News & Commentary

Content posted in November 2011
Page 1 / 4   >   >>
Major Email Providers Set Phish Trap
News  |  11/30/2011  | 
Agari's Email Trust Fabric finds fans at AOL, Google, Microsoft, and Yahoo. The goal: Stop spoofing of legitimate email domains.
Researchers Say Oracle Leaves Databases Needlessly Vulnerable
News  |  11/30/2011  | 
As SQL injection attacks and other advanced threats targeting database assets gain traction, researchers complain that Oracle's other application efforts are distracting the company from shoring up database security
U.S. Cyber Command Practices Defense In Mock Attack
News  |  11/30/2011  | 
300 participants squared off in a good guys versus bad guys exercise, to test protecting DOD networks from cyber attack.
Researcher: DEP Would Have Stopped Exploit Used In RSA Breach
News  |  11/30/2011  | 
Qualys research says EMC RSA phishing victims likely were running Windows XP
DAM Is Morphing
Commentary  |  11/30/2011  | 
DAM may not be DAM much longer.
Slide Show: Top 10 Holiday Phishing Scams
Slideshows  |  11/30/2011  | 
The following scams demonstrate the ways attackers are crafting their messages during the holidays
Anonymous Threatens Robin Hood Attacks Against Banks
News  |  11/30/2011  | 
Hacktivist group says it will steal credit card data from commercial banks and use the information to donate to charities and protest groups.
Facebook's FTC Deal: 8 Things To Expect
News  |  11/30/2011  | 
Federal Trade Commission settlement allows Facebook to maintain some privacy policies, but also mandates key changes. Here's what users should know.
It's Time to Dump The 'Insider Threat'
Commentary  |  11/30/2011  | 
Blaming the "insider threat" merely hides your real security risks
Facebook Hit By Classic Worm Attack
Quick Hits  |  11/29/2011  | 
Zeus Trojan spreads when user views 'photos'; Facebook now blocking malicious domains spreading the attack
Analyzing Data To Pinpoint Rogue Insiders
News  |  11/29/2011  | 
Companies and universities look for specific algorithms that will help identify malicious insiders and compromised systems that are acting as insiders
Solutionary Secures Investment From Clearlake Capital
News  |  11/29/2011  | 
MSSP to focus new funding on growing sales, marketing, and global footprint
Facebook Settles FTC Charges, Admits Mistakes
News  |  11/29/2011  | 
CEO Mark Zuckerberg promises to make Facebook a privacy leader.
Ten Big Breaches In 2011
Slideshows  |  11/29/2011  | 
No one was immune: not social networks, not financial institutions, and not even security firms
Slide Show: The Year In Data Theft
News  |  11/29/2011  | 
From healthcare to game companies to trusted third-party security companies, a number of significant breaches were reported in 2011
Marriott Hacker's Blackmail Goal: An IT Job
News  |  11/29/2011  | 
Hungarian man threatened to expose confidential company information he'd stolen unless the hotel chain offered him a job.
Four SSL Certificate Management Tips For Holiday E-Commerce Success
News  |  11/28/2011  | 
Don't let CA compromises, expired SSL certificates break your Internet authentication processes
Hackers Behind AT&T Attack Arrested
News  |  11/28/2011  | 
Hackers linked to terrorist activities
More Than 13 Million Users' Data At Risk Following Hack Of Korean Gaming Firm
Quick Hits  |  11/28/2011  | 
Nexon says hack of popular game Maple Story included IDs and passwords, but no financial data
Sting Operation Snares Hacker Attempting To Blackmail Marriott For An IT Job
News  |  11/28/2011  | 
Hungarian man pleads guilty to stealing confidential financial and other information from Marriott, and then threatening to expose it if the hotel chain didn't offer him employment
Slide Show: 10 Tips And Best Practices For Becoming A Data Security Detective
Slideshows  |  11/28/2011  | 
Tips from security insiders on gathering and analyzing security intelligence and identifying new threats, as well as APT attacks
SSL's Future
Commentary  |  11/28/2011  | 
SSL will evolve to meet requirements for e-commerce and mobile
Penetration Tests: Not Getting 'In' Is An Option
Commentary  |  11/28/2011  | 
Pen testers must get beyond just breaking in, and clients need to understand how the tester's results map to business risk
AT&T Hackers Have Terrorism Ties, Police Say
News  |  11/28/2011  | 
FBI aids in arrests in Philippines of four men who allegedly hacked into AT&T customers' PBXs to generate revenue for Saudi-based militant group.
Partner Management: Assessing Compliance Capability And Willingness
Commentary  |  11/27/2011  | 
The first step is to determine the partner's understanding of its responsibility and ability to comply
Will Software Authentication Survive?
Commentary  |  11/26/2011  | 
Protecting secret keys or seeds in software without the risk of being stolen is crucial
Partner Management: Compliance Program Is Essential
Commentary  |  11/26/2011  | 
Understanding the risk associated with a partner relationship and managing it accordingly is key
Five Ways To Secure The Consumer IT Invasion At Work
News  |  11/23/2011  | 
Companies have had to deal with increasing amounts of worker-owned device in the networks
DHS, FBI Dispute Illinois Water Hack
News  |  11/23/2011  | 
Feds say their preliminary investigation finds no evidence of stolen credentials or foreign attackers.
