News & Commentary

Content posted in November 2011
Page 1 / 4   >   >>
Major Email Providers Set Phish Trap
News  |  11/30/2011  | 
Agari's Email Trust Fabric finds fans at AOL, Google, Microsoft, and Yahoo. The goal: Stop spoofing of legitimate email domains.
Researchers Say Oracle Leaves Databases Needlessly Vulnerable
News  |  11/30/2011  | 
As SQL injection attacks and other advanced threats targeting database assets gain traction, researchers complain that Oracle's other application efforts are distracting the company from shoring up database security
U.S. Cyber Command Practices Defense In Mock Attack
News  |  11/30/2011  | 
300 participants squared off in a good guys versus bad guys exercise, to test protecting DOD networks from cyber attack.
Researcher: DEP Would Have Stopped Exploit Used In RSA Breach
News  |  11/30/2011  | 
Qualys research says EMC RSA phishing victims likely were running Windows XP
DAM Is Morphing
Commentary  |  11/30/2011  | 
DAM may not be DAM much longer.
Slide Show: Top 10 Holiday Phishing Scams
Slideshows  |  11/30/2011  | 
The following scams demonstrate the ways attackers are crafting their messages during the holidays
Anonymous Threatens Robin Hood Attacks Against Banks
News  |  11/30/2011  | 
Hacktivist group says it will steal credit card data from commercial banks and use the information to donate to charities and protest groups.
Facebook's FTC Deal: 8 Things To Expect
News  |  11/30/2011  | 
Federal Trade Commission settlement allows Facebook to maintain some privacy policies, but also mandates key changes. Here's what users should know.
It's Time to Dump The 'Insider Threat'
Commentary  |  11/30/2011  | 
Blaming the "insider threat" merely hides your real security risks
Facebook Hit By Classic Worm Attack
Quick Hits  |  11/29/2011  | 
Zeus Trojan spreads when user views 'photos'; Facebook now blocking malicious domains spreading the attack
Analyzing Data To Pinpoint Rogue Insiders
News  |  11/29/2011  | 
Companies and universities look for specific algorithms that will help identify malicious insiders and compromised systems that are acting as insiders
Solutionary Secures Investment From Clearlake Capital
News  |  11/29/2011  | 
MSSP to focus new funding on growing sales, marketing, and global footprint
Facebook Settles FTC Charges, Admits Mistakes
News  |  11/29/2011  | 
CEO Mark Zuckerberg promises to make Facebook a privacy leader.
Ten Big Breaches In 2011
Slideshows  |  11/29/2011  | 
No one was immune: not social networks, not financial institutions, and not even security firms
Slide Show: The Year In Data Theft
News  |  11/29/2011  | 
From healthcare to game companies to trusted third-party security companies, a number of significant breaches were reported in 2011
Marriott Hacker's Blackmail Goal: An IT Job
News  |  11/29/2011  | 
Hungarian man threatened to expose confidential company information he'd stolen unless the hotel chain offered him a job.
Four SSL Certificate Management Tips For Holiday E-Commerce Success
News  |  11/28/2011  | 
Don't let CA compromises, expired SSL certificates break your Internet authentication processes
Hackers Behind AT&T Attack Arrested
News  |  11/28/2011  | 
Hackers linked to terrorist activities
More Than 13 Million Users' Data At Risk Following Hack Of Korean Gaming Firm
Quick Hits  |  11/28/2011  | 
Nexon says hack of popular game Maple Story included IDs and passwords, but no financial data
Sting Operation Snares Hacker Attempting To Blackmail Marriott For An IT Job
News  |  11/28/2011  | 
Hungarian man pleads guilty to stealing confidential financial and other information from Marriott, and then threatening to expose it if the hotel chain didn't offer him employment
Slide Show: 10 Tips And Best Practices For Becoming A Data Security Detective
Slideshows  |  11/28/2011  | 
Tips from security insiders on gathering and analyzing security intelligence and identifying new threats, as well as APT attacks
SSL's Future
Commentary  |  11/28/2011  | 
SSL will evolve to meet requirements for e-commerce and mobile
Penetration Tests: Not Getting 'In' Is An Option
Commentary  |  11/28/2011  | 
Pen testers must get beyond just breaking in, and clients need to understand how the tester's results map to business risk
AT&T Hackers Have Terrorism Ties, Police Say
News  |  11/28/2011  | 
FBI aids in arrests in Philippines of four men who allegedly hacked into AT&T customers' PBXs to generate revenue for Saudi-based militant group.
Partner Management: Assessing Compliance Capability And Willingness
Commentary  |  11/27/2011  | 
The first step is to determine the partner's understanding of its responsibility and ability to comply
Will Software Authentication Survive?
Commentary  |  11/26/2011  | 
Protecting secret keys or seeds in software without the risk of being stolen is crucial
Partner Management: Compliance Program Is Essential
Commentary  |  11/26/2011  | 
Understanding the risk associated with a partner relationship and managing it accordingly is key
Five Ways To Secure The Consumer IT Invasion At Work
News  |  11/23/2011  | 
Companies have had to deal with increasing amounts of worker-owned device in the networks
DHS, FBI Dispute Illinois Water Hack
News  |  11/23/2011  | 
Feds say their preliminary investigation finds no evidence of stolen credentials or foreign attackers.
