Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in November 2012
Page 1 / 3   >   >>
IAM: The Reason Why OWASP Top 10 Doesn't Change
Commentary  |  11/30/2012  | 
OWASP's AppSec conference is easily one of the best in the infosec industry. Where will it be held this year? Why not Punxsutawney?
Ransomware, Social Scams Lead 2013 SMB Security Fears
News  |  11/30/2012  | 
Expect the bad guys to spend more time pursuing small and midsize business (SMB) targets on mobile, cloud, and social platforms, Symantec says.
Microsoft Security Essentials Loses AV Certification
News  |  11/30/2012  | 
Independent German AV-Test firm pulls seal of approval for Microsoft's free antivirus software, saying it detected only 64% of zero-day threats on Windows 7.
Syria Hits Internet Kill Switch; Blackout Continues
News  |  11/30/2012  | 
For more than 24 hours, Internet access has been disabled for nearly all of Syria. Anonymous has renewed its attack on Syrian government websites.
iPhone, iPad Email Attack Could Compromise Routers
News  |  11/30/2012  | 
Legitimate-looking email messages opened on iPhone, iPad or OS X systems can be used by hackers to gain control of routers, reports security researcher.
How The Sale Of Vulnerabilities Will Change In 2013
News  |  11/30/2012  | 
Bug-hunting mercenaries changing the vulnerability-buying marketplace
'CyberCity' Faces Its First Attacks Next Month
Quick Hits  |  11/29/2012  | 
SANS' model city gives military, government cybersecurity experts a cyberattack reality check
Uniting European CERTs And Law Enforcement In Cybercrime Battle
News  |  11/29/2012  | 
European Union agency IDs hurdles preventing better intelligence-sharing, cooperation among first-line Computer Emergency Response Teams and police
Should LulzSec Suspect Face Life In Prison?
Commentary  |  11/29/2012  | 
Computer hacking, identity theft, and fraudulent credit card charges could add up to 30 years to life for alleged Stratfor hacker Jeremy Hammond.
Managing The Multi-Vendor Backup
Commentary  |  11/29/2012  | 
Backup management applications go a step beyond monitoring, but they remain limited. It's time to develop a framework-driven approach.
U.S. Bank Attackers Dispute Iran Ties
News  |  11/29/2012  | 
Izz ad-Din al-Qassam Cyber Fighters resurface, not with new DDoS takedowns, but a media interview to explain their motives.
US-CERT: Samsung Printer Firmware Contains Backdoor
Quick Hits  |  11/29/2012  | 
Samsung printers contain a hard-coded account that could allow a remote attacker to take control
10 Top Government Data Breaches Of 2012
News  |  11/29/2012  | 
SQL injection, post-phishing privilege escalation, and poorly secured back-up information all played their part in exposing sensitive government data stores this year
Financial Malware Detects Remote Desktop Environments To Evade Researchers
News  |  11/28/2012  | 
'Shylock' malware joins the list of malicious programs enhancing their defenses to avoid analysis by researchers
New Hack Abuses Cloud-Based Browsers
News  |  11/28/2012  | 
Researchers show how attackers could anonymously pilfer free cloud computing power -- for cracking passwords, denial-of-service attacks, or other nefarious activities
Samsung Printers Have Hidden Security Risk
News  |  11/28/2012  | 
Some Samsung printers, and Dell-branded printers manufactured by Samsung, can be remotely accessed by attackers. Here's how.
IonGrid's iPhone Security Tools Stress Flexibility
News  |  11/28/2012  | 
Strong Microsoft Office document rendering features may help ionGrid stand out in the crowded enterprise mobile application management market.
Threats And Security Countermeasures
Commentary  |  11/28/2012  | 
Big data and relational database protections are very similar. What's available to end users is not
White House Issues Insider Threat Policy
News  |  11/28/2012  | 
Policy sets minimum standards to deter, detect and respond to insider threats in federal government.
7 Risk Management Priorities For 2013
News  |  11/28/2012  | 
CISOs seek more discipline in measuring and mitigating risk in the coming year
Chinese Cyberespionage Tool Updated For Traditional Cybercrime
News  |  11/27/2012  | 
PlugX remote access Trojan (RAT) spotted being used to pilfer money out of enterprises
Thanksgiving SCADA Bug Hunt
Quick Hits  |  11/27/2012  | 
Researcher scares up more than 20 SCADA vulnerabilities -- one in just seven minutes -- on Thanksgiving Day
Accused LulzSec Hacker Could Face Life Imprisonment
News  |  11/27/2012  | 
Judge calls alleged Stratfor data breach mastermind 'flight risk,' denies bail; defense attorney suggests FBI entrapment.
Study: Half Of Companies Unaware Of Most Current Threats
Quick Hits  |  11/27/2012  | 
Kaspersky survey cites shortage of security staff, training in IT departments
Evolving DDoS Attacks Force Defenders To Adapt
News  |  11/27/2012  | 
Distributed denial-of-service attacks get bigger and combine application-layer exploits, requiring defenders to be more agile
Log All The Things
Commentary  |  11/26/2012  | 
How the growing granularity in computing is going to affect monitoring
Data-Annihilation Malware Still Alive
News  |  11/26/2012  | 
'Narilam' malware has been in circulation for two to three years; Iranian CERT says it targets databases of specific financial software in Iran
6 Ways To Protect Your Personal Health Information
News  |  11/26/2012  | 
Fraud and waste play a significant part in today's high healthcare costs, but patients can help lower those costs by following six tips to protect their medical information.
