FOLLOW US
VeriSign Breach May Actually Reaffirm Commitment To CA Model
Feb 06, 2012 |
Proposals like DANE to roll up certificate issuance into DNS show that trusting domain registrars just as risky as trusting CAs
Utilities Facing Brute-Force Attack Threat
Feb 06, 2012 |
SSH attack warning from ICS-CERT just the latest in a series of high-profile vulnerabilities in '1990s-era security' SCADA, critical infrastructure world
INTERPOL Set To Open Global Cybercrime Center In 2014
Feb 03, 2012 |
Director of cybersecurity at INTERPOL working on secure online presence for police worldwide to work together on cybercrime cases
Can Glass-Box Scanning Find Your Real Bugs?
Feb 03, 2012 |
When it works, hybrid -- or 'glass-box' scanning -- combines dynamic, black-box analysis with static, white-box code analysis to find bugs and cut down on false positives
Slide Show: Technologies That Are Changing The Sports Security Game
Feb 03, 2012 |
Digital technology is increasingly playing a major role in sports security operations
Adobe Calls For Defensive Approach In Security Research
Feb 02, 2012 |
Mitigation methods the emphasis at Adobe
Hopping Aboard The Mobile Payment Bandwagon? Bring A Helmet
Implementing mobile payment systems presents a high risk, high reward opportunity
When Good Apps Go Bad
Experts warn that many otherwise non-malicious mobile apps are trampling privacy with overgenerous device permissions
QR Code Malware Picks Up Steam
Attackers tricking users into scanning fake QR codes that lead to malicious sites and apps
Big Data Could Create Compliance Issues
The bigger data sets grow, the harder compliance could become
EU's More Stringent Data Privacy Proposal Poses Challenges For Businesses
Proposed changes to data privacy laws in Europe have garnered mixed praise
The Day (Some Of) The Web Went Dark
Online protests today of SOPA/PIPA legislation blur future of anti-piracy efforts as several legislators back down
Cloud Means More Secure Remote Access
Connecting hosts running remote-access services directly to the Internet is so last decade. Instead, companies look to move to cloud-enabled services or virtual desktop infrastructure.
Facebook Hit By Classic Worm Attack
Zeus Trojan spreads when user views 'photos,' Facebook now blocking malicious domains spreading the attack
Cloud Services Credentials Easily Stolen Via Google Code Search
After finding many cloud access credentials using simple code search, researchers conclude public cloud services are not safe for storing sensitive data
Utilities Facing Brute-Force Attack Threat
SSH attack warning from ICS-CERT just the latest in a series of high-profile vulnerabilities in '1990s-era security' SCADA, critical infrastructure world
INTERPOL Set To Open Global Cybercrime Center In 2014
Director of cybersecurity at INTERPOL working on secure online presence for police worldwide to work together on cybercrime cases
Attackers Divert Bank Phone Calls to Cover Tracks
Researchers at Trusteer uncover banking malware that steals telephone information to help attackers re-route calls from banks alerting customers to fraud.
FBI Seeks 'Automated Search And Scrape' Of Social Networks
Agency issues RFI for technology to quickly find and surface 'events' via search of social networks, news sites
Do You Need A Security Operations Center?
When a company starts to worry about losing data to attack, it could be time to create a simple SOC. The most important steps to evaluating the need for an effective operations center.
IP D-Day: Major Providers, Vendors To Go IPv6 June 6
IPv6 implementations 'scrutinized' for security issues so no panic necessary, experts say amid concerns of as-yet undiscovered bugs
VeriSign Breach May Actually Reaffirm Commitment To CA Model
Proposals like DANE to roll up certificate issuance into DNS show that trusting domain registrars just as risky as trusting CAs
Google, Facebook, Bank Of America Behind New Email Security Standard
New specification for preventing phishing and email domain abuse likely to help email security, but will enterprises adopt it?
Smartcards: Still A Smart Choice?
Despite recent security compromises, smartcard technology still has high potential
More Than Half Of Cyberattacks Come From Asia
DDoS attacks worldwide on the rise, report finds
Top 10 Security Mistakes SMBs Make
SMBs need to work on fundamental security errors to reduce risk of costly incidents
Half Of All The World's Spam Now Out Of Asia
New 'Dirty Dozen' spam report still has the U.S. as the number one spammer, but South Korea becoming a major producer as well
Can Glass-Box Scanning Find Your Real Bugs?
