News & Commentary
Content posted in October 2012
|
Automation Demands Tighter VM Security
Plan to let hypervisors spin up new virtual machines on their own? Then you'd better lock them down.
How To Secure Data As Networks Get Faster
Faster networks are coming, putting security monitoring systems to the test.
Say 'Cheese': Georgian Nation Makes Offense Its Defense
Georgia's CERT tricks alleged Russian hacker with phony file, records him via his computer, and ID's him
60-Second Cash Kiosk Hackers Steal $1 Million: FBI
Feds announce they've busted 14 members of a gang that used rapid withdrawals at cash-advance kiosks at casinos in California and Nevada to trick Citibank.
The SQL Injection Disconnection
Hackers fixate on SQLi—CSOs, not so much
Shopping The Russian Cybercrime Underground
Inside look at the wide range of hacking and related services being offered in the Russian-speaking cybercrime marketplace illustrates its maturity and popularity
Yahoo To Ignore IE10 DNT Settings
Yahoo says Internet users' preferences aren't being accurately reflected by having "do not track" enabled by default.
ZeroAccess Botnet Surges
2.2 million infected with fraudulent ad-click botnet's malware, new report finds
FBI Expands Cybercrime Division
Federal Bureau of Investigation will hire computer scientists, build new tools and boost collaboration to help catch malicious hackers.
Hackers Trade Tips On DDoS, SQL Injection
Study of hacker bulletin boards reveals focus on attack techniques, tips for beginning hackers, buying and selling of fake social network endorsements.
Security Monitoring On A Budget: Security Know-How Needed
Managed providers and simpler security-monitoring appliances can help small and medium businesses better understand their networks, but building in-house expertise is important
Majority Of South Carolinians' Social Security Numbers Exposed In Hack
State database infiltrated and 3.6 million citizens' SSNs unencrypted and at risk
Intel Joins SAFECode
Intel joins a group of committed contributors and software industry leaders
New Threats Necessitate Shift Toward Security Architecture, Risk Management
Ad hoc security solutions are no longer enough, Ernst & Young study says
Supply Chain Woes: Human Error Or Something Else Entirely?
How easy are plausibly deniable bugs really introduced to the supply chain, and are recent fears concerning foreign technologies more hype than fact?
Monitoring To Detect The Persistent Enemies
Subtle attackers who are after intellectual property are hard to find. Monitoring can help, but a good analyst can help even more
IT Security Spending To Grow Even More In 2013, Study Says
Nearly half of enterprises plan to increase security spending next year, according to 451 Research study
Frankenstory: Attack Of The Iranian Cyber Warriors
Citing no hard evidence, U.S. government officials have been stoking fears that the Iranians are out to get us.
Windows 8 App Developer Says Process Stinks
After 10 months of work, including winning a Microsoft app contest, developer says he's still unable to get the app past the Windows Store approval process.
Fast Flux Botnet Nets Fraudsters $78 Million
Security report offers new details on financial hackers, warns that automated clearing house payment channels could be next target of increasingly sophisticated attacks.
Ten Ways To Secure Web Data Under PCI
PCI compliance can create headaches for companies that do online commerce. Is your e-business ready?
How Does Mobility Change IT Risk Management?
Understanding the mobile issues that will measurably affect risk posture
TSA PreCheck Program Security Hole Exposes Screening Status
Airline boarding passes available to participants in the TSA's PreCheck program contain unencrypted information that could be used to determine whether the person will receive expedited screening
Cash-Strapped States Under Siege
New survey of state government agency CISOs finds cost of data breaches range from $1 million to $5 million in some states
Barnes & Noble Probes PIN Keypad Hack
Criminals hacked one PIN keypad in each of 63 stores and have already used the stolen data to commit fraud. Was it an inside job?
Making Security Trade-Offs
Security is all about the trade-offs. You need a consistent method to evaluate risks and assess the pros/cons of each decision
Antivirus Tool Fail: Blocking Success Varies By 58%
Only two of 13 endpoint security software scanners blocked more than 80% of known exploits, NSS Labs study reports.
