News & Commentary

Content posted in October 2010
Page 1 / 4   >   >>
State Sues WellPoint Over Data Breach Notification
Commentary  |  10/31/2010  | 
The state of Indiana's attorney general is suing insurer WellPoint Inc. for $300,000 for not notifying customers in a timely enough manner that their data was at risk.
Java Worm Targets Mac OS X
Commentary  |  10/30/2010  | 
A just uncovered Trojan horse is employing an old social engineering ploy on social networks to lure Mac users.
Facebook Launches Friendship Pages, Raises Privacy Concerns
News  |  10/29/2010  | 
The new feature can show the relationship between two Facebook friends through the public information they've shared between each other through Wall posts, photos and more.
Slideshow: The 10 Most Common Database Vulnerabilities
Slideshows  |  10/29/2010  | 
AppSec's Team SHATTER shares the top 10 database vulnerabilities it sees most commonly plaguing organizations over and over again
Firesheep Exposes Need For Encryption
News  |  10/29/2010  | 
Using Facebook, Twitter, Yelp, Flickr, or other Web services on an open WiFi network could lead to lead to account hijacking.
MeeGo 1.1 Released To Developers
News  |  10/29/2010  | 
Linux-based mobile OS allows software creation on Intel Atom and ARMv7 architectures.
Bredolab Botnet Still Spewing Malware
News  |  10/29/2010  | 
Days after Dutch authorities disabled 143 command and control servers, security researchers are seeing new signs of life.
New DDoS Trojan Attacks Sites That Criticize Vietnamese Communist Party
Quick Hits  |  10/29/2010  | 
Politically motivated attacks are becoming more sophisticated, researcher says
Adobe Acknowledges Active Flash Exploit
News  |  10/29/2010  | 
Zero-day bug, which won't be patched for two weeks, is being delivered in a malicious PDF targeted toward job seekers.
Tech Insight: The Five Stages Of Vulnerability Management
News  |  10/29/2010  | 
Like grief, vulnerability management can be a heart-wrenching and complex challenge. Here's a road map that will help you get from denial to acceptance
Identity Theft Council Aims To Bring 'Neighborhood Watch' Concept To Cybersecurity
News  |  10/28/2010  | 
Regional initiatives designed to attack security awareness problem at the grass roots
Small Vendors Driving Innovation In Security, Venture Capitalists Say
News  |  10/28/2010  | 
Major vendors dominate industry revenue, but startups and emerging vendors are the ones behind real change, panelists say
Microsoft Profits Soar 51%
News  |  10/28/2010  | 
Sales of Microsoft Office were up 15% year over year and the software maker's business division, which includes the server and database units, saw 11% growth.
Things To Look Out For In New PCI Version 2.0
News  |  10/28/2010  | 
Payment card security standard hasn't changed much, but there are a few issues to prepare for
The Futility Of A Single Storage Platform
Commentary  |  10/28/2010  | 
Every storage supplier wants to be your only vendor. It sounds like a good idea. It would simplify storage management, simplify purchasing and make it easier to train new IT staff and protect you if the current staff has some turnover. While meeting with users at SNW Europe, I was reminded just how futile of a goal this really is.
Easy-To-Find Brute-Force Tools
News  |  10/28/2010  | 
Tools are available to create word lists that can be used for brute-force attacks to nab passwords.
Social Networks' Threat To Security
News  |  10/28/2010  | 
Weak passwords and insecure personal information could put your company's data at risk.
Banks Weak Against Credit Card Skimming Attacks
News  |  10/28/2010  | 
Gartner warns that anti-skimming standards and technologies aren't keeping up with recent spate of attacks, which can quickly net individual gangs $500,000 a month.
Microsoft Windows Still Vulnerable To DLL Hijacking
News  |  10/28/2010  | 
Even patched applications aren't safe from bug, says ACROS security researcher.
President Should Have 'Kill Switch' For Internet, Most Americans Say
Quick Hits  |  10/28/2010  | 
Worries of Internet security rank below financial, personal, and national security among people worldwide surveyed by Unisys
CIA Invests In Cloud, Web Analytics Startups
News  |  10/28/2010  | 
In-Q-Tel, a Central Intelligence Agency-based non-profit, will work with Cleversafe and Silver Tail Systems to adapt the companies' technologies for intelligence work.
AT&T Partners With Mobile Payment Providers
News  |  10/28/2010  | 
Deals with BilltoMobile, Boku, and Zong give the carrier's wireless subscribers the ability to buy online goods and services from their cell phones.
Talk About Evasion
Commentary  |  10/28/2010  | 
Security research, like fashion, sometimes gets recycled, restyled, and even rebranded. Take network security evasion and sidejacking attacks, both of which have recently re-emerged with researchers taking new spins on these known threats.
Cloud Creates SIEM Blind Spot
News  |  10/27/2010  | 
Current SIEM and log management approaches for network and security devices are 'moot' in the cloud
Java Trojan Bungles Mac Attack
News  |  10/27/2010  | 
Mac malware might be worrisome if it were coded better.
