Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in November 2011
Page 1 / 4   >   >>
Major Email Providers Set Phish Trap
News  |  11/30/2011  | 
Agari's Email Trust Fabric finds fans at AOL, Google, Microsoft, and Yahoo. The goal: Stop spoofing of legitimate email domains.
Researchers Say Oracle Leaves Databases Needlessly Vulnerable
News  |  11/30/2011  | 
As SQL injection attacks and other advanced threats targeting database assets gain traction, researchers complain that Oracle's other application efforts are distracting the company from shoring up database security
U.S. Cyber Command Practices Defense In Mock Attack
News  |  11/30/2011  | 
300 participants squared off in a good guys versus bad guys exercise, to test protecting DOD networks from cyber attack.
Researcher: DEP Would Have Stopped Exploit Used In RSA Breach
News  |  11/30/2011  | 
Qualys research says EMC RSA phishing victims likely were running Windows XP
DAM Is Morphing
Commentary  |  11/30/2011  | 
DAM may not be DAM much longer.
Slide Show: Top 10 Holiday Phishing Scams
Slideshows  |  11/30/2011  | 
The following scams demonstrate the ways attackers are crafting their messages during the holidays
Anonymous Threatens Robin Hood Attacks Against Banks
News  |  11/30/2011  | 
Hacktivist group says it will steal credit card data from commercial banks and use the information to donate to charities and protest groups.
Facebook's FTC Deal: 8 Things To Expect
News  |  11/30/2011  | 
Federal Trade Commission settlement allows Facebook to maintain some privacy policies, but also mandates key changes. Here's what users should know.
It's Time to Dump The 'Insider Threat'
Commentary  |  11/30/2011  | 
Blaming the "insider threat" merely hides your real security risks
Facebook Hit By Classic Worm Attack
Quick Hits  |  11/29/2011  | 
Zeus Trojan spreads when user views 'photos'; Facebook now blocking malicious domains spreading the attack
Analyzing Data To Pinpoint Rogue Insiders
News  |  11/29/2011  | 
Companies and universities look for specific algorithms that will help identify malicious insiders and compromised systems that are acting as insiders
Solutionary Secures Investment From Clearlake Capital
News  |  11/29/2011  | 
MSSP to focus new funding on growing sales, marketing, and global footprint
Facebook Settles FTC Charges, Admits Mistakes
News  |  11/29/2011  | 
CEO Mark Zuckerberg promises to make Facebook a privacy leader.
Ten Big Breaches In 2011
Slideshows  |  11/29/2011  | 
No one was immune: not social networks, not financial institutions, and not even security firms
Slide Show: The Year In Data Theft
News  |  11/29/2011  | 
From healthcare to game companies to trusted third-party security companies, a number of significant breaches were reported in 2011
Marriott Hacker's Blackmail Goal: An IT Job
News  |  11/29/2011  | 
Hungarian man threatened to expose confidential company information he'd stolen unless the hotel chain offered him a job.
Four SSL Certificate Management Tips For Holiday E-Commerce Success
News  |  11/28/2011  | 
Don't let CA compromises, expired SSL certificates break your Internet authentication processes
Hackers Behind AT&T Attack Arrested
News  |  11/28/2011  | 
Hackers linked to terrorist activities
More Than 13 Million Users' Data At Risk Following Hack Of Korean Gaming Firm
Quick Hits  |  11/28/2011  | 
Nexon says hack of popular game Maple Story included IDs and passwords, but no financial data
Sting Operation Snares Hacker Attempting To Blackmail Marriott For An IT Job
News  |  11/28/2011  | 
Hungarian man pleads guilty to stealing confidential financial and other information from Marriott, and then threatening to expose it if the hotel chain didn't offer him employment
Slide Show: 10 Tips And Best Practices For Becoming A Data Security Detective
Slideshows  |  11/28/2011  | 
Tips from security insiders on gathering and analyzing security intelligence and identifying new threats, as well as APT attacks
SSL's Future
Commentary  |  11/28/2011  | 
SSL will evolve to meet requirements for e-commerce and mobile
Penetration Tests: Not Getting 'In' Is An Option
Commentary  |  11/28/2011  | 
Pen testers must get beyond just breaking in, and clients need to understand how the tester's results map to business risk
AT&T Hackers Have Terrorism Ties, Police Say
News  |  11/28/2011  | 
FBI aids in arrests in Philippines of four men who allegedly hacked into AT&T customers' PBXs to generate revenue for Saudi-based militant group.
Partner Management: Assessing Compliance Capability And Willingness
Commentary  |  11/27/2011  | 
The first step is to determine the partner's understanding of its responsibility and ability to comply
Will Software Authentication Survive?
Commentary  |  11/26/2011  | 
Protecting secret keys or seeds in software without the risk of being stolen is crucial
Partner Management: Compliance Program Is Essential
Commentary  |  11/26/2011  | 
Understanding the risk associated with a partner relationship and managing it accordingly is key
Five Ways To Secure The Consumer IT Invasion At Work
News  |  11/23/2011  | 
Companies have had to deal with increasing amounts of worker-owned device in the networks
DHS, FBI Dispute Illinois Water Hack
News  |  11/23/2011  | 
Feds say their preliminary investigation finds no evidence of stolen credentials or foreign attackers.
