Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in January 2011
Page 1 / 4   >   >>
Data Leak Vulnerability In Android Gingerbread
Commentary  |  1/31/2011  | 
Google's Android Gingerbread (version 2.3) operating system is affected by a data-leak vulnerability that is very similar to a vulnerability in an earlier version that was supposed to have been fixed.
Report: Noncompliance Much More Costly Than Compliance
News  |  1/31/2011  | 
Ponemon Institute study finds average cost of not complying with security regulations and policies is more than two-and-a-half times as high as what it costs to comply
Online Dating Site Breached
News  |  1/31/2011  | 
PlentyOfFish.com has been compromised and the company is blaming the messenger.
Windows Faces Zero Day MHTML Vulnerability
News  |  1/31/2011  | 
Microsoft releases temporary fix for bug that allows attackers to run malicious scripts on a user's computer via Internet Explorer.
Backup Deduplication 2.0 Needs Better RAID
Commentary  |  1/31/2011  | 
As we wrap up our series on what is needed in the next generation of backup deduplication devices, one of the key needs is going to be a better drive protection capability. Today most deduplication systems leverage RAID to provide that drive protection, however as capacities increase, RAID rebuild times are going to get worse. Vendors need to provide a better solution.
Veracode Launches Free XSS Bug Scanning Service
News  |  1/31/2011  | 
Offering detects cross-site scripting flaws in Java applications, provides reports, remediation information
Trend Micro Unveils IBM Security Suite
News  |  1/31/2011  | 
ScanMail Suite for 64-bit Lotus Domino platforms uses a cloud-based database to detect threats, including those generated by URL-shortening services recently linked to the spread of malware.
Is Apple (Finally) Stepping Up Its Security Game?
Commentary  |  1/29/2011  | 
Apple's reported recent hire of noted security author and expert, David Rice, is yet another step the company has made in the past year to help improve its sloppy security image.
The SpiderLabs Report
Commentary  |  1/29/2011  | 
Four out of five of the victims were so clever that they didn't need a firewall
Sony Wins Restraining Order Against Hacker
News  |  1/28/2011  | 
George Hotz, who gained notoriety by hacking the iPhone, was barred from distributing, creating, or marketing his technology for running unauthorized software on the PlayStation 3.
Hamilton Beach Reports Hack; Credit Card Data At Risk
Quick Hits  |  1/28/2011  | 
'Hacker code' rerouted order entry data to email addresses, company says
Vegas Casinos Face New Threat: Database Hackers
News  |  1/28/2011  | 
Crooks going after casinos' valuable player rewards databases, experts worry casinos ill-equipped to secure them
Internet 'Kill' Switch: Balancing Security And Freedom
Commentary  |  1/28/2011  | 
Why it's important to have controls in place before deploying such a powerful tool
ISP Data Retention Doesn't Aid Crime Prosecution
News  |  1/28/2011  | 
German study finds that the laws haven't resulted in police filing a greater number of charges in serious cases.
Data-Leak Flaw Found In Newest Version Of Google Android
News  |  1/28/2011  | 
'Gingerbread,' or Version 2.3, contains similar flaw as previous versions
OpenLeaks Site Leaked Before Launch
News  |  1/27/2011  | 
The latest whistle-blowing Web site aims to avoid the most controversial aspects of Wikileaks.
Lab Discovers 50 Millionth Virus
Quick Hits  |  1/27/2011  | 
AV-Test's malware repository numbers illustrate the malware explosion
An Advanced Persistent Threat Reality Check
News  |  1/27/2011  | 
Prevention is often futile, so how you manage the aftermath of discovering an intrusion can make all the difference in proper remediation
Intel McAfee Acquisition Cleared By EU
News  |  1/27/2011  | 
European regulators have approved the $7.68 billion acquisition following commitments from Intel to not hamper competition in the security market.
A Glaring Lesson In Shared Passwords
News  |  1/27/2011  | 
Vodafone's embarrassing breach should serve as a wake-up call for enterprises that also engage in the dangerous practice of credential-sharing
Russia To NATO: Investigate Stuxnet
Commentary  |  1/27/2011  | 
The Stuxnet worm is alleged to have set back Iranian's controversial uranium enrichment program significantly. Now, the Russians are asking NATO to find some answers.
Facebook Boosts Security With SSL Encryption
News  |  1/27/2011  | 
Technology upgrade blocks Firesheep and eavesdropping attacks, but, for now, users must opt in.
BlackBerry Service Faces Ban In India
News  |  1/27/2011  | 
RIM says it is technically unable to comply with a request to give security officials in the South Asian country access to user data.
Anonymous Takes Aim At Egypt
Quick Hits  |  1/26/2011  | 
Online hacker group joins protests, launches DDoS attacks on Egyptian government sites
Researcher To Release Smartphone Botnet Proof-Of-Concept Code
News  |  1/26/2011  | 
Rootkit, SMS text messages used to build a botnet of smartphones
Justice Department Wants ISPs To Store More Data
News  |  1/26/2011  | 
Government investigators are finding that ISPs don't record enough about what their customers are doing.
Startup Offers Cloud-Based Security For The Cloud
News  |  1/26/2011  | 
'Halo' architecture from CloudPassage built for securing software-as-a-service offerings
Schwartz On Security: Slouching Toward Smartphone, Apple Armageddon
Commentary  |  1/26/2011  | 
Every new year brings fresh warnings that the next smartphone botnet or Apple "I Love You" virus is imminent, while real attacks keep escalating.