When it works, hybrid -- or 'glass-box' scanning -- combines dynamic, black-box analysis with static, white-box code analysis to find bugs and cut down on false positives
Adobe Calls For Defensive Approach In Security Research
Mitigation methods the emphasis at Adobe
FDIC Warns Of 'High Risk' Payment Processors
Some third-party payment processing services may not be secure, commission says
Big Data Means Big Security Problems, Study Says
Large data stores often contain "toxic" data that is sensitive to business, Forrester report says
Poisoning The Data Well
A Q&A with Forrester's John Kindervag about how encryption makes data worthless to the criminals
Federal Reserve Bank Contractor Arrested For Alleged Code Theft
Suspect admitted to stealing U.S. Treasury Dept.-owned program from the bank for use in his own private business
Gartner: Security Services Spending On Pace For Record Growth
Many enterprises looking to managed security services to save on operational costs, Gartner report says
Startup To Launch New Brand Of SaaS For Post-Incident Response
'Data loss management' firm officially launches this week
Product Watch: New Service Aims To Improved Botnet Detection Among Service Providers
Damballa CSP 1.6 automates subscriber notification and remediation of botnet infections
How To Spot A Fake Facebook Profile
Barracuda Networks gathers telltale characteristics of the phony Facebook 'Friend'
Study: The Aftermath Of A Breach
New Ponemon-Experian study highlights organizations' top priorities following a data breach
Videoconferencing Can Be The Bug In The Boardroom
Recent research underscores that insecure video conferencing systems can allow hackers to listen into a company's confidential discussions. Firms should take steps to evaluate their systems and secure them
Report: Smaller DDoS Attacks Can Be Deadlier
SocialShield Releases the Top Social Networking Terms Kids Don't Want Their Parents To Know
Yubico And CloudPassage Bring Easy, Secure Two-Factor Authentication To Cloud Servers
CloudPassage Launches Network Security In The Cloud Inbox
Vulnerabilities Reported In Mac Encryption Products
New Survey: Two-Thirds Of Companies Interested In Switching Authentication Vendors
Country With Most Online Fraud Attempts/How Much Fraud On Mobile Devices Revealed
HACK IN THE BOX
Facebook's Zuckerberg Defends Hacking
FEBRUARY 06, 2012
| Mark Zuckerberg, Facebook CEO, says hackers "believe that something can always be better, and that nothing is ever complete" and "just have to go fix it"
GOOGLE MOBILE BLO
Android And Security
FEBRUARY 06, 2012
| Google is adding a new service code-named "Bouncer" that automatically scans apps in the Android Market for potentially malicious software -- once a new Android app is uploaded, Bouncer analyzes it for known malware and suspicious behavior
ADOBE BLOG
Flash Player Sandboxing Is Coming To Firefox
FEBRUARY 06, 2012
| Adobe has launched a public beta of a Flash Player sandbox -- Protected Mode -- for the Firefox 4.0 and later and will run on Windows Vista and Windows 7
NEW STATESMAN
How Did Anonymous Hack The FBI?
FEBRUARY 06, 2012
| The recent leak of a conference call between FBI agents and Scotland Yard officers apparently occurred after the hackers hacked authorities' email accounts
ICS SANS DIARY
Critical PHP Bug Patched
FEBRUARY 06, 2012
| The PHP 5.3.9 release included a security fix that was incorrectly implemented and ultimately introduced another, more severe remote code vulnerability -- experts say to apply the new 5.3.10 of PHP and to avoid .9 if possible
SC MAGAZINE
Hackers Claim Symantec Would Pay $50,000 Extortion
FEBRUARY 06, 2012
| A Pastebin posting showing a purported email string between a Symantec employee and the hacker who claimed to have stolen source code from the security firm appears to indicate a bribe by the security firm to keep its source code from going public
IT WORLD
Facebook Malware Scam Takes Hold
FEBRUARY 06, 2012
| A link to malware purporting to be CNN coverage of a US attack on Iran is reaching hundreds of thousands of Facebook users
POLITICO
Senate Cyber Bill: Is This The Lucky Week?
FEBRUARY 06, 2012
| The long-awaited Senate cybersecurity bill may go public later this week that helps beef up the security of the nation's critical infrastructure
A look at the 25 most popular stories ever posted on the pages of Dark Reading.
