FOLLOW US
Avoid Putting IT In A GRC Vacuum
Feb 13, 2012 |
When infosec pros are asked to set security and compliance policies with no line-of-business input, problems are inevitable
Ambient Cloud Reduces Costs, Boosts Security
Feb 13, 2012 |
Distributed -- or ambient -- cloud storage requires that users chip in by providing disk space and gives them equivalent space in the cloud. Can storing others' data locally be secure?
StopTheHacker Launches
Feb 13, 2012 |
New Web security-as-a-service firm comes out of stealth mode with new funding and new services
Hactivists Take Down CIA's Website
Feb 13, 2012 |
Hit by apparent DDoS, website has been experiencing intermittent period of inaccessibility since Friday
Five Tactical Security Metrics To Watch
Feb 10, 2012 |
Wondering how secure the corporate network is? Here's five operational security metrics that can help. First of a two part series
Tech Insight: Penetration-Testing Your Cloud Provider
Feb 10, 2012 |
Vulnerability assessments and penetration tests can be a great way to validate the security posture of these organizations
Secure Coding Practices Out The Window With Mobile Apps
Developers not applying secure development life cycle practices in mobile app production
Hopping Aboard The Mobile Payment Bandwagon? Bring A Helmet
Implementing mobile payment systems presents a high risk, high reward opportunity
When Good Apps Go Bad
Experts warn that many otherwise non-malicious mobile apps are trampling privacy with overgenerous device permissions
Avoid Putting IT In A GRC Vacuum
When infosec pros are asked to set security and compliance policies with no line-of-business input, problems are inevitable
Big Data Could Create Compliance Issues
The bigger data sets grow, the harder compliance could become
EU's More Stringent Data Privacy Proposal Poses Challenges For Businesses
Proposed changes to data privacy laws in Europe have garnered mixed praise
Ambient Cloud Reduces Costs, Boosts Security
Distributed -- or ambient -- cloud storage requires that users chip in by providing disk space and gives them equivalent space in the cloud. Can storing others' data locally be secure?
Tech Insight: Penetration-Testing Your Cloud Provider
Vulnerability assessments and penetration tests can be a great way to validate the security posture of these organizations
Cloud Means More Secure Remote Access
Connecting hosts running remote-access services directly to the Internet is so last decade. Instead, companies look to move to cloud-enabled services or virtual desktop infrastructure.
When And How Attackers Are Owning Businesses
New Truswave SpiderLabs breach report highlights risky passwords, emails, and timing
Smarter, Stealthier, Sneakier Malware
From Stuxnet to Duqu to new incarnations of Zeus, sophisticated attacks are becoming more numerous -- and harder to stop
'Factory Outlets' Selling Stolen Facebook, Twitter Credentials At Discount Rates
Are cybercriminals' inventory overstocked? New bulk sales pitch could be an indication, researchers say
Five Tactical Security Metrics To Watch
Wondering how secure the corporate network is? Here's five operational security metrics that can help. First of a two part series
Does SIEM Make Sense For Your Company?
Ten questions to ask before implementing SIEM technology -- and how to choose the right system for your enterprise
FBI Seeks 'Automated Search And Scrape' Of Social Networks
Agency issues RFI for technology to quickly find and surface 'events' via search of social networks, news sites
Researcher Cracks Google Wallet PIN
Fix for vulnerability could require banks to take over some of security responsibility
VeriSign Breach May Actually Reaffirm Commitment To CA Model
Proposals like DANE to roll up certificate issuance into DNS show that trusting domain registrars just as risky as trusting CAs
Google, Facebook, Bank Of America Behind New Email Security Standard
New specification for preventing phishing and email domain abuse likely to help email security, but will enterprises adopt it?
More Than Half Of Cyberattacks Come From Asia
DDoS attacks worldwide on the rise, report finds
Top 10 Security Mistakes SMBs Make
SMBs need to work on fundamental security errors to reduce risk of costly incidents
Half Of All The World's Spam Now Out Of Asia
New 'Dirty Dozen' spam report still has the U.S. as the number one spammer, but South Korea becoming a major producer as well
How (And Why) Attackers Choose Their Targets
To build a sure defense, you need to know what makes you a juicy target. Here are some tips
Can Glass-Box Scanning Find Your Real Bugs?
