Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Content by DarkReadingTim

DarkReadingTim
Member Since: March 12, 2014
Strategist
Blog Posts: 1718
Posts: 238

posted in April 2009

20 items
Despite Economy, Security Salaries Are On The Rise
Quick Hits  |  4/30/2009  | 
More than half of IT security pros got a raise in the past year, study says
Trend Micro Acquires Third Brigade
Quick Hits  |  4/29/2009  | 
Buyout expected to boost Trend's cloud security, regulatory compliance offerings
Fed Bank IT Worker Charged With Insider Data Theft
Quick Hits  |  4/28/2009  | 
IT employee allegedly used administrative access to collect co-workers' personal data and obtain bank loans in their names
Security Suffers Cuts In Recession, But Fares Better Than The Rest Of IT
News  |  4/27/2009  | 
Layoffs, cutbacks aren't as painful in security, but they are happening, studies say
At RSA, Security Pros Don't Practice What They Preach
Quick Hits  |  4/27/2009  | 
AirPatrol study finds almost 100 unauthorized WiFi access points at convention
Splunk, GlassHouse Launch Joint Security Management Service
News  |  4/24/2009  | 
Partnership challenges SIEM, uses Splunk search engine to find source of security problems
Many Users Say They'd Sell Company Data For The Right Price
Quick Hits  |  4/24/2009  | 
In subway survey, 37 percent of workers say they could be bought
Savvis Launches Web App Firewall Service
News  |  4/23/2009  | 
New service could help companies meet WAF requirement under PCI
Symantec Rolls Out Small Business Offerings
News  |  4/22/2009  | 
Company also announces acquisition of Web security gateway appliance maker Mi5
Cisco Launches Security Services For Cloud Computing, Collaboration
News  |  4/20/2009  | 
New services will also help enterprises manage cloud security
Companies Still Falling Short On Security Training, Study Says
Quick Hits  |  4/20/2009  | 
Nearly half of security professionals say their company cultures are "unsupportive" of security
Unauthorized Apps Often Go Unseen And Unchecked, Study Says
Quick Hits  |  4/17/2009  | 
Despite policies, most corporate networks remain rife with P2P, Google tools, and other unsanctioned apps, study says
Report: 2008 Saw More Records Breached Than The Previous Four Years Combined
Quick Hits  |  4/15/2009  | 
Most compromises could have been avoided, Verizon study says
Study: Despite Increased Security Spending, Severity Of Breaches Is On The Increase
News  |  4/14/2009  | 
CompTIA study says human error is the most frequent cause of breaches worldwide
RSA Integrates Data Leak Prevention With Security Information Management
Quick Hits  |  4/13/2009  | 
DLP 7.0 will interact with enVision SIEM tool, allowing IT to identify insider events
Researcher To Demonstrate Flaws In Wireless Warehouse Networks
Quick Hits  |  4/10/2009  | 
Trustwave pen tester says 802.11 FHSS networks aren't as safe as many companies think
Many Enterprises Still Don't Recognize Insider Threat, Studies Say
News  |  4/9/2009  | 
Small businesses are chief laggards in deploying data leakage protection technology, researchers say
Fujitsu Consulting Reveals Breach Involving Travelers, Other IT Clients
Quick Hits  |  4/9/2009  | 
Personal information of more than 3,000 may have been lost along with storage device containing data on Fujitsu IT client projects
Dark Reading Launches Security Services Tech Center
Commentary  |  4/1/2009  | 
Today Dark Reading launches a new feature: the Security Services Tech Center, a subsite of Dark Reading devoted to bringing you news, product information, opinion, and analysis of the "outsourced" security services and technologies available to augment your organization's IT defenses.
How To Make The Right Choice About Security Outsourcing
News  |  4/1/2009  | 
New report offers in-depth look at security services alternatives -- and how to evaluate them


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises Are Assessing Cybersecurity Risk in Today's Environment
The adoption of cloud services spurred by the COVID-19 pandemic has resulted in pressure on cyber-risk professionals to focus on vulnerabilities and new exposures that stem from pandemic-driven changes. Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-4034
PUBLISHED: 2022-01-28
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count c...
CVE-2021-40416
PUBLISHED: 2022-01-28
An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. All the Get APIs that are not included in cgi_check_ability are already executable by any logged-in users. An attacker can send an HTTP request to trigge...
CVE-2021-40419
PUBLISHED: 2022-01-28
A firmware update vulnerability exists in the 'factory' binary of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of network requests can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2021-40423
PUBLISHED: 2022-01-28
A denial of service vulnerability exists in the cgiserver.cgi API command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of HTTP requests can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-44463
PUBLISHED: 2022-01-28
Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started.