News & Commentary

Content posted in October 2012
Page 1 / 4   >   >>
Automation Demands Tighter VM Security
News  |  10/31/2012  | 
Plan to let hypervisors spin up new virtual machines on their own? Then you'd better lock them down.
How To Secure Data As Networks Get Faster
News  |  10/31/2012  | 
Faster networks are coming, putting security monitoring systems to the test.
Say 'Cheese': Georgian Nation Makes Offense Its Defense
News  |  10/31/2012  | 
Georgia's CERT tricks alleged Russian hacker with phony file, records him via his computer, and ID's him
60-Second Cash Kiosk Hackers Steal $1 Million: FBI
News  |  10/31/2012  | 
Feds announce they've busted 14 members of a gang that used rapid withdrawals at cash-advance kiosks at casinos in California and Nevada to trick Citibank.
The SQL Injection Disconnection
News  |  10/31/2012  | 
Hackers fixate on SQLi—CSOs, not so much
Shopping The Russian Cybercrime Underground
News  |  10/30/2012  | 
Inside look at the wide range of hacking and related services being offered in the Russian-speaking cybercrime marketplace illustrates its maturity and popularity
Yahoo To Ignore IE10 DNT Settings
News  |  10/30/2012  | 
Yahoo says Internet users' preferences aren't being accurately reflected by having "do not track" enabled by default.
ZeroAccess Botnet Surges
Quick Hits  |  10/30/2012  | 
2.2 million infected with fraudulent ad-click botnet's malware, new report finds
FBI Expands Cybercrime Division
News  |  10/30/2012  | 
Federal Bureau of Investigation will hire computer scientists, build new tools and boost collaboration to help catch malicious hackers.
Hackers Trade Tips On DDoS, SQL Injection
News  |  10/30/2012  | 
Study of hacker bulletin boards reveals focus on attack techniques, tips for beginning hackers, buying and selling of fake social network endorsements.
Security Monitoring On A Budget: Security Know-How Needed
News  |  10/30/2012  | 
Managed providers and simpler security-monitoring appliances can help small and medium businesses better understand their networks, but building in-house expertise is important
Majority Of South Carolinians' Social Security Numbers Exposed In Hack
News  |  10/29/2012  | 
State database infiltrated and 3.6 million citizens' SSNs unencrypted and at risk
Intel Joins SAFECode
News  |  10/29/2012  | 
Intel joins a group of committed contributors and software industry leaders
New Threats Necessitate Shift Toward Security Architecture, Risk Management
Quick Hits  |  10/29/2012  | 
Ad hoc security solutions are no longer enough, Ernst & Young study says
Supply Chain Woes: Human Error Or Something Else Entirely?
Commentary  |  10/28/2012  | 
How easy are plausibly deniable bugs really introduced to the supply chain, and are recent fears concerning foreign technologies more hype than fact?
Monitoring To Detect The Persistent Enemies
News  |  10/26/2012  | 
Subtle attackers who are after intellectual property are hard to find. Monitoring can help, but a good analyst can help even more
IT Security Spending To Grow Even More In 2013, Study Says
Quick Hits  |  10/26/2012  | 
Nearly half of enterprises plan to increase security spending next year, according to 451 Research study
Frankenstory: Attack Of The Iranian Cyber Warriors
Commentary  |  10/26/2012  | 
Citing no hard evidence, U.S. government officials have been stoking fears that the Iranians are out to get us.
Windows 8 App Developer Says Process Stinks
News  |  10/26/2012  | 
After 10 months of work, including winning a Microsoft app contest, developer says he's still unable to get the app past the Windows Store approval process.
Fast Flux Botnet Nets Fraudsters $78 Million
News  |  10/26/2012  | 
Security report offers new details on financial hackers, warns that automated clearing house payment channels could be next target of increasingly sophisticated attacks.
Ten Ways To Secure Web Data Under PCI
News  |  10/26/2012  | 
PCI compliance can create headaches for companies that do online commerce. Is your e-business ready?
How Does Mobility Change IT Risk Management?
News  |  10/26/2012  | 
Understanding the mobile issues that will measurably affect risk posture
TSA PreCheck Program Security Hole Exposes Screening Status
News  |  10/26/2012  | 
Airline boarding passes available to participants in the TSA's PreCheck program contain unencrypted information that could be used to determine whether the person will receive expedited screening
Cash-Strapped States Under Siege
Quick Hits  |  10/25/2012  | 
New survey of state government agency CISOs finds cost of data breaches range from $1 million to $5 million in some states
Barnes & Noble Probes PIN Keypad Hack
News  |  10/25/2012  | 
Criminals hacked one PIN keypad in each of 63 stores and have already used the stolen data to commit fraud. Was it an inside job?
Making Security Trade-Offs
Commentary  |  10/25/2012  | 
Security is all about the trade-offs. You need a consistent method to evaluate risks and assess the pros/cons of each decision
Antivirus Tool Fail: Blocking Success Varies By 58%
News  |  10/25/2012  | 
Only two of 13 endpoint security software scanners blocked more than 80% of known exploits, NSS Labs study reports.