RockYou Lawsuit Settlement Leaves Question Marks On Breach Liability
Quick Hits  |  11/23/2011  | 
Settlement is small, but legal experts say case might pave way for more lawsuits against breached companies
Embedding Digital Certificates In Hardware
Commentary  |  11/23/2011  | 
A natural evolution, but there are a few potential pitfalls to avoid
PCI Rules Apply Even On Black Friday
News  |  11/23/2011  | 
Uptime might be the name of the game during the holiday shopping season, but retailers need to balance the focus with security and compliance best practices
Mobile Device Management: What's Still Missing
Commentary  |  11/23/2011  | 
MDM can help extend IT management all the way to the new edge of the enterprise network. But it's only one part of the solution really needed to maximize enterprise mobility.
DHS, FBI: No Evidence Of Hacking At Water Utility
Quick Hits  |  11/22/2011  | 
No evidence of stolen credentials or malicious activity in Illinois water utility pump crash, feds say
Google Ratchets Up Security Of HTTPS
News  |  11/22/2011  | 
'Forward secret' HTTPS feature now protects Gmail, SSL Search, Google Docs, and Google+
Firms Slow To Secure Flaws In Embedded Devices
News  |  11/22/2011  | 
While operating systems and PC applications have evolved fast patch mechanisms, the proliferation of slow-to-patch embedded devices leaves companies vulnerable
Mobile Security Can Be A Major Pain
News  |  11/22/2011  | 
With healthcare practitioners increasingly relying on their mobile devices, a solid security is vital
APT Or Everyday Cybercrime? How To Tell
News  |  11/22/2011  | 
Of the many attacks corporate networks face daily, advanced persistent threats are the most serious. Consider these tips to tell which kind of attack you're facing and what to do about it.
Federal IT Security Spending Called 'Light'
News  |  11/22/2011  | 
Federal agencies have budgeted $6.5 billion for security in 2012, much less on a percentage basis than other businesses and industries, an IDC report says.
AT&T Discloses Hack Attempt On Customer Data
Quick Hits  |  11/21/2011  | 
'Organized and systemic' attack was designed to collect online account information, telecom giant says
Computer Crime Year In Review by Jennifer Granick
News  |  11/21/2011  | 
EFF's Civil Liberties Director, Jennifer Granick's Black Hat talk: Computer Crime Year in Review - MySpace, MBTA, Boston College and more. Granick discusses some special cases and the the application of legal statutes for them.
Fighting Russian Cybercrime Mobsters: by Dmitri Alperovitch and Keith Mularski
News  |  11/21/2011  | 
McAfee Threat Research VP Dmitri Alperovitch and FBI Supervisory Special Agent Keith Mularski discuss the evolution of Russian organized crime into the area of CyberCrime.
Lockpicking Forensics - Black Hat 2009
News  |  11/21/2011  | 
Destruction is still the most common way to break in somewhere. Datagram provides a talk on Lockpicking Forensics at Black Hat, covering how locks and picks work, various techniques, the affect of normal wear, lock and key analysis and investigation.
Hacking The Smart Grid - Black Hat 2009
News  |  11/21/2011  | 
FYRM Associates Principal Tony Flick presents research on hacking the smart grid. He talks about the components of the smart grid, the problems (both found and potential), and finally some solutions.
APT Or Not APT? Discovering Who Is Attacking The Network
News  |  11/21/2011  | 
Corporate networks face a variety of attacks every day, yet pinpointing the most serious attacks are no easy matter
Develop Secure Mobile Applications
News  |  11/21/2011  | 
We share best practices to create safe mobile apps for users and customers.
MANDIANT CSO Talks Threats To His Company and His Clients
News  |  11/21/2011  | 
Richard Bejtlich, CSO and VP of managed services, sits down with Dark Reading's Kelly Jackson Higgins at Black Hat USA to talk about the two hats he wears at the incident response company, and trends in attacks against enterprises and security firms.
New 'Anti-Social' Social Network Lets CSOs Share
News  |  11/21/2011  | 
Emerging online community for security executives to help one another better defend against attacks -- no vendors or consultants allowed
7 Facebook Security Problems Linger
News  |  11/21/2011  | 
Social networking giant might have fixed its porn problem, but it has plenty of other issues to reckon with, experts say.
Anatomy of a Zero Day Attack
News  |  11/21/2011  | 
Pacific Northwest National Laboratory CIO, Jerry Johnson, provides some lessons learned from the attacks on his organization in July -- a highly publicized attack on an organization that provides cyber security services for the Dept. of Energy.
Page 1 / 4   >   >>


Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
Charlie Miller, Senior Vice President, The Santa Fe Group,  5/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11232
PUBLISHED: 2018-05-18
The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable.
CVE-2017-15855
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, the camera application triggers "user-memory-access" issue as the Camera CPP module Linux driver directly accesses the application provided buffer, which resides in u...
CVE-2018-3567
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WLAN while processing the HTT_T2H_MSG_TYPE_PEER_MAP or HTT_T2H_MSG_TYPE_PEER_UNMAP messages.
CVE-2018-3568
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, in __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur.
CVE-2018-5827
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WLAN while processing an extscan hotlist event.