Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in December 2011
Page 1 / 3   >   >>
QR Code Malware Picks Up Steam
News  |  12/29/2011  | 
Attackers tricking users into scanning fake QR codes that lead to malicious sites and apps
More About Software Tokens
Commentary  |  12/29/2011  | 
When software tokens are as strong as hardware ones
Secured WiFi Networks Can Be Circumvented
Quick Hits  |  12/29/2011  | 
Disable WPS in WiFi routers -- if that's possible in your device, experts say
Stuxnet, Duqu Date Back To 2007, Researcher Says
News  |  12/29/2011  | 
Two pieces of malware likely were developed by the same team on the same platform along with similar variants, according to Kaspersky Lab.
Most Facebook Scams Are Designed To Feed Affiliate Marketing Programs
Quick Hits  |  12/29/2011  | 
Fraudulent advertisers are behind majority of exploits, Commtouch study finds
App And Database Security: Two Halves Of A Whole
News  |  12/28/2011  | 
Limit application privileges to the database and sanitize input to improve data security
7 Coolest Hacks Of 2011
News  |  12/28/2011  | 
Evil insulin pumps and laptop batteries, war texting, and a tween hacker captured our imagination -- and our attention.
Aggressive Phishing Attack Targets Military Personnel
News  |  12/28/2011  | 
Emails containing malware, which appear to come from senior officers or legit companies, have been sent to military personnel during the holiday season.
McAfee Reveals Its 2012 Threat Predictions
News  |  12/28/2011  | 
Predictions include an increase of attacks on oil, gas, and water utility organizations
Anonymous Nabs 50,000 Credit Card Numbers From Security Think Tank
Quick Hits  |  12/27/2011  | 
Analysis of stolen data yields some 44,000 passwords; more than 9,000 credit cards are currently active
6 Worst Data Breaches Of 2011
News  |  12/27/2011  | 
Historically speaking, these 2011 data breaches rate among the biggest or most significant data-loss incidents to date.
Protect Insider Data By Googling First, Often
News  |  12/27/2011  | 
Sensitive company data is often leaked via Google, Bing, and other search engines -- find it before the bad guys can
Anonymous Hacks Security Think Tank Stratfor
News  |  12/27/2011  | 
Credit card information and data from government agencies and defense firms targeted in Christmas weekend attack.
The 7 Coolest Hacks Of 2011
News  |  12/23/2011  | 
Evil insulin pumps and laptop batteries, war texting, and a 'tween' hacker captured our imagination -- and our attention
Siemens To Patch Major SCADA Authentication Holes Next Month
News  |  12/22/2011  | 
Researcher discloses serious security flaws in Siemens products
NIST Protects BIOS With New Security Guidelines
News  |  12/22/2011  | 
The standards body provides ways to detect changes to the code or configuration of a PC's startup system.
U.S. Chamber Of Commerce Hit By Chinese Cyberspies
News  |  12/22/2011  | 
Targeted attack against the nation's business lobbying organization zeroed in on Asian policy intelligence, according to The Wall Street Journal.
Possible New Zero-Day Windows 7 Flaw Under Investigation
Quick Hits  |  12/22/2011  | 
Specially crafted Web page viewed with Safari causes 'blue screen of death,' remote execution
Database Security Proxies
Commentary  |  12/22/2011  | 
Using DAM as a security proxy
7 Strategies For Better Database Security In 2012
News  |  12/22/2011  | 
Segmenting, hardening, encrypting, insuring, and planning--these are good New Year's resolutions for database administrators.
Details Emerge About Sykipot Malware
News  |  12/22/2011  | 
Clues point to China
DHS Expands US-VISIT Biometric Capabilities
News  |  12/21/2011  | 
A $71 million deal with Accenture will pilot voluntary facial- and iris-matching capabilities in the system, which checks the eligibility status of foreign nationals to enter the United States
More Sykipot Malware Clues Point To China
News  |  12/21/2011  | 
Recent version of the malware, which spread using an Adobe Reader zero-day vulnerability, appeared to be seeking information relating to U.S. military drones.
U.S. Chamber Of Commerce Hit By Chinese Cyberspies
Quick Hits  |  12/21/2011  | 
Targeted attack against the nation's business lobbying organization zeroed in on Asian policy intelligence, according to The Wall Street Journal
Software Bug Triggered Airplane Dive Emergency
News  |  12/21/2011  | 
When an airplane system monitoring Airbus jet's altitude and position output incorrect data, flight computers failed to compensate.
7 Housekeeping Duties For Better Database Security In 2012
News  |  12/21/2011  | 
Segmenting, hardening, encrypting, insuring, and planning -- a few good New Year's resolutions for database administrators
Ransomware Attackers Pose As Police
News  |  12/21/2011  | 
Official-looking pop-ups claim discovery of child pornography, terrorist activity, then lock the victim's machine until a ransom is paid.
Software Security: Fewer Vulnerabilities In 2011
News  |  12/21/2011  | 
There was a decline in the number of software security vulnerabilities disclosed to the public, as well as the proportion of flaws that were exploited. Is secure development paying off?
