News & Commentary
Content posted in February 2011
|
Sophisticated Trojan Targets Some Banking Sites
S21sec, a Spanish information security firm, claims to have spotted a new Trojan with advanced infiltration and attack techniques.
Newly Discovered Mac OS X, Android Trojans Reflect Cybercriminals' Expanding Targets
New crimeware kit is being built specifically for OS X, and new Android Trojan builds a botnet
IE6 Finally Disappearing From The Web, Study Says
After nine-year run, vulnerable browser is finally being replaced, according to Zscaler
DHS Immigration System Vulnerable To Insider Threats
An Inspector General report finds that a long-delayed Homeland Security project has not done enough to mitigate risks from current or former employees, contractors, or business partners.
New Mac OS X Backdoor Trojan Surfaces
Researchers at anti-virus firm Sophos say they've identified a new Trojan designed to infect Mac OS X users.
Facebook Proposes 'Data Use' Policy To Replace 'Privacy Policy'
It's not an official change, but if enough Facebook users approve, it could become one.
Android Spyware Distributed By Third Party Online Marketplaces
On the heels of HongTouTou, Chinese security firm NetQin has found spyware -- SW.SecurePhone and SW.Qieting -- that collects messages, call logs, and other data.
'Low Impact' Breaches Can Signal More Badness To Come
Just because a database breach doesn't expose PII doesn't necessarily mean the ultimate damage is inconsequential
Identify Theft, Financial Scams Top Internet Crimes List
The FBI's Internet Crime Complaint Center received more than 300,000 reports of Internet crime in 2010, according to its annual report.
The Power Of Open-Source Security Tools
Free, open-source tools like the Metasploit Framework and w3af exemplify the power of community involvement and support
Internet Crime Is On The Rise Again, Feds Say
IC3 received more than 300,000 complaints in 2010 -- second-most ever
The Downsides Of OpenFCoE
A few weeks ago I wrote an entry about software based Fibre Channel over Ethernet (FCoE) called Open FCoE being offered by Intel. The immediate responses were questions asking if this is a sign of the end for the hardware based HBA providers? Open FCoE has a lot of promise but the downsides of OpenFCoE prove that it may not be for everyone.
U.S., China Team To Fight Spam
Rare alliance a "stepping stone" to addressing other cybersecurity issues between the nations, officials say
DAM Market Observation
Despite talk about the lack of innovation in the data security market, excellent technologies like DAM and DLP have been available for years before customers embraced them
Security Firm Strikes Back At Cenzic Patent Lawsuit Threat
NT Objectives files suit challenging claims it infringed on Cenzic's patent for "fault injection methods," security experts gathering proof of prior art
Bill Proposes Chief Security Officers At Federal Agencies
The Cybersecurity and Internet Freedom Act of 2011 calls for the appointment of CISOs at each agency to set up security procedures and ensure the federal government is complying with security regulations.
FileMaker For Securing iPads At Work
Rather than just saying "no" to the iPad at the office, consider this inexpensive way to secure these tablets
Security Departments Stretched Too Thin, Firefighting
While application vulnerabilities, mobile computing, and malware top the list of IT security vulnerabilities and threats, a just released survey from ISC2 and Frost & Sullivan reveals an underlying, more systemic threat.
Rogue Facebook Apps Can Disable Security Settings
Security researchers also report that the social network's mobile app provides no SSL capabilities at all, leaving users vulnerable.
'Severe' DNS Vulnerability Leaves Systems Open To Attack
Security experts urge organizations running vulnerable versions of BIND to upgrade immediately to avoid a potential denial of service strike.
NSA Winds Down Secure Virtualization Platform Development
The National Security Agency's High Assurance Platform integrates security and virtualization technology into a framework that's been commercialized and adopted elsewhere in government.
Report: Botnet Victim Population Grew More Than 600 Percent In 2010
Six of the top 10 botnets of 2010 did not exist in 2009, Damballa study says
Clearing The Air On DAM
There are two very important things to understand: First, a database firewall and a database activity monitor (DAM) are exactly the same things! Second, a database firewall can upset normal IT operations
Many Microsoft Vulnerabilities Not Exploitable With Proper System Configuration
New study by eEye finds that just disabling some unneeded features can mitigate most attacks against flaws
Schwartz On Security: Security Pros' Top 2011 Threats
While application vulnerabilities and mobile devices lead the list, perhaps it's also time to tackle security's impact on productivity.
Report: Social Networks Are The New Platform For Communications -- And Malware
Email, IM fall lower on the list; malware authors take note and respond accordingly, Blue Coat says
Another Side Of B-Sides
The "unconference" across the street from the RSA show in San Francisco last week was shaped, in part, by recent security events
80% Of Browsers Have Known Vulnerabilities
Most problems are caused by insecure plug-ins, such as Java, Adobe Reader, QuickTime, and Flash, finds Qualys.
