Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in December 2012
Page 1 / 3   >   >>
Global Scans Reveal Internet's Insecurities In 2012
News  |  12/28/2012  | 
Researchers and attackers catalog vulnerable systems connected to the Internet, from videoconferencing systems set to auto-answer, to open point-of-sale servers, to poorly configured database systems
SSNs, Salary Information Exposed In Breach Of Army Servers
Quick Hits  |  12/28/2012  | 
'Unknown' attackers access databases of information on 36,000 people
How To Get Your MSSP In Line With Expectations
Quick Hits  |  12/27/2012  | 
Managed security service providers can help your organization save time and money -- if you know the right way to work with them
Better Integrate IT Risk Management With Enterprise Risk Activities
News  |  12/27/2012  | 
Not only will IT security risks be given greater attention, risk management could affect better business performance as a result
Rethinking IT Security Architecture: Experts Question Wisdom Of Current 'Layered' Cyberdefense Strategies
News  |  12/27/2012  | 
As attacks become more sophisticated and breaches abound, it's time for enterprises to change their cybersecurity thinking from the ground up, experts say
7 Top Information Security Trends For 2013
News  |  12/27/2012  | 
From sandboxing enterprise apps on mobile devices to hacking websites via high-bandwidth cloud attacks, experts detail the security trends they expect to see in 2013.
Don't Throw Away Your DAM Money
News  |  12/27/2012  | 
Make the most out of database activity monitoring through better tuning
Is Vulnerability Management Broken?
News  |  12/27/2012  | 
Some argue that it is time to rethink the vulnerability management hamster wheel
The Only Security Prediction That Matters
Commentary  |  12/26/2012  | 
In this silly season of year-end predictions, we need to collectively revisit the only prediction that will matter next year
Monitoring A La Borg
Commentary  |  12/24/2012  | 
What would a true infrastructure collective look like?
Protecting Data In The Cloud Without Making It Unusable
News  |  12/21/2012  | 
Encrypting data in the cloud is an important security step, but without the proper handling, it can make processing the data -- from searching to number crunching -- much more difficult
Report: U.S., Israel Fingered In Latest Data-Annihilation Attack
Quick Hits  |  12/21/2012  | 
But 'attribution obfuscation' impedes rooting out source of the attack
The 5 Coolest Hacks Of 2012
News  |  12/21/2012  | 
Nothing was sacred -- the nation's airspace, home power meters, videoconferences, and, in an ironic twist, popular cybercrime tools
Tech Insight: Using Penetration Tests To Gauge Real Risk
News  |  12/21/2012  | 
A quality pen test can ferret out the real risk that vulnerabilities pose to a company and its data
10 Biggest Information Security Stories Of 2012
News  |  12/21/2012  | 
From John McAfee's escape from Belize to the privacy debacle that compromised CIA director Petraeus' career, 2012 had no shortage of security shockers.
Google Privacy Convictions Overturned By Italian Court
News  |  12/21/2012  | 
Three Google executives had been convicted of violating Italian privacy law after a video of a boy being bullied was uploaded to Google Video.
Automated Malware Analysis Under Attack
News  |  12/20/2012  | 
Malware writers go low-tech in their latest attempt to escape detection, waiting for human input -- a mouse click -- before running their code
Of Mayans And Malicious Macros
Quick Hits  |  12/20/2012  | 
New attack poses as PowerPoint presentation on the end of the world
Windows 8 Security Stresses Exploit Prevention
News  |  12/20/2012  | 
A look at some of the key security features in the Microsoft's new OS
Forensic Tool Cracks BitLocker, PGP, TrueCrypt Containers
News  |  12/20/2012  | 
ElcomSoft's Forensic Disk Decryptor uses PC memory dumps to crack passwords associated with BitLocker, PGP and TrueCrypt archives.
Anonymous Continues Westboro Church Attacks
News  |  12/20/2012  | 
Hacktivist collective Anonymous gets help with attacks against Westboro Baptist Church, which pledged to picket funerals of shooting victims in Newtown, Conn.
BestBuy.Com Chief Leaves For Symantec
News  |  12/20/2012  | 
Former Starbucks CIO and 2011 InformationWeek Chief of The Year Stephen Gillett heads to Silicon Valley.
9 Ways Hacktivists Shocked The World In 2012
News  |  12/20/2012  | 
Despite the arrests of alleged LulzSec and Anonymous ringleaders, ongoing attacks -- including Muslim hackers disrupting U.S. banks -- prove hacktivism remains alive and well.
Making Database Security Your No. 1 2013 Resolution
News  |  12/20/2012  | 
How database-centric practices would change your security strategy and risk profile in the coming year
Cybercrime Inc.: The Business Of The Digital Black Market
News  |  12/19/2012  | 
Report by security vendor Fortinet examines the structure of the cyber underworld
New Apache Server Attack Discovered
Quick Hits  |  12/19/2012  | 
Exploit ultimately leads to theft of online banking credentials via Zeus variant
Attack Turns Android Devices Into Spam-Spewing Botnets
News  |  12/19/2012  | 
Beware Trojan app sending 500,000 spam SMS messages per day, charging messages to smartphone owners.
