News & Commentary

Content posted in January 2012
Page 1 / 3   >   >>
Financial Services Industry Employs Microsoft SDL In New Secure Software Model
News  |  1/31/2012  | 
Meanwhile, Microsoft releases new data showing major drop in bugs and exploitable vulnerabilities in its software during the past year-and-a-half
Jury Still Out On Mobile Adware
News  |  1/31/2012  | 
Malicious software or not? Defining the threat on mobile platforms becomes more difficult as some advertising software enters a gray area
Google Defends Privacy Policy Consolidation
News  |  1/31/2012  | 
Google sends letter to congressional representatives to clarify pending privacy policy revisions.
Researchers Postpone Release Of Free Smart Meter Security Testing Tool
News  |  1/31/2012  | 
Amid smart grid vendor's concerns about ShmooCon talk, public disclosure of research into smart meter infrared ports put on hold
Megaupload Users Get Reprieve, But Legal Questions Remain
News  |  1/31/2012  | 
Hosting providers agree to hold data files for two weeks while cyberlocker company's lawyers negotiate with the U.S. government.
Big Data's Dark Side: Compliance Issues
News  |  1/31/2012  | 
The bigger data sets grow, the harder compliance could become.
10 SharePoint Security Mistakes You Probably Make
News  |  1/31/2012  | 
Bradley Manning allegedly stole sensitive government cables destined for WikiLeaks from a SharePoint server. Are your information security controls tighter than the Army's were?
Big Data Could Create Compliance Issues
News  |  1/30/2012  | 
The bigger data sets grow, the harder compliance could become
Cloud Means More Secure Remote Access
News  |  1/30/2012  | 
Connecting hosts running remote-access services directly to the Internet is so last decade. Instead, companies look to move to cloud-enabled services or virtual desktop infrastructure.
FBI Seeks 'Automated Search And Scrape' Of Social Networks
Quick Hits  |  1/30/2012  | 
Agency issues RFI for technology to quickly find and surface 'events' via search of social networks, news sites
More Than Half Of Cyberattacks Come From Asia
Quick Hits  |  1/30/2012  | 
DDoS attacks worldwide on the rise, report finds
EU Data Rules Worse Than SOPA?
News  |  1/30/2012  | 
European Union's proposed "right to be forgotten" data privacy rule threatens free speech and online business, critics argue.
Google, Facebook, Bank Of America Behind New Email Security Standard
News  |  1/30/2012  | 
New specification for preventing phishing and email domain abuse likely to help email security, but will enterprises adopt it?
Intel Takes Stake In Solera Networks
News  |  1/30/2012  | 
Intel Capital is joined by existing investors Allegis Capital, Signal Peak Ventures and Trident Capital
Silent Authentication
Commentary  |  1/29/2012  | 
Authenticating users without explicit login
The Value Of Device Authentication
Commentary  |  1/29/2012  | 
'Fingerprinting' evolving to protect device IDs
Do You Need A Security Operations Center?
News  |  1/28/2012  | 
When a company starts to worry about losing data to attack, it could be time to create a simple SOC. Following are the most important steps to evaluating the need for an effective operations center
New Drive-By Spam Infects Those Who Open Email -- No Attachment Needed
Quick Hits  |  1/28/2012  | 
Getting infected just got a whole lot easier, researchers say
Google, Microsoft Say DMARC Spec Stops Phishing
News  |  1/27/2012  | 
New email authentication framework called DMARC, backed by major email and security tool providers, aims to make spoofed domains in messages a thing of the past.
The Mechanics Of Breach Notification
Commentary  |  1/27/2012  | 
Organizations need to know what constitutes a breach of identity data according to state laws and how to respond
The Future of Web Authentication
News  |  1/27/2012  | 
Many security experts believe the Internet's trust model is broken. Figuring out how to fix it will take time and collaboration
White House Presses For New Cybersecurity Laws
News  |  1/27/2012  | 
Congress has dragged its feet for years on passing cybersecurity legislation, so the Obama administration is applying pressure.
Twitter Country Blocks: 10 Key Facts
News  |  1/27/2012  | 
Twitter says functionality aims to help the company better respond to legal requirements. What restrictions already exist and what's next?
AT&T Tightens Up Tablet Security
News  |  1/27/2012  | 
AT&T has introduced new security tools that help healthcare providers better protect tablet-based patient data.
Security Careers: A Closer Look At Digital Investigations
News  |  1/26/2012  | 
Security incident response and forensics are, at heart, people problems. Here are some tips for making the most of them
Smartcards: Still A Smart Choice?
