Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in January 2012
Page 1 / 3   >   >>
Financial Services Industry Employs Microsoft SDL In New Secure Software Model
News  |  1/31/2012  | 
Meanwhile, Microsoft releases new data showing major drop in bugs and exploitable vulnerabilities in its software during the past year-and-a-half
Jury Still Out On Mobile Adware
News  |  1/31/2012  | 
Malicious software or not? Defining the threat on mobile platforms becomes more difficult as some advertising software enters a gray area
Google Defends Privacy Policy Consolidation
News  |  1/31/2012  | 
Google sends letter to congressional representatives to clarify pending privacy policy revisions.
Researchers Postpone Release Of Free Smart Meter Security Testing Tool
News  |  1/31/2012  | 
Amid smart grid vendor's concerns about ShmooCon talk, public disclosure of research into smart meter infrared ports put on hold
Megaupload Users Get Reprieve, But Legal Questions Remain
News  |  1/31/2012  | 
Hosting providers agree to hold data files for two weeks while cyberlocker company's lawyers negotiate with the U.S. government.
Big Data's Dark Side: Compliance Issues
News  |  1/31/2012  | 
The bigger data sets grow, the harder compliance could become.
10 SharePoint Security Mistakes You Probably Make
News  |  1/31/2012  | 
Bradley Manning allegedly stole sensitive government cables destined for WikiLeaks from a SharePoint server. Are your information security controls tighter than the Army's were?
Big Data Could Create Compliance Issues
News  |  1/30/2012  | 
The bigger data sets grow, the harder compliance could become
Cloud Means More Secure Remote Access
News  |  1/30/2012  | 
Connecting hosts running remote-access services directly to the Internet is so last decade. Instead, companies look to move to cloud-enabled services or virtual desktop infrastructure.
FBI Seeks 'Automated Search And Scrape' Of Social Networks
Quick Hits  |  1/30/2012  | 
Agency issues RFI for technology to quickly find and surface 'events' via search of social networks, news sites
More Than Half Of Cyberattacks Come From Asia
Quick Hits  |  1/30/2012  | 
DDoS attacks worldwide on the rise, report finds
EU Data Rules Worse Than SOPA?
News  |  1/30/2012  | 
European Union's proposed "right to be forgotten" data privacy rule threatens free speech and online business, critics argue.
Google, Facebook, Bank Of America Behind New Email Security Standard
News  |  1/30/2012  | 
New specification for preventing phishing and email domain abuse likely to help email security, but will enterprises adopt it?
Intel Takes Stake In Solera Networks
News  |  1/30/2012  | 
Intel Capital is joined by existing investors Allegis Capital, Signal Peak Ventures and Trident Capital
Silent Authentication
Commentary  |  1/29/2012  | 
Authenticating users without explicit login
The Value Of Device Authentication
Commentary  |  1/29/2012  | 
'Fingerprinting' evolving to protect device IDs
Do You Need A Security Operations Center?
News  |  1/28/2012  | 
When a company starts to worry about losing data to attack, it could be time to create a simple SOC. Following are the most important steps to evaluating the need for an effective operations center
New Drive-By Spam Infects Those Who Open Email -- No Attachment Needed
Quick Hits  |  1/28/2012  | 
Getting infected just got a whole lot easier, researchers say
Google, Microsoft Say DMARC Spec Stops Phishing
News  |  1/27/2012  | 
New email authentication framework called DMARC, backed by major email and security tool providers, aims to make spoofed domains in messages a thing of the past.
The Mechanics Of Breach Notification
Commentary  |  1/27/2012  | 
Organizations need to know what constitutes a breach of identity data according to state laws and how to respond
The Future of Web Authentication
News  |  1/27/2012  | 
Many security experts believe the Internet's trust model is broken. Figuring out how to fix it will take time and collaboration
White House Presses For New Cybersecurity Laws
News  |  1/27/2012  | 
Congress has dragged its feet for years on passing cybersecurity legislation, so the Obama administration is applying pressure.
Twitter Country Blocks: 10 Key Facts
News  |  1/27/2012  | 
Twitter says functionality aims to help the company better respond to legal requirements. What restrictions already exist and what's next?
AT&T Tightens Up Tablet Security
News  |  1/27/2012  | 
AT&T has introduced new security tools that help healthcare providers better protect tablet-based patient data.
Security Careers: A Closer Look At Digital Investigations
News  |  1/26/2012  | 
Security incident response and forensics are, at heart, people problems. Here are some tips for making the most of them
Smartcards: Still A Smart Choice?
