FOLLOW US
New Tool Exposes Stealthy Metasploit Hack
Jul 02,2009 |
Researchers will demonstrate forensics tool, technique for unmasking attacks using Metasploit's stealthy Meterpreter anti-forensics function
Month Of Twitter Bugs Goes Live With Mini-URL Flaws
Jul 01,2009 |
Researcher launches Day One of daily third-party Twitter app vulnerability disclosures, while some members of Twitter christen July 1 "TwitterSec Day"
'Mafiaboy': Cloud Computing Will Cause Internet Security Meltdown
Jun 30,2009 |
Notorious black-hat hacker warns that cloud-based computing will be "extremely dangerous," and explains how he got into hacking at age 15
NAC Appliances Hardest Hit In Network Security By Economic Downturn, Report Says
Jun 29,2009 |
But Infonetics expects the NAC appliance market to rebound big time by 2013, to around $700 million
Tech Insight: Database Security -- The First Three Steps
Jun 26,2009 |
Protecting sensitive data means locating and enumerating the information in your databases -- and finding the right method to secure it
Booming Underground Economy Makes Spam A Hot Commodity, Expert Says
Jun 25,2009 |
$10 might be enough to reach 1 million users, MessageLabs researcher warns
Tech Insight: Database Security -- The First Three Steps
Protecting sensitive data means locating and enumerating the information in your databases -- and finding the right method to secure it
Massachusetts Worker Accused Of Using Database In ID Theft Scheme
Employee at medical cost management firm allegedly used doctors' personal information to obtain credit cards
Oracle Users Struggle With Patch Management
Despite new tools that speed deployment, many administrators are still far behind
'Mafiaboy': Cloud Computing Will Cause Internet Security Meltdown
Notorious black-hat hacker warns that cloud-based computing will be "extremely dangerous," and explains how he got into hacking at age 15
OWASP: Security Spending Remains Mostly Unchanged With Cloud Computing
New Open Web Application Security Project report finds enterprises aren't sufficiently verifying cloud providers' security, either
Study: Social Network Users Put Their Data At Risk
Users of Facebook, LinkedIn, Twitter leave themselves -- and their wallets -- open to attack
Security Guard Busted For Hacking Hospital's HVAC, Patient Information Computers
"GhostExodus" bragged about his breaches on YouTube, and tried to rally fellow hackers to conduct a massive DDoS attack
NAC Appliances Hardest Hit In Network Security By Economic Downturn, Report Says
But Infonetics expects the NAC appliance market to rebound big time by 2013, to around $700 million
CISOs Say Insiders Are Greatest Threat To Data
In study, 80 percent say they're more concerned about employees and contractors
BitDefender: Trojans Total Half Of BitDefender's Top Ten E-Threats For June
Survey: More Than Half Of Firms Plan To Secure Social Networking Use
41st Parameter Names J. Peter Selda CEO
Merchants Launches SmartIDentity ID Theft Recovery Protection
Absolute Helps Police Break Possible Identity Theft Ring
Oracle Unveils Phase One Of Identity Management 11g
Survey: Even IT Professionals Can't Be Bothered With Passwords
Firethorn Increases Mobile Banking Security App With Full PCI Compliance
InternetSafety.com Urges Parents To Child-Proof Apple iPhone
Webroot Enhances Web, Email, Data Security With New SaaS Releases
SECURITY FOCUS
Juniper Pulls Talk On ATM Vulnerabilities
JULY 2, 2009
| Researchers agree to withhold disclosure of flaws until vendor can fix them
NETWORK WORLD
New Trojan Puts Sneaky Twist On Click Fraud
JULY 2, 2009
| Malware invisibly funnels search queries through its own site, cheating Google out of money
CHINA DAILY
Plug Not Pulled On Green Dam
JULY 2, 2009
| Despite delay, China says controversial Internet filter requirement will go forward
WASHINGTON POST
Obama Administration To Involve NSA In Defending Civilian Agency Networks
JULY 2, 2009
| Department of Homeland Security chief says NSA's involvement will be "guided"
BCS
Cybercriminals Target New Harry Potter Film
JULY 2, 2009
| Fans should wait until legitimate sources are available before downloading film, security firm says
IT-DIRECTOR.COM
Finjan: Second Indian Government Website Hacked By Cybercriminals
JULY 2, 2009
| New attack takes place despite stepped-up security
NETWORK WORLD
Cybersecurity Boondoggle?
JULY 2, 2009
| Developments suggest federal efforts to promote cybersecurity may already be out of control
COMPUTERWORLD UK
Forrester: Don't Take Cloud-Based Mail Security At Face Value
JULY 2, 2009
| Users should ask hard questions before choosing a provider, analyst firm says
A look at the 25 most popular stories ever posted on the pages of Dark Reading.
