Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in November 2012
Page 1 / 3   >   >>
IAM: The Reason Why OWASP Top 10 Doesn't Change
Commentary  |  11/30/2012  | 
OWASP's AppSec conference is easily one of the best in the infosec industry. Where will it be held this year? Why not Punxsutawney?
Ransomware, Social Scams Lead 2013 SMB Security Fears
News  |  11/30/2012  | 
Expect the bad guys to spend more time pursuing small and midsize business (SMB) targets on mobile, cloud, and social platforms, Symantec says.
Microsoft Security Essentials Loses AV Certification
News  |  11/30/2012  | 
Independent German AV-Test firm pulls seal of approval for Microsoft's free antivirus software, saying it detected only 64% of zero-day threats on Windows 7.
Syria Hits Internet Kill Switch; Blackout Continues
News  |  11/30/2012  | 
For more than 24 hours, Internet access has been disabled for nearly all of Syria. Anonymous has renewed its attack on Syrian government websites.
iPhone, iPad Email Attack Could Compromise Routers
News  |  11/30/2012  | 
Legitimate-looking email messages opened on iPhone, iPad or OS X systems can be used by hackers to gain control of routers, reports security researcher.
How The Sale Of Vulnerabilities Will Change In 2013
News  |  11/30/2012  | 
Bug-hunting mercenaries changing the vulnerability-buying marketplace
'CyberCity' Faces Its First Attacks Next Month
Quick Hits  |  11/29/2012  | 
SANS' model city gives military, government cybersecurity experts a cyberattack reality check
Uniting European CERTs And Law Enforcement In Cybercrime Battle
News  |  11/29/2012  | 
European Union agency IDs hurdles preventing better intelligence-sharing, cooperation among first-line Computer Emergency Response Teams and police
Should LulzSec Suspect Face Life In Prison?
Commentary  |  11/29/2012  | 
Computer hacking, identity theft, and fraudulent credit card charges could add up to 30 years to life for alleged Stratfor hacker Jeremy Hammond.
Managing The Multi-Vendor Backup
Commentary  |  11/29/2012  | 
Backup management applications go a step beyond monitoring, but they remain limited. It's time to develop a framework-driven approach.
U.S. Bank Attackers Dispute Iran Ties
News  |  11/29/2012  | 
Izz ad-Din al-Qassam Cyber Fighters resurface, not with new DDoS takedowns, but a media interview to explain their motives.
US-CERT: Samsung Printer Firmware Contains Backdoor
Quick Hits  |  11/29/2012  | 
Samsung printers contain a hard-coded account that could allow a remote attacker to take control
10 Top Government Data Breaches Of 2012
News  |  11/29/2012  | 
SQL injection, post-phishing privilege escalation, and poorly secured back-up information all played their part in exposing sensitive government data stores this year
Financial Malware Detects Remote Desktop Environments To Evade Researchers
News  |  11/28/2012  | 
'Shylock' malware joins the list of malicious programs enhancing their defenses to avoid analysis by researchers
New Hack Abuses Cloud-Based Browsers
News  |  11/28/2012  | 
Researchers show how attackers could anonymously pilfer free cloud computing power -- for cracking passwords, denial-of-service attacks, or other nefarious activities
Samsung Printers Have Hidden Security Risk
News  |  11/28/2012  | 
Some Samsung printers, and Dell-branded printers manufactured by Samsung, can be remotely accessed by attackers. Here's how.
IonGrid's iPhone Security Tools Stress Flexibility
News  |  11/28/2012  | 
Strong Microsoft Office document rendering features may help ionGrid stand out in the crowded enterprise mobile application management market.
Threats And Security Countermeasures
Commentary  |  11/28/2012  | 
Big data and relational database protections are very similar. What's available to end users is not
White House Issues Insider Threat Policy
News  |  11/28/2012  | 
Policy sets minimum standards to deter, detect and respond to insider threats in federal government.
7 Risk Management Priorities For 2013
News  |  11/28/2012  | 
CISOs seek more discipline in measuring and mitigating risk in the coming year
Chinese Cyberespionage Tool Updated For Traditional Cybercrime
News  |  11/27/2012  | 
PlugX remote access Trojan (RAT) spotted being used to pilfer money out of enterprises
Thanksgiving SCADA Bug Hunt
Quick Hits  |  11/27/2012  | 
Researcher scares up more than 20 SCADA vulnerabilities -- one in just seven minutes -- on Thanksgiving Day
Accused LulzSec Hacker Could Face Life Imprisonment
News  |  11/27/2012  | 
Judge calls alleged Stratfor data breach mastermind 'flight risk,' denies bail; defense attorney suggests FBI entrapment.