Nightmare On Database Street: 5 Database Security Horror Stories
News  |  10/25/2012  | 
Chilling stories from penetration testers, database pros, and security consultants in the field
Verizon: Most Intellectual Property Theft Involves Company Insiders
Quick Hits  |  10/24/2012  | 
While most cybercrimes originate outside the company, IP theft often comes from within, researchers say
Huawei Proposes Security Test Center
News  |  10/24/2012  | 
In a bid to address regulators' security fears, Chinese telecom company Huawei wants to establish a cyber security test center in Australia.
Barnes & Noble Stores Targeted In Nationwide Payment Card-Skimming Scam
News  |  10/24/2012  | 
Well-organized breach demonstrates difficulty of protecting PIN pads from physical tampering by determined attackers
U.S. Bank Hackers Promise DDoS Pause
News  |  10/24/2012  | 
In the sixth week since the launch of "Operation Ababil" attacks against Wall Street banks, online post says hacktivists are taking time off for a Muslim holiday.
Election 2012 Hacking Threat: 10 Facts
News  |  10/24/2012  | 
Election technology has improved since the 2000 presidential election "hanging chad" debacle, but new and old threats may put your vote at risk.
Cyber Crooks Target Healthcare For Financial Data
News  |  10/24/2012  | 
Identity thieves looking for a quick buck often don't even know they are attacking healthcare organizations, Verizon investigation finds.
When Data Errors Don't Matter
Commentary  |  10/24/2012  | 
Does bad data break 'big data' analysis?
7 Costly IAM Mistakes
News  |  10/23/2012  | 
Blunders that lead to costly identity and access management failures
Hunting Botnets On A Bigger Scale
News  |  10/23/2012  | 
Researchers build prototype botnet detection system that gathers a big-picture view of both known and unknown botnet activity
.Gov, .Mil URL-Shortener Spam Attack Curtailed
Quick Hits  |  10/23/2012  | 
1 usa.gov targeted in work-from-home scam
Russian Service Rents Access To Hacked Corporate PCs
News  |  10/23/2012  | 
Service provides stolen remote desktop protocol credentials, letting buyers remotely log in to corporate servers and PCs, bypassing numerous security defenses.
To Measure Your Risks, Know Your Threats
Quick Hits  |  10/23/2012  | 
A Dark Reading retrospective on best practices and tools for developing risk management processes
Who Is Hacking U.S. Banks? 8 Facts
Slideshows  |  10/22/2012  | 
Hackers have labeled the bank website disruptions as grassroots-level reprisal for an anti-Islamic film. But is the Iranian government really backing the attacks?
Possible 'Patch' For Policy On Protecting Government Agency Systems
News  |  10/22/2012  | 
CSIS report due tomorrow will recommend revising a longtime OMB policy with 'continuous monitoring' of government systems and networks
Five Habits Of Companies That Catch Insiders
News  |  10/22/2012  | 
A survey of 40 companies that have successfully dealt with insider threats shows that the solution is less technology and more psychology
Popular Android Apps Vulnerable
News  |  10/22/2012  | 
Security study finds flawed SSL implementations in more than 1,000 Android apps.
Microsoft Revises Privacy Rules, Users Shrug
News  |  10/22/2012  | 
Why hasn't Microsoft faced a firestorm, as Google did, for consolidating user information across products and services?
Office 365 Boasts HIPAA-Compliant Messaging System
News  |  10/22/2012  | 
Several universities adopt Microsoft's cloud-based, HIPAA-compliant system in an effort to keep personal health data safer.
The Elephant In The Security Monitoring Room
Commentary  |  10/21/2012  | 
It's right in front of us, but is too rarely taken into account within monitoring and risk systems: the policy exception
Gartner: Supply Chain To Become A Top-Three Security Concern
Quick Hits  |  10/20/2012  | 
Integrity of data passed between hardware, software, and information suppliers will be a key security issue by 2017, research firm says
Tech Insight: What Penetration Testers Find Inside Your Network
News  |  10/19/2012  | 
Inside flaws include unpatched systems, open file shares or information stores, and lack of proper network segmentation
Silent Circle's Military-Grade Encryption: BYOD Tool?
News  |  10/19/2012  | 
Silent Circle's encryption tools for smartphones and tablets are a boon for privacy enthusiasts--but enterprises could find them useful too.
Page 1 / 4   >   >>


Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
Empathy: The Next Killer App for Cybersecurity?
Shay Colson, CISSP, Senior Manager, CyberClarity360,  11/13/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15769
PUBLISHED: 2018-11-16
RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is...
CVE-2018-18955
PUBLISHED: 2018-11-16
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resour...
CVE-2018-19311
PUBLISHED: 2018-11-16
Centreon 3.4.x allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen.
CVE-2018-19312
PUBLISHED: 2018-11-16
Centreon 3.4.x allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI.
CVE-2018-19318
PUBLISHED: 2018-11-16
SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to change the username and password of the super administrator account.