RockYou Lawsuit Settlement Leaves Question Marks On Breach Liability
Quick Hits  |  11/23/2011  | 
Settlement is small, but legal experts say case might pave way for more lawsuits against breached companies
Embedding Digital Certificates In Hardware
Commentary  |  11/23/2011  | 
A natural evolution, but there are a few potential pitfalls to avoid
PCI Rules Apply Even On Black Friday
News  |  11/23/2011  | 
Uptime might be the name of the game during the holiday shopping season, but retailers need to balance the focus with security and compliance best practices
Mobile Device Management: What's Still Missing
Commentary  |  11/23/2011  | 
MDM can help extend IT management all the way to the new edge of the enterprise network. But it's only one part of the solution really needed to maximize enterprise mobility.
DHS, FBI: No Evidence Of Hacking At Water Utility
Quick Hits  |  11/22/2011  | 
No evidence of stolen credentials or malicious activity in Illinois water utility pump crash, feds say
Google Ratchets Up Security Of HTTPS
News  |  11/22/2011  | 
'Forward secret' HTTPS feature now protects Gmail, SSL Search, Google Docs, and Google+
Firms Slow To Secure Flaws In Embedded Devices
News  |  11/22/2011  | 
While operating systems and PC applications have evolved fast patch mechanisms, the proliferation of slow-to-patch embedded devices leaves companies vulnerable
Mobile Security Can Be A Major Pain
News  |  11/22/2011  | 
With healthcare practitioners increasingly relying on their mobile devices, a solid security is vital
APT Or Everyday Cybercrime? How To Tell
News  |  11/22/2011  | 
Of the many attacks corporate networks face daily, advanced persistent threats are the most serious. Consider these tips to tell which kind of attack you're facing and what to do about it.
Federal IT Security Spending Called 'Light'
News  |  11/22/2011  | 
Federal agencies have budgeted $6.5 billion for security in 2012, much less on a percentage basis than other businesses and industries, an IDC report says.
AT&T Discloses Hack Attempt On Customer Data
Quick Hits  |  11/21/2011  | 
'Organized and systemic' attack was designed to collect online account information, telecom giant says
Computer Crime Year In Review by Jennifer Granick
News  |  11/21/2011  | 
EFF's Civil Liberties Director, Jennifer Granick's Black Hat talk: Computer Crime Year in Review - MySpace, MBTA, Boston College and more. Granick discusses some special cases and the the application of legal statutes for them.
Fighting Russian Cybercrime Mobsters: by Dmitri Alperovitch and Keith Mularski
News  |  11/21/2011  | 
McAfee Threat Research VP Dmitri Alperovitch and FBI Supervisory Special Agent Keith Mularski discuss the evolution of Russian organized crime into the area of CyberCrime.
Lockpicking Forensics - Black Hat 2009
News  |  11/21/2011  | 
Destruction is still the most common way to break in somewhere. Datagram provides a talk on Lockpicking Forensics at Black Hat, covering how locks and picks work, various techniques, the affect of normal wear, lock and key analysis and investigation.
Hacking The Smart Grid - Black Hat 2009
News  |  11/21/2011  | 
FYRM Associates Principal Tony Flick presents research on hacking the smart grid. He talks about the components of the smart grid, the problems (both found and potential), and finally some solutions.
APT Or Not APT? Discovering Who Is Attacking The Network
News  |  11/21/2011  | 
Corporate networks face a variety of attacks every day, yet pinpointing the most serious attacks are no easy matter
Develop Secure Mobile Applications
News  |  11/21/2011  | 
We share best practices to create safe mobile apps for users and customers.
MANDIANT CSO Talks Threats To His Company and His Clients
News  |  11/21/2011  | 
Richard Bejtlich, CSO and VP of managed services, sits down with Dark Reading's Kelly Jackson Higgins at Black Hat USA to talk about the two hats he wears at the incident response company, and trends in attacks against enterprises and security firms.
New 'Anti-Social' Social Network Lets CSOs Share
News  |  11/21/2011  | 
Emerging online community for security executives to help one another better defend against attacks -- no vendors or consultants allowed
7 Facebook Security Problems Linger
News  |  11/21/2011  | 
Social networking giant might have fixed its porn problem, but it has plenty of other issues to reckon with, experts say.
Anatomy of a Zero Day Attack
News  |  11/21/2011  | 
Pacific Northwest National Laboratory CIO, Jerry Johnson, provides some lessons learned from the attacks on his organization in July -- a highly publicized attack on an organization that provides cyber security services for the Dept. of Energy.
Page 1 / 4   >   >>


How Cybercriminals Clean Their Dirty Money
Alexon Bell, Global Head of AML & Compliance, Quantexa,  1/22/2019
Facebook Shuts Hundreds of Russia-Linked Pages, Accounts for Disinformation
Sara Peters, Senior Editor at Dark Reading,  1/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He's not that smart. He's running iOS 11 on a 5c."
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20742
PUBLISHED: 2019-01-24
An issue was discovered in UC Berkeley RISE Opaque before 2018-12-01. There is no boundary check on ocall_malloc. The return value could be a pointer to enclave memory. It could cause an arbitrary enclave memory write.
CVE-2019-6486
PUBLISHED: 2019-01-24
Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.
CVE-2018-17693
PUBLISHED: 2019-01-24
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the con...
CVE-2018-17694
PUBLISHED: 2019-01-24
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the han...
CVE-2018-17695
PUBLISHED: 2019-01-24
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the han...