FOLLOW US
New Banking Trojan Discovered Targeting Businesses' Financial Accounts
Feb 09,2010 |
Bugat Trojan spread via the Zbot/Zeus botnet, say SecureWorks researchers
Federal CTO Position Needs Formal Description: Report
Feb 09,2010 |
Without a clear definition, 'it may be difficult for the CTO to affect change in individual federal agencies or systemically throughout the federal government,' states Congressional Research Service report
Researchers Develop Code That Stops Local Scanning Worms
Feb 08,2010 |
In tests, algorithm was an efficient estimator of worm virulence and could determine the size of the susceptible host population after only a few infections
Hacker Unleashes BlackBerry Spyware Source Code
Feb 08,2010 |
Proof-of-concept demonstrates ease at which mobile spyware can be created to pilfer text messages and email, eavesdrop, and track victim's physical location via smartphone's GPS
Product Watch: New Tool Automatically Examines Suspicious Code In Memory
Feb 08,2010 |
HBGary Responder Professional 2.0 analyzed malware behavior in the Operation Aurora in five minutes
'Rugged' Initiative Brings Secure Software Development To The Masses
Feb 05,2010 |
Rugged Software Development initiative an 'on-ramp' for all types of programmers to write resilient code
New Banking Trojan Discovered Targeting Businesses' Financial Accounts
Bugat Trojan spread via the Zbot/Zeus botnet, say SecureWorks researchers
GAO Report: NASA Still Facing Weaknesses In IT Security
Sensitive information, systems at space agency continue to be at risk, testimony says
Test: Most Web Application Scanners Missed Nearly Half Of Vulnerabilities
Tools were scanning their own test Websites
Product Watch: New Tool Automatically Examines Suspicious Code In Memory
HBGary Responder Professional 2.0 analyzed malware behavior in the Operation Aurora in five minutes
Database Account-Provisioning Errors A Major Cause Of Breaches
Database accounts are often managed manually -- if at all
Hospitality Industry Hit Hardest By Hacks
Trustwave report on data breach investigations shows hotels were breached more than financial institutions last year, and nearly all attacks were after payment-card data
China Shutters Hacker 'Boot Camp'
Black Hawk Safety Net trained thousands of cybercriminals, authorities say
Hacker Unleashes BlackBerry Spyware Source Code
Proof-of-concept demonstrates ease at which mobile spyware can be created to pilfer text messages and email, eavesdrop, and track victim's physical location via smartphone's GPS
Product Watch: Security Scoreboard Goes Live
New site brings security vendors and products under one roof, along with customer reviews
'Rugged' Initiative Brings Secure Software Development To The Masses
Rugged Software Development initiative an 'on-ramp' for all types of programmers to write resilient code
IBM ISS Researcher Exposes Holes In Cisco's Internet Surveillance Architecture
Wiretapping architecture could be abused by individuals under surveillance and outside attackers; Cisco reviews recommended fixes
Majority Of Online Banking Customers Use Same Credentials On Other Less-Secure Websites
Trusteer data finds that 73 percent use the same password for their online banking account on at least one nonfinancial Website
Cellcrypt Offers Free 90-Day Secure Calling Trial For BlackBerry Smartphone Users
McAfee Upgrades Consumer Security Product Line
BigFix Offers 10% Discount In The Spirit Of IT Dinosaur Awards
Security Startup Rolls Out File Security System
Smart Card Alliance Healthcare Council Plans Identity Management Focus For Upcoming Year
CA Extends Web Access Security Technology
SPYRUS Ships Secure Storage Devices With FIPS 140-2 Encryption
ENISA: 17 Golden Rules To Combat Online Risks For Mobile Social Networking
MICROSOFT
Microsoft Offers Deployment Advice On 13 New Patches
FEBRUARY 9, 2010
| Big Patch Tuesday addresses 26 vulnerabilities, software giant says
CNET
FBI Wants Records Kept Of Websites Visited
FEBRUARY 9, 2010
| Agency wants ISPs to keep site visit records for up to two years
IT WORLD
Can You Trust Chinese Computer Equipment?