When it works, hybrid -- or 'glass-box' scanning -- combines dynamic, black-box analysis with static, white-box code analysis to find bugs and cut down on false positives
Adobe Calls For Defensive Approach In Security Research
Mitigation methods the emphasis at Adobe
How To Defend Your Database From Malicious Insiders
The biggest threat to your sensitive information might be those who are authorized to access it. Here are some tips on how to defend your organization
CJIS Rules Not Impossible To Comply With, But It'll Cost Ya
Database security and encryption pros say requirements are not unreasonable
Law Enforcement Ups Its Game In Cybercrime
New data from Trustwave SpiderLabs shows how law enforcement agencies worldwide are getting better at catching cybercriminals -- but it's still a major chase
StopTheHacker Launches
New Web security-as-a-service firm comes out of stealth mode with new funding and new services
Más DDoS: More Powerful, Complex, And Widespread
New DDoS reports highlight evolving M.O. of DDoS and DoS attacks and increased firepower
Gartner: Security Services Spending On Pace For Record Growth
Many enterprises looking to managed security services to save on operational costs, Gartner report says
Have Your Users' Passwords Already Been Hacked?
If employees use their same password at work and in their personal lives, another company's breach may weaken your own security. Five steps to mitigate the risk
How To Spot A Fake Facebook Profile
Barracuda Networks gathers telltale characteristics of the phony Facebook "Friend"
Study: The Aftermath Of A Breach
New Ponemon-Experian study highlights organizations' top priorities following a data breach
Experian Data Breach Resolution Launches Innovative Mobile Application for First Responders
NEC Adds CA Technologies Advanced Authentication To Provide A Robust Security Service From The Cloud
HiSoftware Releases New SharePoint DLP Solution
Trend Micro Extends Web Security Services To PlayStation Vita; Available Worldwide
ControlScan Launches ProTect Managed Security Services
New, Free Online Privacy Tool For Consumers Unveiled
F5’s Certified Firewall Protects Against Large-Scale Cyber Attacks On Public-Facing Websites
Akamai Reports Fourth Quarter 2011 And Full-Year 2011 Financial Results
Websense Reports Record Revenues For Fourth Quarter And Fiscal Year 2011
THE HUFFINGTON POST
Tunes Hack: Users Report Unauthorized Charges On Accounts
FEBRUARY 13, 2012
| Global Mail investigation concludes iTunes may have been hacked as far back as 2010, but Apple is neither confirming nor denying this
THREAT POST
Mozilla Fixes Critical Flaw In Firefox
FEBRUARY 13, 2012
| New version of Mozilla Firefox -- 10.0.1 -- includes a fix for a critical use-after-free bug in the browser
THE HACKER NEWS
Al Jazeera News Network Hacked By Syrian Hackers
FEBRUARY 13, 2012
| Syrian hacktivist group targeted Al Jazeera's website in support of the government's actions in the country
CSO ONLINE
FBI Call Participants 'Made It Easy' For Anonymous To Break In
FEBRUARY 13, 2012
| Investigators say it's likely that someone e-mailed to his or her private e-mail account the location number and password of the FBI-Scotland Yard conference call, and that private e-mail account was hacked by Anonymous, which was able to snoop on the call
FSECURE BLOG
Cryptome Hacked
FEBRUARY 13, 2012
| Cryptome.org, a site that posts items on freedom of speech, cryptography, spying, and surveillance, has been hacked and infused with malicious code based on the Blackhole crimeware kit
GOOGLE BLOG
Protecting Your Payments With Google Wallet
FEBRUARY 13, 2012
| Google warns Google Wallet users not to disable security functions to gain system-level "root" access to their phones, which would render Wallet's security features useless
CANADA.COM
Evil Shadow Team Hacks Microsoft India
FEBRUARY 13, 2012
| Microsoft is investigating an attack by hackers on its Indian retail website, reportedly carried out by a Chinese group called the "Evil Shadow Team"
THREAT POST
Hackers Hit Alabama, Mexican Government Websites
FEBRUARY 13, 2012
| Hackers associated with Anonymous claim to be behind hacks of government websites in Alabama and Mexico, including the theft of personal information on more than 46,000 people
A look at the 25 most popular stories ever posted on the pages of Dark Reading.
