Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Author

 Keith Ferrell
RSS
E-Mail

Profile of Keith Ferrell

News & Commentary Posts: 437
Articles by Keith Ferrell
posted in July 2008

DNS Woes: How Worried Should You Be? Pretty Dang Worried!

7/25/2008
Yesterday's news that the first DNS attack strategies are circulating was no surprise: once a vulnerability -- large, small or in-between -- is discovered, the exploit code follows like rats nipping at the heels of the Pied Piper. The question is, how worried should you be about this particular vulnerability? Pretty worried, is my take.

Post a Comment

DNS Flaw Attacks Coming: Patch Now!!!

7/24/2008
The first attackware strategies based on the widespread DNS flaw announced earlier this month have been spotted. If you haven't patched yet, do it now, before it's too late. (Some say it's already too late.)

Post a Comment

Why Isn't Internet Infrastructure Security A Bigger Issue?

7/14/2008
The ongoing debate and discussion about the domain name server vulnerability disclosed last week may be getting a bit of traction in the world beyond IT, but the size and potential seriousness of the problem ought to raise other questions: Namely, why the security of the Net itself, as well as its users, doesn't loom larger (or at all) on the campaign trails.

Post a Comment

New Media Trojan Exploits Bad Old Piracy, P2P Habits

7/11/2008
A particularly aggressive new Trojan takes advantage of the oldest of vulnerabilities -- human nature. Hiding in pirate software sites, the Trojan infects the music and video files of illegal software seekers, then spreads when those files are peer-shared.

Post a Comment

Justice Breyer's Data Exposure A Reminder Of P2P File Risks

7/10/2008
The news that Supreme Court Justice Stephen Breyer's personal information was among thousands of other personal data files compromised as a result of a file-sharing snafu raises a couple of issues, chief among them whether or not peer-to-peer file sharing via public programs is ever appropriate for business info.

Post a Comment

Faster Laptop Check-Throughs May Be In The Bag

7/3/2008
Just in time for higher airline ticket prices, reduced numbers of flights and capacities, cutbacks in travel budgets and the rest of the annoyances and irritations of what are quickly becoming the unfriendly skies, a new approach to laptop/notebook cases promises to speed road warriors' transit through airport security checks.

Post a Comment

Player Beware: PS3 Site Hacks Can Game Your Systems

7/2/2008
Whether or not you're a gamer, the detection of malware infestation on the Sony USA PlayStation Web site should give you pause. Compromises of popular commercial sites -- the sorts that employees and family members might visit, even if you don't -- are precisely the sort of thing that can have anything but a playful effect on your business.

Post a Comment

Mishandling Information Overload A Security and Legal Risk

7/1/2008
Small and midsize businesses generate digital information a furious rate -- same as bigger business (and individuals, for that matter.) What to save and what to toss -- and the consequences of either -- looms large among security, business, compliance and fiduciary concerns. A new slideshow offers some interesting and provocative takes on taking out (and keeping in) the digital trash.

Post a Comment
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32686
PUBLISHED: 2021-07-23
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and ...
CVE-2021-32783
PUBLISHED: 2021-07-23
Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy rem...
CVE-2021-3169
PUBLISHED: 2021-07-23
An issue in Jumpserver 2.6.2 and below allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.
CVE-2020-20741
PUBLISHED: 2021-07-23
Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6 allows remote attackers to bypass authentication via the "CE Remote Display Tool" as it does not close the incoming connection on the Windows CE side if t...
CVE-2021-25808
PUBLISHED: 2021-07-23
A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file.