Securing SMB Online Transactions
News  |  12/18/2012  | 
Giving consumers the assurances they need to know they're securely sending their private information to your business
Data-Destruction Attack Targeted 'Few' Select Iranian Computers
Quick Hits  |  12/18/2012  | 
'Simplistic' data-destroying malware found on small number of targeted computers in Iran
The Identity Cliff
Commentary  |  12/18/2012  | 
Kicking the can down the road on identity cannot go on forever. Not choosing to deal with improving identity and access architecture is a choice
Anonymous Posts Westboro Church Members' Personal Information
News  |  12/18/2012  | 
Anonymous and other hackers have launched DDoS attacks and leaked personal information about group that promised to protest funerals of victims killed at Sandy Hook Elementary School.
Encryption Shortfalls Plague Healthcare Industry
News  |  12/18/2012  | 
Health Information Management and Systems Society report focuses on securing personal patient data, which providers must address in Meaningful Use Stage 2.
A Guide To Practical Database Monitoring
Quick Hits  |  12/18/2012  | 
A look at what database activity monitoring can and can't do, and some recommendations on how to implement the best system for your organization
Five Significant Insider Attacks Of 2012
News  |  12/17/2012  | 
From the recent theft of counterterrorism data from Switzerland's intelligence agency to remotely wiretapping boardroom videoconferencing systems, a number of attacks had an inside component
Mandatory Car 'Black Boxes' Proposed: Privacy Questions
News  |  12/17/2012  | 
NHTSA proposes that beginning in 2014, most cars would have to be fitted with data recorders. Consumer rights advocates say the measure includes few privacy protections.
Britain Declines To Prosecute Alleged NASA Hacker
News  |  12/17/2012  | 
After 10-year legal battle for allegedly hacking U.S. government computers in search of information on UFOs, British hacker Gary McKinnon is free.
Application Monitoring For Security Professionals
Quick Hits  |  12/17/2012  | 
Keeping an eye on applications can help your organization avoid data breaches. Here are some tips on how to do it right
Bromium Secures Older PCs, Terminals Via 'Microvisor'
News  |  12/17/2012  | 
CTO Simon Crosby says goal is to isolate untrusted tasks on Windows XP machines, thin clients as users bring outside code and content inside the enterprise.
You Are The Big Data
Commentary  |  12/15/2012  | 
Monitoring isn't just about systems anymore
U.S. Creates System To Look For 'Future Crimes'
News  |  12/14/2012  | 
In March, the United States granted counterterrorism officials the ability to hold data on Americans for up to five years. Now, the controversy surrounding the data-analysis program has come to light
Military Drones Present And Future: Visual Tour
Slideshows  |  12/14/2012  | 
The Pentagon's growing fleet of unmanned aerial vehicles ranges from hand-launched machines to the Air Force's experimental X-37B space plane.
How U.K. Police Busted Anonymous Suspect
News  |  12/14/2012  | 
Operation Payback operators' identities unearthed largely through "social leakage" -- highlighting differences between U.S. and British hacker investigations.
Bank Attackers Used PHP Websites As Launch Pads
News  |  12/14/2012  | 
WordPress sites with outdated TimThumb plug-in were among PHP-based sites hackers used to launch this fall's massive DDoS attacks, reports Arbor Network.
The Trouble With Security Metrics
News  |  12/13/2012  | 
A Q&A with the author of The Security Risk Assessment Handbook
Survey: Threat Intelligence Reports Play Key Role In Security Strategies
Quick Hits  |  12/13/2012  | 
Turns out enterprises really do read and take heed of security threat intelligence reports
In-Q-Tel Invests In Secure Smartphone Technology
News  |  12/13/2012  | 
Tyfone specializes in hardware, software for improved security in mobile and cloud environments.
Security Researcher Compromises Cisco VoIP Phones With Vulnerability
News  |  12/13/2012  | 
Grad student demonstrates how phones can be turned into listening devices by attackers
Bank Attackers Promise To Resume DDoS Takedowns
News  |  12/13/2012  | 
Silent for six weeks, the Cyber fighters of Izz ad-din Al qassam hacktivist group have promised to resume targeting banks, in protest of a movie that mocks the founder of Islam.
S.C. Security Blunders Show Why States Get Hacked
Commentary  |  12/13/2012  | 
Governor blames data breach on Russian hackers and the IRS, but states' by-the-book IT ethos shows rules and regulations are the real culprit.
McAfee Back In U.S.: Crazy Like A Fox?
News  |  12/13/2012  | 
Guatemala refuses asylum request and deports AV founder McAfee to Miami. Officials in Belize dismiss McAfee's claims that he's being persecuted by government, call him "bonkers."
Page 1 / 3   >   >>


Windows 10 Migration: Getting It Right
Kevin Alexandra, Principal Solutions Engineer at BeyondTrust,  5/15/2019
Baltimore Ransomware Attack Takes Strange Twist
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/14/2019
When Older Windows Systems Won't Die
Kelly Sheridan, Staff Editor, Dark Reading,  5/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12184
PUBLISHED: 2019-05-19
There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME element, a different vulnerability than CVE-2019-12136.
CVE-2019-12173
PUBLISHED: 2019-05-18
MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138.
CVE-2019-12172
PUBLISHED: 2019-05-17
Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137.
CVE-2019-12168
PUBLISHED: 2019-05-17
Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell (aka Administration > Commands) screen.
CVE-2019-12170
PUBLISHED: 2019-05-17
ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PH...