News & Commentary

Content posted in February 2011
Page 1 / 4   >   >>
Sophisticated Trojan Targets Some Banking Sites
Commentary  |  2/28/2011  | 
S21sec, a Spanish information security firm, claims to have spotted a new Trojan with advanced infiltration and attack techniques.
Newly Discovered Mac OS X, Android Trojans Reflect Cybercriminals' Expanding Targets
News  |  2/28/2011  | 
New crimeware kit is being built specifically for OS X, and new Android Trojan builds a botnet
IE6 Finally Disappearing From The Web, Study Says
Quick Hits  |  2/28/2011  | 
After nine-year run, vulnerable browser is finally being replaced, according to Zscaler
DHS Immigration System Vulnerable To Insider Threats
News  |  2/28/2011  | 
An Inspector General report finds that a long-delayed Homeland Security project has not done enough to mitigate risks from current or former employees, contractors, or business partners.
New Mac OS X Backdoor Trojan Surfaces
Commentary  |  2/27/2011  | 
Researchers at anti-virus firm Sophos say they've identified a new Trojan designed to infect Mac OS X users.
Facebook Proposes 'Data Use' Policy To Replace 'Privacy Policy'
News  |  2/25/2011  | 
It's not an official change, but if enough Facebook users approve, it could become one.
Android Spyware Distributed By Third Party Online Marketplaces
News  |  2/25/2011  | 
On the heels of HongTouTou, Chinese security firm NetQin has found spyware -- SW.SecurePhone and SW.Qieting -- that collects messages, call logs, and other data.
'Low Impact' Breaches Can Signal More Badness To Come
News  |  2/25/2011  | 
Just because a database breach doesn't expose PII doesn't necessarily mean the ultimate damage is inconsequential
Identify Theft, Financial Scams Top Internet Crimes List
News  |  2/25/2011  | 
The FBI's Internet Crime Complaint Center received more than 300,000 reports of Internet crime in 2010, according to its annual report.
The Power Of Open-Source Security Tools
Commentary  |  2/25/2011  | 
Free, open-source tools like the Metasploit Framework and w3af exemplify the power of community involvement and support
Internet Crime Is On The Rise Again, Feds Say
Quick Hits  |  2/25/2011  | 
IC3 received more than 300,000 complaints in 2010 -- second-most ever
The Downsides Of OpenFCoE
Commentary  |  2/25/2011  | 
A few weeks ago I wrote an entry about software based Fibre Channel over Ethernet (FCoE) called Open FCoE being offered by Intel. The immediate responses were questions asking if this is a sign of the end for the hardware based HBA providers? Open FCoE has a lot of promise but the downsides of OpenFCoE prove that it may not be for everyone.
U.S., China Team To Fight Spam
Quick Hits  |  2/24/2011  | 
Rare alliance a "stepping stone" to addressing other cybersecurity issues between the nations, officials say
DAM Market Observation
Commentary  |  2/24/2011  | 
Despite talk about the lack of innovation in the data security market, excellent technologies like DAM and DLP have been available for years before customers embraced them
Security Firm Strikes Back At Cenzic Patent Lawsuit Threat
News  |  2/24/2011  | 
NT Objectives files suit challenging claims it infringed on Cenzic's patent for "fault injection methods," security experts gathering proof of prior art
Bill Proposes Chief Security Officers At Federal Agencies
News  |  2/24/2011  | 
The Cybersecurity and Internet Freedom Act of 2011 calls for the appointment of CISOs at each agency to set up security procedures and ensure the federal government is complying with security regulations.
FileMaker For Securing iPads At Work
Commentary  |  2/24/2011  | 
Rather than just saying "no" to the iPad at the office, consider this inexpensive way to secure these tablets
Security Departments Stretched Too Thin, Firefighting
Commentary  |  2/24/2011  | 
While application vulnerabilities, mobile computing, and malware top the list of IT security vulnerabilities and threats, a just released survey from ISC2 and Frost & Sullivan reveals an underlying, more systemic threat.
Rogue Facebook Apps Can Disable Security Settings
News  |  2/24/2011  | 
Security researchers also report that the social network's mobile app provides no SSL capabilities at all, leaving users vulnerable.
'Severe' DNS Vulnerability Leaves Systems Open To Attack
News  |  2/24/2011  | 
Security experts urge organizations running vulnerable versions of BIND to upgrade immediately to avoid a potential denial of service strike.
NSA Winds Down Secure Virtualization Platform Development
News  |  2/24/2011  | 
The National Security Agency's High Assurance Platform integrates security and virtualization technology into a framework that's been commercialized and adopted elsewhere in government.
Report: Botnet Victim Population Grew More Than 600 Percent In 2010
News  |  2/23/2011  | 
Six of the top 10 botnets of 2010 did not exist in 2009, Damballa study says
Clearing The Air On DAM
Commentary  |  2/23/2011  | 
There are two very important things to understand: First, a database firewall and a database activity monitor (DAM) are exactly the same things! Second, a database firewall can upset normal IT operations
Many Microsoft Vulnerabilities Not Exploitable With Proper System Configuration
News  |  2/23/2011  | 
New study by eEye finds that just disabling some unneeded features can mitigate most attacks against flaws
Schwartz On Security: Security Pros' Top 2011 Threats
Commentary  |  2/23/2011  | 
While application vulnerabilities and mobile devices lead the list, perhaps it's also time to tackle security's impact on productivity.
