Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in January 2012
<<   <   Page 3 / 3
When Good Apps Go Bad
News  |  1/12/2012  | 
Experts warn that many otherwise nonmalicious mobile apps are trampling privacy with overgenerous device permissions
Sandia Labs Offers Online DNSSEC Tool
Quick Hits  |  1/12/2012  | 
Free visualization tool helps government agencies, businesses in their DNSSEC implementations
Sykipot Malware Now Steals Smart-Card Credentials
News  |  1/12/2012  | 
New variant of malware used by advanced persistent threat (APT) actors out of China challenges DoD, other organizations’ two-factor authentication
WISeKey And INSIDE Secure Join Forces To Target Counterfeit Luxury Goods
News  |  1/12/2012  | 
New solution also will offer sales monitoring and direct marketing capabilities
Microsoft Trustworthy Computing Turns 10: What's Next
News  |  1/12/2012  | 
10 years after Bill Gates famously declared a security emergency within Microsoft, the stakes are much higher. 'TWC Next' will include a focus on cloud services such as Azure.
Air Force Drone Controllers Embrace Linux, But Why?
News  |  1/12/2012  | 
U.S. Air Force switched drones' ground control operating system after a credential-grabbing malware outbreak. Security expert thinks it's more than coincidence.
Does NoSQL Mean No Security?
News  |  1/12/2012  | 
Biggest benefits of NoSQL databases--scalability and flexibility-- also give security experts the biggest headaches.
Hack Attacks Now Leading Cause Of Data Breaches
News  |  1/12/2012  | 
Exclusive: Identity Theft Resource Center identifies hacking, followed by data lost in transit and insider attacks, as the leading data breach culprits in 2011.
Identity Versus Authentication
Commentary  |  1/12/2012  | 
Distinguishing between identity and authentication
China Arrests Four In CSDN Data Breach; Related Breaches Proved To Be Hoaxes
Quick Hits  |  1/12/2012  | 
More than 6 million users affected by hack; eight people punished for spreading faulty info
Does NoSQL Mean No Security?
News  |  1/11/2012  | 
NoSQL databases offer an alternative to traditional relational databases but is immature and will introduce more risks
China Not The U.S.'s Only Cyber-Adversary
News  |  1/11/2012  | 
Reports of cyberespionage out of India are a wake-up call for U.S. businesses, government agencies
Top SMB Security Worries: Intellectual Property, Mobile
News  |  1/11/2012  | 
An expert security researcher shares his top security concerns for SMBs in 2012 and offers advice on how smaller companies can manage risks.
2012 Will Be The Year Of The...
Commentary  |  1/11/2012  | 
After a rough 2011 for many large organizations, here's a look at what the world of advanced threats will bring in 2012
When Someone Else's Insider Is Your Threat
News  |  1/11/2012  | 
As Symantec recently learned, your intellectual property could be at risk from third parties with whom you do business.
Health IT Managers Slow To Implement Cloud
News  |  1/11/2012  | 
Security concerns keep health IT pros from jumping on cloud computing faster, a KLAS study suggests.
How To Prevent An Illicit Data Dump
News  |  1/11/2012  | 
Organizations can be ruined with a single, WikiLeaks-style data compromise. How can you prevent your enterprise from being one of them? Here are a few tips
Rocstor's Ultra Secure SmartCard-Based Portable Hard Drive
News  |  1/11/2012  | 
At CES 2012, Rocstor displayed a prototype of its Amphibious -- a highly secure portable hard drive that connects via Firewire 800 or USB and that can't be mounted without first using a smartcard and a pin code.
New Project Aims To Secure U.S. Power Grid
News  |  1/10/2012  | 
DOE, DHS working on maturity model to be tested across more than a dozen electric utilities and grid operators
Comcast Internet Service Now Fully DNSSEC-Based
Quick Hits  |  1/10/2012  | 
ISP finishes its rollout of the DNS security protocol
When Someone Else's Insider Is Your Threat
News  |  1/10/2012  | 
Contract language and enforcement are necessary to protect your IP in another company's network. Just ask Symantec, which had its source code stolen from a third party by hackers.
U.S. China Commission Emails Hacked
News  |  1/10/2012  | 
Was Indian hacker group's alleged hack for India or China?
Feds Refine Cloud Security Standards
News  |  1/10/2012  | 
Federal CIO Council releases controls for new agency-wide program that standardizes security requirements for cloud-computing products and services.
Feds Seek Stronger Security For Power Grid
News  |  1/10/2012  | 
Departments of Energy and Defense will create a cybersecurity model to test and apply across the utility industry, as they work to protect the U.S. electricity grid.
Feds Bust $1.5 Million ATM Skimming Scheme
News  |  1/10/2012  | 
Romanian man failed to disguise his identity as he allegedly installed card skimmers to steal data at 40 ATMs around New York.
