FOLLOW US
INTERPOL Set To Open Global Cybercrime Center In 2014
Feb 03, 2012 |
Director of cybersecurity at INTERPOL working on secure online presence for police worldwide to work together on cybercrime cases
Can Glass Box Scanning Find Your Real Bugs?
Feb 03, 2012 |
When it works, hybrid -- or "glass box" scanning -- combines dynamic, black-box analysis with static, white-box code analysis to find bugs and cut down on false positives.
Slide Show: Technologies That Are Changing The Sports Security Game
Feb 03, 2012 |
Digital technology is increasingly playing a major role in sports security operations
Adobe Calls For Defensive Approach In Security Research
Feb 02, 2012 |
Mitigation methods the emphasis at Adobe
Poisoning The Data Well
Feb 01, 2012 |
A Q&A with Forrester's John Kindervag about how encryption makes data worthless to the criminals
Attackers Divert Bank Phone Calls to Cover Tracks
Feb 01, 2012 |
Researchers at Trusteer uncover banking malware that steals telephone information to help attackers re-route calls from banks alerting customers to fraud.
Hopping Aboard The Mobile Payment Bandwagon? Bring A Helmet
Implementing mobile payment systems presents a high risk, high reward opportunity
When Good Apps Go Bad
Experts warn that many otherwise non-malicious mobile apps are trampling privacy with overgenerous device permissions
QR Code Malware Picks Up Steam
Attackers tricking users into scanning fake QR codes that lead to malicious sites and apps
Big Data Could Create Compliance Issues
The bigger data sets grow, the harder compliance could become
EU's More Stringent Data Privacy Proposal Poses Challenges For Businesses
Proposed changes to data privacy laws in Europe have garnered mixed praise
The Day (Some Of) The Web Went Dark
Online protests today of SOPA/PIPA legislation blur future of anti-piracy efforts as several legislators back down
Cloud Means More Secure Remote Access
Connecting hosts running remote-access services directly to the Internet is so last decade. Instead, companies look to move to cloud-enabled services or virtual desktop infrastructure.
Facebook Hit By Classic Worm Attack
Zeus Trojan spreads when user views 'photos,' Facebook now blocking malicious domains spreading the attack
Cloud Services Credentials Easily Stolen Via Google Code Search
After finding many cloud access credentials using simple code search, researchers conclude public cloud services are not safe for storing sensitive data
INTERPOL Set To Open Global Cybercrime Center In 2014
Director of cybersecurity at INTERPOL working on secure online presence for police worldwide to work together on cybercrime cases
Attackers Divert Bank Phone Calls to Cover Tracks
Researchers at Trusteer uncover banking malware that steals telephone information to help attackers re-route calls from banks alerting customers to fraud.
Jury Still Out On Mobile Adware
Malicious software or not? Defining the threat on mobile platforms becomes more difficult as some advertising software enters a gray area.
FBI Seeks 'Automated Search And Scrape' Of Social Networks
Agency issues RFI for technology to quickly find and surface 'events' via search of social networks, news sites
Do You Need A Security Operations Center?
When a company starts to worry about losing data to attack, it could be time to create a simple SOC. The most important steps to evaluating the need for an effective operations center.
IP D-Day: Major Providers, Vendors To Go IPv6 June 6
IPv6 implementations 'scrutinized' for security issues so no panic necessary, experts say amid concerns of as-yet undiscovered bugs
Google, Facebook, Bank Of America Behind New Email Security Standard
New specification for preventing phishing and email domain abuse likely to help email security, but will enterprises adopt it?
Smartcards: Still A Smart Choice?
Despite recent security compromises, smartcard technology still has high potential
DNSSEC Error Caused NASA Website To Be Blocked
Comcast’s new DNSSEC-based service detected improper signing of NASA site
More Than Half Of Cyberattacks Come From Asia
DDoS attacks worldwide on the rise, report finds
Top 10 Security Mistakes SMBs Make
SMBs need to work on fundamental security errors to reduce risk of costly incidents
Half Of All The World's Spam Now Out Of Asia
New 'Dirty Dozen' spam report still has the U.S. as the number one spammer, but South Korea becoming a major producer as well
Can Glass Box Scanning Find Your Real Bugs?
When it works, hybrid -- or "glass box" scanning -- combines dynamic, black-box analysis with static, white-box code analysis to find bugs and cut down on false positives.