Study: Half Of Companies Unaware Of Most Current Threats
Quick Hits  |  11/27/2012  | 
Kaspersky survey cites shortage of security staff, training in IT departments
Evolving DDoS Attacks Force Defenders To Adapt
News  |  11/27/2012  | 
Distributed denial-of-service attacks get bigger and combine application-layer exploits, requiring defenders to be more agile
Log All The Things
Commentary  |  11/26/2012  | 
How the growing granularity in computing is going to affect monitoring
Data-Annihilation Malware Still Alive
News  |  11/26/2012  | 
'Narilam' malware has been in circulation for two to three years; Iranian CERT says it targets databases of specific financial software in Iran
6 Ways To Protect Your Personal Health Information
News  |  11/26/2012  | 
Fraud and waste play a significant part in today's high healthcare costs, but patients can help lower those costs by following six tips to protect their medical information.
Malware Corrupts Iranian Financial Databases
News  |  11/26/2012  | 
Iran downplays threat of Narilam financial malware, saying it dates from 2009 to 2010, and doesn't bear comparisons to Stuxnet, Duqu or Flame.
How South Carolina Failed To Spot Hack Attack
News  |  11/26/2012  | 
Attackers stole 3.3 million businesses' bank details and 1.9 million social security numbers, cost the state $14 million for cleanup.
A Backhanded Thanks
Commentary  |  11/25/2012  | 
As we recover from the Thanksgiving weekend, let's give our brand of security thanks for all the good (and not so good) in our world
Spy Tech: 10 CIA-Backed Investments
Slideshows  |  11/21/2012  | 
Check out some of the latest technologies to win funding from In-Q-Tel, the venture investment arm of the CIA and other intelligence agencies. That's the first step toward use by agents and analysts.
U.S. Denies Malware Attack Against France
News  |  11/21/2012  | 
Unnamed French officials accuse the U.S. government of infecting government systems with the Flame espionage malware during French elections.
Greek Man Accused Of Stealing Data On 9 Million Citizens
Quick Hits  |  11/21/2012  | 
Body of stolen data appears to include personal information on most of Greece's population
A More Courteous Kidnapper? Ransomware Changes Tactics
News  |  11/21/2012  | 
With an eye to the short term, cybercriminals turn to ransomware, forcing users to pay up or face long clean-up times -- but forgo the full encryption of data that made past attacks so vicious
Anonymous Steps Into Gaza Crisis
News  |  11/21/2012  | 
Website defacing and Anonymous DDoS campaign pale next to ongoing cyberattacks apparently launched from Iran and Palestine, security experts say.
SMB Retailers Should Remember PCI This Black Friday
News  |  11/21/2012  | 
PCI Council suggests hiring a certified pro to help avoid common SMB PCI pitfalls
Petraeus Affair: 7 Privacy Techniques To Avoid Trouble
News  |  11/20/2012  | 
A number of off-the-shelf technologies can help keep online communications private -- but beware the limits.
New Linux Rootkit Discovered Injecting iFrames
News  |  11/20/2012  | 
The rootkit is the next step in iFrame-injecting cybercrime operations, according to security firm CrowdStrike
Slide Show: 2012 Pastebin Pinups
Slideshows  |  11/20/2012  | 
Some of the most embarrassing dumps of leaked databases, exposed corporate IP and breached customer records in 2012
Half Of Machines Shopping On Cyber Monday Likely Contain Vulnerabilities
Quick Hits  |  11/20/2012  | 
Meanwhile, businesses more worried about productivity than security threats
Facebook Gift Scams: How They Work
News  |  11/20/2012  | 
Beware complex scams that promote Costco, Starbucks vouchers, while making it tough for authorities to track down perpetrators.
The Business Of Commercial Exploit Development
Commentary  |  11/20/2012  | 
A closer look at the debate surrounding this market
RSA Upgrades Malware Defenses For Bank Transactions
News  |  11/20/2012  | 
Latest adaptive authentication technology adds new Trojan and man-in-the-middle defenses, plus risk assessment for ATM machine transactions.
Four Ways To Turn Insiders Into Assets
News  |  11/20/2012  | 
Stop thinking about employees as threats and train them to make your company harder to attack
Despite Security Worries, Human Resources Allows Social Media At Work
Quick Hits  |  11/19/2012  | 
More than 60 percent of enterprises don't block Facebook, other sites; two-thirds don't monitor employee use
Israel Draws Ire Of Anonymous
News  |  11/19/2012  | 
Gaza airstrike-inspired cyberattacks the 'new normal' for global conflicts
Commtouch Acquires eleven GmbH To Accelerate Launch Of Security-As-A-Service Solutions
News  |  11/19/2012  | 
eleven also provides advanced on-premise email solutions and services
Facebook Adopts Secure Web Pages By Default
News  |  11/19/2012  | 
Facebook has finally started using HTTPS by default, following a 2010 FTC demand and in the distant footsteps of Google, Twitter, and Hotmail.
Take Two Aspirin And Steal My Data
Commentary  |  11/19/2012  | 
HIPAA and information security aren't suggestions. They're the law
Page 1 / 3   >   >>

Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.