Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in February 2011
Page 1 / 4   >   >>
Sophisticated Trojan Targets Some Banking Sites
Commentary  |  2/28/2011  | 
S21sec, a Spanish information security firm, claims to have spotted a new Trojan with advanced infiltration and attack techniques.
Newly Discovered Mac OS X, Android Trojans Reflect Cybercriminals' Expanding Targets
News  |  2/28/2011  | 
New crimeware kit is being built specifically for OS X, and new Android Trojan builds a botnet
IE6 Finally Disappearing From The Web, Study Says
Quick Hits  |  2/28/2011  | 
After nine-year run, vulnerable browser is finally being replaced, according to Zscaler
DHS Immigration System Vulnerable To Insider Threats
News  |  2/28/2011  | 
An Inspector General report finds that a long-delayed Homeland Security project has not done enough to mitigate risks from current or former employees, contractors, or business partners.
New Mac OS X Backdoor Trojan Surfaces
Commentary  |  2/27/2011  | 
Researchers at anti-virus firm Sophos say they've identified a new Trojan designed to infect Mac OS X users.
Facebook Proposes 'Data Use' Policy To Replace 'Privacy Policy'
News  |  2/25/2011  | 
It's not an official change, but if enough Facebook users approve, it could become one.
Android Spyware Distributed By Third Party Online Marketplaces
News  |  2/25/2011  | 
On the heels of HongTouTou, Chinese security firm NetQin has found spyware -- SW.SecurePhone and SW.Qieting -- that collects messages, call logs, and other data.
'Low Impact' Breaches Can Signal More Badness To Come
News  |  2/25/2011  | 
Just because a database breach doesn't expose PII doesn't necessarily mean the ultimate damage is inconsequential
Identify Theft, Financial Scams Top Internet Crimes List
News  |  2/25/2011  | 
The FBI's Internet Crime Complaint Center received more than 300,000 reports of Internet crime in 2010, according to its annual report.
The Power Of Open-Source Security Tools
Commentary  |  2/25/2011  | 
Free, open-source tools like the Metasploit Framework and w3af exemplify the power of community involvement and support
Internet Crime Is On The Rise Again, Feds Say
Quick Hits  |  2/25/2011  | 
IC3 received more than 300,000 complaints in 2010 -- second-most ever
The Downsides Of OpenFCoE
Commentary  |  2/25/2011  | 
A few weeks ago I wrote an entry about software based Fibre Channel over Ethernet (FCoE) called Open FCoE being offered by Intel. The immediate responses were questions asking if this is a sign of the end for the hardware based HBA providers? Open FCoE has a lot of promise but the downsides of OpenFCoE prove that it may not be for everyone.
U.S., China Team To Fight Spam
Quick Hits  |  2/24/2011  | 
Rare alliance a "stepping stone" to addressing other cybersecurity issues between the nations, officials say
DAM Market Observation
Commentary  |  2/24/2011  | 
Despite talk about the lack of innovation in the data security market, excellent technologies like DAM and DLP have been available for years before customers embraced them
Security Firm Strikes Back At Cenzic Patent Lawsuit Threat
News  |  2/24/2011  | 
NT Objectives files suit challenging claims it infringed on Cenzic's patent for "fault injection methods," security experts gathering proof of prior art
Bill Proposes Chief Security Officers At Federal Agencies
News  |  2/24/2011  | 
The Cybersecurity and Internet Freedom Act of 2011 calls for the appointment of CISOs at each agency to set up security procedures and ensure the federal government is complying with security regulations.
FileMaker For Securing iPads At Work
Commentary  |  2/24/2011  | 
Rather than just saying "no" to the iPad at the office, consider this inexpensive way to secure these tablets
Security Departments Stretched Too Thin, Firefighting
Commentary  |  2/24/2011  | 
While application vulnerabilities, mobile computing, and malware top the list of IT security vulnerabilities and threats, a just released survey from ISC2 and Frost & Sullivan reveals an underlying, more systemic threat.
Rogue Facebook Apps Can Disable Security Settings
News  |  2/24/2011  | 
Security researchers also report that the social network's mobile app provides no SSL capabilities at all, leaving users vulnerable.
'Severe' DNS Vulnerability Leaves Systems Open To Attack
News  |  2/24/2011  | 
Security experts urge organizations running vulnerable versions of BIND to upgrade immediately to avoid a potential denial of service strike.
NSA Winds Down Secure Virtualization Platform Development
News  |  2/24/2011  | 
The National Security Agency's High Assurance Platform integrates security and virtualization technology into a framework that's been commercialized and adopted elsewhere in government.
Report: Botnet Victim Population Grew More Than 600 Percent In 2010
News  |  2/23/2011  | 
Six of the top 10 botnets of 2010 did not exist in 2009, Damballa study says
Clearing The Air On DAM
Commentary  |  2/23/2011  | 
There are two very important things to understand: First, a database firewall and a database activity monitor (DAM) are exactly the same things! Second, a database firewall can upset normal IT operations
Many Microsoft Vulnerabilities Not Exploitable With Proper System Configuration
News  |  2/23/2011  | 
New study by eEye finds that just disabling some unneeded features can mitigate most attacks against flaws
Schwartz On Security: Security Pros' Top 2011 Threats
Commentary  |  2/23/2011  | 
While application vulnerabilities and mobile devices lead the list, perhaps it's also time to tackle security's impact on productivity.