IT Security Employment Rising Rapidly, Study Says
Quick Hits  |  1/10/2012  | 
More than 51,000 security pros employed in Q4, up from 37.000 employed in Q1, study says
Passphrases A Viable Alternative To Passwords?
News  |  1/10/2012  | 
Some experts say they are, but technological and cultural issues bar the path to passphrases
Hard Drive Prices Rise Due To Thai Floods
News  |  1/9/2012  | 
Some vendors also trim warranties; IDC expects shortages to persist into 2013.
More Patient Data Risks, Lawsuits Predicted In 2012
News  |  1/9/2012  | 
The new year promises to bring greater patient data risks as healthcare organizations increase their use of mobile technology and social media sites.
Hackers Claim Breach Of Norton Antivirus Source Code; Experts Say Claims Are Exaggerated
News  |  1/7/2012  | 
Symantec says disclosure poses 'no threat' to the security of its AV products or their customers
Partner Management 3: How To Assess Prospective Partners
Commentary  |  1/7/2012  | 
Regulations require organizations to periodically assess security and compliance practices; the key is to understand how to do so effectively -- without breaking the bank
Have A Comment? Dark Reading Offers New Commenting System
Quick Hits  |  1/6/2012  | 
New platform will make it easier, more secure for readers to add their input to DR stories
Tech Insight: What To Do When Your Business Partner Is Breached
News  |  1/6/2012  | 
Vendors and contractors play an important role in your business. But what happens when a partner’s systems are compromised? Here are a few tips
New Denial Of Service Attack Cripples Servers Slowly
News  |  1/6/2012  | 
'Slow Read' proof-of-concept and tool released Thursday.
Facebook Worm Siphons 45,000 Accounts
News  |  1/6/2012  | 
Ramnit financial malware gets social with new variant.
Worm Siphons 45,000 Facebook Accounts
Quick Hits  |  1/5/2012  | 
Ramnit financial malware gets social with new variant
New Denial-Of-Service Attack Cripples Web Servers By Reading Slowly
News  |  1/5/2012  | 
'Slow Read' proof-of-concept and tool released Thursday
AntiSec Hacks NY, California Law Enforcement
News  |  1/5/2012  | 
Breaches show database insecurity is still the norm, despite rash of attacks by hacktivists.
SQL Injection Hack Infects 1 Million Web Pages
News  |  1/5/2012  | 
SANS warns of uptick in 'Lilupophilupop' attack, but Cisco said total number of infected Web pages likely lower.
Defense Bill Approves Offensive Cyber Warfare
News  |  1/5/2012  | 
Annual defense budget also calls for military to improve defensive cyber capabilities and create a new insider threat program to prevent another WikiLeaks-type breach.
Care2 Discloses Breach; Company Has Nearly 18 Million Members
Quick Hits  |  1/5/2012  | 
Passwords, account information could be at risk
AntiSec Hacks Signal Same Old, Same Old In Database Insecurity
News  |  1/5/2012  | 
Hacktivist group takes down two law enforcement associations with ease
Latest SQL Injection Campaign Infects 1 Million Web Pages
News  |  1/4/2012  | 
SANS warns of uptick in 'Lilupophilupop' attack, but Cisco says total number of infected URLs might be 'inflated'
Anonymous Leaks Israeli Credit Card Accounts
News  |  1/4/2012  | 
Saudi hackers allied with Anonymous claim credit for exposure of 400,000 accounts.
The Ultimate Internet DR Solution: Satellites?
News  |  1/4/2012  | 
Hackerspace Global Grid project intended as 'fallback infrastructure'
Hackers Plan Satellite Network For Web Disaster Time
News  |  1/3/2012  | 
Hackerspace Global Grid project aims to build a space antenna that will keep the Web up and running in case of an event that affects its availability.
Saudi Hackers Steal, Leak Israeli Credit Card Accounts
Quick Hits  |  1/3/2012  | 
Self-professed arm of Anonymous leaks thousands of account numbers and associated information
Same Toolkit Spawned Stuxnet, Duqu, And Other Campaigns
News  |  1/3/2012  | 
New Kaspersky Lab research nails down platform used for the targeted attacks, but not all researchers are sold that the exploits are all interrelated
Three Surefire Ways To Tick Off An Auditor
News  |  1/3/2012  | 
Avoid these common mistakes to improve your chances for a smooth compliance audit
Four Takeaways From The Stuxnet-Duqu Connection
News  |  1/3/2012  | 
Lessons learned from the latest findings in the Stuxnet and Duqu attacks
<<   <   Page 3 / 3


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27180
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail (aka WorldClient). It can be exploited via a GET request. It allows performing any action with the privileges of the attacked user.
CVE-2021-27181
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the application. Having the va...
CVE-2021-27182
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail (aka WorldClient). It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user.
CVE-2021-27183
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location of the filesystem, or he may be able to modify existing files. This vulnerability may directly lead...
CVE-2021-29449
PUBLISHED: 2021-04-14
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details.