Adobe Calls For Defensive Approach In Security Research
Mitigation methods the emphasis at Adobe
FDIC Warns Of 'High Risk' Payment Processors
Some third-party payment processing services may not be secure, commission says
Poisoning The Data Well
A Q&A with Forrester's John Kindervag about how encryption makes data worthless to the criminals
Federal Reserve Bank Contractor Arrested For Alleged Code Theft
Suspect admitted to stealing U.S. Treasury Dept.-owned program from the bank for use in his own private business
Oracle CPU Contains Lowest Number Of Database Fixes Ever
Database security community concerned about Oracle's patch bottleneck
Gartner: Security Services Spending On Pace For Record Growth
Many enterprises looking to managed security services to save on operational costs, Gartner report says
Startup To Launch New Brand Of SaaS For Post-Incident Response
'Data loss management' firm officially launches this week
Product Watch: New Service Aims To Improved Botnet Detection Among Service Providers
Damballa CSP 1.6 automates subscriber notification and remediation of botnet infections
How To Spot A Fake Facebook Profile
Barracuda Networks gathers telltale characteristics of the phony Facebook "Friend"
Study: The Aftermath Of A Breach
New Ponemon-Experian study highlights organizations' top priorities following a data breach
Videoconferencing Can Be The Bug In The Boardroom
Recent research underscores that insecure video conferencing systems can allow hackers to listen into a company's confidential discussions. Firms should take steps to evaluate their systems and secure them
SocialShield Releases the Top Social Networking Terms Kids Don't Want Their Parents To Know
Yubico And CloudPassage Bring Easy, Secure Two-Factor Authentication To Cloud Servers
CloudPassage Launches Network Security In The Cloud Inbox
Vulnerabilities Reported In Mac Encryption Products
New Survey: Two-Thirds Of Companies Interested In Switching Authentication Vendors
Country With Most Online Fraud Attempts/How Much Fraud On Mobile Devices Revealed
IBM Announces New Software to Manage And Secure The Influx Of Mobile Devices To The Workplace
Baltimore-Based Security Provider Lookingglass Raises $5 Million In Funding
TECH WORLD
Trojan Gang Targets BT, Talk Talk And Sky Customers
FEBRUARY 03, 2012
| Thieves target phone service logins to fool verification checks
9TO5 MAC
Passware: Filevault Can Be Brute Force Cracked During The Span Of A Lunch Break
FEBRUARY 03, 2012
| Security company says Apple's standard encryption tool is easily decrypted
INFOWORLD
Security Slackers Risk Internet Blackout On Mar. 8
FEBRUARY 03, 2012
| If feds pull down temporary DNS fix as planned, machines infected with DNSChanger Trojan won't be able to access the Web
SOPHOS
Anonymous Spies On FBI/UK Police Hacking Investigation Conference Call
FEBRUARY 03, 2012
| Hacktivist group releases recording of call on Internet
THREAT POST
Update: VeriSign Admits To Security Breaches In 2010
FEBRUARY 03, 2012
| Incidents in 2010 were not reported to company management until late 2011, officials say
SYMPLIFIED
HTC Android Phones Can Leak Wi-Fi Passwords
FEBRUARY 03, 2012
| Exposed 802.1X credentials can be picked off by rogue applications
IMPERVA
SQL Injection Part II: Seeing A Blind SQL Injection
FEBRUARY 03, 2012
| Groundhog predicts long winter of SQL injection attacks
GOOGLE CHROME BLOG
German Federal Office Of Information Security Recommends Chrome
FEBRUARY 03, 2012
| Best practices guide recommends Chrome for its security benefits
A look at the 25 most popular stories ever posted on the pages of Dark Reading.
