Dark Reading
Protect The Business - Enable Access
CISO GUIDE: FISMA Compliance
Do more than just cursory scans. Develop
a holistic approach to app security.
Find out how!
Do more than just cursory scans. Develop
a holistic approach to app security.
Find out how!
EBOOK: 7 Truths of IT Governance
Learn to take the ambiguity out of managing IT so you can guide your business forward.
Download now!
Learn to take the ambiguity out of managing IT so you can guide your business forward.
Download now!
BUYERS GUIDE: Endpoint Protection
Use these tips from Gartner to identify the EPP solution that best suits your business.
Download now!
Use these tips from Gartner to identify the EPP solution that best suits your business.
Download now!
All Keyhole Stories
Mobile Malware On The Move, McAfee Report Says
Report finds an average of 9,300 malicious websites per day in fourth quarter 2011
Strategies For Fighting Mobile Device-Borne Malware
Bad guys are increasingly targeting mobile devices as a means of penetrating your corporate data. Here are some tips that might help you stop them
Most Small Healthcare Practices Hacked In The Past 12 Months
Nearly 30 percent say breaches resulted in medical identity theft, new Ponemon report finds
Professionals Thrive, Enterprises Struggle In Skill-Starved Security Market
(ISC)2 study says good security pros are hard to find -- and harder to retain
Nearly 80% Of All Bugs Are In Third-Party Apps
Secunia annual report says only 10 percent of bugs in 2011 were in Microsoft software
How To Defend Your Database From Malicious Insiders
The biggest threat to your sensitive information might be those who are authorized to access it. Here are some tips on how to defend your organization
Does SIEM Make Sense For Your Company?
Ten questions to ask before implementing SIEM technology -- and how to choose the right system for your enterprise
When And How Attackers Are Owning Businesses
New Truswave SpiderLabs breach report highlights risky passwords, emails, and timing
Smarter, Stealthier, Sneakier Malware
From Stuxnet to Duqu to new incarnations of Zeus, sophisticated attacks are becoming more numerous -- and harder to stop
Más DDoS: More Powerful, Complex, And Widespread
New DDoS reports highlight evolving M.O. of DDoS and DoS attacks and increased firepower
How (And Why) Attackers Choose Their Targets
To build a sure defense, you need to know what makes you a juicy target. Here are some tips
Big Data Means Big Security Problems, Study Says
Large data stores often contain "toxic" data that is sensitive to business, Forrester report says
How To Spot A Fake Facebook Profile
Barracuda Networks gathers telltale characteristics of the phony Facebook "Friend"
FDIC Warns Of 'High Risk' Payment Processors
Some third-party payment processing services may not be secure, commission says
More Than Half Of Cyberattacks Come From Asia
DDoS attacks worldwide on the rise, report finds
FBI Seeks 'Automated Search And Scrape' Of Social Networks
Agency issues RFI for technology to quickly find and surface 'events' via search of social networks, news sites
New Drive-By Spam Infects Those Who Open Email -- No Attachment Needed
Getting infected just got a whole lot easier, researchers say
Study: The Aftermath Of A Breach
New Ponemon-Experian study highlights organizations' top priorities following a data breach
Hacktivists Turn To DNS Hijacking
Coach, UFC fallvictim to attacks that redirect their Web traffic
Microsoft Names Alleged Botnet Operator Behind Kelihos
Russian suspect worked for antivirus and software development firms in Russia
Zappos, Amazon Sued Over Data Breach
Lawsuit against shoe retailer alleges security negligence, seeks millions in compensatory and exemplary damages
Are You Contributing To A DDoS Attack? Researcher Says You Might Be
Links distributed by Anonymous and others could make your computer part of the DDoS, Sophos says
Federal Reserve Bank Contractor Arrested For Alleged Code Theft
Suspect admitted to stealing U.S. Treasury Dept.-owned program from the bank for use in his own private business
New Version Of Carberp Trojan Targets Facebook Users
Malware attempts to steal money by duping the user into divulging an e-cash voucher
Facebook: No Koobface Malware Attacks For Nearly A Year
An aggressive campaign by the social network to kill the pesky malware included taking down its command and control server, and SophosLabs unmasks the alleged gang members
Financial Companies Sharing Information About Security
Concerns about cyberthreats drive competing institutions to pool information, report says
Sandia Labs Offers Online DNSSEC Tool
New free visualization tool helps government agencies, businesses in their DNSSEC implementations
China Arrests Four In CSDN Data Breach; Related Breaches Proved To Be Hoaxes
More than 6M users affected by hack of China's CSDN; eight people punished for spreading faulty info about related breaches
Comcast Internet Service Now Fully DNSSEC-Based
