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by manipulating a symbolic link in the IOTL interface.
CVE-2021-23891
PUBLISHED: 2021-05-12
Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by impersonating a client token which could lead to the bypassing of MTP self-defense.
CVE-2021-23892
PUBLISHED: 2021-05-12
By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW) installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitra...