Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in November 2012
<<   <   Page 2 / 3   >   >>
Tech Insight: Better Defense Through Open-Source Intelligence
News  |  11/18/2012  | 
Corporate defenders can use the same publicly available information sources that attackers do, but to better secure their data
Writing And Enforcing An Effective Employee Security Policy
Quick Hits  |  11/16/2012  | 
Enterprises have been writing IT security policies for decades, and employees are still violating them. Here are some tips for breaking out of the rut
Petraeus Snoop: 7 Privacy Facts
News  |  11/16/2012  | 
Investigation of former CIA director Petraeus introduces some tough privacy questions. The good news: it could lead to tighter protections for everyone.
Windows 8 Compatibility Plagues Antivirus Tools
News  |  11/16/2012  | 
Don't try installing free tools from popular antivirus developer Avira on Windows 8 systems yet.
Threat Intelligence Hype
Commentary  |  11/16/2012  | 
How to measure the IQ of the data you're being fed
Slide Show: The Vulnerability 'Usual Suspects' Of 2012
Slideshows  |  11/16/2012  | 
Here's the list of applications, companies, and targets that dominated vulnerability and exploit headlines in 2012
Free Risk Indexing Tool Offers Start For Assessments
News  |  11/16/2012  | 
Ponemon and Edelman hope to offer benchmark for organizations that want to know where their data privacy risk posture stands
OpenDNS Goes Mobile
Quick Hits  |  11/15/2012  | 
New service an alternative to the VPN
Dell Boosts Storage Portfolio With New Hardware, Software
News  |  11/15/2012  | 
Dell hopes to fortify its enviable storage market position with major Compellent and PowerVault storage software upgrades and new backup appliances.
Fidelity Invests In Secure Software Development
News  |  11/15/2012  | 
No code goes live at financial services firm until it has been fully vetted
Congress Kills Cybersecurity Bill, White House Action Expected
News  |  11/15/2012  | 
White House looks primed to take action on its own after Congress again fails to pass cybersecurity legislation.
All Security Technologies Are Not Data Loss Prevention
Commentary  |  11/15/2012  | 
While security technologies may share the common goal of protecting an organization's sensitive data, not all can -- or should -- be called data loss prevention
Anonymous Launches OpIsrael DDoS Attacks After Internet Threat
News  |  11/15/2012  | 
Hacktivist collective said the attacks are in response to the Israeli government threatening to sever all Internet connections to and from Gaza strip.
Stolen NASA Laptop Had Unencrypted Employee Data
News  |  11/15/2012  | 
Data breach drives NASA to now require that at minimum, all sensitive files stored on laptops be encrypted.
Most Organizations Unprepared For DDoS Attacks, Study Says
Quick Hits  |  11/15/2012  | 
Nearly two-thirds of companies have experienced at least three denial-of-service attacks in the past year, Ponemon study reports
The Root Of All Database Security Evils = Input
News  |  11/15/2012  | 
Input validation and prepared SQL statements crucial to preventing SQL injection attacks
Adobe Hacker Says He Used SQL Injection To Grab Database Of 150,000 User Accounts
News  |  11/14/2012  | 
Exposed passwords were MD5-hashed and 'easy to crack' via free cracking tools, he says
Study Finds More Than 10,000 ID Fraud Rings In the U.S.
News  |  11/14/2012  | 
Georgia, South Carolina, and Florida are among the hotspots for identity theft
Obama Secret Order Authorizes Cybersecurity Strikebacks
News  |  11/14/2012  | 
Secret policy details how military units may be used to launch offensive cyber operations in the wake of online attacks against the United States.
Petraeus Mission Impossible: Cloaking Email, Online Identities
Commentary  |  11/14/2012  | 
So-called security experts making basic information security errors isn't a new occurrence. Arguably, it even led to the rise of the Anonymous hacktivist collective.
Skype Deals With Account Hijacking Exploit
News  |  11/14/2012  | 
Months after being notified of a vulnerability described as "child's play" to exploit, Skype has temporarily addressed the issue by disabling password resets.
When Cloud Met Mobile
Commentary  |  11/14/2012  | 
Identity must link the disparate worlds of mobile and cloud
5 Ways Small Businesses Can Improve Mobile Device Security
News  |  11/14/2012  | 
SMBs needn't sacrifice flexibility for mobile security, but these tips can help them strike a better balance
The Petraeus Affair: Surveillance State Stopper?
Commentary  |  11/13/2012  | 
Lawmakers, now reminded of their own vulnerability, need to strengthen email privacy protections. Companies need to do more to help customers protect content.
