Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in January 2012
Page 1 / 3   >   >>
Financial Services Industry Employs Microsoft SDL In New Secure Software Model
News  |  1/31/2012  | 
Meanwhile, Microsoft releases new data showing major drop in bugs and exploitable vulnerabilities in its software during the past year-and-a-half
Jury Still Out On Mobile Adware
News  |  1/31/2012  | 
Malicious software or not? Defining the threat on mobile platforms becomes more difficult as some advertising software enters a gray area
Google Defends Privacy Policy Consolidation
News  |  1/31/2012  | 
Google sends letter to congressional representatives to clarify pending privacy policy revisions.
Researchers Postpone Release Of Free Smart Meter Security Testing Tool
News  |  1/31/2012  | 
Amid smart grid vendor's concerns about ShmooCon talk, public disclosure of research into smart meter infrared ports put on hold
Megaupload Users Get Reprieve, But Legal Questions Remain
News  |  1/31/2012  | 
Hosting providers agree to hold data files for two weeks while cyberlocker company's lawyers negotiate with the U.S. government.
Big Data's Dark Side: Compliance Issues
News  |  1/31/2012  | 
The bigger data sets grow, the harder compliance could become.
10 SharePoint Security Mistakes You Probably Make
News  |  1/31/2012  | 
Bradley Manning allegedly stole sensitive government cables destined for WikiLeaks from a SharePoint server. Are your information security controls tighter than the Army's were?
Big Data Could Create Compliance Issues
News  |  1/30/2012  | 
The bigger data sets grow, the harder compliance could become
Cloud Means More Secure Remote Access
News  |  1/30/2012  | 
Connecting hosts running remote-access services directly to the Internet is so last decade. Instead, companies look to move to cloud-enabled services or virtual desktop infrastructure.
FBI Seeks 'Automated Search And Scrape' Of Social Networks
Quick Hits  |  1/30/2012  | 
Agency issues RFI for technology to quickly find and surface 'events' via search of social networks, news sites
More Than Half Of Cyberattacks Come From Asia
Quick Hits  |  1/30/2012  | 
DDoS attacks worldwide on the rise, report finds
EU Data Rules Worse Than SOPA?
News  |  1/30/2012  | 
European Union's proposed "right to be forgotten" data privacy rule threatens free speech and online business, critics argue.
Google, Facebook, Bank Of America Behind New Email Security Standard
News  |  1/30/2012  | 
New specification for preventing phishing and email domain abuse likely to help email security, but will enterprises adopt it?
Intel Takes Stake In Solera Networks
News  |  1/30/2012  | 
Intel Capital is joined by existing investors Allegis Capital, Signal Peak Ventures and Trident Capital
Silent Authentication
Commentary  |  1/29/2012  | 
Authenticating users without explicit login
The Value Of Device Authentication
Commentary  |  1/29/2012  | 
'Fingerprinting' evolving to protect device IDs
Do You Need A Security Operations Center?
News  |  1/28/2012  | 
When a company starts to worry about losing data to attack, it could be time to create a simple SOC. Following are the most important steps to evaluating the need for an effective operations center
New Drive-By Spam Infects Those Who Open Email -- No Attachment Needed
Quick Hits  |  1/28/2012  | 
Getting infected just got a whole lot easier, researchers say
Google, Microsoft Say DMARC Spec Stops Phishing
News  |  1/27/2012  | 
New email authentication framework called DMARC, backed by major email and security tool providers, aims to make spoofed domains in messages a thing of the past.
The Mechanics Of Breach Notification
Commentary  |  1/27/2012  | 
Organizations need to know what constitutes a breach of identity data according to state laws and how to respond
The Future of Web Authentication
News  |  1/27/2012  | 
Many security experts believe the Internet's trust model is broken. Figuring out how to fix it will take time and collaboration
White House Presses For New Cybersecurity Laws
News  |  1/27/2012  | 
Congress has dragged its feet for years on passing cybersecurity legislation, so the Obama administration is applying pressure.
Twitter Country Blocks: 10 Key Facts
News  |  1/27/2012  | 
Twitter says functionality aims to help the company better respond to legal requirements. What restrictions already exist and what's next?
AT&T Tightens Up Tablet Security
News  |  1/27/2012  | 
AT&T has introduced new security tools that help healthcare providers better protect tablet-based patient data.
Security Careers: A Closer Look At Digital Investigations
News  |  1/26/2012  | 
Security incident response and forensics are, at heart, people problems. Here are some tips for making the most of them
Smartcards: Still A Smart Choice?