- Security Pros With Written Career Plans Make More Money
- 'Robin Sage' Profile Duped Military Intelligence, IT Security Pros
- Criminals Hide Payment-Card Skimmers Inside Gas Station Pumps
- Anatomy Of A Targeted, Persistent Attack
- Security's Top 4 Social Engineers Of All Time
- Six Messy Database Breaches So Far In 2010
- Kaminsky Issues Developer Tool To Kill Injection Bugs
- Spear-Phishing Attacks Out Of China Targeted Source Code, Intellectual Property
- Slideshow: Fashion Statements From Defcon 2010
- Turkish Hackers Take Out Top Porn Site
- Attack Unmasks User Behind The Browser
- Five Ways To (Physically) Hack A Data Center
- New IM Worm Spreading Fast
- Facebook's Security Team Frustrates Cybercriminals
- 'Aurora' Exploit Retooled To Bypass Internet Explorer's DEP Security
- U.S. Fails Test In Simulated Cyberattack
- Six Healthcare Data Breaches That Might Make Security Pros Sick
- Secure USB Flaw Exposed
- Suspected Child Porn Hub Taken Offline
- Why Employees Break Security Policy (And What You Can Do About It)
- N.J. Supreme Court Rules Employers Can't Always Read Personal Email
- Social Engineering, The USB Way
- Antivirus Rarely Catches Zbot Zeus Trojan
- 7 Steps For Protecting Your Organization From 'Aurora'
- Busted Alleged Russian Spies Used Steganography To Conceal Communications
Take The Value of Information Security Certifications Survey
Just what value information security certifications really provide the security professional is a widely debated topic. Information Security Leaders, an independent security career website, wants to hear from you, the information security pro, on whether these certifications are meaningless or valuable to your career. Take the anonymous survey on how security pros feel about this topic here. You can also receive the final results via email.
Free Vulnerability Management Trial
Qualys is offering a free 14-day trial of its vulnerability management solution, which helps enterprises identify, fix, and report on network security threats.
Free Security Tools from Sophos
Scan for security risks, threats, rootkits and unauthorized applications.
Info-Tech Research Group
A specialist in small and medium-sized businesses, Info-Tech offers a different perspective than research houses that focus on the Fortune 1000.
Sponsored Resource Center
Current Issue
In this issue:
- Digital Detectives: The right forensic tools in the right hands are just a start. Here's how to better apply the lessons they teach.
- Take The Offensive: It's time to be proactive, not reactive, with digital forensics.
- And much more!
- Read the Current Issue
Video
Evil Bytes
BY John H. Sawyer
Passive Network Fingerprinting; p0f Gets Fresh Rewrite
February 03, 2012
02:19 PM -- Passive network analysis can reveal OS, service, and even vulnerabilities -- just by sniffing the network
SophosLabs Insights
BY Chester Wisniewski
We Make Widgets -- Let Someone Else Handle Security
January 20, 2012
10:54 AM -- If you're a customer-facing organization, then security can't take second place behind your services
In Search of Malware
BY Mary Landesman
Mass-Meshing A Gumblar Creation
June 30, 2011
04:52 PM -- Who doesn't love a new buzzword? 'Mass-meshing' is a new term that describes an old problem first presented by the Gumblar attacks in 2009
Hacked Off
BY Mike Rothman
Looking Over The RIM And Into The Chasm
January 25, 2012
01:56 PM -- What security folks need to learn from RIM's stunning downfall
Security Views
BY Andrew Hay
Where's My 'Minority Report' Dashboard?
February 01, 2012
03:43 PM -- Why haven't user interfaces for security products taken advantage of human movement technologies?
Dark Dominion
BY Tim Wilson
Dark Reading Launches New Tech Center On Security And Compliance
August 15, 2011
12:01 AM -- New Compliance Tech Center will cover relationship between security initiatives and compliance initiatives
CS Island
BY Robert Richardson
The SpiderLabs Report
January 29, 2011 | 1 Comments
08:14 AM -- A look at the Trustwave Cyber Crime report
Featured Resources
Security Whitepapers
- What is SaaS, and Should SMBs Consider Using It?
- The Compliance Trap: Compliance for compliance's sake is not a best practice in protecting cardholder data
- Secure Managed Web Hosting Saves 960.gs from Malicious Hackers
- Access Governance as a Business Service: An Integrated Strategy for Automation with ITSM
- Business Driven Access Management and Governance: Simplifying the Delivery and Governance of Access Throughout
14th Annual CSI SurveySecurity pros generally happy with products; not so much with awareness programs
MORE
|
Published:2010-11-03
Severity:High
Description:Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method.
Published:2010-11-03
Severity:High
Description:Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information.
Published:2010-11-03
Severity:Medium
Description:Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.
Published:2010-11-03
Severity:High
Description:Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.
Published:2010-11-03
Severity:Medium
Description:SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033.