FEBRUARY 9, 2010
| Observers suggest that China's hardware might be deliberately bugged before distribution
SEARCH SECURITY
'Sexting' Case In Supreme Court Should Prompt Review Of Employee Policies
FEBRUARY 9, 2010
| Court could rule that practice overrules policy in determining reasonable expectation of privacy
CNET
Verizon Temporarily Blocks Some 4Chan Sites
FEBRUARY 9, 2010
| Some affiliate sites may have been launching network attacks, report says
COMPUTER WEEKLY
Two-Thirds Of Online Banking Credentials Are Shared
FEBRUARY 9, 2010
| Study says most consumers use the same password for banking as they use for other sites
COMPUTERWORLD
The Top Five Mistakes Of Privacy Awareness Programs
FEBRUARY 9, 2010
| Having a few training courses doesn't constitute a true awareness program, experts say
FINEXTRA
Bank Slammed After Hackers Steal $378,000 From Poughkeepsie
FEBRUARY 9, 2010
| Bad guys broke into town's account, stole money and transferred it to Ukraine
A look at the 25 most popular stories ever posted on the pages of Dark Reading.
- Four Threats for '09 That You've Probably Never Heard Of (Or Thought About)
- PHPBB Password Analysis
- New Phishing Attack Targets Online Banking Sessions With Phony Popups
- IDC Report: Most Insider Leaks Happen By Accident
- Tech Insight: SQL Injection Demystified
- Researchers Build Anonymous, Browser-Based 'Darknet'
- Test Results: 2009 Anti-Malware Suites Better at Sniffing Out Threats
- Researchers Hack Faces In Biometric Facial Authentication Systems
- The 6 Worst Cloud Security Mistakes
- Hacking The Router Patching Conundrum
- Turkish Hackers Take Out Top Porn Site
- Social Engineering, the USB Way
- Weaponizing Apple's iPod Touch
- Defcon: New Hack Hijacks Application Updates Via WiFi
- How Hackers Will Crack Your Password
- Widespread Confickr/Downadup Worm Hard To Kill
- Drive-By 'War Cloning' Attack Hacks Electronic Passports, Driver's Licenses
- The Seven Deadliest Social Networking Hacks
- 'Mafiaboy': Cloud Computing Will Cause Internet Security Meltdown
- Researchers Take Over Dangerous Botnet
- New Trojan Attack Masquerades As CNN News Report On Gaza
- 6 Tips For Doing More Security With Less
- Heartland Struggles To Measure Extent Of Massive Security Breach
- Visa Tests Credit Card With Random Number Generator
- Researchers To Unleash Backbone-Hacking Tools At Black Hat Europe
Free Vulnerability Management Trial
Qualys is offering a free 14-day trial of its vulnerability management solution, which helps enterprises identify, fix, and report on network security threats.
Free Security Tools from Sophos
Scan for security risks, threats, rootkits and unauthorized applications.
Info-Tech Research Group
A specialist in small and medium-sized businesses, Info-Tech offers a different perspective than research houses that focus on the Fortune 1000.
Video
Featured Resources
Security Whitepapers
- All Roads Lead to Rome: How Cyber Terrorists are Exploiting Digital America" with Tom Kellermann
- The Tangled Web: Silent Threats & Invisible Enemies
- Selecting Your Hosted Security Service Provider: What Every IT Manager Needs to Know
- From the Field: A Hacker's Story
- Testing Role-based Authorization Controls in Websites
- eBay: How the World.s Online Marketplace Secures itself
13th Annual CSI SurveyTargeted attacks, DNS exploits are on the rise, according to the 2008 CSI Computer Crime and Security Survey
MORE
Company: Beyond.com
Location: King of Prussia, PA
Posting Date: Posted 07/17/09
MORE INFO
Company: Univ of Maryland
Location: Adelphi, MD
Posting Date: Posted 07/17/09
MORE INFO
Company: US Census Bureau
Location: Freehold, NJ
Posting Date: Posted 07/17/09
MORE INFO
Company: BAE Systems
Location: Washington, DC
Posting Date: Posted 07/17/09
MORE INFO
Company: BAE Systems
Location: Mclean, VA
Posting Date: Posted 07/17/09
MORE INFO
|
Published:2010-01-22
Severity:High
Description:SUSE Linux Enterprise 10 SP3 (SLE10-SP3) configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions.
Published:2010-01-22
Severity:High
Description:The URL validation functionality in Microsoft Internet Explorer 7 and 8 does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
Published:2010-01-22
Severity:Medium
Description:ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.
Published:2010-01-22
Severity:High
Description:Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531.
Published:2010-01-22
Severity:High
Description:Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0246.