- Security Pros With Written Career Plans Make More Money
- 'Robin Sage' Profile Duped Military Intelligence, IT Security Pros
- Criminals Hide Payment-Card Skimmers Inside Gas Station Pumps
- Anatomy Of A Targeted, Persistent Attack
- Security's Top 4 Social Engineers Of All Time
- Six Messy Database Breaches So Far In 2010
- Kaminsky Issues Developer Tool To Kill Injection Bugs
- Spear-Phishing Attacks Out Of China Targeted Source Code, Intellectual Property
- Slideshow: Fashion Statements From Defcon 2010
- Turkish Hackers Take Out Top Porn Site
- Attack Unmasks User Behind The Browser
- Five Ways To (Physically) Hack A Data Center
- New IM Worm Spreading Fast
- Facebook's Security Team Frustrates Cybercriminals
- 'Aurora' Exploit Retooled To Bypass Internet Explorer's DEP Security
- U.S. Fails Test In Simulated Cyberattack
- Six Healthcare Data Breaches That Might Make Security Pros Sick
- Secure USB Flaw Exposed
- Suspected Child Porn Hub Taken Offline
- Why Employees Break Security Policy (And What You Can Do About It)
- N.J. Supreme Court Rules Employers Can't Always Read Personal Email
- Social Engineering, The USB Way
- Antivirus Rarely Catches Zbot Zeus Trojan
- 7 Steps For Protecting Your Organization From 'Aurora'
- Busted Alleged Russian Spies Used Steganography To Conceal Communications
Take The Value of Information Security Certifications Survey
Just what value information security certifications really provide the security professional is a widely debated topic. Information Security Leaders, an independent security career website, wants to hear from you, the information security pro, on whether these certifications are meaningless or valuable to your career. Take the anonymous survey on how security pros feel about this topic here. You can also receive the final results via email.
Free Vulnerability Management Trial
Qualys is offering a free 14-day trial of its vulnerability management solution, which helps enterprises identify, fix, and report on network security threats.
Free Security Tools from Sophos
Scan for security risks, threats, rootkits and unauthorized applications.
Info-Tech Research Group
A specialist in small and medium-sized businesses, Info-Tech offers a different perspective than research houses that focus on the Fortune 1000.
Sponsored Resource Center
Current Issue
In this issue:
- Digital Detectives: The right forensic tools in the right hands are just a start. Here's how to better apply the lessons they teach.
- Take The Offensive: It's time to be proactive, not reactive, with digital forensics.
- And much more!
- Read the Current Issue
Video
Evil Bytes
BY John H. Sawyer
Passive Network Fingerprinting; p0f Gets Fresh Rewrite
February 03, 2012
02:19 PM -- Passive network analysis can reveal OS, service, and even vulnerabilities -- just by sniffing the network
SophosLabs Insights
BY Chester Wisniewski
We Make Widgets -- Let Someone Else Handle Security
January 20, 2012
10:54 AM -- If you're a customer-facing organization, then security can't take second place behind your services
In Search of Malware
BY Mary Landesman
Mass-Meshing A Gumblar Creation
June 30, 2011
04:52 PM -- Compromised and backdoored websites are frequently used interchangeably to act as conduit, redirector, and malware host.
Hacked Off
BY Mike Rothman
Looking Over The RIM And Into The Chasm
January 25, 2012
01:56 PM -- What security folks need to learn from RIM's rapid and accelerating downfall...
Security Views
BY Taher Elgamal
On Determining Online Identities
February 10, 2012
01:19 PM -- Forging a stronger tie between the sign-on process and the actual known user who owns that particular account
Dark Dominion
BY Tim Wilson
Dark Reading Launches New Tech Center On Security And Compliance
August 15, 2011
12:01 AM -- New Dark Reading Compliance Tech Center will cover relationship between security initiatives and compliance initiatives
CS Island
BY Robert Richardson
The SpiderLabs Report
January 29, 2011 | 1 Comments
08:14 AM -- A look at the Trustwave Cyber Crime report
Featured Resources
Security Whitepapers
- What is SaaS, and Should SMBs Consider Using It?
- The Compliance Trap: Compliance for compliance's sake is not a best practice in protecting cardholder data
- Secure Managed Web Hosting Saves 960.gs from Malicious Hackers
- Access Governance as a Business Service: An Integrated Strategy for Automation with ITSM
- Business Driven Access Management and Governance: Simplifying the Delivery and Governance of Access Throughout
14th Annual CSI SurveySecurity pros generally happy with products; not so much with awareness programs
MORE
|
Published:2010-11-03
Severity:High
Description:Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method.
Published:2010-11-03
Severity:High
Description:Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information.
Published:2010-11-03
Severity:Medium
Description:Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.
Published:2010-11-03
Severity:High
Description:Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.
Published:2010-11-03
Severity:Medium
Description:SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033.
