FOLLOW US
Five Ways To Lose A Malicious Insider Lawsuit
May 15, 2012 |
Making the case against an insider takes preparation and proactive work with HR and legal
Cyberspies Target Victims Via 'Strategic' Driveby Website Attacks
May 15, 2012 |
Cyberespionage attackers more and more are injecting specific, legitimate websites with malware in hopes of snaring victims with common interests -- most recently, human rights organizations
Number Of Software Pirates On The Rise
May 15, 2012 |
Fifty-seven percent of respondents said they've pirated software, according to Business Software Alliance study
Why Some SMBs Still Fear The Cloud
May 14, 2012 |
Blind study commissioned by Microsoft shows disparity between those small to midsize businesses that have adopted cloud computing and security-as-a-service and those that have not
Websites Select Security Services To Suppress DDoS, Other Attacks
May 14, 2012 |
Web application firewalls are a popular way to protect sites, but cloud and managed security services offer strong benefits to protect against denial-of-service attacks and compromise
4 Ways To Identify The Real Threats To Your Organization
May 14, 2012 |
Companies looking for better ways of prioritizing their defensive efforts need to look beyond vulnerabilities. How to find the real threats to your business before they find you
What A DDoS Can Cost
Around 65 percent of IT pros say a DDoS costs their organization $240,000 in lost revenue per day of the attack, and one-fifth say it would mean a loss of $1.2 million per day, new survey finds
4 Ways To Identify The Real Threats To Your Organization
Companies looking for better ways of prioritizing their defensive efforts need to look beyond vulnerabilities. How to find the real threats to your business before they find you
Trojans Make Up 80 Percent Of All New Malware
China has the most infected PCs in the world, and six million new pieces of malware appeared in 1Q 2012, new PandaLabs report says
Windows Gets Privacy Boost For DNS
New public-domain 'VPN For DNS' technology encrypts exposed link between Windows machines and DNS
6 Discoveries That Prove Mobile Malware's Mettle
Trojans, botnets, adware, and more are jumping from theoretical to practical
Making Mobile Banking Safe
Banks finding ways to balance security with convenience, but consumers have no way of determining what's safe to use
10 Symptoms Of Check-Box Compliance
These telltale signs show you care more about what the auditors think than what the attackers do
How To Boost Enterprise Security Via FFIEC Compliance
The banking industry's security guidelines might be your ticket to building out your security strategy. Here's how
Compliance Policy Development Do's And Don'ts
Policies are the keystone to good GRC, but many organizations don't write them well
Crypto In The Cloud Secures Data In Spite Of Providers
With companies increasingly worried about their data in the cloud, a number of providers have cropped up to offer various types of encryption
Microsoft Skype IP Leakage Not New, Report Contends
Microsoft says it is investigating a report of a vulnerability that can expose the IP addresses of Skype users
VMware Confirms Hacker Leaked Source Code For ESX Hypervisor
Officials at VMware have confirmed that source code posted on the Web by hacker is legitimate, but said customers may not necessarily be at risk
Cyberspies Target Victims Via 'Strategic' Driveby Website Attacks
Cyberespionage attackers more and more are injecting specific, legitimate websites with malware in hopes of snaring victims with common interests -- most recently, human rights organizations
Targeted Attack Infiltrates At Least 20 Companies
Attackers conducted a sustained espionage campaign against a score of private- and public-sector targets with links to policies of interest to China
IBM Profiles The New CSO, Security Exec
Infosec leaders say their role in the business is maturing, with roughly three-fourths now doing more than just responding to breaches and handling compliance, a new survey reveals
Security Index Marks A Year Of Doing Business Dangerously
The Index of Cyber Security has measured top security officers' sentiment on cyberthreats for more than a year. So what does the index's steady rise mean?
