News & Commentary

Content posted in January 2011
Page 1 / 4   >   >>
Data Leak Vulnerability In Android Gingerbread
Commentary  |  1/31/2011  | 
Google's Android Gingerbread (version 2.3) operating system is affected by a data-leak vulnerability that is very similar to a vulnerability in an earlier version that was supposed to have been fixed.
Report: Noncompliance Much More Costly Than Compliance
News  |  1/31/2011  | 
Ponemon Institute study finds average cost of not complying with security regulations and policies is more than two-and-a-half times as high as what it costs to comply
Online Dating Site Breached
News  |  1/31/2011  | 
PlentyOfFish.com has been compromised and the company is blaming the messenger.
Windows Faces Zero Day MHTML Vulnerability
News  |  1/31/2011  | 
Microsoft releases temporary fix for bug that allows attackers to run malicious scripts on a user's computer via Internet Explorer.
Backup Deduplication 2.0 Needs Better RAID
Commentary  |  1/31/2011  | 
As we wrap up our series on what is needed in the next generation of backup deduplication devices, one of the key needs is going to be a better drive protection capability. Today most deduplication systems leverage RAID to provide that drive protection, however as capacities increase, RAID rebuild times are going to get worse. Vendors need to provide a better solution.
Veracode Launches Free XSS Bug Scanning Service
News  |  1/31/2011  | 
Offering detects cross-site scripting flaws in Java applications, provides reports, remediation information
Trend Micro Unveils IBM Security Suite
News  |  1/31/2011  | 
ScanMail Suite for 64-bit Lotus Domino platforms uses a cloud-based database to detect threats, including those generated by URL-shortening services recently linked to the spread of malware.
Is Apple (Finally) Stepping Up Its Security Game?
Commentary  |  1/29/2011  | 
Apple's reported recent hire of noted security author and expert, David Rice, is yet another step the company has made in the past year to help improve its sloppy security image.
The SpiderLabs Report
Commentary  |  1/29/2011  | 
Four out of five of the victims were so clever that they didn't need a firewall
Sony Wins Restraining Order Against Hacker
News  |  1/28/2011  | 
George Hotz, who gained notoriety by hacking the iPhone, was barred from distributing, creating, or marketing his technology for running unauthorized software on the PlayStation 3.
Hamilton Beach Reports Hack; Credit Card Data At Risk
Quick Hits  |  1/28/2011  | 
'Hacker code' rerouted order entry data to email addresses, company says
Vegas Casinos Face New Threat: Database Hackers
News  |  1/28/2011  | 
Crooks going after casinos' valuable player rewards databases, experts worry casinos ill-equipped to secure them
Internet 'Kill' Switch: Balancing Security And Freedom
Commentary  |  1/28/2011  | 
Why it's important to have controls in place before deploying such a powerful tool
ISP Data Retention Doesn't Aid Crime Prosecution
News  |  1/28/2011  | 
German study finds that the laws haven't resulted in police filing a greater number of charges in serious cases.
Data-Leak Flaw Found In Newest Version Of Google Android
News  |  1/28/2011  | 
'Gingerbread,' or Version 2.3, contains similar flaw as previous versions
OpenLeaks Site Leaked Before Launch
News  |  1/27/2011  | 
The latest whistle-blowing Web site aims to avoid the most controversial aspects of Wikileaks.
Lab Discovers 50 Millionth Virus
Quick Hits  |  1/27/2011  | 
AV-Test's malware repository numbers illustrate the malware explosion
An Advanced Persistent Threat Reality Check
News  |  1/27/2011  | 
Prevention is often futile, so how you manage the aftermath of discovering an intrusion can make all the difference in proper remediation
Intel McAfee Acquisition Cleared By EU
News  |  1/27/2011  | 
European regulators have approved the $7.68 billion acquisition following commitments from Intel to not hamper competition in the security market.
A Glaring Lesson In Shared Passwords
News  |  1/27/2011  | 
Vodafone's embarrassing breach should serve as a wake-up call for enterprises that also engage in the dangerous practice of credential-sharing
Russia To NATO: Investigate Stuxnet
Commentary  |  1/27/2011  | 
The Stuxnet worm is alleged to have set back Iranian's controversial uranium enrichment program significantly. Now, the Russians are asking NATO to find some answers.
Facebook Boosts Security With SSL Encryption
News  |  1/27/2011  | 
Technology upgrade blocks Firesheep and eavesdropping attacks, but, for now, users must opt in.
BlackBerry Service Faces Ban In India
News  |  1/27/2011  | 
RIM says it is technically unable to comply with a request to give security officials in the South Asian country access to user data.
Anonymous Takes Aim At Egypt
Quick Hits  |  1/26/2011  | 
Online hacker group joins protests, launches DDoS attacks on Egyptian government sites
Researcher To Release Smartphone Botnet Proof-Of-Concept Code
News  |  1/26/2011  | 
Rootkit, SMS text messages used to build a botnet of smartphones
Justice Department Wants ISPs To Store More Data
News  |  1/26/2011  | 
Government investigators are finding that ISPs don't record enough about what their customers are doing.
