News & Commentary
Content posted in November 2011
|
Major Email Providers Set Phish Trap
Agari's Email Trust Fabric finds fans at AOL, Google, Microsoft, and Yahoo. The goal: Stop spoofing of legitimate email domains.
Researchers Say Oracle Leaves Databases Needlessly Vulnerable
As SQL injection attacks and other advanced threats targeting database assets gain traction, researchers complain that Oracle's other application efforts are distracting the company from shoring up database security
U.S. Cyber Command Practices Defense In Mock Attack
300 participants squared off in a good guys versus bad guys exercise, to test protecting DOD networks from cyber attack.
Researcher: DEP Would Have Stopped Exploit Used In RSA Breach
Qualys research says EMC RSA phishing victims likely were running Windows XP
DAM Is Morphing
DAM may not be DAM much longer.
Slide Show: Top 10 Holiday Phishing Scams
The following scams demonstrate the ways attackers are crafting their messages during the holidays
Anonymous Threatens Robin Hood Attacks Against Banks
Hacktivist group says it will steal credit card data from commercial banks and use the information to donate to charities and protest groups.
Facebook's FTC Deal: 8 Things To Expect
Federal Trade Commission settlement allows Facebook to maintain some privacy policies, but also mandates key changes. Here's what users should know.
It's Time to Dump The 'Insider Threat'
Blaming the "insider threat" merely hides your real security risks
Facebook Hit By Classic Worm Attack
Zeus Trojan spreads when user views 'photos'; Facebook now blocking malicious domains spreading the attack
Analyzing Data To Pinpoint Rogue Insiders
Companies and universities look for specific algorithms that will help identify malicious insiders and compromised systems that are acting as insiders
Solutionary Secures Investment From Clearlake Capital
MSSP to focus new funding on growing sales, marketing, and global
footprint
Facebook Settles FTC Charges, Admits Mistakes
CEO Mark Zuckerberg promises to make Facebook a privacy leader.
Ten Big Breaches In 2011
No one was immune: not social networks, not financial institutions, and not even security firms
Slide Show: The Year In Data Theft
From healthcare to game companies to trusted third-party security companies, a number of significant breaches were reported in 2011
Marriott Hacker's Blackmail Goal: An IT Job
Hungarian man threatened to expose confidential company information he'd stolen unless the hotel chain offered him a job.
Four SSL Certificate Management Tips For Holiday E-Commerce Success
Don't let CA compromises, expired SSL certificates break your Internet authentication processes
Hackers Behind AT&T Attack Arrested
Hackers linked to terrorist activities
More Than 13 Million Users' Data At Risk Following Hack Of Korean Gaming Firm
Nexon says hack of popular game Maple Story included IDs and passwords, but no financial data
Sting Operation Snares Hacker Attempting To Blackmail Marriott For An IT Job
Hungarian man pleads guilty to stealing confidential financial and other information from Marriott, and then threatening to expose it if the hotel chain didn't offer him employment
Slide Show: 10 Tips And Best Practices For Becoming A Data Security Detective
Tips from security insiders on gathering and analyzing security intelligence and identifying new threats, as well as APT attacks
SSL's Future
SSL will evolve to meet requirements for e-commerce and mobile
Penetration Tests: Not Getting 'In' Is An Option
Pen testers must get beyond just breaking in, and clients need to understand how the tester's results map to business risk
AT&T Hackers Have Terrorism Ties, Police Say
FBI aids in arrests in Philippines of four men who allegedly hacked into AT&T customers' PBXs to generate revenue for Saudi-based militant group.
Partner Management: Assessing Compliance Capability And Willingness
The first step is to determine the partner's understanding of its responsibility and ability to comply
Will Software Authentication Survive?
Protecting secret keys or seeds in software without the risk of being stolen is crucial
Partner Management: Compliance Program Is Essential
Understanding the risk associated with a partner relationship and managing it accordingly is key
Five Ways To Secure The Consumer IT Invasion At Work
Companies have had to deal with increasing amounts of worker-owned device in the networks
DHS, FBI Dispute Illinois Water Hack
Feds say their preliminary investigation finds no evidence of stolen credentials or foreign attackers.
RockYou Lawsuit Settlement Leaves Question Marks On Breach Liability
Settlement is small, but legal experts say case might pave way for more lawsuits against breached companies
Embedding Digital Certificates In Hardware
A natural evolution, but there are a few potential pitfalls to avoid
PCI Rules Apply Even On Black Friday
Uptime might be the name of the game during the holiday shopping season, but retailers need to balance the focus with security and compliance best practices
Mobile Device Management: What's Still Missing
MDM can help extend IT management all the way to the new edge of the enterprise network. But it's only one part of the solution really needed to maximize enterprise mobility.