News  |  1/26/2012  | 
Despite recent security compromises, smartcard technology still has high potential
Study: The Aftermath Of A Breach
Quick Hits  |  1/26/2012  | 
New Ponemon-Experian study highlights organizations' top priorities following a data breach
Hopping Aboard The Mobile Payment Bandwagon? Bring A Helmet
News  |  1/26/2012  | 
Implementing mobile payment systems presents a high risk, high reward opportunity
Six-Year-Old Breach Comes Back To Haunt Symantec
News  |  1/26/2012  | 
Security firm warns users to halt use of pcAnywhere until it finishes patching it, but says older Norton products not at risk from previously 'inconclusive' 2006 security incident
Google Study: Social Media Enhances Privacy
Commentary  |  1/26/2012  | 
Sharing can shape your reputation, thereby building trust and privacy, Google research says. "Clean coal," meet "privacy-aware sharing." Let the oxymoron wars begin.
U.S. Intel Chief: Insider Leaks A Top Priority
News  |  1/26/2012  | 
Strategies to prevent another Wikileaks will take years to perfect, but the cloud could save time and money, says director of national intelligence James Clapper.
FBI Seeks Data-Mining App for Social Media
News  |  1/26/2012  | 
Agency wants to monitor Facebook, Twitter, and other sites for real-time information that could help investigations.
What EU Data Privacy Proposal Means For Business
News  |  1/26/2012  | 
Proposed new rules, including a "right to be forgotten" clause, could create compliance mess for multinational businesses.
SOPA Protesters Try New Tactic: DNS Hijacks
News  |  1/26/2012  | 
Hacktivists redirect traffic from several sites, including handbag-maker Coach.com, in retaliation for anti-piracy bill support.
Symantec: Users Should Disable PCAnywhere Now
News  |  1/26/2012  | 
Symantec moves into damage-control mode after LulzSec leader tweets the remote-access software may be used to launch exploits.
EU's More Stringent Data Privacy Proposal Poses Challenges For Businesses
News  |  1/26/2012  | 
Proposed changes to data privacy laws in Europe have garnered mixed praise
Hacktivists Turn To DNS Hijacking
Quick Hits  |  1/26/2012  | 
Coach, UFC fall victim to attacks that redirect their Web traffic
Database Password Storage Exposes Need For Better ID Management
News  |  1/25/2012  | 
DreamHost and other password breaches show weaknesses in the way passwords are stored
DNSSEC Error Caused NASA Website To Be Blocked
News  |  1/25/2012  | 
Comcast's new DNSSEC-based service detected improper signing of NASA site
Zscaler ThreatLabZ Releases Free Service To Analyze Web Risk
News  |  1/25/2012  | 
Zulu analyzes URLs and assesses risk posed by suspicious Web content
Feds Issue Comprehensive Cloud Security Guidance
News  |  1/25/2012  | 
National Institute of Standards and Technology urges government and private sector users not to leave cloud security to providers or service arrangements.
Looking Over The RIM And Into The Chasm
Commentary  |  1/25/2012  | 
What security folks need to learn from RIM's stunning downfall
Pwn2Own Hacking Contest Gets Facelift
News  |  1/25/2012  | 
Popular competition will up the ante with longer contest, fewer targets, more payout for first-, second-, third-place winners--plus an extra Google bounty for cracking Chrome.
Google Privacy Change Provokes Outrage
News  |  1/25/2012  | 
One user profile and privacy policy to rule all of Google's services. Simple, or evil?
Anonymous Calls Anonyupload A Scam
News  |  1/25/2012  | 
Megaupload alternative promises "100% anonymous" platform for sharing files, providing it gets the required funds.
Videoconferencing Systems Vulnerable To Hackers
News  |  1/25/2012  | 
Take these steps to secure your videoconferencing system and prevent outsiders from spying on your company.
Microsoft Names Alleged Kelihos Botnet Operator
News  |  1/25/2012  | 
Suspect worked for antivirus and software development firms in Russia.
Videoconferencing Can Be The Bug In The Boardroom
News  |  1/24/2012  | 
Recent research underscores that insecure video conferencing systems can allow hackers to listen into a company's confidential discussions. Firms should take steps to evaluate their systems and secure them
Judge Rules In Favor Of Decryption
News  |  1/24/2012  | 
A woman accused of real-estate fraud must turn in unencrypted copy of a hard drive, despite Fifth Amendment protest
Microsoft Names Alleged Botnet Operator Behind Kelihos
Quick Hits  |  1/24/2012  | 
Russian suspect worked for antivirus and software development firms in Russia
Page 1 / 3   >   >>


6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
6 Reasons Why Employees Violate Security Policies
Ericka Chickowski, Contributing Writer, Dark Reading,  10/16/2018
Getting Up to Speed with "Always-On SSL"
Tim Callan, Senior Fellow, Comodo CA,  10/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: Too funny!
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.