Vietnam Is Riskiest Country Domain, Study Says
Quick Hits  |  10/27/2010  | 
Bad guys say good morning, Vietnam, good night, Singapore
Talk About Evasion
Commentary  |  10/27/2010  | 
What's new is old and what's old is still news
DHS Urged To Bolster Cyber Infrastructure Security
News  |  10/27/2010  | 
Homeland Security must work more with power and telecom network owners to ensure they could survive a disaster, GAO reports.
FTC Ends Google Street View Investigation
News  |  10/27/2010  | 
The steps Google has taken to improve its internal controls are enough for the FTC.
Americans Maximize Social Network Security
News  |  10/27/2010  | 
The U.S. leads the world in restricting the personal information that people can access on their Facebook, Twitter, and other pages, reports Unisys study.
Iranian Cyber Army Joins Botnet Business
News  |  10/27/2010  | 
Up to 20 million machines may be infected by malware network, which may be backed by Iranian authorities, finds Seculert.
Bredolab Botnet Busted
News  |  10/26/2010  | 
The Dutch High Tech Crime Team has seized 143 servers used to infect an estimated 30 million computers and arrested the alleged mastermind behind the botnet.
Virgin America Goes Google
News  |  10/26/2010  | 
The airline is dropping Microsoft Exchange and moving to Google Apps for e-mail.
Emerging Qakbot Exploit Is Ruffling Some Feathers
News  |  10/26/2010  | 
Fast-spreading attack spreads like a worm, stings like a Trojan, RSA researchers say
Retailers Biggest Victims Of Targeted Attacks
Quick Hits  |  10/26/2010  | 
New Symantec data shows one-fourth of all focused attacks hitting retail organizations this month
Java Keeps Security Managers Up At Night
News  |  10/26/2010  | 
Attacks aimed at exploiting vulnerabilities in the Java platform have skyrocketed. Is your enterprise prepared?
Yet Another Botnet Dismantled, Alleged Botmaster Arrested
News  |  10/26/2010  | 
Dutch authorities take unusual tack in directly contacting machines infected by 'Bredolab' botnet
Microsoft Launches Office 2011 For Mac
News  |  10/26/2010  | 
Productivity suite for Mac includes Outlook for first time, in addition to collaboration and social networking tools.
Google 'Mortified' Over WiFi Data Gathering
News  |  10/25/2010  | 
New procedures have been implemented to prevent similar incidents from occurring.
Why Windows Phone 7 Could Be Most Secure Smartphone At Launch
Commentary  |  10/25/2010  | 
One of the interesting things I learned from spending a few days with McAfee recently was that the iPhone is actually one of the most secure smartphones.
Microsoft Windows 8 To Arrive In 2012
News  |  10/25/2010  | 
The next version of the operating system is reported to be coming in the second half of 2012.
New Firefox Plug-In Offers WiFi Cookie-Jacking For 'Average Joe'
News  |  10/25/2010  | 
'Firesheep' tool executes point-and-click sidejacking attacks
Wi-Fi Direct Products Connect Without A Network
News  |  10/25/2010  | 
Atheros, Broadcom, Intel, Ralink and Realtek form first test suite for certification program.
Personal Data Of 280,000 At Risk Following Healthcare Breach
Quick Hits  |  10/25/2010  | 
Portable drive containing data on nearly 300,000 Medicaid patients in Pennsylvania is missing
More Patient Data Dumps
Commentary  |  10/25/2010  | 
Yet another case where patient medical records are left in a dumpster and out in plain sight.
Workers Abusing Social Sites On Corporate Networks
News  |  10/25/2010  | 
Employees' use of Facebook, Gmail, Hotmail and BitTorrent is posing security risks, according to study by Palo Alto Networks.
What Business Data Should Be In The Cloud?
Commentary  |  10/25/2010  | 
In our last entry we discussed different ways that you can move data into the cloud, something I call onramps. In theory the ability now exists to put all your data types on a cloud storage platform, but is that the right choice for your business? How do you determine which data you should put in the cloud?
White House Unveils Internet Privacy Committee
News  |  10/25/2010  | 
Technology council subcommittee will work with federal agencies and lawmakers to balance consumer protection with economic opportunity.
MySpace Sharing User Info With Advertisers
News  |  10/25/2010  | 
Days after Facebook disclosure, the second largest social media site is found committing the same privacy breach.
Americans Ignoring Social Media Privacy Risks
News  |  10/25/2010  | 
Users are worried about the dangers of disclosing personal information on Facebook and other sites, but they do it anyway, finds Lawyers.com study.
Page 1 / 4   >   >>


One in Three SOC Analysts Now Job-Hunting
Kelly Jackson Higgins, Executive Editor at Dark Reading,  2/12/2018
Encrypted Attacks Continue to Dog Perimeter Defenses
Ericka Chickowski, Contributing Writer, Dark Reading,  2/14/2018
Can Android for Work Redefine Enterprise Mobile Security?
Satish Shetty, CEO, Codeproof Technologies,  2/13/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: One agent too many was installed on Bob's desktop.
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.