Nightmare On Database Street: 5 Database Security Horror Stories
Chilling stories from penetration testers, database pros, and security consultants in the field
Verizon: Most Intellectual Property Theft Involves Company Insiders
While most cybercrimes originate outside the company, IP theft often comes from within, researchers say
Huawei Proposes Security Test Center
In a bid to address regulators' security fears, Chinese telecom company Huawei wants to establish a cyber security test center in Australia.
Barnes & Noble Stores Targeted In Nationwide Payment Card-Skimming Scam
Well-organized breach demonstrates difficulty of protecting PIN pads from physical tampering by determined attackers
U.S. Bank Hackers Promise DDoS Pause
In the sixth week since the launch of "Operation Ababil" attacks against Wall Street banks, online post says hacktivists are taking time off for a Muslim holiday.
Election 2012 Hacking Threat: 10 Facts
Election technology has improved since the 2000 presidential election "hanging chad" debacle, but new and old threats may put your vote at risk.
Cyber Crooks Target Healthcare For Financial Data
Identity thieves looking for a quick buck often don't even know they are attacking healthcare organizations, Verizon investigation finds.
When Data Errors Don't Matter
Does bad data break 'big data' analysis?
7 Costly IAM Mistakes
Blunders that lead to costly identity and access management failures
Hunting Botnets On A Bigger Scale
Researchers build prototype botnet detection system that gathers a big-picture view of both known and unknown botnet activity
.Gov, .Mil URL-Shortener Spam Attack Curtailed
1 usa.gov targeted in work-from-home scam
Russian Service Rents Access To Hacked Corporate PCs
Service provides stolen remote desktop protocol credentials, letting buyers remotely log in to corporate servers and PCs, bypassing numerous security defenses.
To Measure Your Risks, Know Your Threats
A Dark Reading retrospective on best practices and tools for developing risk management processes
Who Is Hacking U.S. Banks? 8 Facts
Hackers have labeled the bank website disruptions as grassroots-level reprisal for an anti-Islamic film. But is the Iranian government really backing the attacks?
Possible 'Patch' For Policy On Protecting Government Agency Systems
CSIS report due tomorrow will recommend revising a longtime OMB policy with 'continuous monitoring' of government systems and networks
Five Habits Of Companies That Catch Insiders
A survey of 40 companies that have successfully dealt with insider threats shows that the solution is less technology and more psychology
Popular Android Apps Vulnerable
Security study finds flawed SSL implementations in more than 1,000 Android apps.
Microsoft Revises Privacy Rules, Users Shrug
Why hasn't Microsoft faced a firestorm, as Google did, for consolidating user information across products and services?
Office 365 Boasts HIPAA-Compliant Messaging System
Several universities adopt Microsoft's cloud-based, HIPAA-compliant system in an effort to keep personal health data safer.
The Elephant In The Security Monitoring Room
It's right in front of us, but is too rarely taken into account within monitoring and risk systems: the policy exception
Gartner: Supply Chain To Become A Top-Three Security Concern
Integrity of data passed between hardware, software, and information suppliers will be a key security issue by 2017, research firm says
Tech Insight: What Penetration Testers Find Inside Your Network
Inside flaws include unpatched systems, open file shares or information stores, and lack of proper network segmentation
Silent Circle's Military-Grade Encryption: BYOD Tool?
Silent Circle's encryption tools for smartphones and tablets are a boon for privacy enthusiasts--but enterprises could find them useful too.
|
White Papers
Video
3 Comments
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-15769
PUBLISHED: 2018-11-16
PUBLISHED: 2018-11-16
PUBLISHED: 2018-11-16
PUBLISHED: 2018-11-16
PUBLISHED: 2018-11-16
From DHS/US-CERT's National Vulnerability Database CVE-2018-15769
PUBLISHED: 2018-11-16
RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is...
CVE-2018-18955PUBLISHED: 2018-11-16
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resour...
CVE-2018-19311PUBLISHED: 2018-11-16
Centreon 3.4.x allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen.
CVE-2018-19312PUBLISHED: 2018-11-16
Centreon 3.4.x allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI.
CVE-2018-19318PUBLISHED: 2018-11-16
SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to change the username and password of the super administrator account.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This