News & Commentary

Content posted in October 2011
Page 1 / 3   >   >>
Major Companies 'Fail' Social Engineering Test
News  |  10/31/2011  | 
Report details results of major social-engineering 'capture the flag' contest that targeted 14 companies in retail, airlines, food service, technology, and mobile services
Tales of De-Crypt: 2011 Authentication And IAM Horror Stories
News  |  10/31/2011  | 
Who's scared of monsters under the bed when there's Lulzsec, Russian mobsters, and cybercrooks creeping out there?
Data Breach Costs: Beware Vendor Contract Fine Print
News  |  10/31/2011  | 
Organizations often end up paying the consequential costs of data breaches when third-party vendor contracts aren't scrutinized.
Nearly A Third Of Execs Say Rogue Mobile Devices Are Linked To Their Networks
Quick Hits  |  10/30/2011  | 
Eighty-seven percent think their organizations are at risk of attack via a mobile security lapse
3 Steps To Make Your Database More Secure
News  |  10/28/2011  | 
Database security often takes a backseat to performance and other concerns. Here's how to strike a balance that works.
Don't Let Your Suppliers Limit Too Much Breach Liability
News  |  10/28/2011  | 
Organizations often end up paying the consequential costs of data breaches when third-party vendor contracts aren't scrutinized
Chinese Military Blamed For Hacking U.S. Satellites
News  |  10/28/2011  | 
Congressional investigators say two Earth observation satellites were hacked four times in recent years and it appears the Chinese military is responsible.
Basic Baselining For Quick Situational Awareness
Commentary  |  10/28/2011  | 
Baselines can be extremely valuable in knowing what's going on within your network, but they can't help if they're not created -- start with the basics
Social Malice: One In 60 Facebook Posts Are Malicious
News  |  10/28/2011  | 
LinkedIn users feel safest, according to new social networking data gathered by Barracuda networks--but not for long.
Is Biometrics The Answer To The Authentication Question?
News  |  10/28/2011  | 
Years in the making, biometrics still has not entered the mainstream of authentication options. Here's a look at where and when to use it
Study: How Data Breaches Damage Brand Reputation
Quick Hits  |  10/27/2011  | 
Experian/Ponemon Institute study says breached firms' brands lose 12 percent of value
California Tightens EHR Security
News  |  10/27/2011  | 
New law requires that everyone leave breadcrumbs when using an electronic health record; related law expands telemed services.
Innovative Attacks Treat Mobile Phones As Sensors
News  |  10/27/2011  | 
Recent research showed that a phone's accelerometer could detect vibrations from key presses on a nearby keyboard
PCI Council Pegs Success On Community Involvement
News  |  10/27/2011  | 
The PCI Security Council celebrates its fifth anniversary this year with greater industry collaboration and more work ahead
Social Malice: One In 100 Tweets And One In 60 Facebook Posts Are Malicious
News  |  10/27/2011  | 
LinkedIn users feel safest, according to new social networking data gathered by Barracuda networks -- but not for long
SSL Servers No Match For Laptop-Based Hack
News  |  10/27/2011  | 
Tool lets hackers launch a denial-of-service attack from a single PC over a DSL connection.
6 Deadly Enterprise Security Mistakes
News  |  10/27/2011  | 
These small, subtle security mistakes can have big data breach consequences.
The Eight Traits Of Highly Successful Security Startups
Quick Hits  |  10/27/2011  | 
Best new companies are those that are willing to take a chance, SINET study says
Google Says Government Requests For Data Rising
News  |  10/26/2011  | 
Demands for user information, content changes increase, though Google says that's to be expected with a growing number of users.
Six Deadly Security Blunders Businesses Make
News  |  10/26/2011  | 
Small, subtle mistakes can lead to big security breaches
Stolen iPads A Special Problem For Fed Agencies
News  |  10/26/2011  | 
Mobile devices will inevitably go missing, as a recent theft at the VA shows. So security and device management work continues.
Time To Automate Web Defenses?
News  |  10/25/2011  | 
Tying vulnerability scanners and Web application firewalls together can help tighten Web security without developer pain -- but trust is still a problem
Tool Lets Single Laptop Take Down An SSL Server
News  |  10/25/2011  | 
Yet another strike against SSL security
Spam Gang Puts Up 80 URL-Shortening Service Sites
Quick Hits  |  10/25/2011  | 
Symantec discovers spammers leaving their own URL-shortening services open to the public
UBS Finds Risk Management Stress Test Costly
Commentary  |  10/25/2011  | 
UBS failed to stop a single rogue trader from racking up $2 billion in losses. Yet, some experts argue that banks overall may be better than others at managing risk.
Nasdaq Server Breach: 3 Expected Findings
News  |  10/25/2011  | 
While federal investigators remain quiet about the ongoing investigation, experts say that the Directors Desk data breach is even worse than thought.
Hackers Likely Have Japanese Warplane, Nuclear Data
News  |  10/25/2011  | 
Attackers likely accessed sensitive data relating to military aircraft, missiles, and nuclear power plant designs and safety systems, said Japanese defense officials.
