Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in January 2012
<<   <   Page 2 / 3   >   >>
7 Tools To Tighten Healthcare Data Security
Slideshows  |  1/24/2012  | 
Most of the largest healthcare data security and privacy breaches have involved lost or stolen mobile computing devices. Consider these tools and tips for protecting patient data and managing breaches.
9 Ways To Minimize Data Breach Fallout
Commentary  |  1/24/2012  | 
Symantec just revealed that attackers stole source code to its flagship Norton software in 2006, highlighting today's array of sharply different approaches to owning up to data breaches. Consider these essential policies.
IP D-Day: Major Providers, Vendors To Go IPv6 June 6
News  |  1/24/2012  | 
IPv6 implementations 'scrutinized' for security issues so no panic necessary, experts say amid concerns of as-yet undiscovered bugs
When Uncle Sam Can Demand You Decrypt Laptop
News  |  1/24/2012  | 
Colorado woman argued that surrendering her full-disk encryption password would violate her Fifth Amendment right against self-incrimination, but a judge disagreed.
Is SSL Cert Holder ID Verification A Joke?
News  |  1/24/2012  | 
Some complain that certificate authorities don't do enough to verify identities for 'domain-validated' certificates
Zappos, Amazon Sued Over Data Breach
Quick Hits  |  1/23/2012  | 
Lawsuit against shoe retailer alleges security negligence, seeks millions in compensatory and exemplary damages
Google+ Accepts Pseudonyms, With Caveats
News  |  1/23/2012  | 
Google+ updated name policy stops short of unqualified pseudonym acceptance, but endorses use of "established" alternate names.
9 Password Security Policies For SMBs
News  |  1/23/2012  | 
Does your company have strong password practices? Here's expert advice on how to help SMB employees minimize risks.
Megaupload Takedown Questioned By Users, Lawyers
News  |  1/23/2012  | 
Scrutiny increases from users and lawyers regarding the DOJ's decision to block legally uploaded content and pursue criminal charges against file-sharing company..
Famed Hacking Contest Gets Facelift
News  |  1/23/2012  | 
'Pwn2Own' will up the ante with more prolonged contest, fewer targets, more payout for first-, second-, third-place winners -- plus an extra Google bounty for cracking Chrome
Tech Insight: Building A SOC, From Outsourcing To DIY
News  |  1/22/2012  | 
Building blocks for developing the most effective security operations center
Breach Notification: Know The Rules
Commentary  |  1/20/2012  | 
State and federal laws require notification when a breach of protected information occurs. You need to know which laws apply and how to comply
Are You Contributing To A DDoS Attack? Researcher Says You Might Be
Quick Hits  |  1/20/2012  | 
Links distributed by Anonymous and others could make your computer part of the DDoS, Sophos says
SOPA: Stop Grandstanding, Start Crafting An Alternative
Commentary  |  1/20/2012  | 
If Congress is so clueless about Internet dynamics, it's up to SOPA opponents to create a workable alternative for stopping online content piracy.
Anonymous Retaliates For Megaupload Raids: 10 Key Facts
News  |  1/20/2012  | 
Hacktivists launch DDoS attacks on FBI, Justice Department, music and movie producers, in part using disguised links that trick people into assisting the assault.
Federal Reserve Bank Contractor Arrested For Alleged Code Theft
Quick Hits  |  1/20/2012  | 
Suspect admitted to stealing U.S. Treasury Dept.-owned program from the bank for use in his own private business
Third-Party Vulnerability Counts Down? Not Quite
News  |  1/19/2012  | 
Trend data from Frost & Sullivan shows that vulnerabilities reported by third parties were lower in 2011, but companies such as Secunia and TippingPoint are seeing greater demand
'Anonymous' Back With A Vengeance: Downs DoJ, MPAA, RIAA, Universal Music Websites
News  |  1/19/2012  | 
White House also being targeted as federal anti-piracy moves fuel widespread online attacks
McAfee SaaS Antivirus Spews Spam
News  |  1/19/2012  | 
Spammers are actively exploiting a hole in the antivirus software to create spam relays; McAfee says patch is forthcoming.
SOPA Backers Lose Ground
News  |  1/19/2012  | 
Protests against anti-piracy bills convince some lawmakers to drop support for the legislation.
Oracle Scorned For Paltry Database Patches
News  |  1/19/2012  | 
With only two of many reported vulnerabilities fixed in Oracle's latest update, the database security community questions Oracle's patch bottleneck.
Facebook Users Hit By Money-Grubbing Malware
News  |  1/19/2012  | 
Carberp Trojan malware attempts to steal money by duping the user into divulging an e-cash voucher.
