Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in December 2011
<<   <   Page 2 / 3   >   >>
Data Security, Top Down
Commentary  |  12/15/2011  | 
Focus on what needs to be done, not how to do it
5 Big Database Breaches Of Late 2011
News  |  12/15/2011  | 
Healthcare breaches have dominated the second half of the year. Consider these lessons learned.
For Your Mobile Only
Commentary  |  12/15/2011  | 
Imagine a modern-day plot for a James Bond movie and how mobile would make his task a whole lot easier
10 Best Practices For Meeting SOX Security Requirements
News  |  12/15/2011  | 
Sarbanes-Oxley regulations remain one of security's biggest drivers in public companies. Here are some tips on how to keep your organization in compliance
Five Big Database Breaches Of 2011's Second Half
News  |  12/14/2011  | 
Healthcare breaches dominate since the summer, with plenty of lessons learned
Study: Most Federal Agencies Uncertain About Meeting FISMA Security Monitoring Deadlines
Quick Hits  |  12/14/2011  | 
Only 22 percent of respondents say their agencies have deployed continuous monitoring technology
Kiss Off: Anonymous Hacker Took On Gene Simmons, Feds Say
News  |  12/14/2011  | 
Feds bust alleged member of Anonymous for launching an "Operation Payback" attack against website of Kiss frontman Gene Simmons.
The Security Pro's Guide To Tablet PCs
News  |  12/14/2011  | 
You've got security strategies for portable PCs and a policy for smartphones. But what about those devices in-between? Here are some tips and trips for managing the security of iPads and similar devices
VPN An Oft-Forgotten Attack Vector
News  |  12/13/2011  | 
Remote VPN connections are not necessarily as secure as you’d think -- how enterprises can get infected by far-flung users via their SSL VPNs
Workers, Technology Need To Team To Fight Insiders
News  |  12/13/2011  | 
Bringing together groups of employees in a company with internal intelligence can help detect rogue insiders earlier, experts say
Android The No. 1 Mobile Device In Enterprises
Quick Hits  |  12/13/2011  | 
New Zscaler research shows Google's Android traffic on top -- but at what security cost?
DHS, FBI Give SCADA System Vulnerability Warning
News  |  12/13/2011  | 
Hackers have infiltrated control system environments in at least three cities this year. Yet, many control systems remain Internet-connected and at risk of remote exploitation.
Personal Data Of 60,000 Telstra Customers Exposed To Web
Quick Hits  |  12/12/2011  | 
Australian telecommunications giant says it is 'investigating' proprietary customer lists found with simple browser search
Google Wallet Stores Some Payment Card Data In Plain Text
News  |  12/12/2011  | 
'Significant' amount of unencrypted data leaves Android phones at risk, researchers say
Unraveling The Riddle Of Privileged Identity
News  |  12/12/2011  | 
Some argue for monitoring to take a greater role in refining privileged identity policies, but root accounts pose problems
DHS Scales Back Mexico Border Fence Plans
News  |  12/12/2011  | 
Department of Homeland Security (DHS) reveals a more modest plan to replace an ambitious border fence project that it scrapped last year after missed deadlines and cost overruns.
Apple's Mac App Store Passes 100 Million Downloads
News  |  12/12/2011  | 
Consumers appear to be thrilled with the ease of buying computer software through a store integrated into the operating system.
Database Security's Biggest Problem: People
News  |  12/12/2011  | 
Many database security projects arrive DOA because database administrators and security pros aren't singing the same tune.
Can Security Teams And DBAs Play Nicely?
News  |  12/9/2011  | 
Many organizations see database security projects arrive DOA because the DBA is not on board
Adobe Zero-Day Attack Part Of Wider Campaign
Quick Hits  |  12/9/2011  | 
Symantec research points to well-funded attackers who use so-called Sykipot malware to target defense contractors, telecommunications firms, computer hardware companies, chemical companies, energy companies, and government
White House Plans Cloud Security Program's Next Steps
News  |  12/9/2011  | 
Federal CIO Steven VanRoekel marked the official "launch" of the FedRAMP security accreditation service yesterday, but more needs to be done before agencies can take advantage the new program.
Google-Sponsored Study Touts Chrome Security
News  |  12/9/2011  | 
Accuvant Lab's browser security study compared Mozilla Firefox, Google Chrome, and Microsoft Internet Explorer.
84% Of Development Apps Sport Known Vulnerabilities
News  |  12/9/2011  | 
SQL injection vulnerabilities and other flaws increase in first-version code reviews, but overall bug levels decline, reports Veracode.
Microsoft Patch Fest Includes Duqu Vulnerability
News  |  12/9/2011  | 
Security patches next week should address multiple critical vulnerabilities. Adobe will fix a Reader flaw being actively exploited to attack defense firms.