- Security Pros With Written Career Plans Make More Money
- 'Robin Sage' Profile Duped Military Intelligence, IT Security Pros
- Criminals Hide Payment-Card Skimmers Inside Gas Station Pumps
- Anatomy Of A Targeted, Persistent Attack
- Security's Top 4 Social Engineers Of All Time
- Six Messy Database Breaches So Far In 2010
- Kaminsky Issues Developer Tool To Kill Injection Bugs
- Spear-Phishing Attacks Out Of China Targeted Source Code, Intellectual Property
- Slideshow: Fashion Statements From Defcon 2010
- Turkish Hackers Take Out Top Porn Site
- Attack Unmasks User Behind The Browser
- Five Ways To (Physically) Hack A Data Center
- New IM Worm Spreading Fast
- Facebook's Security Team Frustrates Cybercriminals
- 'Aurora' Exploit Retooled To Bypass Internet Explorer's DEP Security
- U.S. Fails Test In Simulated Cyberattack
- Six Healthcare Data Breaches That Might Make Security Pros Sick
- Secure USB Flaw Exposed
- Suspected Child Porn Hub Taken Offline
- Why Employees Break Security Policy (And What You Can Do About It)
- N.J. Supreme Court Rules Employers Can't Always Read Personal Email
- Social Engineering, The USB Way
- Antivirus Rarely Catches Zbot Zeus Trojan
- 7 Steps For Protecting Your Organization From 'Aurora'
- Busted Alleged Russian Spies Used Steganography To Conceal Communications
Take The Value of Information Security Certifications Survey
Just what value information security certifications really provide the security professional is a widely debated topic. Information Security Leaders, an independent security career website, wants to hear from you, the information security pro, on whether these certifications are meaningless or valuable to your career. Take the anonymous survey on how security pros feel about this topic here. You can also receive the final results via email.
Free Vulnerability Management Trial
Qualys is offering a free 14-day trial of its vulnerability management solution, which helps enterprises identify, fix, and report on network security threats.
Free Security Tools from Sophos
Scan for security risks, threats, rootkits and unauthorized applications.
Info-Tech Research Group
A specialist in small and medium-sized businesses, Info-Tech offers a different perspective than research houses that focus on the Fortune 1000.
Sponsored Resource Center
Current Issue
In this issue:
- Digital Detectives: The right forensic tools in the right hands are just a start. Here's how to better apply the lessons they teach.
- Take The Offensive: It's time to be proactive, not reactive, with digital forensics.
- And much more!
- Read the Current Issue
Video
Evil Bytes
BY John H. Sawyer
Passive Network Fingerprinting; p0f Gets Fresh Rewrite
February 03, 2012
02:19 PM -- Passive network analysis can reveal OS, service, and even vulnerabilities--just by sniffing the network.
SophosLabs Insights
BY Chester Wisniewski
We Make Widgets -- Let Someone Else Handle Security
January 20, 2012
10:54 AM -- If you're a customer-facing organization, then security can't take second place behind your services
In Search of Malware
BY Mary Landesman
Mass-Meshing A Gumblar Creation
June 30, 2011
04:52 PM -- Compromised and backdoored websites are frequently used interchangeably to act as conduit, redirector, and malware host.
Hacked Off
BY Mike Rothman
Looking Over The RIM And Into The Chasm
January 25, 2012
01:56 PM -- What security folks need to learn from RIM's rapid and accelerating downfall...
Security Views
BY Andrew Hay
Where's My 'Minority Report' Dashboard?
February 01, 2012
03:43 PM -- Why haven't user interfaces for security products taken advantage of human movement technologies?
Dark Dominion
BY Tim Wilson
Dark Reading Launches New Tech Center On Security And Compliance
August 15, 2011
12:01 AM -- New Dark Reading Compliance Tech Center will cover relationship between security initiatives and compliance initiatives
CS Island
BY Robert Richardson
The SpiderLabs Report
January 29, 2011 | 1 Comments
08:14 AM -- A look at the Trustwave Cyber Crime report
Featured Resources
Security Whitepapers
- What is SaaS, and Should SMBs Consider Using It?
- The Compliance Trap: Compliance for compliance's sake is not a best practice in protecting cardholder data
- Secure Managed Web Hosting Saves 960.gs from Malicious Hackers
- Access Governance as a Business Service: An Integrated Strategy for Automation with ITSM
- Business Driven Access Management and Governance: Simplifying the Delivery and Governance of Access Throughout
14th Annual CSI SurveySecurity pros generally happy with products; not so much with awareness programs
MORE
|
Published:2010-11-03
Severity:High
Description:Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method.
Published:2010-11-03
Severity:High
Description:Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information.
Published:2010-11-03
Severity:Medium
Description:Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.
Published:2010-11-03
Severity:High
Description:Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.
Published:2010-11-03
Severity:Medium
Description:SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033.