Malware Corrupts Iranian Financial Databases
News  |  11/26/2012  | 
Iran downplays threat of Narilam financial malware, saying it dates from 2009 to 2010, and doesn't bear comparisons to Stuxnet, Duqu or Flame.
How South Carolina Failed To Spot Hack Attack
News  |  11/26/2012  | 
Attackers stole 3.3 million businesses' bank details and 1.9 million social security numbers, cost the state $14 million for cleanup.
A Backhanded Thanks
Commentary  |  11/25/2012  | 
As we recover from the Thanksgiving weekend, let's give our brand of security thanks for all the good (and not so good) in our world
Spy Tech: 10 CIA-Backed Investments
Slideshows  |  11/21/2012  | 
Check out some of the latest technologies to win funding from In-Q-Tel, the venture investment arm of the CIA and other intelligence agencies. That's the first step toward use by agents and analysts.
U.S. Denies Malware Attack Against France
News  |  11/21/2012  | 
Unnamed French officials accuse the U.S. government of infecting government systems with the Flame espionage malware during French elections.
Greek Man Accused Of Stealing Data On 9 Million Citizens
Quick Hits  |  11/21/2012  | 
Body of stolen data appears to include personal information on most of Greece's population
A More Courteous Kidnapper? Ransomware Changes Tactics
News  |  11/21/2012  | 
With an eye to the short term, cybercriminals turn to ransomware, forcing users to pay up or face long clean-up times -- but forgo the full encryption of data that made past attacks so vicious
Anonymous Steps Into Gaza Crisis
News  |  11/21/2012  | 
Website defacing and Anonymous DDoS campaign pale next to ongoing cyberattacks apparently launched from Iran and Palestine, security experts say.
SMB Retailers Should Remember PCI This Black Friday
News  |  11/21/2012  | 
PCI Council suggests hiring a certified pro to help avoid common SMB PCI pitfalls
Petraeus Affair: 7 Privacy Techniques To Avoid Trouble
News  |  11/20/2012  | 
A number of off-the-shelf technologies can help keep online communications private -- but beware the limits.
New Linux Rootkit Discovered Injecting iFrames
News  |  11/20/2012  | 
The rootkit is the next step in iFrame-injecting cybercrime operations, according to security firm CrowdStrike
Slide Show: 2012 Pastebin Pinups
Slideshows  |  11/20/2012  | 
Some of the most embarrassing dumps of leaked databases, exposed corporate IP and breached customer records in 2012
Half Of Machines Shopping On Cyber Monday Likely Contain Vulnerabilities
Quick Hits  |  11/20/2012  | 
Meanwhile, businesses more worried about productivity than security threats
Facebook Gift Scams: How They Work
News  |  11/20/2012  | 
Beware complex scams that promote Costco, Starbucks vouchers, while making it tough for authorities to track down perpetrators.
The Business Of Commercial Exploit Development
Commentary  |  11/20/2012  | 
A closer look at the debate surrounding this market
RSA Upgrades Malware Defenses For Bank Transactions
News  |  11/20/2012  | 
Latest adaptive authentication technology adds new Trojan and man-in-the-middle defenses, plus risk assessment for ATM machine transactions.
Four Ways To Turn Insiders Into Assets
News  |  11/20/2012  | 
Stop thinking about employees as threats and train them to make your company harder to attack
Despite Security Worries, Human Resources Allows Social Media At Work
Quick Hits  |  11/19/2012  | 
More than 60 percent of enterprises don't block Facebook, other sites; two-thirds don't monitor employee use
Israel Draws Ire Of Anonymous
News  |  11/19/2012  | 
Gaza airstrike-inspired cyberattacks the 'new normal' for global conflicts
Commtouch Acquires eleven GmbH To Accelerate Launch Of Security-As-A-Service Solutions
News  |  11/19/2012  | 
eleven also provides advanced on-premise email solutions and services
Facebook Adopts Secure Web Pages By Default
News  |  11/19/2012  | 
Facebook has finally started using HTTPS by default, following a 2010 FTC demand and in the distant footsteps of Google, Twitter, and Hotmail.
Take Two Aspirin And Steal My Data
Commentary  |  11/19/2012  | 
HIPAA and information security aren't suggestions. They're the law
Page 1 / 3   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-41154
PUBLISHED: 2021-10-18
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions an attacker with read access to a "SVN core" repository could execute arbitrary SQL queries. The following versions contain the fix: Tuleap Community Edition 11.1...
CVE-2021-41155
PUBLISHED: 2021-10-18
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following versions contain the fix...
CVE-2021-41152
PUBLISHED: 2021-10-18
OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In affected versions by manipulating the HTTP request an attacker can modify the path of a requested file download in the folder component to point to anywhere on t...
CVE-2021-41153
PUBLISHED: 2021-10-18
The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In `evm` crate `< 0.31.0`, `JUMPI` opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. Thi...
CVE-2021-41156
PUBLISHED: 2021-10-18
anuko/timetracker is an, open source time tracking system. In affected versions Time Tracker uses browser_today hidden control on a few pages to collect the today's date from user browsers. Because of not checking this parameter for sanity in versions prior to 1.19.30.5601, it was possible to craft ...