Logs Still Tough To Decipher, SANS Survey Says
More organizations employ log management and SIEM tools, but are still struggling to sort the bad traffic from the good
Dead And Dying Targeted In ID Theft
IDs of 2.5 million dead Americans abused annually, new study shows
New .secure Internet Domain On Tap
'Safe neighborhood' top-level domain will require SSL, DNSSEC, and other security measures for websites
Trustworthy Internet Movement Builds SSL 'Avengers'
Industry's top names in SSL development agree to join task force
Tech Insight: How To Hack The Password Problem
Though they are often the weakest link, passwords aren't going anywhere anytime soon. Here's how to shore up and manage your organization's passwords
Why Some SMBs Still Fear The Cloud
Blind study commissioned by Microsoft shows disparity between those small to midsize businesses that have adopted cloud computing and security-as-a-service and those that have not
Fake Caller ID Attacks On The Rise
"Vishing" attacks increased by 52 percent in the second half of last year
More Than Half Of Cyberattacks Come From Asia
DDoS attacks worldwide on the rise, report finds
BeyondTrust Buys eEye
eEye co-founder Marc Maiffret now CTO of BeyondTrust
FBI Warns Travelers Using Hotel Networks About New Attack
The FBI says attackers are trying to trick users into installing malware with promises of software updates
Linux Users Beware: Patch New Samba Flaw 'Immediately'
Samba bug could spur targeted attacks or a worm -- but not all affected systems will get patched
Mass SQL Injections Spike Again
Experts warn orgs to keep up with patches and sanitize input to mitigate risks
No Exploit Required: How Attackers Exploit Business Logic Flaws
NT Objectives lists the main vectors of attack that exploit not bugs, but weaknesses in an application
7 Ways Oracle Puts Database Customers At Risk
Oracle's missteps during the TNS Poison disclosure debacle highlights its failures in helping customers secure their databases
Websites Select Security Services To Suppress DDoS, Other Attacks
Web application firewalls are a popular way to protect sites, but cloud and managed security services offer strong benefits to protect against denial-of-service attacks and compromise
How To Use Service Providers To Manage DDoS Threats
Distributed denial of service attacks can put your website and your businesss out of commission. Here are some tips on how to mitigate the threat
New Service Lets Users Scramble Data On Social Networks
Scrambls service makes postings unreadable to all but those with permission
Five Ways To Lose A Malicious Insider Lawsuit
Making the case against an insider takes preparation and proactive work with HR and legal
UNC Charlotte Breach Affected More Than 350,000
Data compromise at university is much larger than initially thought, report says
Microsoft Fingers Chinese Firewall/IPS Vendor In Windows Exploit Leak
Chinese firewall and IPS vendor Hangzhou DPTech Technologies kicked out of Microsoft Active Protections Program (MAPP) for its role in disclosure of Windows Remote Desktop (RDP) flaw earlier this year
McAfee and Intel Announce Critical Infrastructure Protection
ForeScout And Fiberlink Team On Fully Integrated NAC And MDM Solution
Infoblox Rolls Out New DNS Caching Appliance
Vaultive Introduces Enterprise-Class Cloud Data Encryption Solution For Hosted Exchange
Beazley Brings State Of The Art Data Breach Protection For Small Firm
Infrax Systems (IFXY) Launches Smart Grid's SPIDer
Abine Launches PrivacyWatch Alert System To Help Facebook Users Protect Their Personal Information
WatchGuard Goes Virtual With Security
Avaya Secures Mobile Collaboration And Bring Your Own Device For Enterprises
PC ADVISOR
Kaspersky Denies It's Working With Apple On Mac Security
MAY 15, 2012
| Security firm denies report it is working on Mac OS X security
WIRED
Popular Surveillance Cameras Open To Hackers, Researcher Says
MAY 15, 2012
| Closed-circuit security cameras are often configured insecurely, leaving them open to hackers, researcher says
THREAT POST
Stolen Certificates Found In Malware Possibly Targeting Tibetan Groups
MAY 15, 2012
| Trend of attackers using stolen digital certificates to mask their malware continues
WIRED
OnStar Files Patents For Minority-Report-Style Billboards
MAY 15, 2012
| Public advertisements could be tailored to individual drivers
F-SECURE
Mobile Threat Report Q1 2012
MAY 15, 2012
| Android Trojans continue to rule the mobile threat roost, study says
ARS TECHNICA
LulzSec Member Pleads Not Guilty To Charges He Hacked Stratfor Website
MAY 15, 2012
| Former hacktivist group member denies hacking global intelligence company and stealing credit card details of 860,000 clients
NETWORK WORLD
Public Vs. Private Cyberattack Responsibility Debate Heats Up
MAY 15, 2012
| What role should government play in requiring private companies to pony up cyberwar defenses? Arguments fly on both sides
BANK INFO SECURITY
Is Global Payment Inc.'s Breach Growing?
MAY 15, 2012
| Sources say 7 million cards may have been exposed
A look at the 25 most popular stories ever posted on the pages of Dark Reading.
