News & Commentary

Content posted in October 2012
Page 1 / 4   >   >>
Automation Demands Tighter VM Security
News  |  10/31/2012  | 
Plan to let hypervisors spin up new virtual machines on their own? Then you'd better lock them down.
How To Secure Data As Networks Get Faster
News  |  10/31/2012  | 
Faster networks are coming, putting security monitoring systems to the test.
Say 'Cheese': Georgian Nation Makes Offense Its Defense
News  |  10/31/2012  | 
Georgia's CERT tricks alleged Russian hacker with phony file, records him via his computer, and ID's him
60-Second Cash Kiosk Hackers Steal $1 Million: FBI
News  |  10/31/2012  | 
Feds announce they've busted 14 members of a gang that used rapid withdrawals at cash-advance kiosks at casinos in California and Nevada to trick Citibank.
The SQL Injection Disconnection
News  |  10/31/2012  | 
Hackers fixate on SQLi—CSOs, not so much
Shopping The Russian Cybercrime Underground
News  |  10/30/2012  | 
Inside look at the wide range of hacking and related services being offered in the Russian-speaking cybercrime marketplace illustrates its maturity and popularity
Yahoo To Ignore IE10 DNT Settings
News  |  10/30/2012  | 
Yahoo says Internet users' preferences aren't being accurately reflected by having "do not track" enabled by default.
ZeroAccess Botnet Surges
Quick Hits  |  10/30/2012  | 
2.2 million infected with fraudulent ad-click botnet's malware, new report finds
FBI Expands Cybercrime Division
News  |  10/30/2012  | 
Federal Bureau of Investigation will hire computer scientists, build new tools and boost collaboration to help catch malicious hackers.
Hackers Trade Tips On DDoS, SQL Injection
News  |  10/30/2012  | 
Study of hacker bulletin boards reveals focus on attack techniques, tips for beginning hackers, buying and selling of fake social network endorsements.
Security Monitoring On A Budget: Security Know-How Needed
News  |  10/30/2012  | 
Managed providers and simpler security-monitoring appliances can help small and medium businesses better understand their networks, but building in-house expertise is important
Majority Of South Carolinians' Social Security Numbers Exposed In Hack
News  |  10/29/2012  | 
State database infiltrated and 3.6 million citizens' SSNs unencrypted and at risk
Intel Joins SAFECode
News  |  10/29/2012  | 
Intel joins a group of committed contributors and software industry leaders
New Threats Necessitate Shift Toward Security Architecture, Risk Management
Quick Hits  |  10/29/2012  | 
Ad hoc security solutions are no longer enough, Ernst & Young study says
Supply Chain Woes: Human Error Or Something Else Entirely?
Commentary  |  10/28/2012  | 
How easy are plausibly deniable bugs really introduced to the supply chain, and are recent fears concerning foreign technologies more hype than fact?
Monitoring To Detect The Persistent Enemies
News  |  10/26/2012  | 
Subtle attackers who are after intellectual property are hard to find. Monitoring can help, but a good analyst can help even more
IT Security Spending To Grow Even More In 2013, Study Says
Quick Hits  |  10/26/2012  | 
Nearly half of enterprises plan to increase security spending next year, according to 451 Research study
Frankenstory: Attack Of The Iranian Cyber Warriors
Commentary  |  10/26/2012  | 
Citing no hard evidence, U.S. government officials have been stoking fears that the Iranians are out to get us.
Windows 8 App Developer Says Process Stinks
News  |  10/26/2012  | 
After 10 months of work, including winning a Microsoft app contest, developer says he's still unable to get the app past the Windows Store approval process.
Fast Flux Botnet Nets Fraudsters $78 Million
News  |  10/26/2012  | 
Security report offers new details on financial hackers, warns that automated clearing house payment channels could be next target of increasingly sophisticated attacks.
Ten Ways To Secure Web Data Under PCI
News  |  10/26/2012  | 
PCI compliance can create headaches for companies that do online commerce. Is your e-business ready?
How Does Mobility Change IT Risk Management?
News  |  10/26/2012  | 
Understanding the mobile issues that will measurably affect risk posture
TSA PreCheck Program Security Hole Exposes Screening Status
News  |  10/26/2012  | 
Airline boarding passes available to participants in the TSA's PreCheck program contain unencrypted information that could be used to determine whether the person will receive expedited screening
Cash-Strapped States Under Siege
Quick Hits  |  10/25/2012  | 
New survey of state government agency CISOs finds cost of data breaches range from $1 million to $5 million in some states
Barnes & Noble Probes PIN Keypad Hack
News  |  10/25/2012  | 
Criminals hacked one PIN keypad in each of 63 stores and have already used the stolen data to commit fraud. Was it an inside job?
Making Security Trade-Offs
Commentary  |  10/25/2012  | 
Security is all about the trade-offs. You need a consistent method to evaluate risks and assess the pros/cons of each decision
Antivirus Tool Fail: Blocking Success Varies By 58%
News  |  10/25/2012  | 
Only two of 13 endpoint security software scanners blocked more than 80% of known exploits, NSS Labs study reports.
