News & Commentary

Content posted in December 2011
Page 1 / 3   >   >>
QR Code Malware Picks Up Steam
News  |  12/29/2011  | 
Attackers tricking users into scanning fake QR codes that lead to malicious sites and apps
More About Software Tokens
Commentary  |  12/29/2011  | 
When software tokens are as strong as hardware ones
Secured WiFi Networks Can Be Circumvented
Quick Hits  |  12/29/2011  | 
Disable WPS in WiFi routers -- if that's possible in your device, experts say
Stuxnet, Duqu Date Back To 2007, Researcher Says
News  |  12/29/2011  | 
Two pieces of malware likely were developed by the same team on the same platform along with similar variants, according to Kaspersky Lab.
Most Facebook Scams Are Designed To Feed Affiliate Marketing Programs
Quick Hits  |  12/29/2011  | 
Fraudulent advertisers are behind majority of exploits, Commtouch study finds
App And Database Security: Two Halves Of A Whole
News  |  12/28/2011  | 
Limit application privileges to the database and sanitize input to improve data security
7 Coolest Hacks Of 2011
News  |  12/28/2011  | 
Evil insulin pumps and laptop batteries, war texting, and a tween hacker captured our imagination -- and our attention.
Aggressive Phishing Attack Targets Military Personnel
News  |  12/28/2011  | 
Emails containing malware, which appear to come from senior officers or legit companies, have been sent to military personnel during the holiday season.
McAfee Reveals Its 2012 Threat Predictions
News  |  12/28/2011  | 
Predictions include an increase of attacks on oil, gas, and water utility organizations
Anonymous Nabs 50,000 Credit Card Numbers From Security Think Tank
Quick Hits  |  12/27/2011  | 
Analysis of stolen data yields some 44,000 passwords; more than 9,000 credit cards are currently active
6 Worst Data Breaches Of 2011
News  |  12/27/2011  | 
Historically speaking, these 2011 data breaches rate among the biggest or most significant data-loss incidents to date.
Protect Insider Data By Googling First, Often
News  |  12/27/2011  | 
Sensitive company data is often leaked via Google, Bing, and other search engines -- find it before the bad guys can
Anonymous Hacks Security Think Tank Stratfor
News  |  12/27/2011  | 
Credit card information and data from government agencies and defense firms targeted in Christmas weekend attack.
The 7 Coolest Hacks Of 2011
News  |  12/23/2011  | 
Evil insulin pumps and laptop batteries, war texting, and a 'tween' hacker captured our imagination -- and our attention
Siemens To Patch Major SCADA Authentication Holes Next Month
News  |  12/22/2011  | 
Researcher discloses serious security flaws in Siemens products
NIST Protects BIOS With New Security Guidelines
News  |  12/22/2011  | 
The standards body provides ways to detect changes to the code or configuration of a PC's startup system.
U.S. Chamber Of Commerce Hit By Chinese Cyberspies
News  |  12/22/2011  | 
Targeted attack against the nation's business lobbying organization zeroed in on Asian policy intelligence, according to The Wall Street Journal.
Possible New Zero-Day Windows 7 Flaw Under Investigation
Quick Hits  |  12/22/2011  | 
Specially crafted Web page viewed with Safari causes 'blue screen of death,' remote execution
Database Security Proxies
Commentary  |  12/22/2011  | 
Using DAM as a security proxy
7 Strategies For Better Database Security In 2012
News  |  12/22/2011  | 
Segmenting, hardening, encrypting, insuring, and planning--these are good New Year's resolutions for database administrators.
Details Emerge About Sykipot Malware
News  |  12/22/2011  | 
Clues point to China
DHS Expands US-VISIT Biometric Capabilities
News  |  12/21/2011  | 
A $71 million deal with Accenture will pilot voluntary facial- and iris-matching capabilities in the system, which checks the eligibility status of foreign nationals to enter the United States
More Sykipot Malware Clues Point To China
News  |  12/21/2011  | 
Recent version of the malware, which spread using an Adobe Reader zero-day vulnerability, appeared to be seeking information relating to U.S. military drones.
U.S. Chamber Of Commerce Hit By Chinese Cyberspies
Quick Hits  |  12/21/2011  | 
Targeted attack against the nation's business lobbying organization zeroed in on Asian policy intelligence, according to The Wall Street Journal
Software Bug Triggered Airplane Dive Emergency
News  |  12/21/2011  | 
When an airplane system monitoring Airbus jet's altitude and position output incorrect data, flight computers failed to compensate.
7 Housekeeping Duties For Better Database Security In 2012
News  |  12/21/2011  | 
Segmenting, hardening, encrypting, insuring, and planning -- a few good New Year's resolutions for database administrators
Ransomware Attackers Pose As Police
News  |  12/21/2011  | 
Official-looking pop-ups claim discovery of child pornography, terrorist activity, then lock the victim's machine until a ransom is paid.