News  |  1/26/2012  | 
Despite recent security compromises, smartcard technology still has high potential
Study: The Aftermath Of A Breach
Quick Hits  |  1/26/2012  | 
New Ponemon-Experian study highlights organizations' top priorities following a data breach
Hopping Aboard The Mobile Payment Bandwagon? Bring A Helmet
News  |  1/26/2012  | 
Implementing mobile payment systems presents a high risk, high reward opportunity
Six-Year-Old Breach Comes Back To Haunt Symantec
News  |  1/26/2012  | 
Security firm warns users to halt use of pcAnywhere until it finishes patching it, but says older Norton products not at risk from previously 'inconclusive' 2006 security incident
Google Study: Social Media Enhances Privacy
Commentary  |  1/26/2012  | 
Sharing can shape your reputation, thereby building trust and privacy, Google research says. "Clean coal," meet "privacy-aware sharing." Let the oxymoron wars begin.
U.S. Intel Chief: Insider Leaks A Top Priority
News  |  1/26/2012  | 
Strategies to prevent another Wikileaks will take years to perfect, but the cloud could save time and money, says director of national intelligence James Clapper.
FBI Seeks Data-Mining App for Social Media
News  |  1/26/2012  | 
Agency wants to monitor Facebook, Twitter, and other sites for real-time information that could help investigations.
What EU Data Privacy Proposal Means For Business
News  |  1/26/2012  | 
Proposed new rules, including a "right to be forgotten" clause, could create compliance mess for multinational businesses.
SOPA Protesters Try New Tactic: DNS Hijacks
News  |  1/26/2012  | 
Hacktivists redirect traffic from several sites, including handbag-maker Coach.com, in retaliation for anti-piracy bill support.
Symantec: Users Should Disable PCAnywhere Now
News  |  1/26/2012  | 
Symantec moves into damage-control mode after LulzSec leader tweets the remote-access software may be used to launch exploits.
EU's More Stringent Data Privacy Proposal Poses Challenges For Businesses
News  |  1/26/2012  | 
Proposed changes to data privacy laws in Europe have garnered mixed praise
Hacktivists Turn To DNS Hijacking
Quick Hits  |  1/26/2012  | 
Coach, UFC fall victim to attacks that redirect their Web traffic
Database Password Storage Exposes Need For Better ID Management
News  |  1/25/2012  | 
DreamHost and other password breaches show weaknesses in the way passwords are stored
DNSSEC Error Caused NASA Website To Be Blocked
News  |  1/25/2012  | 
Comcast's new DNSSEC-based service detected improper signing of NASA site
Zscaler ThreatLabZ Releases Free Service To Analyze Web Risk
News  |  1/25/2012  | 
Zulu analyzes URLs and assesses risk posed by suspicious Web content
Feds Issue Comprehensive Cloud Security Guidance
News  |  1/25/2012  | 
National Institute of Standards and Technology urges government and private sector users not to leave cloud security to providers or service arrangements.
Looking Over The RIM And Into The Chasm
Commentary  |  1/25/2012  | 
What security folks need to learn from RIM's stunning downfall
Pwn2Own Hacking Contest Gets Facelift
News  |  1/25/2012  | 
Popular competition will up the ante with longer contest, fewer targets, more payout for first-, second-, third-place winners--plus an extra Google bounty for cracking Chrome.
Google Privacy Change Provokes Outrage
News  |  1/25/2012  | 
One user profile and privacy policy to rule all of Google's services. Simple, or evil?
Anonymous Calls Anonyupload A Scam
News  |  1/25/2012  | 
Megaupload alternative promises "100% anonymous" platform for sharing files, providing it gets the required funds.
Videoconferencing Systems Vulnerable To Hackers
News  |  1/25/2012  | 
Take these steps to secure your videoconferencing system and prevent outsiders from spying on your company.
Microsoft Names Alleged Kelihos Botnet Operator
News  |  1/25/2012  | 
Suspect worked for antivirus and software development firms in Russia.
Videoconferencing Can Be The Bug In The Boardroom
News  |  1/24/2012  | 
Recent research underscores that insecure video conferencing systems can allow hackers to listen into a company's confidential discussions. Firms should take steps to evaluate their systems and secure them
Judge Rules In Favor Of Decryption
News  |  1/24/2012  | 
A woman accused of real-estate fraud must turn in unencrypted copy of a hard drive, despite Fifth Amendment protest
Microsoft Names Alleged Botnet Operator Behind Kelihos
Quick Hits  |  1/24/2012  | 
Russian suspect worked for antivirus and software development firms in Russia
Page 1 / 3   >   >>

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-10-18
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions an attacker with read access to a "SVN core" repository could execute arbitrary SQL queries. The following versions contain the fix: Tuleap Community Edition 11.1...
PUBLISHED: 2021-10-18
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following versions contain the fix...
PUBLISHED: 2021-10-18
OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In affected versions by manipulating the HTTP request an attacker can modify the path of a requested file download in the folder component to point to anywhere on t...
PUBLISHED: 2021-10-18
The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In `evm` crate `< 0.31.0`, `JUMPI` opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. Thi...
PUBLISHED: 2021-10-18
anuko/timetracker is an, open source time tracking system. In affected versions Time Tracker uses browser_today hidden control on a few pages to collect the today's date from user browsers. Because of not checking this parameter for sanity in versions prior to, it was possible to craft ...