RockYou Lawsuit Settlement Leaves Question Marks On Breach Liability
Quick Hits  |  11/23/2011  | 
Settlement is small, but legal experts say case might pave way for more lawsuits against breached companies
Embedding Digital Certificates In Hardware
Commentary  |  11/23/2011  | 
A natural evolution, but there are a few potential pitfalls to avoid
PCI Rules Apply Even On Black Friday
News  |  11/23/2011  | 
Uptime might be the name of the game during the holiday shopping season, but retailers need to balance the focus with security and compliance best practices
Mobile Device Management: What's Still Missing
Commentary  |  11/23/2011  | 
MDM can help extend IT management all the way to the new edge of the enterprise network. But it's only one part of the solution really needed to maximize enterprise mobility.
DHS, FBI: No Evidence Of Hacking At Water Utility
Quick Hits  |  11/22/2011  | 
No evidence of stolen credentials or malicious activity in Illinois water utility pump crash, feds say
Google Ratchets Up Security Of HTTPS
News  |  11/22/2011  | 
'Forward secret' HTTPS feature now protects Gmail, SSL Search, Google Docs, and Google+
Firms Slow To Secure Flaws In Embedded Devices
News  |  11/22/2011  | 
While operating systems and PC applications have evolved fast patch mechanisms, the proliferation of slow-to-patch embedded devices leaves companies vulnerable
Mobile Security Can Be A Major Pain
News  |  11/22/2011  | 
With healthcare practitioners increasingly relying on their mobile devices, a solid security is vital
APT Or Everyday Cybercrime? How To Tell
News  |  11/22/2011  | 
Of the many attacks corporate networks face daily, advanced persistent threats are the most serious. Consider these tips to tell which kind of attack you're facing and what to do about it.
Federal IT Security Spending Called 'Light'
News  |  11/22/2011  | 
Federal agencies have budgeted $6.5 billion for security in 2012, much less on a percentage basis than other businesses and industries, an IDC report says.
AT&T Discloses Hack Attempt On Customer Data
Quick Hits  |  11/21/2011  | 
'Organized and systemic' attack was designed to collect online account information, telecom giant says
Computer Crime Year In Review by Jennifer Granick
News  |  11/21/2011  | 
EFF's Civil Liberties Director, Jennifer Granick's Black Hat talk: Computer Crime Year in Review - MySpace, MBTA, Boston College and more. Granick discusses some special cases and the the application of legal statutes for them.
Fighting Russian Cybercrime Mobsters: by Dmitri Alperovitch and Keith Mularski
News  |  11/21/2011  | 
McAfee Threat Research VP Dmitri Alperovitch and FBI Supervisory Special Agent Keith Mularski discuss the evolution of Russian organized crime into the area of CyberCrime.
Lockpicking Forensics - Black Hat 2009
News  |  11/21/2011  | 
Destruction is still the most common way to break in somewhere. Datagram provides a talk on Lockpicking Forensics at Black Hat, covering how locks and picks work, various techniques, the affect of normal wear, lock and key analysis and investigation.
Hacking The Smart Grid - Black Hat 2009
News  |  11/21/2011  | 
FYRM Associates Principal Tony Flick presents research on hacking the smart grid. He talks about the components of the smart grid, the problems (both found and potential), and finally some solutions.
APT Or Not APT? Discovering Who Is Attacking The Network
News  |  11/21/2011  | 
Corporate networks face a variety of attacks every day, yet pinpointing the most serious attacks are no easy matter
Develop Secure Mobile Applications
News  |  11/21/2011  | 
We share best practices to create safe mobile apps for users and customers.
MANDIANT CSO Talks Threats To His Company and His Clients
News  |  11/21/2011  | 
Richard Bejtlich, CSO and VP of managed services, sits down with Dark Reading's Kelly Jackson Higgins at Black Hat USA to talk about the two hats he wears at the incident response company, and trends in attacks against enterprises and security firms.
New 'Anti-Social' Social Network Lets CSOs Share
News  |  11/21/2011  | 
Emerging online community for security executives to help one another better defend against attacks -- no vendors or consultants allowed
7 Facebook Security Problems Linger
News  |  11/21/2011  | 
Social networking giant might have fixed its porn problem, but it has plenty of other issues to reckon with, experts say.
Anatomy of a Zero Day Attack
News  |  11/21/2011  | 
Pacific Northwest National Laboratory CIO, Jerry Johnson, provides some lessons learned from the attacks on his organization in July -- a highly publicized attack on an organization that provides cyber security services for the Dept. of Energy.
Page 1 / 4   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-0652
PUBLISHED: 2021-10-22
In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a possible way to introduce a memory corruption due to sharing of not thread-safe objects. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitati...
CVE-2021-0702
PUBLISHED: 2021-10-22
In RevertActiveSessions of apexd.cpp, there is a possible way to share the wrong file due to an unintentional MediaStore downgrade. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: An...
CVE-2021-0703
PUBLISHED: 2021-10-22
In SecondStageMain of init.cpp, there is a possible use after free due to incorrect shared_ptr usage. This could lead to local escalation of privilege if the attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.Pr...
CVE-2021-0705
PUBLISHED: 2021-10-22
In sanitizeSbn of NotificationManagerService.java, there is a possible way to keep service running in foreground and keep granted permissions due to Bypass of Background Service Restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User intera...
CVE-2021-0706
PUBLISHED: 2021-10-22
In startListening of PluginManagerImpl.java, there is a possible way to disable arbitrary app components due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersi...