News & Commentary

Content posted in November 2012
Page 1 / 3   >   >>
IAM: The Reason Why OWASP Top 10 Doesn't Change
Commentary  |  11/30/2012  | 
OWASP's AppSec conference is easily one of the best in the infosec industry. Where will it be held this year? Why not Punxsutawney?
Ransomware, Social Scams Lead 2013 SMB Security Fears
News  |  11/30/2012  | 
Expect the bad guys to spend more time pursuing small and midsize business (SMB) targets on mobile, cloud, and social platforms, Symantec says.
Microsoft Security Essentials Loses AV Certification
News  |  11/30/2012  | 
Independent German AV-Test firm pulls seal of approval for Microsoft's free antivirus software, saying it detected only 64% of zero-day threats on Windows 7.
Syria Hits Internet Kill Switch; Blackout Continues
News  |  11/30/2012  | 
For more than 24 hours, Internet access has been disabled for nearly all of Syria. Anonymous has renewed its attack on Syrian government websites.
iPhone, iPad Email Attack Could Compromise Routers
News  |  11/30/2012  | 
Legitimate-looking email messages opened on iPhone, iPad or OS X systems can be used by hackers to gain control of routers, reports security researcher.
How The Sale Of Vulnerabilities Will Change In 2013
News  |  11/30/2012  | 
Bug-hunting mercenaries changing the vulnerability-buying marketplace
'CyberCity' Faces Its First Attacks Next Month
Quick Hits  |  11/29/2012  | 
SANS' model city gives military, government cybersecurity experts a cyberattack reality check
Uniting European CERTs And Law Enforcement In Cybercrime Battle
News  |  11/29/2012  | 
European Union agency IDs hurdles preventing better intelligence-sharing, cooperation among first-line Computer Emergency Response Teams and police
Should LulzSec Suspect Face Life In Prison?
Commentary  |  11/29/2012  | 
Computer hacking, identity theft, and fraudulent credit card charges could add up to 30 years to life for alleged Stratfor hacker Jeremy Hammond.
Managing The Multi-Vendor Backup
Commentary  |  11/29/2012  | 
Backup management applications go a step beyond monitoring, but they remain limited. It's time to develop a framework-driven approach.
U.S. Bank Attackers Dispute Iran Ties
News  |  11/29/2012  | 
Izz ad-Din al-Qassam Cyber Fighters resurface, not with new DDoS takedowns, but a media interview to explain their motives.
US-CERT: Samsung Printer Firmware Contains Backdoor
Quick Hits  |  11/29/2012  | 
Samsung printers contain a hard-coded account that could allow a remote attacker to take control
10 Top Government Data Breaches Of 2012
News  |  11/29/2012  | 
SQL injection, post-phishing privilege escalation, and poorly secured back-up information all played their part in exposing sensitive government data stores this year
Financial Malware Detects Remote Desktop Environments To Evade Researchers
News  |  11/28/2012  | 
'Shylock' malware joins the list of malicious programs enhancing their defenses to avoid analysis by researchers
New Hack Abuses Cloud-Based Browsers
News  |  11/28/2012  | 
Researchers show how attackers could anonymously pilfer free cloud computing power -- for cracking passwords, denial-of-service attacks, or other nefarious activities
Samsung Printers Have Hidden Security Risk
News  |  11/28/2012  | 
Some Samsung printers, and Dell-branded printers manufactured by Samsung, can be remotely accessed by attackers. Here's how.
IonGrid's iPhone Security Tools Stress Flexibility
News  |  11/28/2012  | 
Strong Microsoft Office document rendering features may help ionGrid stand out in the crowded enterprise mobile application management market.
Threats And Security Countermeasures
Commentary  |  11/28/2012  | 
Big data and relational database protections are very similar. What's available to end users is not
White House Issues Insider Threat Policy
News  |  11/28/2012  | 
Policy sets minimum standards to deter, detect and respond to insider threats in federal government.
7 Risk Management Priorities For 2013
News  |  11/28/2012  | 
CISOs seek more discipline in measuring and mitigating risk in the coming year
Chinese Cyberespionage Tool Updated For Traditional Cybercrime
News  |  11/27/2012  | 
PlugX remote access Trojan (RAT) spotted being used to pilfer money out of enterprises
Thanksgiving SCADA Bug Hunt
Quick Hits  |  11/27/2012  | 
Researcher scares up more than 20 SCADA vulnerabilities -- one in just seven minutes -- on Thanksgiving Day
Accused LulzSec Hacker Could Face Life Imprisonment
News  |  11/27/2012  | 
Judge calls alleged Stratfor data breach mastermind 'flight risk,' denies bail; defense attorney suggests FBI entrapment.
Study: Half Of Companies Unaware Of Most Current Threats
Quick Hits  |  11/27/2012  | 
Kaspersky survey cites shortage of security staff, training in IT departments
Evolving DDoS Attacks Force Defenders To Adapt
News  |  11/27/2012  | 
Distributed denial-of-service attacks get bigger and combine application-layer exploits, requiring defenders to be more agile
Log All The Things
Commentary  |  11/26/2012  | 
How the growing granularity in computing is going to affect monitoring
Data-Annihilation Malware Still Alive
News  |  11/26/2012  | 
'Narilam' malware has been in circulation for two to three years; Iranian CERT says it targets databases of specific financial software in Iran
6 Ways To Protect Your Personal Health Information
News  |  11/26/2012  | 
Fraud and waste play a significant part in today's high healthcare costs, but patients can help lower those costs by following six tips to protect their medical information.
Malware Corrupts Iranian Financial Databases
News  |  11/26/2012  | 
Iran downplays threat of Narilam financial malware, saying it dates from 2009 to 2010, and doesn't bear comparisons to Stuxnet, Duqu or Flame.
How South Carolina Failed To Spot Hack Attack
News  |  11/26/2012  | 
Attackers stole 3.3 million businesses' bank details and 1.9 million social security numbers, cost the state $14 million for cleanup.
A Backhanded Thanks
Commentary  |  11/25/2012  | 
As we recover from the Thanksgiving weekend, let's give our brand of security thanks for all the good (and not so good) in our world
Spy Tech: 10 CIA-Backed Investments
Slideshows  |  11/21/2012  | 
Check out some of the latest technologies to win funding from In-Q-Tel, the venture investment arm of the CIA and other intelligence agencies. That's the first step toward use by agents and analysts.
U.S. Denies Malware Attack Against France
News  |  11/21/2012  | 
Unnamed French officials accuse the U.S. government of infecting government systems with the Flame espionage malware during French elections.
Greek Man Accused Of Stealing Data On 9 Million Citizens
Quick Hits  |  11/21/2012  | 
Body of stolen data appears to include personal information on most of Greece's population
A More Courteous Kidnapper? Ransomware Changes Tactics
News  |  11/21/2012  | 
With an eye to the short term, cybercriminals turn to ransomware, forcing users to pay up or face long clean-up times -- but forgo the full encryption of data that made past attacks so vicious
Anonymous Steps Into Gaza Crisis
News  |  11/21/2012  | 
Website defacing and Anonymous DDoS campaign pale next to ongoing cyberattacks apparently launched from Iran and Palestine, security experts say.
SMB Retailers Should Remember PCI This Black Friday
News  |  11/21/2012  | 
PCI Council suggests hiring a certified pro to help avoid common SMB PCI pitfalls
Petraeus Affair: 7 Privacy Techniques To Avoid Trouble
News  |  11/20/2012  | 
A number of off-the-shelf technologies can help keep online communications private -- but beware the limits.
New Linux Rootkit Discovered Injecting iFrames
News  |  11/20/2012  | 
The rootkit is the next step in iFrame-injecting cybercrime operations, according to security firm CrowdStrike
Slide Show: 2012 Pastebin Pinups
Slideshows  |  11/20/2012  | 
Some of the most embarrassing dumps of leaked databases, exposed corporate IP and breached customer records in 2012
Half Of Machines Shopping On Cyber Monday Likely Contain Vulnerabilities
Quick Hits  |  11/20/2012  | 
Meanwhile, businesses more worried about productivity than security threats
Facebook Gift Scams: How They Work
News  |  11/20/2012  | 
Beware complex scams that promote Costco, Starbucks vouchers, while making it tough for authorities to track down perpetrators.
The Business Of Commercial Exploit Development
Commentary  |  11/20/2012  | 
A closer look at the debate surrounding this market
RSA Upgrades Malware Defenses For Bank Transactions
News  |  11/20/2012  | 
Latest adaptive authentication technology adds new Trojan and man-in-the-middle defenses, plus risk assessment for ATM machine transactions.
Four Ways To Turn Insiders Into Assets
News  |  11/20/2012  | 
Stop thinking about employees as threats and train them to make your company harder to attack
Despite Security Worries, Human Resources Allows Social Media At Work
Quick Hits  |  11/19/2012  | 
More than 60 percent of enterprises don't block Facebook, other sites; two-thirds don't monitor employee use
Israel Draws Ire Of Anonymous
News  |  11/19/2012  | 
Gaza airstrike-inspired cyberattacks the 'new normal' for global conflicts
Commtouch Acquires eleven GmbH To Accelerate Launch Of Security-As-A-Service Solutions
News  |  11/19/2012  | 
eleven also provides advanced on-premise email solutions and services
Facebook Adopts Secure Web Pages By Default
News  |  11/19/2012  | 
Facebook has finally started using HTTPS by default, following a 2010 FTC demand and in the distant footsteps of Google, Twitter, and Hotmail.
Take Two Aspirin And Steal My Data
Commentary  |  11/19/2012  | 
HIPAA and information security aren't suggestions. They're the law
Page 1 / 3   >   >>


SEC: Companies Must Disclose More Info on Cybersecurity Attacks & Risks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  2/22/2018
Facebook Aims to Make Security More Social
Kelly Sheridan, Associate Editor, Dark Reading,  2/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "I told him all that cryptomining would crash his system."
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.