Startup Offers Cloud-Based Security For The Cloud
News  |  1/26/2011  | 
'Halo' architecture from CloudPassage built for securing software-as-a-service offerings
Schwartz On Security: Slouching Toward Smartphone, Apple Armageddon
Commentary  |  1/26/2011  | 
Every new year brings fresh warnings that the next smartphone botnet or Apple "I Love You" virus is imminent, while real attacks keep escalating.
Facebook Founder's Fan Page Hacked
News  |  1/26/2011  | 
Rogue post on Mark Zuckerberg's page calls into question the social network's credibility that it takes site security seriously.
Intermedia Introduces Policy-Based Email Encryption
News  |  1/25/2011  | 
The addition to the cloud provider's hosted Exchange service is aimed at SMBs struggling to standardize email rules and compliance at the user level.
Lush Cosmetics Site Needs Makeover Following Hack
News  |  1/25/2011  | 
Company pulls down website; experts wonder why it took so long to respond
Proposed Nonprofit Would Bridge Law Enforcement, Enterprise Security Worlds
News  |  1/25/2011  | 
Organization aimed at translating business' breach experience and what information law enforcement needs to prosecute a case
Combating Conficker: What Worked, What Didn't
Quick Hits  |  1/25/2011  | 
Postmortem report looks at lessons learned from the Conficker Working Group's efforts to keep potentially massive and damaging botnet at bay
Secret Service Training Enhanced By 3D Gaming Tech
News  |  1/25/2011  | 
The Site Security Planning Tool will use virtual reality to help prepare agents for real-life threats.
Deduplication 2.0 - Recovery Performance
Commentary  |  1/25/2011  | 
"It's all about recovery", you'll here it in almost every sales presentation by a backup vendor. That advice holds true for backup deduplication devices as well. A common mistake is to assume that because deduplication products, most often disk based, that they also offer the best recovery performance. This is not always the case and as we move into the next dedupe era it has to improve.
New Age of Mobile Malware On Way
Commentary  |  1/24/2011  | 
New types of malware are emerging, designed specifically to exploit the unique features of mobile handsets.
Twitter Worm Unleashes Fake AV Attack
News  |  1/24/2011  | 
Google's goo.gl link shortening service, as well as code obfuscation with RSA public key cryptography algorithm are spreading malicious links via a bogus antivirus campaign.
Active 'Darkness' DDoS Botnet's Tool Now Available For Free
News  |  1/24/2011  | 
Botnet has DDoS'ed an average of 1.5 victim sites per day, and about three per day in the fourth quarter of last year
Study: Facebook Is The Most Frequently Blocked Website At Work
Quick Hits  |  1/24/2011  | 
Ironically, social networking giant is also the second-most whitelisted site, OpenDNS study says
Mozilla, Google Propose Defenses Against Ad Tracking
News  |  1/24/2011  | 
Will self-regulation will be any more effective in the future than it has been in the past?
DoD, NATO Huddle On Cybersecurity
News  |  1/24/2011  | 
Deputy secretary of defense William Lynn is building a partnership on cyber defense with NATO and the European Union in meetings in Brussels.
Facebook Defends Security Practices
News  |  1/24/2011  | 
The social network responds to report alleging it puts the safety of its 650 million users at risk by not better securing third-party applications.
WikiLeaks Targeting P2P Networks?
Commentary  |  1/23/2011  | 
That is the allegation in a news report that ran last week. While the outcome from the investigation could have a profound impact on whether the anti-secrecy organization is a media outlet – there is a bigger lesson.
Mozilla Blocks Buggy Skype Toolbar
News  |  1/21/2011  | 
Responsible for over 40,000 Firefox crashes last week, the Skype Toolbar has been temporarily blocked.
Five Ways To Get Rational About Risk
News  |  1/21/2011  | 
Seat of the pants is no way to prioritize security spending and set project precedence. But that's exactly how some CISOs are doing business.
Widgets Are Prime Targets For Site Infection, Researcher Says
Quick Hits  |  1/21/2011  | 
Popular third-party site elements could be single point of infection, according to Dasient
Next-Generation Threats: The Inside Story
News  |  1/21/2011  | 
Cutting-edge attacks like Stuxnet and Zeus will be the everyday security challenges of tomorrow. Here's what you need to know.
Google Acknowledges Web Spam Complaints
News  |  1/21/2011  | 
Low-quality content has some Internet users worried about the relevance of Google search results.
Product Watch: NetWitness To Add Real-Time Malware Analysis
News  |  1/21/2011  | 
New tool assesses, scores, and prioritize risks from malware found in the enterprise
How Careful Do You Need To Be With Cloud Storage? - Security
Commentary  |  1/21/2011  | 
Developing a cloud storage strategy is moving to the top of many IT managers project lists. How to use cloud storage and what applications or processes could benefit the most from the use of cloud storage are key questions to answer. One mantra that keeps coming up is "you have to be careful" with cloud storage rollouts. Really? What makes cloud storage so risky that it requires this extra caution?
Page 1 / 4   >   >>


WSJ Report: Facebook Breach the Work of Spammers, Not Nation-State Actors
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/19/2018
6 Reasons Why Employees Violate Security Policies
Ericka Chickowski, Contributing Writer, Dark Reading,  10/16/2018
NC Water Utility Fights Post-Hurricane Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  10/16/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.