Report: Getting The Leaks Out Of Enterprise Messaging
News  |  12/9/2011  | 
A key part of the data leak prevention effort is making sure that email and other messaging systems are used securely. Here are some tips on how to keep email leaks to a minimum
The Art Of Profiling Cybercriminals
News  |  12/8/2011  | 
New psychological and criminological studies attempt to capture a glimpse of the human behind the hack
Government Agencies Harbor The Most Vulnerable Applications
Quick Hits  |  12/8/2011  | 
Newest Veracode State of Software Security report finds SQL injection flaws declining overall in all industries
Biometric Standard Expanded To Include DNA, Footprints
News  |  12/8/2011  | 
An update to the way biometric data is shared by law enforcement includes geo-positioning info about where samples were collected.
How To Spot Malicious Insiders Before Data Theft
News  |  12/8/2011  | 
Psychologists identify warning signs that could tip you off that corporate data may be stolen.
Resurgent LulzSec Attacks Government Sites In Portugal
Quick Hits  |  12/8/2011  | 
Hacktivist group responds to reports of police brutality in country
The Most Notorious Cybercrooks Of 2011 -- And How They Got Caught
News  |  12/7/2011  | 
A torrent of attacks from groups like Anonymous, LulzSec, Goatse Security, and Antisec has made it a busy year for cybercrime investigators
White House Sets Cybersecurity R&D Priorities
News  |  12/7/2011  | 
Roadmap details plans to secure U.S. network infrastructure through agency collaboration, scientific research, and creating more difficult targets for hackers to attack.
Patient Data Losses Jump 32%
News  |  12/7/2011  | 
Growing use of mobile devices in healthcare has intensified the security risk associated with managing patient data.
ADMP: DAM For Web Apps
Commentary  |  12/7/2011  | 
A look at the technology that combines application and database protection
Carrier IQ On Your Android? 3 Apps With Answers
News  |  12/7/2011  | 
In the wake of the Carrier IQ controversy, Android hackers and security companies offer tools to detect and remove the tracking software.
RIM's PlayBook Security Patch Doesn't Last Long
Commentary  |  12/7/2011  | 
Research In Motion hoped to close a security breach with a software update to its PlayBook tablet, but coders cracked the patch in only a few hours.
Adobe Under New Zero Day Attack
News  |  12/7/2011  | 
Emergency patch for Adobe Reader and Acrobat 9.x for Windows due for release within a week.
New Open-Source Technology Locks Down User's DNS Connection
News  |  12/7/2011  | 
OpenCrypt secures connection between end users and their DNS services
New Zero-Day Adobe Attack Under Way
Quick Hits  |  12/6/2011  | 
Adobe working on emergency patch for Adobe Reader and Acrobat 9.x for Windows
Exploited Apps Depend On Attack Vector
News  |  12/6/2011  | 
While some data shows Java to be the most attacked software application, other software gives the program a run for the title
Smart Grid Security Threatened By Fragmented Control
News  |  12/6/2011  | 
MIT study finds smart grid cybersecurity led by fiefdoms, says central leadership would better protect the nation's power lines from hackers.
Symantec Rolls Out Mobile Security Assessment Suite
News  |  12/6/2011  | 
Solution consists of two modules
Dark Reading Launches New Mobile Security Tech Center
Quick Hits  |  12/6/2011  | 
Subsite will focus on news and analysis of mobile, portable, and wireless network security issues
Best Ways To Detect Advanced Threats Once They Invade
News  |  12/5/2011  | 
If attackers want to get in, it's likely they will find a way; security experts offer advice on how to detect the intrusion
2012 Compliance Checklist
News  |  12/5/2011  | 
Security professionals need to consider these best practices and new compliance requirements as they ring in a new year
San Francisco Team Solves DARPA Shredder Challenge
News  |  12/5/2011  | 
Using custom algorithms, three programmers pieced together five shredded documents based on a common theme to win $50,000.
HP Denies Exploit Could Trigger Printer Fire
News  |  12/5/2011  | 
Security researchers warned that zero-day printer vulnerability could be exploited to overheat printers, or worse.
Tech Insight: Getting The Most Out Of Third-Party Pen Tests
News  |  12/5/2011  | 
Tips companies can follow to be sure they get a pen test that meets their needs
Rethinking Mobile Security
News  |  12/5/2011  | 
Debate whirls around the hype of mobile malware and the solutions we have to fight it
Work And Play In Security
Commentary  |  12/5/2011  | 
As we look toward 2012, it's time to have more fun at work
<<   <   Page 2 / 3   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27706
PUBLISHED: 2021-04-14
Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/&quot;IPMacBindIndex &quot;request. This occurs because the &quot;formIPMacBindDel&quot; function directly passes the parameter &quot;IPMacBind...
CVE-2021-27707
PUBLISHED: 2021-04-14
Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/&quot;portMappingIndex &quot;request. This occurs because the &quot;formDelPortMapping&quot; function directly passes the parameter &quot;portMappingIn...
CVE-2021-28098
PUBLISHED: 2021-04-14
An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerability is present in the logging function. SecureConnector runs with administrative privileges and writes logs entries to a file in %PROGRAMDATA%\ForeScout SecureConnector\ that has full permissions for...
CVE-2021-30493
PUBLISHED: 2021-04-14
Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the ChromaBroadcast subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log information. In other wor...
CVE-2021-30494
PUBLISHED: 2021-04-14
Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the Razer Chroma SDK subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log information. In other wo...