News  |  1/26/2012  | 
Despite recent security compromises, smartcard technology still has high potential
Study: The Aftermath Of A Breach
Quick Hits  |  1/26/2012  | 
New Ponemon-Experian study highlights organizations' top priorities following a data breach
Hopping Aboard The Mobile Payment Bandwagon? Bring A Helmet
News  |  1/26/2012  | 
Implementing mobile payment systems presents a high risk, high reward opportunity
Six-Year-Old Breach Comes Back To Haunt Symantec
News  |  1/26/2012  | 
Security firm warns users to halt use of pcAnywhere until it finishes patching it, but says older Norton products not at risk from previously 'inconclusive' 2006 security incident
Google Study: Social Media Enhances Privacy
Commentary  |  1/26/2012  | 
Sharing can shape your reputation, thereby building trust and privacy, Google research says. "Clean coal," meet "privacy-aware sharing." Let the oxymoron wars begin.
U.S. Intel Chief: Insider Leaks A Top Priority
News  |  1/26/2012  | 
Strategies to prevent another Wikileaks will take years to perfect, but the cloud could save time and money, says director of national intelligence James Clapper.
FBI Seeks Data-Mining App for Social Media
News  |  1/26/2012  | 
Agency wants to monitor Facebook, Twitter, and other sites for real-time information that could help investigations.
What EU Data Privacy Proposal Means For Business
News  |  1/26/2012  | 
Proposed new rules, including a "right to be forgotten" clause, could create compliance mess for multinational businesses.
SOPA Protesters Try New Tactic: DNS Hijacks
News  |  1/26/2012  | 
Hacktivists redirect traffic from several sites, including handbag-maker Coach.com, in retaliation for anti-piracy bill support.
Symantec: Users Should Disable PCAnywhere Now
News  |  1/26/2012  | 
Symantec moves into damage-control mode after LulzSec leader tweets the remote-access software may be used to launch exploits.
EU's More Stringent Data Privacy Proposal Poses Challenges For Businesses
News  |  1/26/2012  | 
Proposed changes to data privacy laws in Europe have garnered mixed praise
Hacktivists Turn To DNS Hijacking
Quick Hits  |  1/26/2012  | 
Coach, UFC fall victim to attacks that redirect their Web traffic
Database Password Storage Exposes Need For Better ID Management
News  |  1/25/2012  | 
DreamHost and other password breaches show weaknesses in the way passwords are stored
DNSSEC Error Caused NASA Website To Be Blocked
News  |  1/25/2012  | 
Comcast's new DNSSEC-based service detected improper signing of NASA site
Zscaler ThreatLabZ Releases Free Service To Analyze Web Risk
News  |  1/25/2012  | 
Zulu analyzes URLs and assesses risk posed by suspicious Web content
Feds Issue Comprehensive Cloud Security Guidance
News  |  1/25/2012  | 
National Institute of Standards and Technology urges government and private sector users not to leave cloud security to providers or service arrangements.
Looking Over The RIM And Into The Chasm
Commentary  |  1/25/2012  | 
What security folks need to learn from RIM's stunning downfall
Pwn2Own Hacking Contest Gets Facelift
News  |  1/25/2012  | 
Popular competition will up the ante with longer contest, fewer targets, more payout for first-, second-, third-place winners--plus an extra Google bounty for cracking Chrome.
Google Privacy Change Provokes Outrage
News  |  1/25/2012  | 
One user profile and privacy policy to rule all of Google's services. Simple, or evil?
Anonymous Calls Anonyupload A Scam
News  |  1/25/2012  | 
Megaupload alternative promises "100% anonymous" platform for sharing files, providing it gets the required funds.
Videoconferencing Systems Vulnerable To Hackers
News  |  1/25/2012  | 
Take these steps to secure your videoconferencing system and prevent outsiders from spying on your company.
Microsoft Names Alleged Kelihos Botnet Operator
News  |  1/25/2012  | 
Suspect worked for antivirus and software development firms in Russia.
Videoconferencing Can Be The Bug In The Boardroom
News  |  1/24/2012  | 
Recent research underscores that insecure video conferencing systems can allow hackers to listen into a company's confidential discussions. Firms should take steps to evaluate their systems and secure them
Judge Rules In Favor Of Decryption
News  |  1/24/2012  | 
A woman accused of real-estate fraud must turn in unencrypted copy of a hard drive, despite Fifth Amendment protest
Microsoft Names Alleged Botnet Operator Behind Kelihos
Quick Hits  |  1/24/2012  | 
Russian suspect worked for antivirus and software development firms in Russia
Page 1 / 3   >   >>


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-13157
PUBLISHED: 2019-11-22
nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive.
CVE-2012-2079
PUBLISHED: 2019-11-22
A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal.
CVE-2019-11325
PUBLISHED: 2019-11-21
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
CVE-2019-18887
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel.
CVE-2019-18888
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. T...