Attackers Pose As Police In New Ransomware Campaign
Quick Hits  |  12/20/2011  | 
Messages with an official-looking police banner claim discovery of child pornography, other illicit material, and emails with terrorists
Security Holes In Software Decreased This Year, Early Data Shows
News  |  12/20/2011  | 
The number of vulnerabilities disclosed to the public fell in 2011, as did the proportion of flaws that were exploited. Is secure development paying off?
Take Off The Data Security Blinders
Commentary  |  12/20/2011  | 
You can't protect what you can't see. Use these tools to learn how and where your data is at risk
FBI To Get More Cyber Crime Agents
News  |  12/20/2011  | 
But is the bureau focusing too heavily on cyberterrorism, as opposed to fighting cybercrime?
Obama Appoints Privacy Board Members
News  |  12/20/2011  | 
Board is designed to oversee privacy and civil liberties protections built into the administration's cybersecurity legislative proposal.
12 Groups Carry Out Most APT Attacks
News  |  12/20/2011  | 
Security consultants and the feds are tracking a dozen groups--all out of China--responsible for advanced threats.
Hackers Turn Lady Gaga's Facebook Page Into Bad Romance
Quick Hits  |  12/19/2011  | 
Bad guys woo singer's fans with promise of free custom iPads -- and steal their data instead
Sprint Splits With Carrier IQ
News  |  12/19/2011  | 
At no time had Sprint used Carrier IQ to do anything more than collect performance data, Sprint spokeswoman says
Dastardly Dozen: A Few APT Groups Carry Out Most Attacks
News  |  12/19/2011  | 
Security consultants and the feds are tracking a dozen groups responsible for advanced threats -- all out of China
Zero Day Initiative: One Year After Throwing Down The Disclosure Gauntlet
News  |  12/19/2011  | 
Vulnerabilities reported mostly in big-name software vendors' products, and SCADA zero-day flaws on the rise, according to ZDI's annual report
How Ready Are Banks For FFIEC?
News  |  12/19/2011  | 
Confusion abounds about new Federal Financial Institutions Examination Council (FFIEC) Supplement to the Authentication in an Internet Banking Environment
Feds Indict 55 For Cyber Crime Fraud
News  |  12/19/2011  | 
Crime ring recruited insiders to steal personal information on hundreds of people, which they used to open fake accounts and steal money.
Nearly 2 Million Users Affected By New Breach At Square Enix
Quick Hits  |  12/19/2011  | 
Japanese gaming giant is hacked for the second time this year
Storage In 2011: Disk-y Business
News  |  12/16/2011  | 
Take a look at significant events in the world of storage over the past year.
Adobe Patches Two Zero Day Vulnerabilities
News  |  12/16/2011  | 
Attackers have exploited the vulnerabilities via malicious PDFs sent to defense contractors.
Iran Hacked GPS Signals To Capture U.S. Drone
News  |  12/16/2011  | 
Exploit of well-known bug in drone's software made it think it was landing at an American airfield, not 140 miles inside Iran.
Tech Insight: Managing Mobile Mayhem
News  |  12/16/2011  | 
Enterprise options for encrypting and wiping mobile devices and portable storage
Security Researcher Details New SCADA Bugs
News  |  12/16/2011  | 
Supervisory control and data acquisition systems' programmable logic controllers could be remotely accessed and loaded with trojanized firmware.
Old Smartphones Leave Tons Of Data For Digital Dumpster Divers
News  |  12/15/2011  | 
A recent forensics examination shows how much information is left behind after smartphones are tossed in the discard pile
FTC Investigating Carrier IQ's Data-Collection Practices
News  |  12/15/2011  | 
Carrier IQ's initial failure to fully detail what its software did, and why, had led many to question whether its software might be breaking wiretap or privacy laws
Internet Explorer To Get 'Silent' Updates
Quick Hits  |  12/15/2011  | 
Microsoft will provide automatic upgrades to IE users -- but enterprises can opt out
Carrier IQ Faces FTC Probe
News  |  12/15/2011  | 
FBI Director Robert Mueller says bureau doesn't knowingly use data collected by Carrier IQ.
Page 1 / 3   >   >>

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-08-03
Open redirect vulnerability in the Notifications module in Liferay Portal 7.0.0 through 7.3.1, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19 and 7.2 before fix pack 8, allows remote attackers to redirect users to arbitrary external URLs via the 'redirect' parameter.
PUBLISHED: 2021-08-03
Cross-site scripting (XSS) vulnerability in the Portlet Configuration module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_portlet_configuration_css_web_por...
PUBLISHED: 2021-08-03
The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and 7.2 before fix pack 6, does not properly check user permission, which allows remote authenticated users to view and delete workflow submissions via crafted URLs.
PUBLISHED: 2021-08-03
The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6, does not properly check user permissions, which allows remote attackers with the forms "Access in Site Administration" permissio...
PUBLISHED: 2021-08-03
Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.