Compliance Holds Up Los Angeles Google Apps Deployment
News  |  10/24/2011  | 
Google Apps deployment has been long delayed due to security issues, but that doesn't mean security compliance is impossible with the cloud-based service
Pocket Guide To Securing Mobile Devices
News  |  10/24/2011  | 
With workers bringing their own smartphones and tablets into the company, IT security needs to focus on creating a more secure environment, not on securing each device
TDL4 Botnet Now Even Harder To Kill
News  |  10/24/2011  | 
Infamous botnet revamped to make its malware even more difficult for enterprises, security researchers, to detect
DARPA Investigates Storytelling As Security Science
News  |  10/24/2011  | 
Defense research agency to create technology that can understand how stories affect military security situations and possibly alter their outcomes.
XML Encryption Flaw Leaves Web Services Vulnerable
News  |  10/24/2011  | 
Apache, Red Hat, IBM, Microsoft, and other major XML framework providers will need to adopt new standard, say German researchers who found the flaw.
Sinkholing For Profit
Commentary  |  10/24/2011  | 
Concerns over the legality and ethics of security organizations that profit from their sinkhole operations
Top FBI Cyber Cop Recommends New Secure Internet
News  |  10/24/2011  | 
Shawn Henry says current Internet will never be secure enough to beat hackers or meet the security needs of critical infrastructure providers.
Anonymous Attacks Child Pornography Websites
News  |  10/24/2011  | 
Hacktivist group disables numerous darknet child pornography sites, publishes 1,500 related usernames, and invites FBI and Interpol to investigate.
Despite Stiffer Reporting Requirements, Many Agencies Still Slow To Implement Continuous Monitoring
News  |  10/22/2011  | 
New federal government guidelines mandate monthly reporting, but online security monitoring still isn't pervasive
How Security Pros Can Leverage PCI Compliance Initiatives
Quick Hits  |  10/22/2011  | 
By partnering with compliance team, security organizations can use PCI to improve enterprise security
Tech Insight: The Smart Way To Gather Security Intelligence
News  |  10/21/2011  | 
Proper logging and correlation, reporting, alerting are key to handling security events
Metasploit For The Masses
News  |  10/21/2011  | 
New version of free Metasploit tool aimed at 'newbie' penetration testers
Does Cybercrime Pay?
Commentary  |  10/21/2011  | 
Turning a profit in today's underground economy remains tough. Here's why.
The Three Most Frequently Attacked Mobile Devices
News  |  10/21/2011  | 
Android devices, tablets, and jailbroken devices top list of riskiest mobile products in the enterprise setting.
Facebook: Latest 'Hack' Was Old, Invalid User IDs
News  |  10/21/2011  | 
Hacking group "Team Swastika" released apparent Facebook usernames and passwords, but the social network says the data isn't tied to live accounts.
'Duqu' Not After Same Target As Stuxnet, Researchers Say
Quick Hits  |  10/20/2011  | 
New Kaspersky Lab analysis finds two distinct pieces of malware
NSA Chief Plays Offense on Cloud, Cybersecurity
News  |  10/20/2011  | 
Cloud has become a key part of the NSA's IT strategy, said Gen. Keith Alexander. Coming soon: A DOD offensive strategy for responses to cyberattacks and threats.
The Three Most Frequently Attacked Mobile Devices
News  |  10/20/2011  | 
Android devices, tablets, and jailbroken devices top list of riskiest mobile products in the enterprise setting
DHS Appoints Weatherford Cybersecurity Chief
News  |  10/20/2011  | 
Former energy exec has extensive security experience working for the states of California and Colorado.
Short On Staff, Many IT Organizations Feel Unprepared For New Threats
Quick Hits  |  10/19/2011  | 
Lack of resources causes many enterprises to lose security efficiency, Symantec study says
Mass SQL Injection Attack Hits 1 Million Sites
News  |  10/19/2011  | 
Attack similar to LizaMoon hits websites lacking input validation
Waiting For 'Son Of Stuxnet' To Attack
News  |  10/19/2011  | 
Duqu is considered the intel-gathering step in advance of a new attack -- but could it have been part of the original Stuxnet attack?
Are Your IT Pros Abusing Admin Passwords?
News  |  10/19/2011  | 
One in four IT professionals know of a coworker who has used privileged credentials to snoop. Worse, 25% of superuser passwords don't pass basic security test.
Page 1 / 3   >   >>


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
The Data Security Landscape Is Shifting: Is Your Company Prepared?
Francis Dinha, CEO & Co-Founder of OpenVPN,  8/13/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-1712
PUBLISHED: 2018-08-16
IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370.
CVE-2018-10139
PUBLISHED: 2018-08-16
The PAN-OS response page for GlobalProtect in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. PAN-OS 8.1 is NOT affected.
CVE-2018-10140
PUBLISHED: 2018-08-16
The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 and earlier may allow an authenticated user to shut down all management sessions, resulting in all logged in users to be redirected to the login page. PAN-OS 6.1, PAN-OS 7.1 and PAN-OS 8.0 are NOT affected.
CVE-2018-11771
PUBLISHED: 2018-08-16
When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream,...
CVE-2018-1715
PUBLISHED: 2018-08-16
IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 14700...