- Security Pros With Written Career Plans Make More Money
- 'Robin Sage' Profile Duped Military Intelligence, IT Security Pros
- Criminals Hide Payment-Card Skimmers Inside Gas Station Pumps
- Anatomy Of A Targeted, Persistent Attack
- Security's Top 4 Social Engineers Of All Time
- Six Messy Database Breaches So Far In 2010
- Kaminsky Issues Developer Tool To Kill Injection Bugs
- Spear-Phishing Attacks Out Of China Targeted Source Code, Intellectual Property
- Slideshow: Fashion Statements From Defcon 2010
- Turkish Hackers Take Out Top Porn Site
- Attack Unmasks User Behind The Browser
- Five Ways To (Physically) Hack A Data Center
- New IM Worm Spreading Fast
- Facebook's Security Team Frustrates Cybercriminals
- 'Aurora' Exploit Retooled To Bypass Internet Explorer's DEP Security
- U.S. Fails Test In Simulated Cyberattack
- Six Healthcare Data Breaches That Might Make Security Pros Sick
- Secure USB Flaw Exposed
- Suspected Child Porn Hub Taken Offline
- Why Employees Break Security Policy (And What You Can Do About It)
- N.J. Supreme Court Rules Employers Can't Always Read Personal Email
- Social Engineering, The USB Way
- Antivirus Rarely Catches Zbot Zeus Trojan
- 7 Steps For Protecting Your Organization From 'Aurora'
- Busted Alleged Russian Spies Used Steganography To Conceal Communications
Take The Value of Information Security Certifications Survey
Just what value information security certifications really provide the security professional is a widely debated topic. Information Security Leaders, an independent security career website, wants to hear from you, the information security pro, on whether these certifications are meaningless or valuable to your career. Take the anonymous survey on how security pros feel about this topic here. You can also receive the final results via email.
Free Vulnerability Management Trial
Qualys is offering a free 14-day trial of its vulnerability management solution, which helps enterprises identify, fix, and report on network security threats.
Free Security Tools from Sophos
Scan for security risks, threats, rootkits and unauthorized applications.
Info-Tech Research Group
A specialist in small and medium-sized businesses, Info-Tech offers a different perspective than research houses that focus on the Fortune 1000.
Sponsored Resource Center
Current Issue
In this issue:
- Close The Door On Data Leaks: Stop insider theft and accidental disclosure with network and host controls--and don't forget to keep employees on their toes.
- Make Security Everyone's Business: Even the best data leak prevention tools will fail if employees don't make security a priority.
- Lessons From The Global Payments Breach: Recent attack underscores problems with knowledge-based authentication and perimeter defense.
- FTC Proposes "Privacy By Design": The agency's privacy guidelines could raise issues for e-commerce and online advertising.
Video
- Best Practices in SMB Desktop Virtualization
- The Business Value of Data Quality – Getting the Most out of Your Investments in Data Warehousing and Data Analytics
- Collaborative DevOps: Bridging the gap between development and operations with automation
- Best Practices for Improving Database Testing: Upgrades, migrations, business growth and more - ensuring you can handle the workload!
- The IBM X-Force 2011 Trend Report: Combat data security threats
Evil Bytes
BY John H. Sawyer
Analyzing Android, iOS Apps For Weak Data Protection, Cleartext Passwords
May 04, 2012
02:54 PM -- Analysis reveals mobile apps designed to protect things like photos and passwords do a poor job, often storing them in plain text with no encryption at all.
SophosLabs Insights
BY Brian Royer, Sophos
Where In Hacking The Ends Justify The Means
May 08, 2012
09:00 AM -- Do some 'ethical hackers' really have your best interest at heart, or are they more interested in making your private information public?
Hacked Off
BY Mike Rothman
PCI: Dead Man(date) Walking?
April 25, 2012
03:04 PM -- Is Visa's program to eliminate the requirement for assessments in lieu of EMV (chip and pin) transactions the death knell for PCI? Not yet, but the writing is on the wall
Security Views
BY Glenn S. Phillips
Screw Compliance, We're Trying to Survive
May 08, 2012
09:13 AM -- In tough times, compliance efforts may seem optional
Dark Dominion
BY Tim Wilson
Dark Reading Launches New Tech Center On Threat Intelligence
May 14, 2012
09:27 AM -- Subsite of Dark Reading will look at collection and analysis of data on emerging threats
Featured Resources
Security Whitepapers
- What is SaaS, and Should SMBs Consider Using It?
- The Compliance Trap: Compliance for compliance's sake is not a best practice in protecting cardholder data
- Secure Managed Web Hosting Saves 960.gs from Malicious Hackers
- Access Governance as a Business Service: An Integrated Strategy for Automation with ITSM
- Business Driven Access Management and Governance: Simplifying the Delivery and Governance of Access Throughout
14th Annual CSI SurveySecurity pros generally happy with products; not so much with awareness programs
MORE
|
Published:2010-11-03
Severity:High
Description:Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method.
Published:2010-11-03
Severity:High
Description:Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information.
Published:2010-11-03
Severity:Medium
Description:Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.
Published:2010-11-03
Severity:High
Description:Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.
Published:2010-11-03
Severity:Medium
Description:SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033.
