FOLLOW US
IBM Researchers Unveil New Data Masking Technology
Jul 09,2009 |
'MAGEN' technology automatically shields sensitive customer, patient data
Report: North Korea May Be Behind DDOS Attacks On U.S., Korean Government Sites
Jul 08,2009 |
At least 12,000 South Korean computers involved in attacks, intelligence agency says
Google Discloses Plans For New Malware-Resistant OS
Jul 08,2009 |
Chrome OS aimed at eradicating malware issues for desktops with lightweight platform and cloud-based application model
SecureWorks-VeriSign Deal Highlights Acquisition Trend In Security Services
Jul 07,2009 |
As SecureWorks gets bigger faster, VeriSign pulls out of services business
Bug Now Being Exploited In Microsoft Zero-Day Attacks Was Reported A Year Ago
Jul 07,2009 |
Researchers in 2008 disclosed Windows video control vulnerability that's now spreading attacks to some .com, .org Websites
Insider Arrested For Stealing Critical Proprietary Code From Financial Services Company
Jul 06,2009 |
Blogger says stolen code might have been Goldman Sachs' 'secret sauce'
IBM Researchers Unveil New Data Masking Technology
'MAGEN' technology automatically shields sensitive customer, patient data
Oracle Report: Consumers Fickle About Ecommerce Security Controls
Nearly one-third of U.K.'s online shoppers don't trust online security measures, but most don't want additional controls if it affects ease and speed of transactions
Tech Insight: Database Security -- The First Three Steps
Protecting sensitive data means locating and enumerating the information in your databases -- and finding the right method to secure it
Google Discloses Plans For New Malware-Resistant OS
Chrome OS aimed at eradicating malware issues for desktops with lightweight platform and cloud-based application model
SecureWorks-VeriSign Deal Highlights Acquisition Trend In Security Services
As SecureWorks gets bigger faster, VeriSign pulls out of services business
New Tool And Managed Service 'Penetration-Test' End Users
New User Attack Framework (UAF) could eventually work with Metasploit's hacking tool, researchers say
Dark Reading To Hold Virtual Conference On Insider Threats Next Week
All-day event includes keynote, sessions, exhibit floor, and discussion rooms -- all without leaving your desk
Insider Arrested For Stealing Critical Proprietary Code From Financial Services Company
Blogger says stolen code might have been Goldman Sachs' 'secret sauce'
Security Guard Busted For Hacking Hospital's HVAC, Patient Information Computers
"GhostExodus" bragged about his breaches on YouTube, and tried to rally fellow hackers to conduct a massive DDoS attack
Ex-Symantec Exec Named CEO Of Alwil Software
CyberDefender Expands Retail Marketing Program
Integralis, CAPS Team For Integrated Managed Security Services
NCP Rolls Out VPN Management For Linux Networks
SecureWorks Closes Acquisition Of VeriSign's Managed Security Services Business
Symantec Awarded $18.6 Million Resulting From Two Antipiracy Cases
Verizon Business Launches Application Security Program
BorderWare Releases New VPN Firewall Appliance
Cryptzone Enters SaaS Market With Email Security App
FINEXTRA
New Jersey Street Gangs Gravitating To Hi-Tech Cheque Fraud
JULY 8, 2009
| Several members of the New Jersey Bloods gang have been arrested and accused of using laptops and digital cameras to create counterfeit checks worth $654,000
ADOBE PRODUCT SECURITY INCIDENT RESPONSE TEAM
Adobe Warns Of Potential ColdFusion Security Issue
JULY 8, 2009
| Adobe has had reports of ColdFusion Websites being compromised through a vulnerability in the FCKEditor rich text editor, which is installed with ColdFusion 8; Adobe is working on a patch
THE REGISTER
Cops Swoop On E-Crime Gangs After Banks Pool Intelligence
JULY 8, 2009
| Two London-based cybercrime gangs were apprehended following an agreement by banks and credit card companies to share intelligence on network attacks and malware
NETWORK WORLD
US Authorities Extradite Indian On Hacking Charges
JULY 8, 2009
| Indian pleads not guilty to charges of hacking into online brokerage accounts in order to manipulate stock prices
THE WASHINGTON POST
GAO: Major Security Flaws At Federal Buildings
JULY 8, 2009
| The federal government police agency in charge of protecting federal buildings has failed several physical security audits
COMPUTERWORLD UK
Malware Traffic Soars
JULY 8, 2009
| Fortinet data shows the exploit rate is near 60 percent for first time
HIR INFORMATION REPORT
Fare Thee Well, Milw0rm
JULY 8, 2009
| Milw0rm, a site dedicated to posting new exploit code, appears to be on its way out
GOOGLE BLOG
Native Client Security Contest: The Results Are In!
JULY 8, 2009
| Winning contestants found bugs that enabled exploits, but no fundamental flaw, in the design of Google Native Client, Google says
A look at the 25 most popular stories ever posted on the pages of Dark Reading.