Software Security: Fewer Vulnerabilities In 2011
News  |  12/21/2011  | 
There was a decline in the number of software security vulnerabilities disclosed to the public, as well as the proportion of flaws that were exploited. Is secure development paying off?
Attackers Pose As Police In New Ransomware Campaign
Quick Hits  |  12/20/2011  | 
Messages with an official-looking police banner claim discovery of child pornography, other illicit material, and emails with terrorists
Security Holes In Software Decreased This Year, Early Data Shows
News  |  12/20/2011  | 
The number of vulnerabilities disclosed to the public fell in 2011, as did the proportion of flaws that were exploited. Is secure development paying off?
Take Off The Data Security Blinders
Commentary  |  12/20/2011  | 
You can't protect what you can't see. Use these tools to learn how and where your data is at risk
FBI To Get More Cyber Crime Agents
News  |  12/20/2011  | 
But is the bureau focusing too heavily on cyberterrorism, as opposed to fighting cybercrime?
Obama Appoints Privacy Board Members
News  |  12/20/2011  | 
Board is designed to oversee privacy and civil liberties protections built into the administration's cybersecurity legislative proposal.
12 Groups Carry Out Most APT Attacks
News  |  12/20/2011  | 
Security consultants and the feds are tracking a dozen groups--all out of China--responsible for advanced threats.
Hackers Turn Lady Gaga's Facebook Page Into Bad Romance
Quick Hits  |  12/19/2011  | 
Bad guys woo singer's fans with promise of free custom iPads -- and steal their data instead
Sprint Splits With Carrier IQ
News  |  12/19/2011  | 
At no time had Sprint used Carrier IQ to do anything more than collect performance data, Sprint spokeswoman says
Dastardly Dozen: A Few APT Groups Carry Out Most Attacks
News  |  12/19/2011  | 
Security consultants and the feds are tracking a dozen groups responsible for advanced threats -- all out of China
Zero Day Initiative: One Year After Throwing Down The Disclosure Gauntlet
News  |  12/19/2011  | 
Vulnerabilities reported mostly in big-name software vendors' products, and SCADA zero-day flaws on the rise, according to ZDI's annual report
How Ready Are Banks For FFIEC?
News  |  12/19/2011  | 
Confusion abounds about new Federal Financial Institutions Examination Council (FFIEC) Supplement to the Authentication in an Internet Banking Environment
Feds Indict 55 For Cyber Crime Fraud
News  |  12/19/2011  | 
Crime ring recruited insiders to steal personal information on hundreds of people, which they used to open fake accounts and steal money.
Nearly 2 Million Users Affected By New Breach At Square Enix
Quick Hits  |  12/19/2011  | 
Japanese gaming giant is hacked for the second time this year
Storage In 2011: Disk-y Business
News  |  12/16/2011  | 
Take a look at significant events in the world of storage over the past year.
Adobe Patches Two Zero Day Vulnerabilities
News  |  12/16/2011  | 
Attackers have exploited the vulnerabilities via malicious PDFs sent to defense contractors.
Iran Hacked GPS Signals To Capture U.S. Drone
News  |  12/16/2011  | 
Exploit of well-known bug in drone's software made it think it was landing at an American airfield, not 140 miles inside Iran.
Tech Insight: Managing Mobile Mayhem
News  |  12/16/2011  | 
Enterprise options for encrypting and wiping mobile devices and portable storage
Security Researcher Details New SCADA Bugs
News  |  12/16/2011  | 
Supervisory control and data acquisition systems' programmable logic controllers could be remotely accessed and loaded with trojanized firmware.
Old Smartphones Leave Tons Of Data For Digital Dumpster Divers
News  |  12/15/2011  | 
A recent forensics examination shows how much information is left behind after smartphones are tossed in the discard pile
FTC Investigating Carrier IQ's Data-Collection Practices
News  |  12/15/2011  | 
Carrier IQ's initial failure to fully detail what its software did, and why, had led many to question whether its software might be breaking wiretap or privacy laws
Internet Explorer To Get 'Silent' Updates
Quick Hits  |  12/15/2011  | 
Microsoft will provide automatic upgrades to IE users -- but enterprises can opt out
Carrier IQ Faces FTC Probe
News  |  12/15/2011  | 
FBI Director Robert Mueller says bureau doesn't knowingly use data collected by Carrier IQ.
Page 1 / 3   >   >>


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15504
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
CVE-2018-15505
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 a...
CVE-2018-15492
PUBLISHED: 2018-08-18
A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.
CVE-2018-15494
PUBLISHED: 2018-08-18
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
CVE-2018-15495
PUBLISHED: 2018-08-18
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.