Report: Social Networks Are The New Platform For Communications -- And Malware
Quick Hits  |  2/23/2011  | 
Email, IM fall lower on the list; malware authors take note and respond accordingly, Blue Coat says
Another Side Of B-Sides
Commentary  |  2/23/2011  | 
The "unconference" across the street from the RSA show in San Francisco last week was shaped, in part, by recent security events
80% Of Browsers Have Known Vulnerabilities
News  |  2/23/2011  | 
Most problems are caused by insecure plug-ins, such as Java, Adobe Reader, QuickTime, and Flash, finds Qualys.
Under Growing Pressure, Security Pros May Be Ready To Crack, Study Says
News  |  2/23/2011  | 
Faced with securing personal devices and a growing base of threats, security pros feel overwhelmed, (ISC)2 survey reports
Hacking The APT
News  |  2/22/2011  | 
Google, SRA, Mandiant, McAfee execs profile the advanced persistent threat and suggest ways to derail it
A Chat With The Cybersecurity Czar
Quick Hits  |  2/22/2011  | 
Howard Schmidt talks global cooperation in cyberattack prevention, and how the feds should share threat intelligence with private industry
Air Force Seeks Fake Online Social Media Identities
News  |  2/22/2011  | 
The military has issued a request for bids on software to let it spread messages and make online friends using non-existent identities on social media sites.
OddJob, Zeus Mitmo Trojans Target Financial Data
News  |  2/22/2011  | 
The malware aims for bank accounts and financial details, warn security researchers at Trusteer and F-Secure.
FTC Internet Privacy Proposal Slammed By Ad Industry
News  |  2/22/2011  | 
“Do Not Track” settings planned by the Federal Trade Commission may not go far enough according the Center for Digital Democracy and U.S. Public Interest Research Group.
Solving Scale Out Storage's Dark Side
Commentary  |  2/22/2011  | 
In a recent entry we discussed a concern with scale out storage, making sure the utilization of processing, power and resources remains efficient. The last thing you want is a storage system that, while it can scale to limitless capacity, also requires limitless power and data center floor space? The good news is that some vendors are aware of these concerns and have some solutions for you to consider.
Using HVAC To Set Up A Hack
Commentary  |  2/22/2011  | 
Social engineering caper begins with posing as heating ventilation and air conditioning repairmen
Researchers: SSD Drives Pose Data Sanitation Risk
Commentary  |  2/22/2011  | 
Researchers from the University of California, San Diego are warning that traditional methods to clear data from hard drives may not work as well on Solid State Disks.
SSDs Prove Tough To Erase
News  |  2/21/2011  | 
Techniques that reliably erase hard disk drives don't produce the same results for solid state drives, warn University of California at San Diego researchers.
Security Coming To Mobile And Embedded Devices
Commentary  |  2/21/2011  | 
Security firm McAfee expects 50 billion mobile and connected embedded devices by the year 2020. And guess who is promoting new tools promising to protect them. But is this a layer of protection we are going to need?
Hacks From China Strike Canadian Government
Commentary  |  2/20/2011  | 
CBC is reporting that attacks from IP addresses based in China have managed to successfully breach networks within the Finance and the Treasury Board of Canada, as well as Defence Research and Development Canada. The attack is the latest in a string of attacks aimed at high level government agencies.
RSA: The Saw Six Of Tradeshows
Commentary  |  2/18/2011  | 
Predictably scary, RSA offers a glimpse into the latest threats and security challenges. In this sequel, social engineering goes after social networking in a big way.
ICE Confirms Inadvertent Web Site Seizures
News  |  2/18/2011  | 
Authorities are reviewing what happened to prevent a similar misstep in the future.
NSA Head: 'Securing Our Nation's Network Is A Team Sport'
News  |  2/18/2011  | 
Gen. Keith Alexander made clear what panelists at RSA were less clear about the day before
FBI Seeks Expanded Web Wiretapping Capability
News  |  2/18/2011  | 
The agency said it's unable to legally intercept many forms of electronic communication in a timely and efficient manner.
Botnet Victims Increased 654% In 2011
News  |  2/18/2011  | 
The top 10 botnets are responsible for 57% of all infections, says Damballa report.
Feds Arrest 99 For Identity Theft, Card Fraud
News  |  2/18/2011  | 
A federal grand jury has charged the Armenian Power group in California with credit card skimming, check fraud, and other sophisticated white-collar crimes that garnered $20 million.
New Fast-Flux Botnet Unmasked
Quick Hits  |  2/18/2011  | 
'Wibimo' botnet also employs an unusual encryption process
Practitioners Detail Evolution Of SIEM Deployments
News  |  2/18/2011  | 
Most companies progress through three stages, though many get stuck at the very beginning, they said
Busting DLP Myths
News  |  2/17/2011  | 
Misinformation has stopped many organizations that could have been helped by the technology from moving forward with implementations
Cloud Services Redefining Rules For Regulatory Compliance
News  |  2/17/2011  | 
The dynamic nature of cloud computing is problematic, agreed members of a panel at RSA
Page 1 / 4   >   >>


13 Russians Indicted for Massive Operation to Sway US Election
Kelly Sheridan, Associate Editor, Dark Reading,  2/16/2018
Facebook Aims to Make Security More Social
Kelly Sheridan, Associate Editor, Dark Reading,  2/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.