Malware Analysis Researchers Announce New Startup
Quick Hits  |  11/13/2012  | 
Lastline comes out of stealth with big data-based offering for catching advanced attacks
Enterprises Pressure Software Vendors To Clean Up Their Apps
News  |  11/13/2012  | 
New Veracode software security report, BSIMM4 findings show enterprises driving third-party software vendors to write more secure code
Petraeus Fallout: 5 Gmail Security Facts
News  |  11/13/2012  | 
Where did the former CIA director and the woman with whom he was having an affair go wrong? Learn from his experience with Gmail.
McAfee Founder Says Belize Framing Him For Murder
News  |  11/13/2012  | 
Millionaire John McAfee, who founded the eponymous antivirus vendor -- since bought by Intel -- says he's being framed by Belizean authorities in a murder case and is now on the run.
Survey: Consumers Plan Risky Business This Holiday Season
Quick Hits  |  11/13/2012  | 
Many consumers will use mobile devices to shop -- without worrying much about privacy or app security
Regaining Control Of Data In The Cloud
News  |  11/13/2012  | 
Encryption and better access management can help tame the chaos
The Globalization Of Cyberespionage
News  |  11/12/2012  | 
Newly revealed cyberspying campaign against Israeli and Palestinian targets demonstrates how the threat is no longer mostly a China thing
Cyber Weapon Friendly Fire: Chevron Stuxnet Fallout
News  |  11/12/2012  | 
Malware's jump from Iranian uranium enrichment facility to energy giant highlights the downside to custom-made espionage malware -- its capability to infect friends as well as foes.
Espionage Malware Network Targets Israel, Palestine
News  |  11/12/2012  | 
Botnet operators have been infecting multiple targets for more than a year using phishing attacks and Xtreme RAT, reports security firm.
Finding Rootkits By Monitoring For 'Black Sheep'
News  |  11/9/2012  | 
Looking for kernel changes among flocks of computers can help organizations detect rootkits, according to team of researchers
Google Blocked In China
News  |  11/9/2012  | 
Google gets gagged as China goes through a leadership change.
Puzzle Logic
Commentary  |  11/9/2012  | 
Authentication is an enduring mystery, but solving authorization puzzles may be a better use of your security resources
SEC Left Sensitive Data Vulnerable, Report Says
Quick Hits  |  11/9/2012  | 
Securities and Exchange Commission employees' computers went unencrypted, inspector general says
Windows 8, RT Get First Security Fixes
News  |  11/9/2012  | 
Microsoft's first set of Windows 8 and Windows RT patches for critical vulnerabilities hits next week.
Twitter Password Security: 5 Things To Know
News  |  11/9/2012  | 
Twitter's response to compromised accounts teaches us lessons in social (networking) security.
How To Detect Zero-Day Malware And Limit Its Impact
Quick Hits  |  11/8/2012  | 
An increasing percentage of malware has never been seen before. Here are some tips for stopping it
Ransomware Scams Net $5 Million Per Year
News  |  11/8/2012  | 
Visitors to pornography sites main victims of scams that disable computers, demand payment for alleged online misconduct
Companies Need Defenses Against Mobile Malware
News  |  11/8/2012  | 
While infection rates -- at least in the U.S. -- remain low, cybercriminals are writing more malware for Android, Symbian, and other platforms. At some point, they'll find the right recipe for profit
Salvaging Digital Certificates
News  |  11/8/2012  | 
Following breaches at Diginotar, Comodo, and RSA, digital certificate technology has been deeply tarnished. Here are five ways to shine it up and make it work for your organization.
4 Long-Term Hacks That Rocked 2012
News  |  11/8/2012  | 
News of lengthy hacker incursions into enterprise databases and networks has been plentiful over the last year -- here's a highlight reel
Russia's Bargain-Basement Cybercrime
Quick Hits  |  11/7/2012  | 
How much does it cost to infect 1,000 machines with malware? Russian services will do it for as little as $12
Hunting Botnets In The Cloud
News  |  11/7/2012  | 
Combining cloud, crowdsourcing, and big data to find and quash botnets on a larger scale
Sophos AV Teardown Reveals Critical Vulnerabilities
News  |  11/7/2012  | 
Antivirus vendor says it's patched all software flaws disclosed by researcher, some of which could be used to remotely control Windows, Mac, or Linux system.
Malware Tools Get Smarter To Nab Financial Data
News  |  11/7/2012  | 
New versions of the Gh0st RAT Trojan -- believed to be used by China -- and the Citadel cybercrime kit both advance the malicious state of the art.
Build Roadblock For Attacks Through Rule Of Least Privilege
News  |  11/7/2012  | 
Attack against Coke shows once again why organizations need to better control their privileged accounts
Spooky Link Found Between Gh0st RAT, DDoS Botnet
Quick Hits  |  11/6/2012  | 
FireEye researchers detail findings of a combination cyberespionage-DDoS Trojan infection
<<   <   Page 2 / 3   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30485
PUBLISHED: 2021-04-11
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.