Facebook Founder's Fan Page Hacked
News  |  1/26/2011  | 
Rogue post on Mark Zuckerberg's page calls into question the social network's credibility that it takes site security seriously.
Intermedia Introduces Policy-Based Email Encryption
News  |  1/25/2011  | 
The addition to the cloud provider's hosted Exchange service is aimed at SMBs struggling to standardize email rules and compliance at the user level.
Lush Cosmetics Site Needs Makeover Following Hack
News  |  1/25/2011  | 
Company pulls down website; experts wonder why it took so long to respond
Proposed Nonprofit Would Bridge Law Enforcement, Enterprise Security Worlds
News  |  1/25/2011  | 
Organization aimed at translating business' breach experience and what information law enforcement needs to prosecute a case
Combating Conficker: What Worked, What Didn't
Quick Hits  |  1/25/2011  | 
Postmortem report looks at lessons learned from the Conficker Working Group's efforts to keep potentially massive and damaging botnet at bay
Secret Service Training Enhanced By 3D Gaming Tech
News  |  1/25/2011  | 
The Site Security Planning Tool will use virtual reality to help prepare agents for real-life threats.
Deduplication 2.0 - Recovery Performance
Commentary  |  1/25/2011  | 
"It's all about recovery", you'll here it in almost every sales presentation by a backup vendor. That advice holds true for backup deduplication devices as well. A common mistake is to assume that because deduplication products, most often disk based, that they also offer the best recovery performance. This is not always the case and as we move into the next dedupe era it has to improve.
New Age of Mobile Malware On Way
Commentary  |  1/24/2011  | 
New types of malware are emerging, designed specifically to exploit the unique features of mobile handsets.
Twitter Worm Unleashes Fake AV Attack
News  |  1/24/2011  | 
Google's goo.gl link shortening service, as well as code obfuscation with RSA public key cryptography algorithm are spreading malicious links via a bogus antivirus campaign.
Active 'Darkness' DDoS Botnet's Tool Now Available For Free
News  |  1/24/2011  | 
Botnet has DDoS'ed an average of 1.5 victim sites per day, and about three per day in the fourth quarter of last year
Study: Facebook Is The Most Frequently Blocked Website At Work
Quick Hits  |  1/24/2011  | 
Ironically, social networking giant is also the second-most whitelisted site, OpenDNS study says
Mozilla, Google Propose Defenses Against Ad Tracking
News  |  1/24/2011  | 
Will self-regulation will be any more effective in the future than it has been in the past?
DoD, NATO Huddle On Cybersecurity
News  |  1/24/2011  | 
Deputy secretary of defense William Lynn is building a partnership on cyber defense with NATO and the European Union in meetings in Brussels.
Facebook Defends Security Practices
News  |  1/24/2011  | 
The social network responds to report alleging it puts the safety of its 650 million users at risk by not better securing third-party applications.
WikiLeaks Targeting P2P Networks?
Commentary  |  1/23/2011  | 
That is the allegation in a news report that ran last week. While the outcome from the investigation could have a profound impact on whether the anti-secrecy organization is a media outlet – there is a bigger lesson.
Mozilla Blocks Buggy Skype Toolbar
News  |  1/21/2011  | 
Responsible for over 40,000 Firefox crashes last week, the Skype Toolbar has been temporarily blocked.
Five Ways To Get Rational About Risk
News  |  1/21/2011  | 
Seat of the pants is no way to prioritize security spending and set project precedence. But that's exactly how some CISOs are doing business.
Widgets Are Prime Targets For Site Infection, Researcher Says
Quick Hits  |  1/21/2011  | 
Popular third-party site elements could be single point of infection, according to Dasient
Next-Generation Threats: The Inside Story
News  |  1/21/2011  | 
Cutting-edge attacks like Stuxnet and Zeus will be the everyday security challenges of tomorrow. Here's what you need to know.
Google Acknowledges Web Spam Complaints
News  |  1/21/2011  | 
Low-quality content has some Internet users worried about the relevance of Google search results.
Product Watch: NetWitness To Add Real-Time Malware Analysis
News  |  1/21/2011  | 
New tool assesses, scores, and prioritize risks from malware found in the enterprise
How Careful Do You Need To Be With Cloud Storage? - Security
Commentary  |  1/21/2011  | 
Developing a cloud storage strategy is moving to the top of many IT managers project lists. How to use cloud storage and what applications or processes could benefit the most from the use of cloud storage are key questions to answer. One mantra that keeps coming up is "you have to be careful" with cloud storage rollouts. Really? What makes cloud storage so risky that it requires this extra caution?
Page 1 / 4   >   >>

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
How Enterprises Are Assessing Cybersecurity Risk in Today's Environment
The adoption of cloud services spurred by the COVID-19 pandemic has resulted in pressure on cyber-risk professionals to focus on vulnerabilities and new exposures that stem from pandemic-driven changes. Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-01-23
xhtml_translate_entity in xhtml.c in epub2txt (aka epub2txt2) through 2.02 allows a stack-based buffer overflow via a crafted EPUB document.
PUBLISHED: 2022-01-23
Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 1.0.34.
PUBLISHED: 2022-01-22
Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.
PUBLISHED: 2022-01-22
An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.
PUBLISHED: 2022-01-22
An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.