Nightmare On Database Street: 5 Database Security Horror Stories
News  |  10/25/2012  | 
Chilling stories from penetration testers, database pros, and security consultants in the field
Verizon: Most Intellectual Property Theft Involves Company Insiders
Quick Hits  |  10/24/2012  | 
While most cybercrimes originate outside the company, IP theft often comes from within, researchers say
Huawei Proposes Security Test Center
News  |  10/24/2012  | 
In a bid to address regulators' security fears, Chinese telecom company Huawei wants to establish a cyber security test center in Australia.
Barnes & Noble Stores Targeted In Nationwide Payment Card-Skimming Scam
News  |  10/24/2012  | 
Well-organized breach demonstrates difficulty of protecting PIN pads from physical tampering by determined attackers
U.S. Bank Hackers Promise DDoS Pause
News  |  10/24/2012  | 
In the sixth week since the launch of "Operation Ababil" attacks against Wall Street banks, online post says hacktivists are taking time off for a Muslim holiday.
Election 2012 Hacking Threat: 10 Facts
News  |  10/24/2012  | 
Election technology has improved since the 2000 presidential election "hanging chad" debacle, but new and old threats may put your vote at risk.
Cyber Crooks Target Healthcare For Financial Data
News  |  10/24/2012  | 
Identity thieves looking for a quick buck often don't even know they are attacking healthcare organizations, Verizon investigation finds.
When Data Errors Don't Matter
Commentary  |  10/24/2012  | 
Does bad data break 'big data' analysis?
7 Costly IAM Mistakes
News  |  10/23/2012  | 
Blunders that lead to costly identity and access management failures
Hunting Botnets On A Bigger Scale
News  |  10/23/2012  | 
Researchers build prototype botnet detection system that gathers a big-picture view of both known and unknown botnet activity
.Gov, .Mil URL-Shortener Spam Attack Curtailed
Quick Hits  |  10/23/2012  | 
1 usa.gov targeted in work-from-home scam
Russian Service Rents Access To Hacked Corporate PCs
News  |  10/23/2012  | 
Service provides stolen remote desktop protocol credentials, letting buyers remotely log in to corporate servers and PCs, bypassing numerous security defenses.
To Measure Your Risks, Know Your Threats
Quick Hits  |  10/23/2012  | 
A Dark Reading retrospective on best practices and tools for developing risk management processes
Who Is Hacking U.S. Banks? 8 Facts
Slideshows  |  10/22/2012  | 
Hackers have labeled the bank website disruptions as grassroots-level reprisal for an anti-Islamic film. But is the Iranian government really backing the attacks?
Possible 'Patch' For Policy On Protecting Government Agency Systems
News  |  10/22/2012  | 
CSIS report due tomorrow will recommend revising a longtime OMB policy with 'continuous monitoring' of government systems and networks
Five Habits Of Companies That Catch Insiders
News  |  10/22/2012  | 
A survey of 40 companies that have successfully dealt with insider threats shows that the solution is less technology and more psychology
Popular Android Apps Vulnerable
News  |  10/22/2012  | 
Security study finds flawed SSL implementations in more than 1,000 Android apps.
Microsoft Revises Privacy Rules, Users Shrug
News  |  10/22/2012  | 
Why hasn't Microsoft faced a firestorm, as Google did, for consolidating user information across products and services?
Office 365 Boasts HIPAA-Compliant Messaging System
News  |  10/22/2012  | 
Several universities adopt Microsoft's cloud-based, HIPAA-compliant system in an effort to keep personal health data safer.
The Elephant In The Security Monitoring Room
Commentary  |  10/21/2012  | 
It's right in front of us, but is too rarely taken into account within monitoring and risk systems: the policy exception
Gartner: Supply Chain To Become A Top-Three Security Concern
Quick Hits  |  10/20/2012  | 
Integrity of data passed between hardware, software, and information suppliers will be a key security issue by 2017, research firm says
Tech Insight: What Penetration Testers Find Inside Your Network
News  |  10/19/2012  | 
Inside flaws include unpatched systems, open file shares or information stores, and lack of proper network segmentation
Silent Circle's Military-Grade Encryption: BYOD Tool?
News  |  10/19/2012  | 
Silent Circle's encryption tools for smartphones and tablets are a boon for privacy enthusiasts--but enterprises could find them useful too.
Page 1 / 4   >   >>


More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark Reading,  5/24/2018
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11505
PUBLISHED: 2018-05-26
The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output.
CVE-2018-6409
PUBLISHED: 2018-05-26
An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.
CVE-2018-6410
PUBLISHED: 2018-05-26
An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter.
CVE-2018-6411
PUBLISHED: 2018-05-26
An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form_elements SQL Injection.
CVE-2018-11500
PUBLISHED: 2018-05-26
An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account.