- Five Coolest Hacks of 2007
- Social Engineering, the USB Way
- The World's Biggest Botnets
- New DOS Attack Is a Killer
- The Seven Deadliest Social Networking Hacks
- Antivirus Tools Underperform When Tested in Linux "Fight Club"
- Antivirus Inventor: Security Pros Are Wasting Their Time
- Researchers Find Method to Quickly Erase Hard Drives
- Ten Hot Security Startups
- Eight Vulnerabilities You May Have Misse
- How to Turn Your Browser Into a Weapon
- The Ten Biggest Myths of IT Security
- What to Do When Your Security's Breached
- The Ten Most Dangerous Things Users Do Online
- Social Engineering, the Shopper's Way
- Vint Cerf: Father Knows Best
- Hackers Reveal Vulnerable Websites
- Black Hat Woman
- DailyDave: Full Disclosure
- Teen Hacker Grows Up
- China Makes "Most Successful Cyber Attack Ever" On Pentagon
- TJX Breach Skewers Banks, Customers
- VA Reports Massive Data Theft
- Schneier On Schneier
- Medical IT Contractor Folds After Breaches
Free Security Tools from Sophos
Scan for security risks, threats, rootkits and unauthorized applications.
Info-Tech Research Group
A specialist in small and medium-sized businesses, Info-Tech offers a different perspective than research houses that focus on the Fortune 1000.
Evil Bytes
BY John H. Sawyer
Hacking And Exploit Site Milw0rm Closes Its Doors
July 8, 2009
02:18 PM -- Milw0rm is by far one of the best-known public sites to get the latest proof-of-concept exploit code. Or at least it was until it closed its doors today. The closing comes as a shock to the security community given that milw0rm had become a valuable resource for proof-of-concept and weaponized exploit code, demonstration videos, and papers on all a ...
SophosLabs Insights
BY Graham Cluley
Independence Day Fireworks Video Carries Malware Payload
July 4, 2009
02:41 AM -- Hackers are taking advantage of American Independence Day celebrations by spamming out what pretends to be a link to a Fourth of July fireworks show, but is really an attempt to infect computers.
Hacked Off
BY Gadi Evron
DDoS Cyberwarfare Hurts Us All
July 9, 2009
11:55 AM -- A distributed denial of service (DDoS) attack has been in the news in recent days due to attacks against the U.S. government -- with fingers pointed at North Korea. There are a few basic truths people forget when it comes to information w ...
Dark Dominion
BY Tim Wilson
Dark Reading Launches Database Security Tech Center
June 16, 2009
09:23 AM -- Today Dark Reading launches a new feature: the Database Security Tech Center, a subsite of Dark Reading devoted to bringing you news, product information, opinion, and analysis specifically focused on the topic of database security.
CS Island
BY Sara Peters
Kantara Initiative: Another Effort To Get Identity 2.0 Out Of The Gate
July 6, 2009
05:09 PM -- We've been saying for a while now that better identity management -- more so than secure Web app coding or even more secure browsers -- could fuel a quantum leap in Web security. The "Identity 2.0" community can be credited with wonderful research and truly significant advancements in identity management technology. In many ways, we're poised for a ...
Featured Resources
13th Annual CSI SurveyTargeted attacks, DNS exploits are on the rise, according to the 2008 CSI Computer Crime and Security Survey
MORE
Life Insurer Takes New Approach to Two-Factor Authentication
Cryptocard technology helps Kansas City Life get the handle on a thorny access problem
MORE
Stanford Medical School's Rx: Anomaly Detection
Appliance helps minimize bot, malware infections
MORE
Company: Boeing
Location: Anaheim, CA
Posting Date: Posted 07/02/09
MORE INFO
Company: Osram Sylvania
Location: Danvers, MA
Posting Date: Posted 07/02/09
MORE INFO
Company: D. E. Shaw
Location: New York, NY
Posting Date: Posted 07/02/09
MORE INFO
Company: KForce
Location: Saint Louis, MO
Posting Date: Posted 07/02/09
MORE INFO
Company: Boeing
Location: Anaheim, CA
Posting Date: Posted 07/02/09
MORE INFO
|
Published:2009-07-02
Severity:Medium
Description:Directory traversal vulnerability in data/modules/blog/module_pages_site.php in Pluck 4.6.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the post parameter.
Published:2009-07-02
Severity:Medium
Description:Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r parameter.
Published:2009-07-02
Severity:High
Description:The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modified ContentObjectAttribute_data_user_login_30, ContentObjectAttribute_data_user_password_30, and other parameters.
Published:2009-07-02
Severity:Medium
Description:The unpack feature in ClamAV 0.93.3 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a corrupted LZH file.
Published:2009-07-02
Severity:Medium
Description:Multiple stack-based buffer overflows in avast! Linux Home Edition 1.0.5, 1.0.5-1, and 1.0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via a malformed (1) ISO or (2) RPM file.