Report: Social Networks Are The New Platform For Communications -- And Malware
Quick Hits  |  2/23/2011  | 
Email, IM fall lower on the list; malware authors take note and respond accordingly, Blue Coat says
Another Side Of B-Sides
Commentary  |  2/23/2011  | 
The "unconference" across the street from the RSA show in San Francisco last week was shaped, in part, by recent security events
80% Of Browsers Have Known Vulnerabilities
News  |  2/23/2011  | 
Most problems are caused by insecure plug-ins, such as Java, Adobe Reader, QuickTime, and Flash, finds Qualys.
Under Growing Pressure, Security Pros May Be Ready To Crack, Study Says
News  |  2/23/2011  | 
Faced with securing personal devices and a growing base of threats, security pros feel overwhelmed, (ISC)2 survey reports
Hacking The APT
News  |  2/22/2011  | 
Google, SRA, Mandiant, McAfee execs profile the advanced persistent threat and suggest ways to derail it
A Chat With The Cybersecurity Czar
Quick Hits  |  2/22/2011  | 
Howard Schmidt talks global cooperation in cyberattack prevention, and how the feds should share threat intelligence with private industry
Air Force Seeks Fake Online Social Media Identities
News  |  2/22/2011  | 
The military has issued a request for bids on software to let it spread messages and make online friends using non-existent identities on social media sites.
OddJob, Zeus Mitmo Trojans Target Financial Data
News  |  2/22/2011  | 
The malware aims for bank accounts and financial details, warn security researchers at Trusteer and F-Secure.
FTC Internet Privacy Proposal Slammed By Ad Industry
News  |  2/22/2011  | 
“Do Not Track” settings planned by the Federal Trade Commission may not go far enough according the Center for Digital Democracy and U.S. Public Interest Research Group.
Solving Scale Out Storage's Dark Side
Commentary  |  2/22/2011  | 
In a recent entry we discussed a concern with scale out storage, making sure the utilization of processing, power and resources remains efficient. The last thing you want is a storage system that, while it can scale to limitless capacity, also requires limitless power and data center floor space? The good news is that some vendors are aware of these concerns and have some solutions for you to consider.
Using HVAC To Set Up A Hack
Commentary  |  2/22/2011  | 
Social engineering caper begins with posing as heating ventilation and air conditioning repairmen
Researchers: SSD Drives Pose Data Sanitation Risk
Commentary  |  2/22/2011  | 
Researchers from the University of California, San Diego are warning that traditional methods to clear data from hard drives may not work as well on Solid State Disks.
SSDs Prove Tough To Erase
News  |  2/21/2011  | 
Techniques that reliably erase hard disk drives don't produce the same results for solid state drives, warn University of California at San Diego researchers.
Security Coming To Mobile And Embedded Devices
Commentary  |  2/21/2011  | 
Security firm McAfee expects 50 billion mobile and connected embedded devices by the year 2020. And guess who is promoting new tools promising to protect them. But is this a layer of protection we are going to need?
Hacks From China Strike Canadian Government
Commentary  |  2/20/2011  | 
CBC is reporting that attacks from IP addresses based in China have managed to successfully breach networks within the Finance and the Treasury Board of Canada, as well as Defence Research and Development Canada. The attack is the latest in a string of attacks aimed at high level government agencies.
RSA: The Saw Six Of Tradeshows
Commentary  |  2/18/2011  | 
Predictably scary, RSA offers a glimpse into the latest threats and security challenges. In this sequel, social engineering goes after social networking in a big way.
ICE Confirms Inadvertent Web Site Seizures
News  |  2/18/2011  | 
Authorities are reviewing what happened to prevent a similar misstep in the future.
NSA Head: 'Securing Our Nation's Network Is A Team Sport'
News  |  2/18/2011  | 
Gen. Keith Alexander made clear what panelists at RSA were less clear about the day before
FBI Seeks Expanded Web Wiretapping Capability
News  |  2/18/2011  | 
The agency said it's unable to legally intercept many forms of electronic communication in a timely and efficient manner.
Botnet Victims Increased 654% In 2011
News  |  2/18/2011  | 
The top 10 botnets are responsible for 57% of all infections, says Damballa report.
Feds Arrest 99 For Identity Theft, Card Fraud
News  |  2/18/2011  | 
A federal grand jury has charged the Armenian Power group in California with credit card skimming, check fraud, and other sophisticated white-collar crimes that garnered $20 million.
New Fast-Flux Botnet Unmasked
Quick Hits  |  2/18/2011  | 
'Wibimo' botnet also employs an unusual encryption process
Practitioners Detail Evolution Of SIEM Deployments
News  |  2/18/2011  | 
Most companies progress through three stages, though many get stuck at the very beginning, they said
Busting DLP Myths
News  |  2/17/2011  | 
Misinformation has stopped many organizations that could have been helped by the technology from moving forward with implementations
Cloud Services Redefining Rules For Regulatory Compliance
News  |  2/17/2011  | 
The dynamic nature of cloud computing is problematic, agreed members of a panel at RSA
Page 1 / 4   >   >>

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Incorporating a Prevention Mindset into Threat Detection and Response
Threat detection and response systems, by definition, are reactive because they have to wait for damage to be done before finding the attack. With a prevention-mindset, security teams can proactively anticipate the attacker's next move, rather than reacting to specific threats or trying to detect the latest techniques in real-time. The report covers areas enterprises should focus on: What positive response looks like. Improving security hygiene. Combining preventive actions with red team efforts.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-05-24
SiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which could be used to execute arbitrary code.
PUBLISHED: 2022-05-24
SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability.
PUBLISHED: 2022-05-24
SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability.
PUBLISHED: 2022-05-24
Business Logic Errors in GitHub repository erudika/para prior to 1.45.11.
PUBLISHED: 2022-05-24
Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product.