News & Commentary

Content posted in October 2011
Page 1 / 3   >   >>
Major Companies 'Fail' Social Engineering Test
News  |  10/31/2011  | 
Report details results of major social-engineering 'capture the flag' contest that targeted 14 companies in retail, airlines, food service, technology, and mobile services
Tales of De-Crypt: 2011 Authentication And IAM Horror Stories
News  |  10/31/2011  | 
Who's scared of monsters under the bed when there's Lulzsec, Russian mobsters, and cybercrooks creeping out there?
Data Breach Costs: Beware Vendor Contract Fine Print
News  |  10/31/2011  | 
Organizations often end up paying the consequential costs of data breaches when third-party vendor contracts aren't scrutinized.
Nearly A Third Of Execs Say Rogue Mobile Devices Are Linked To Their Networks
Quick Hits  |  10/30/2011  | 
Eighty-seven percent think their organizations are at risk of attack via a mobile security lapse
3 Steps To Make Your Database More Secure
News  |  10/28/2011  | 
Database security often takes a backseat to performance and other concerns. Here's how to strike a balance that works.
Don't Let Your Suppliers Limit Too Much Breach Liability
News  |  10/28/2011  | 
Organizations often end up paying the consequential costs of data breaches when third-party vendor contracts aren't scrutinized
Chinese Military Blamed For Hacking U.S. Satellites
News  |  10/28/2011  | 
Congressional investigators say two Earth observation satellites were hacked four times in recent years and it appears the Chinese military is responsible.
Basic Baselining For Quick Situational Awareness
Commentary  |  10/28/2011  | 
Baselines can be extremely valuable in knowing what's going on within your network, but they can't help if they're not created -- start with the basics
Social Malice: One In 60 Facebook Posts Are Malicious
News  |  10/28/2011  | 
LinkedIn users feel safest, according to new social networking data gathered by Barracuda networks--but not for long.
Is Biometrics The Answer To The Authentication Question?
News  |  10/28/2011  | 
Years in the making, biometrics still has not entered the mainstream of authentication options. Here's a look at where and when to use it
Study: How Data Breaches Damage Brand Reputation
Quick Hits  |  10/27/2011  | 
Experian/Ponemon Institute study says breached firms' brands lose 12 percent of value
California Tightens EHR Security
News  |  10/27/2011  | 
New law requires that everyone leave breadcrumbs when using an electronic health record; related law expands telemed services.
Innovative Attacks Treat Mobile Phones As Sensors
News  |  10/27/2011  | 
Recent research showed that a phone's accelerometer could detect vibrations from key presses on a nearby keyboard
PCI Council Pegs Success On Community Involvement
News  |  10/27/2011  | 
The PCI Security Council celebrates its fifth anniversary this year with greater industry collaboration and more work ahead
Social Malice: One In 100 Tweets And One In 60 Facebook Posts Are Malicious
News  |  10/27/2011  | 
LinkedIn users feel safest, according to new social networking data gathered by Barracuda networks -- but not for long
SSL Servers No Match For Laptop-Based Hack
News  |  10/27/2011  | 
Tool lets hackers launch a denial-of-service attack from a single PC over a DSL connection.
6 Deadly Enterprise Security Mistakes
News  |  10/27/2011  | 
These small, subtle security mistakes can have big data breach consequences.
The Eight Traits Of Highly Successful Security Startups
Quick Hits  |  10/27/2011  | 
Best new companies are those that are willing to take a chance, SINET study says
Google Says Government Requests For Data Rising
News  |  10/26/2011  | 
Demands for user information, content changes increase, though Google says that's to be expected with a growing number of users.
Six Deadly Security Blunders Businesses Make
News  |  10/26/2011  | 
Small, subtle mistakes can lead to big security breaches
Stolen iPads A Special Problem For Fed Agencies
News  |  10/26/2011  | 
Mobile devices will inevitably go missing, as a recent theft at the VA shows. So security and device management work continues.
Time To Automate Web Defenses?
News  |  10/25/2011  | 
Tying vulnerability scanners and Web application firewalls together can help tighten Web security without developer pain -- but trust is still a problem
Tool Lets Single Laptop Take Down An SSL Server
News  |  10/25/2011  | 
Yet another strike against SSL security
Spam Gang Puts Up 80 URL-Shortening Service Sites
Quick Hits  |  10/25/2011  | 
Symantec discovers spammers leaving their own URL-shortening services open to the public
UBS Finds Risk Management Stress Test Costly
Commentary  |  10/25/2011  | 
UBS failed to stop a single rogue trader from racking up $2 billion in losses. Yet, some experts argue that banks overall may be better than others at managing risk.
Nasdaq Server Breach: 3 Expected Findings
News  |  10/25/2011  | 
While federal investigators remain quiet about the ongoing investigation, experts say that the Directors Desk data breach is even worse than thought.
