News & Commentary

Content posted in November 2012
Page 1 / 3   >   >>
IAM: The Reason Why OWASP Top 10 Doesn't Change
Commentary  |  11/30/2012  | 
OWASP's AppSec conference is easily one of the best in the infosec industry. Where will it be held this year? Why not Punxsutawney?
Ransomware, Social Scams Lead 2013 SMB Security Fears
News  |  11/30/2012  | 
Expect the bad guys to spend more time pursuing small and midsize business (SMB) targets on mobile, cloud, and social platforms, Symantec says.
Microsoft Security Essentials Loses AV Certification
News  |  11/30/2012  | 
Independent German AV-Test firm pulls seal of approval for Microsoft's free antivirus software, saying it detected only 64% of zero-day threats on Windows 7.
Syria Hits Internet Kill Switch; Blackout Continues
News  |  11/30/2012  | 
For more than 24 hours, Internet access has been disabled for nearly all of Syria. Anonymous has renewed its attack on Syrian government websites.
iPhone, iPad Email Attack Could Compromise Routers
News  |  11/30/2012  | 
Legitimate-looking email messages opened on iPhone, iPad or OS X systems can be used by hackers to gain control of routers, reports security researcher.
How The Sale Of Vulnerabilities Will Change In 2013
News  |  11/30/2012  | 
Bug-hunting mercenaries changing the vulnerability-buying marketplace
'CyberCity' Faces Its First Attacks Next Month
Quick Hits  |  11/29/2012  | 
SANS' model city gives military, government cybersecurity experts a cyberattack reality check
Uniting European CERTs And Law Enforcement In Cybercrime Battle
News  |  11/29/2012  | 
European Union agency IDs hurdles preventing better intelligence-sharing, cooperation among first-line Computer Emergency Response Teams and police
Should LulzSec Suspect Face Life In Prison?
Commentary  |  11/29/2012  | 
Computer hacking, identity theft, and fraudulent credit card charges could add up to 30 years to life for alleged Stratfor hacker Jeremy Hammond.
Managing The Multi-Vendor Backup
Commentary  |  11/29/2012  | 
Backup management applications go a step beyond monitoring, but they remain limited. It's time to develop a framework-driven approach.
U.S. Bank Attackers Dispute Iran Ties
News  |  11/29/2012  | 
Izz ad-Din al-Qassam Cyber Fighters resurface, not with new DDoS takedowns, but a media interview to explain their motives.
US-CERT: Samsung Printer Firmware Contains Backdoor
Quick Hits  |  11/29/2012  | 
Samsung printers contain a hard-coded account that could allow a remote attacker to take control
10 Top Government Data Breaches Of 2012
News  |  11/29/2012  | 
SQL injection, post-phishing privilege escalation, and poorly secured back-up information all played their part in exposing sensitive government data stores this year
Financial Malware Detects Remote Desktop Environments To Evade Researchers
News  |  11/28/2012  | 
'Shylock' malware joins the list of malicious programs enhancing their defenses to avoid analysis by researchers
New Hack Abuses Cloud-Based Browsers
News  |  11/28/2012  | 
Researchers show how attackers could anonymously pilfer free cloud computing power -- for cracking passwords, denial-of-service attacks, or other nefarious activities
Samsung Printers Have Hidden Security Risk
News  |  11/28/2012  | 
Some Samsung printers, and Dell-branded printers manufactured by Samsung, can be remotely accessed by attackers. Here's how.
IonGrid's iPhone Security Tools Stress Flexibility
News  |  11/28/2012  | 
Strong Microsoft Office document rendering features may help ionGrid stand out in the crowded enterprise mobile application management market.
Threats And Security Countermeasures
Commentary  |  11/28/2012  | 
Big data and relational database protections are very similar. What's available to end users is not
White House Issues Insider Threat Policy
News  |  11/28/2012  | 
Policy sets minimum standards to deter, detect and respond to insider threats in federal government.
7 Risk Management Priorities For 2013
News  |  11/28/2012  | 
CISOs seek more discipline in measuring and mitigating risk in the coming year
Chinese Cyberespionage Tool Updated For Traditional Cybercrime
News  |  11/27/2012  | 
PlugX remote access Trojan (RAT) spotted being used to pilfer money out of enterprises
Thanksgiving SCADA Bug Hunt
Quick Hits  |  11/27/2012  | 
Researcher scares up more than 20 SCADA vulnerabilities -- one in just seven minutes -- on Thanksgiving Day
Accused LulzSec Hacker Could Face Life Imprisonment
News  |  11/27/2012  | 
Judge calls alleged Stratfor data breach mastermind 'flight risk,' denies bail; defense attorney suggests FBI entrapment.
Study: Half Of Companies Unaware Of Most Current Threats
Quick Hits  |  11/27/2012  | 
Kaspersky survey cites shortage of security staff, training in IT departments
Evolving DDoS Attacks Force Defenders To Adapt
News  |  11/27/2012  | 
Distributed denial-of-service attacks get bigger and combine application-layer exploits, requiring defenders to be more agile
Log All The Things
Commentary  |  11/26/2012  | 
How the growing granularity in computing is going to affect monitoring
Data-Annihilation Malware Still Alive
News  |  11/26/2012  | 
'Narilam' malware has been in circulation for two to three years; Iranian CERT says it targets databases of specific financial software in Iran
6 Ways To Protect Your Personal Health Information
News  |  11/26/2012  | 
Fraud and waste play a significant part in today's high healthcare costs, but patients can help lower those costs by following six tips to protect their medical information.