ISP finishes its rollout of the DNS security protocol
IT Security Employment Rising Rapidly, Study Says
More than 51,000 security pros employed in Q4, up from 37.000 employed in Q1, study says
Have A Comment? Dark Reading Offers New Commenting System
New Dark Reading commenting platform will make it easier, more secure for readers to add their input to DR stories
Worm Siphons 45,000 Facebook Accounts
Ramnit financial malware gets social with new variant
Care2 Discloses Breach; Company Has Nearly 18 Million Members
Passwords, account information could be at risk following breach of Care2 customer data
Saudi Hackers Steal, Leak Israeli Credit Card Accounts
Self-professed arm of Anonymous leaks thousands of account numbers and associated information
Secured WiFi Networks Can Be Circumvented
Disable WPS in WiFi routers -- if that's possible in your device, experts say
Most Facebook Scams Are Designed To Feed Affiliate Marketing Programs
Fraudulent advertisers are behind majority of Facebook scams and exploits, Commtouch study finds
Anonymous Nabs 50,000 Credit Card Numbers From Security Think Tank
Hacktivist group Anonymous attacks private security think tank Stratfor, makes off with 50,000 credit card numbers, 44,000 passwords
Possible New Zero-Day Windows 7 Flaw Under Investigation
Specially crafted webpage viewed with Safari causes 'blue screen of death,' remote execution
U.S. Chamber Of Commerce Hit By Chinese Cyberspies
Targeted attack against the nation's business lobbying organization may have been ongoing for more than a year, according to The Wall Street Journal
Attackers Pose As Police In New Ransomware Campaign
Messages with an official-looking police banner claim discovery of child pornography, other illicit material, and emails with terrorists
Hackers Turn Lady Gaga's Facebook Page Into Bad Romance
Bad guys woo Lady Gaga's Facebook friends with promise of free custom iPads -- and steal their data instead
Nearly 2 Million Users Affected By New Breach At Square Enix
Japanese gaming giant Square Enix is hacked for the second time this year
Internet Explorer To Get 'Silent' Updates
Microsoft will provide automatic upgrades to IE users – but enterprises can opt out
Study: Most Federal Agencies Uncertain About Meeting FISMA Security Monitoring Deadlines
Only 22 percent of federal IT people say their agencies have deployed continuous monitoring technology; ability to meet FISMA deadlines in doubt
Android The No. 1 Mobile Device In Enterprises
New Zscaler research shows Android traffic on top—but at what security cost?
Personal Data Of 60,000 Telstra Customers Exposed To Web
Australian telecommunications giant Telstra says it is "investigating" proprietary customer lists found with simple browser search
Adobe Zero-Day Attack Part Of Wider Campaign
Symantec research points to well-funded attackers who use so-called Sykipot malware to target defense contractors, telecommunications firms, computer hardware companies, chemical companies, energy companies, and government
Government Agencies Harbor The Most Vulnerable Applications
Newest Veracode State of Software Security report finds SQL injection flaws declining overall in all industries
Resurgent LulzSec Attacks Government Sites In Portugal
Hacktivist group Lulzsec responds to reports of police brutality in Portugal with attacks on government websites
New Zero-Day Adobe Attack Under Way
Adobe working on emergency patch for Adobe Reader and Acrobat 9.x for Windows
Tech Centers
Mobile Malware On The Move, McAfee Report Says
Strategies For Fighting Mobile Device-Borne Malware
Most Small Healthcare Practices Hacked In The Past 12 Months
MORE KEYHOLE
ENTERPRISE VULNERABILITIES
Vulnerability:ssl-vpn end-point interrogator/installer activex control
Published:2010-11-03
Severity:High
Description:Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method.
Published:2010-11-03
Severity:High
Description:Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method.
Vulnerability:gvim
Published:2010-11-03
Severity:High
Description:Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information.
Published:2010-11-03
Severity:High
Description:Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information.
Vulnerability:cforms
Published:2010-11-03
Severity:Medium
Description:Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.
Published:2010-11-03
Severity:Medium
Description:Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.
Vulnerability:links, wsn links, wsn links
Published:2010-11-03
Severity:High
Description:Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.
Published:2010-11-03
Severity:High
Description:Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.
Vulnerability:deluxebb
Published:2010-11-03
Severity:Medium
Description:SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033.
Published:2010-11-03
Severity:Medium
Description:SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033.
|