Hackers Likely Have Japanese Warplane, Nuclear Data
News  |  10/25/2011  | 
Attackers likely accessed sensitive data relating to military aircraft, missiles, and nuclear power plant designs and safety systems, said Japanese defense officials.
Compliance Holds Up Los Angeles Google Apps Deployment
News  |  10/24/2011  | 
Google Apps deployment has been long delayed due to security issues, but that doesn't mean security compliance is impossible with the cloud-based service
Pocket Guide To Securing Mobile Devices
News  |  10/24/2011  | 
With workers bringing their own smartphones and tablets into the company, IT security needs to focus on creating a more secure environment, not on securing each device
TDL4 Botnet Now Even Harder To Kill
News  |  10/24/2011  | 
Infamous botnet revamped to make its malware even more difficult for enterprises, security researchers, to detect
DARPA Investigates Storytelling As Security Science
News  |  10/24/2011  | 
Defense research agency to create technology that can understand how stories affect military security situations and possibly alter their outcomes.
XML Encryption Flaw Leaves Web Services Vulnerable
News  |  10/24/2011  | 
Apache, Red Hat, IBM, Microsoft, and other major XML framework providers will need to adopt new standard, say German researchers who found the flaw.
Sinkholing For Profit
Commentary  |  10/24/2011  | 
Concerns over the legality and ethics of security organizations that profit from their sinkhole operations
Top FBI Cyber Cop Recommends New Secure Internet
News  |  10/24/2011  | 
Shawn Henry says current Internet will never be secure enough to beat hackers or meet the security needs of critical infrastructure providers.
Anonymous Attacks Child Pornography Websites
News  |  10/24/2011  | 
Hacktivist group disables numerous darknet child pornography sites, publishes 1,500 related usernames, and invites FBI and Interpol to investigate.
Despite Stiffer Reporting Requirements, Many Agencies Still Slow To Implement Continuous Monitoring
News  |  10/22/2011  | 
New federal government guidelines mandate monthly reporting, but online security monitoring still isn't pervasive
How Security Pros Can Leverage PCI Compliance Initiatives
Quick Hits  |  10/22/2011  | 
By partnering with compliance team, security organizations can use PCI to improve enterprise security
Tech Insight: The Smart Way To Gather Security Intelligence
News  |  10/21/2011  | 
Proper logging and correlation, reporting, alerting are key to handling security events
Metasploit For The Masses
News  |  10/21/2011  | 
New version of free Metasploit tool aimed at 'newbie' penetration testers
Does Cybercrime Pay?
Commentary  |  10/21/2011  | 
Turning a profit in today's underground economy remains tough. Here's why.
The Three Most Frequently Attacked Mobile Devices
News  |  10/21/2011  | 
Android devices, tablets, and jailbroken devices top list of riskiest mobile products in the enterprise setting.
Facebook: Latest 'Hack' Was Old, Invalid User IDs
News  |  10/21/2011  | 
Hacking group "Team Swastika" released apparent Facebook usernames and passwords, but the social network says the data isn't tied to live accounts.
'Duqu' Not After Same Target As Stuxnet, Researchers Say
Quick Hits  |  10/20/2011  | 
New Kaspersky Lab analysis finds two distinct pieces of malware
NSA Chief Plays Offense on Cloud, Cybersecurity
News  |  10/20/2011  | 
Cloud has become a key part of the NSA's IT strategy, said Gen. Keith Alexander. Coming soon: A DOD offensive strategy for responses to cyberattacks and threats.
The Three Most Frequently Attacked Mobile Devices
News  |  10/20/2011  | 
Android devices, tablets, and jailbroken devices top list of riskiest mobile products in the enterprise setting
DHS Appoints Weatherford Cybersecurity Chief
News  |  10/20/2011  | 
Former energy exec has extensive security experience working for the states of California and Colorado.
Short On Staff, Many IT Organizations Feel Unprepared For New Threats
Quick Hits  |  10/19/2011  | 
Lack of resources causes many enterprises to lose security efficiency, Symantec study says
Mass SQL Injection Attack Hits 1 Million Sites
News  |  10/19/2011  | 
Attack similar to LizaMoon hits websites lacking input validation
Waiting For 'Son Of Stuxnet' To Attack
News  |  10/19/2011  | 
Duqu is considered the intel-gathering step in advance of a new attack -- but could it have been part of the original Stuxnet attack?
Are Your IT Pros Abusing Admin Passwords?
News  |  10/19/2011  | 
One in four IT professionals know of a coworker who has used privileged credentials to snoop. Worse, 25% of superuser passwords don't pass basic security test.
Page 1 / 3   >   >>


13 Russians Indicted for Massive Operation to Sway US Election
Kelly Sheridan, Associate Editor, Dark Reading,  2/16/2018
From DevOps to DevSecOps: Structuring Communication for Better Security
Robert Hawk, Privacy & Security Lead at xMatters,  2/15/2018
3 Tips to Keep Cybersecurity Front & Center
Greg Kushto, Vice President of Sales Engineering at Force 3,  2/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.