DHS, FBI: No Evidence Of Hacking At Water Utility
No evidence of stolen credentials or malicious activity in Illinois water utility pump crash, feds say
Google Ratchets Up Security Of HTTPS
'Forward secret' HTTPS feature now protects Gmail, SSL Search, Google Docs, and Google+
Firms Slow To Secure Flaws In Embedded Devices
While operating systems and PC applications have evolved fast patch mechanisms, the proliferation of slow-to-patch embedded devices leaves companies vulnerable
Mobile Security Can Be A Major Pain
With healthcare practitioners increasingly relying on their mobile devices, a solid security is vital
APT Or Everyday Cybercrime? How To Tell
Of the many attacks corporate networks face daily, advanced persistent threats are the most serious. Consider these tips to tell which kind of attack you're facing and what to do about it.
Federal IT Security Spending Called 'Light'
Federal agencies have budgeted $6.5 billion for security in 2012, much less on a percentage basis than other businesses and industries, an IDC report says.
AT&T Discloses Hack Attempt On Customer Data
'Organized and systemic' attack was designed to collect online account information, telecom giant says
Computer Crime Year In Review by Jennifer Granick
EFF's Civil Liberties Director, Jennifer Granick's Black Hat talk: Computer Crime Year in Review - MySpace, MBTA, Boston College and more. Granick discusses some special cases and the the application of legal statutes for them.
Fighting Russian Cybercrime Mobsters: by Dmitri Alperovitch and Keith Mularski
McAfee Threat Research VP Dmitri Alperovitch and FBI Supervisory Special Agent Keith Mularski discuss the evolution of Russian organized crime into the area of CyberCrime.
Lockpicking Forensics - Black Hat 2009
Destruction is still the most common way to break in somewhere. Datagram provides a talk on Lockpicking Forensics at Black Hat, covering how locks and picks work, various techniques, the affect of normal wear, lock and key analysis and investigation.
Hacking The Smart Grid - Black Hat 2009
FYRM Associates Principal Tony Flick presents research on hacking the smart grid. He talks about the components of the smart grid, the problems (both found and potential), and finally some solutions.
APT Or Not APT? Discovering Who Is Attacking The Network
Corporate networks face a variety of attacks every day, yet pinpointing the most serious attacks are no easy matter
Develop Secure Mobile Applications
We share best practices to create safe mobile apps for users and customers.
MANDIANT CSO Talks Threats To His Company and His Clients
Richard Bejtlich, CSO and VP of managed services, sits down with Dark Reading's Kelly Jackson Higgins at Black Hat USA to talk about the two hats he wears at the incident response company, and trends in attacks against enterprises and security firms.
New 'Anti-Social' Social Network Lets CSOs Share
Emerging online community for security executives to help one another better defend against attacks -- no vendors or consultants allowed
7 Facebook Security Problems Linger
Social networking giant might have fixed its porn problem, but it has plenty of other issues to reckon with, experts say.
Anatomy of a Zero Day Attack
Pacific Northwest National Laboratory CIO, Jerry Johnson, provides some lessons learned from the attacks on his organization in July -- a highly publicized attack on an organization that provides cyber security services for the Dept. of Energy.
|
White Papers
Video
0 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Latest Comment: "Security through obscurity"
Current Issue
How to Cope with the IT Security Skills ShortageMost enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
![[Strategic Security Report] Navigating the Threat Intelligence Maze](https://dsimg.ubm-us.net/asset/393933/543593/DR_ThreatConnect_Report.png)
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-11232
PUBLISHED: 2018-05-18
PUBLISHED: 2018-05-17
PUBLISHED: 2018-05-17
PUBLISHED: 2018-05-17
PUBLISHED: 2018-05-17
From DHS/US-CERT's National Vulnerability Database CVE-2018-11232
PUBLISHED: 2018-05-18
The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable.
CVE-2017-15855PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, the camera application triggers "user-memory-access" issue as the Camera CPP module Linux driver directly accesses the application provided buffer, which resides in u...
CVE-2018-3567PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WLAN while processing the HTT_T2H_MSG_TYPE_PEER_MAP or HTT_T2H_MSG_TYPE_PEER_UNMAP messages.
CVE-2018-3568PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, in __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur.
CVE-2018-5827PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WLAN while processing an extscan hotlist event.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This