- Five Coolest Hacks of 2007
- Social Engineering, the USB Way
- The World's Biggest Botnets
- New DOS Attack Is a Killer
- The Seven Deadliest Social Networking Hacks
- Antivirus Tools Underperform When Tested in Linux "Fight Club"
- Antivirus Inventor: Security Pros Are Wasting Their Time
- Researchers Find Method to Quickly Erase Hard Drives
- Ten Hot Security Startups
- Eight Vulnerabilities You May Have Misse
- How to Turn Your Browser Into a Weapon
- The Ten Biggest Myths of IT Security
- What to Do When Your Security's Breached
- The Ten Most Dangerous Things Users Do Online
- Social Engineering, the Shopper's Way
- Vint Cerf: Father Knows Best
- Hackers Reveal Vulnerable Websites
- Black Hat Woman
- DailyDave: Full Disclosure
- Teen Hacker Grows Up
- China Makes "Most Successful Cyber Attack Ever" On Pentagon
- TJX Breach Skewers Banks, Customers
- VA Reports Massive Data Theft
- Schneier On Schneier
- Medical IT Contractor Folds After Breaches
Free Security Tools from Sophos
Scan for security risks, threats, rootkits and unauthorized applications.
Info-Tech Research Group
A specialist in small and medium-sized businesses, Info-Tech offers a different perspective than research houses that focus on the Fortune 1000.
Evil Bytes
BY John H. Sawyer
It's Time To Take Bot Infections Seriously
July 1, 2009
03:26 PM -- The soapbox is a place I hate to be, but sometimes a topic just rubs me raw enough that I climb up to try and get my point across. The topic of bots, botnets, and their impact on corporate data is one of those issues.
SophosLabs Insights
BY Graham Cluley
Spammers Scramble To Exploit Michael Jackson's Death
June 26, 2009
10:29 AM -- It took a mere eight hours for cybercriminals to take advantage of the death of pop superstar Michael Jackson.
Hacked Off
BY Rich Mogull
The Only Two Reliable Cloud Security Controls
July 2, 2009
05:00 PM -- It seems that we in the information technology profession are just as fickle as the fashionistas strutting around Milan or New York. While we aren't quite as locked to a seasonal schedule, we do have a tendency to fawn over the latest technology advances as if they were changing colors or hem lengths. Some are new, some are old, some are incredibly ...
Dark Dominion
BY Tim Wilson
Dark Reading Launches Database Security Tech Center
June 16, 2009
09:23 AM -- Today Dark Reading launches a new feature: the Database Security Tech Center, a subsite of Dark Reading devoted to bringing you news, product information, opinion, and analysis specifically focused on the topic of database security.
CS Island
BY Sara Peters
EU Group: Social Networks, Thirty-Party App Developers Subject To EU Privacy Laws
June 25, 2009
01:57 PM -- I just took a close look at the Article 29 Data Protection Working Party's opinion report on online social networking. While some of its recommendations are what you'd expect, others came as a surprise.
Featured Resources
13th Annual CSI SurveyTargeted attacks, DNS exploits are on the rise, according to the 2008 CSI Computer Crime and Security Survey
MORE
Life Insurer Takes New Approach to Two-Factor Authentication
Cryptocard technology helps Kansas City Life get the handle on a thorny access problem
MORE
Stanford Medical School's Rx: Anomaly Detection
Appliance helps minimize bot, malware infections
MORE
Company: Boeing
Location: Anaheim, CA
Posting Date: Posted 07/02/09
MORE INFO
Company: Osram Sylvania
Location: Danvers, MA
Posting Date: Posted 07/02/09
MORE INFO
Company: D. E. Shaw
Location: New York, NY
Posting Date: Posted 07/02/09
MORE INFO
Company: KForce
Location: Saint Louis, MO
Posting Date: Posted 07/02/09
MORE INFO
Company: Boeing
Location: Anaheim, CA
Posting Date: Posted 07/02/09
MORE INFO
|
Published:2009-06-23
Severity:High
Description:The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a negative value for the stream offset in a JPEG2000 (aka JPX) stream, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an out-of-bounds read.
Published:2009-06-23
Severity:High
Description:The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a fatal error during decoding of a JPEG2000 (aka JPX) header, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an invalid memory access.
Published:2009-06-23
Severity:High
Description:Buffer overflow in the browser kernel in Google Chrome before 2.0.172.33 allows remote HTTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted response.
Published:2009-06-23
Severity:Medium
Description:Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in the Radio and TV Player addon for vBulletin allows remote registered users to inject arbitrary web script or HTML via the station parameter.
Published:2009-06-23
Severity:Low
Description:The LAN game feature in Carom3D 5.06 allows remote authenticated users to cause a denial of service (application hang) via a crafted HTTP request to TCP port 28012.