Malware Corrupts Iranian Financial Databases
News  |  11/26/2012  | 
Iran downplays threat of Narilam financial malware, saying it dates from 2009 to 2010, and doesn't bear comparisons to Stuxnet, Duqu or Flame.
How South Carolina Failed To Spot Hack Attack
News  |  11/26/2012  | 
Attackers stole 3.3 million businesses' bank details and 1.9 million social security numbers, cost the state $14 million for cleanup.
A Backhanded Thanks
Commentary  |  11/25/2012  | 
As we recover from the Thanksgiving weekend, let's give our brand of security thanks for all the good (and not so good) in our world
Spy Tech: 10 CIA-Backed Investments
Slideshows  |  11/21/2012  | 
Check out some of the latest technologies to win funding from In-Q-Tel, the venture investment arm of the CIA and other intelligence agencies. That's the first step toward use by agents and analysts.
U.S. Denies Malware Attack Against France
News  |  11/21/2012  | 
Unnamed French officials accuse the U.S. government of infecting government systems with the Flame espionage malware during French elections.
Greek Man Accused Of Stealing Data On 9 Million Citizens
Quick Hits  |  11/21/2012  | 
Body of stolen data appears to include personal information on most of Greece's population
A More Courteous Kidnapper? Ransomware Changes Tactics
News  |  11/21/2012  | 
With an eye to the short term, cybercriminals turn to ransomware, forcing users to pay up or face long clean-up times -- but forgo the full encryption of data that made past attacks so vicious
Anonymous Steps Into Gaza Crisis
News  |  11/21/2012  | 
Website defacing and Anonymous DDoS campaign pale next to ongoing cyberattacks apparently launched from Iran and Palestine, security experts say.
SMB Retailers Should Remember PCI This Black Friday
News  |  11/21/2012  | 
PCI Council suggests hiring a certified pro to help avoid common SMB PCI pitfalls
Petraeus Affair: 7 Privacy Techniques To Avoid Trouble
News  |  11/20/2012  | 
A number of off-the-shelf technologies can help keep online communications private -- but beware the limits.
New Linux Rootkit Discovered Injecting iFrames
News  |  11/20/2012  | 
The rootkit is the next step in iFrame-injecting cybercrime operations, according to security firm CrowdStrike
Slide Show: 2012 Pastebin Pinups
Slideshows  |  11/20/2012  | 
Some of the most embarrassing dumps of leaked databases, exposed corporate IP and breached customer records in 2012
Half Of Machines Shopping On Cyber Monday Likely Contain Vulnerabilities
Quick Hits  |  11/20/2012  | 
Meanwhile, businesses more worried about productivity than security threats
Facebook Gift Scams: How They Work
News  |  11/20/2012  | 
Beware complex scams that promote Costco, Starbucks vouchers, while making it tough for authorities to track down perpetrators.
The Business Of Commercial Exploit Development
Commentary  |  11/20/2012  | 
A closer look at the debate surrounding this market
RSA Upgrades Malware Defenses For Bank Transactions
News  |  11/20/2012  | 
Latest adaptive authentication technology adds new Trojan and man-in-the-middle defenses, plus risk assessment for ATM machine transactions.
Four Ways To Turn Insiders Into Assets
News  |  11/20/2012  | 
Stop thinking about employees as threats and train them to make your company harder to attack
Despite Security Worries, Human Resources Allows Social Media At Work
Quick Hits  |  11/19/2012  | 
More than 60 percent of enterprises don't block Facebook, other sites; two-thirds don't monitor employee use
Israel Draws Ire Of Anonymous
News  |  11/19/2012  | 
Gaza airstrike-inspired cyberattacks the 'new normal' for global conflicts
Commtouch Acquires eleven GmbH To Accelerate Launch Of Security-As-A-Service Solutions
News  |  11/19/2012  | 
eleven also provides advanced on-premise email solutions and services
Facebook Adopts Secure Web Pages By Default
News  |  11/19/2012  | 
Facebook has finally started using HTTPS by default, following a 2010 FTC demand and in the distant footsteps of Google, Twitter, and Hotmail.
Take Two Aspirin And Steal My Data
Commentary  |  11/19/2012  | 
HIPAA and information security aren't suggestions. They're the law
Page 1 / 3   >   >>


Microsoft President: Governments Must Cooperate on Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/8/2018
To Click or Not to Click: The Answer Is Easy
Kowsik Guruswamy, Chief Technology Officer at Menlo Security,  11/14/2018
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19279
PUBLISHED: 2018-11-14
PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non-SSD devices, this is limited to a 5-second window and file sizes less than 600 bytes. The effect on SSD devices may be greater.
CVE-2018-19280
PUBLISHED: 2018-11-14
Centreon 3.4.x has XSS via the resource name or macro expression of a poller macro.
CVE-2018-19281
PUBLISHED: 2018-11-14
Centreon 3.4.x allows SNMP trap SQL Injection.
CVE-2018-17960
PUBLISHED: 2018-11-14
CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste.
CVE-2018-19278
PUBLISHED: 2018-11-14
Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed lengt...