New Version Of Carberp Trojan Targets Facebook Users
Quick Hits  |  1/19/2012  | 
Malware attempts to steal money by duping the user into divulging an e-cash voucher
I Left My Data In El Segundo
Commentary  |  1/18/2012  | 
Data is the new bit of lost clothing you left behind on that road trip -- and two-factor authentication VPN is the way to go mobile
The Day (Some Of) The Web Went Dark
News  |  1/18/2012  | 
Online protests today of SOPA/PIPA legislation blur future of anti-piracy efforts as several legislators back down
A Firsthand Piracy Experience
Commentary  |  1/18/2012  | 
Limited government support of intellectual property helps, but not the strong protections in SOPA/PIPA
Zappos Breach Renews Calls For Stronger Passwords
News  |  1/18/2012  | 
Passwords are the go-to security technique for retailers, but businesses must balance password strength and consumer ease of use.
2012 Data Encryption Survey: Progress And Pain
News  |  1/18/2012  | 
As broken protocols, cloud, mobility, and key management woes add to IT's load, the best bet is to get self-sufficient.
SOPA: 10 Key Facts About Piracy Bill
News  |  1/18/2012  | 
Despite mass opposition to the SOPA and PIPA anti-piracy bills, both continue to move forward in Congress. Here's an update on what's at stake and where the bills stand.
Oracle CPU Contains Lowest Number Of Database Fixes Ever
News  |  1/18/2012  | 
Database security community concerned about Oracle's patch bottleneck
Zappos Dealing With Data Breach
News  |  1/18/2012  | 
Online shoe and clothing retailer directs customers to reset their passwords via a dedicated password-reset page
Victim Businesses Teaming Up To Fight Cybercriminals
News  |  1/17/2012  | 
Major global corporations call for more collaboration among organizations hit by cyberattacks, but the devil's in the details
Top 10 Trends In Information Security
News  |  1/17/2012  | 
Expect 2012 to offer more of the same from 2011 -- and then some
Tilde-D Detection Focuses On Coding Anomalies
News  |  1/17/2012  | 
An open-source tool from the Laboratory of Cryptography and System Security hunts for Duqu using telltale signs left behind by the Tilde-D creation toolkit
NSA Releases Secure Android Version
News  |  1/17/2012  | 
National Security Agency publicly releases SE Android, a secure version of Google's Android platform that delivers app isolation and related security meausres.
Facebook: No Koobface Malware Attacks For Nearly A Year
Quick Hits  |  1/17/2012  | 
An aggressive campaign by the social network to kill the pesky malware included taking down its command-and-control server; SophosLabs unmasks the alleged gang members
Patient Data Theft Sends IT Specialist To Jail
News  |  1/17/2012  | 
Atlanta man gets 13 months for hacking into former employer's computer database and stealing patient data for a competing medical practice.
Zappos Breach: 8 Lessons Learned
News  |  1/17/2012  | 
Security experts rate the shoe retailer's response to hack that exposed data on up to 24 million customers.
Zappos Hack Exposes Passwords
News  |  1/17/2012  | 
Zappos tells 24 million customers to change passwords; special password-reset website was unavailable to non-U.S. customers.
Top 10 PCI Compliance Mistakes
News  |  1/16/2012  | 
Configuration mistakes, access control gaffes, and scoping issues top the list of common PCI errors
How To Monitor Employees Without Being A Perv
Commentary  |  1/15/2012  | 
While we need to monitor our employees to protect organization secrets, there's no need to turn the workplace into a bad episode of Big Brother
10 Security Trends To Watch In 2012
News  |  1/13/2012  | 
From cyber espionage to Android malware, expect to see a greater variety and quantity of attacks than ever before.
Five Principles To Improve Your Security Monitoring
News  |  1/13/2012  | 
Companies should expect to be compromised. So how should firms better monitor their security to detect attackers?
Financial Companies Sharing Information About Security
Quick Hits  |  1/13/2012  | 
Concerns about cyberthreats drive competing institutions to pool information, report says
Copyright Bill Causes Stir On Foreign Website Blocking
News  |  1/13/2012  | 
Some lawmakers move to drop provisions in the controversial Protect IP Act, now being considered by Senate, that would require U.S. service providers to forcibly redirect customers away from foreign sites accused of piracy.
Google Accused Of Fraud By Kenyan Rival
News  |  1/13/2012  | 
Kenya company used sting operation to probe what it calls unethical and illegal behavior by serach giant. Google says investigation is underway.
Hackers Say Indian Intelligence Has U.S. Passwords
News  |  1/13/2012  | 
A hacktivist group has released troves of emails, spy memos, and U.S. government server access credentials. While not all are genuine, the breach points to cyber spying as the new norm.
Using HIPAA To Advance Your Security Initiative
News  |  1/13/2012  | 
Healthcare compliance requirements can be a driver to improve your organization's overall security. Here's how
Sykipot Malware Steals Pentagon Smart-Card Credentials
News  |  1/13/2012  | 
Malware out of China challenges two-factor authentication schemes used by Defense Department, other organizations.
<<   <   Page 2 / 3   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30485
PUBLISHED: 2021-04-11
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.