Under Growing Pressure, Security Pros May Be Ready To Crack, Study Says
Faced with securing personal devices and a growing base of threats, security pros feel overwhelmed, (ISC)2 survey reports
Hacking The APT
Google, SRA, Mandiant, McAfee execs profile the advanced persistent threat and suggest ways to derail it
A Chat With The Cybersecurity Czar
Howard Schmidt talks global cooperation in cyberattack prevention, and how the feds should share threat intelligence with private industry
Air Force Seeks Fake Online Social Media Identities
The military has issued a request for bids on software to let it spread messages and make online friends using non-existent identities on social media sites.
OddJob, Zeus Mitmo Trojans Target Financial Data
The malware aims for bank accounts and financial details, warn security researchers at Trusteer and F-Secure.
FTC Internet Privacy Proposal Slammed By Ad Industry
“Do Not Track” settings planned by the Federal Trade Commission may not go far enough according the Center for Digital Democracy and U.S. Public Interest Research Group.
Solving Scale Out Storage's Dark Side
In a recent entry we discussed a concern with scale out storage, making sure the utilization of processing, power and resources remains efficient. The last thing you want is a storage system that, while it can scale to limitless capacity, also requires limitless power and data center floor space? The good news is that some vendors are aware of these concerns and have some solutions for you to consider.
Using HVAC To Set Up A Hack
Social engineering caper begins with posing as heating ventilation and air conditioning repairmen
Researchers: SSD Drives Pose Data Sanitation Risk
Researchers from the University of California, San Diego are warning that traditional methods to clear data from hard drives may not work as well on Solid State Disks.
SSDs Prove Tough To Erase
Techniques that reliably erase hard disk drives don't produce the same results for solid state drives, warn University of California at San Diego researchers.
Security Coming To Mobile And Embedded Devices
Security firm McAfee expects 50 billion mobile and connected embedded devices by the year 2020. And guess who is promoting new tools promising to protect them. But is this a layer of protection we are going to need?
Hacks From China Strike Canadian Government
CBC is reporting that attacks from IP addresses based in China have managed to successfully breach networks within the Finance and the Treasury Board of Canada, as well as Defence Research and Development Canada. The attack is the latest in a string of attacks aimed at high level government agencies.
RSA: The Saw Six Of Tradeshows
Predictably scary, RSA offers a glimpse into the latest threats and security challenges. In this sequel, social engineering goes after social networking in a big way.
ICE Confirms Inadvertent Web Site Seizures
Authorities are reviewing what happened to prevent a similar misstep in the future.
NSA Head: 'Securing Our Nation's Network Is A Team Sport'
Gen. Keith Alexander made clear what panelists at RSA were less clear about the day before
FBI Seeks Expanded Web Wiretapping Capability
The agency said it's unable to legally intercept many forms of electronic communication in a timely and efficient manner.
Botnet Victims Increased 654% In 2011
The top 10 botnets are responsible for 57% of all infections, says Damballa report.
Feds Arrest 99 For Identity Theft, Card Fraud
A federal grand jury has charged the Armenian Power group in California with credit card skimming, check fraud, and other sophisticated white-collar crimes that garnered $20 million.
New Fast-Flux Botnet Unmasked
'Wibimo' botnet also employs an unusual encryption process
Practitioners Detail Evolution Of SIEM Deployments
Most companies progress through three stages, though many get stuck at the very beginning, they said
Busting DLP Myths
Misinformation has stopped many organizations that could have been helped by the technology from moving forward with implementations
Cloud Services Redefining Rules For Regulatory Compliance
The dynamic nature of cloud computing is problematic, agreed members of a panel at RSA
|
White Papers
Video
10 Comments
Current Issue
5 Emerging Cyber Threats to Watch for in 2019Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2019-8980
PUBLISHED: 2019-02-21
PUBLISHED: 2019-02-21
PUBLISHED: 2019-02-21
PUBLISHED: 2019-02-21
PUBLISHED: 2019-02-21
From DHS/US-CERT's National Vulnerability Database CVE-2019-8980
PUBLISHED: 2019-02-21
A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.
CVE-2019-8979PUBLISHED: 2019-02-21
Koseven through 3.3.9, and Kohana through 3.3.6, has SQL Injection when the order_by() parameter can be controlled.
CVE-2013-7469PUBLISHED: 2019-02-21
Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
CVE-2018-20146PUBLISHED: 2019-02-21
An issue was discovered in Liquidware ProfileUnity before 6.8.0 with Liquidware FlexApp before 6.8.0. A local user could obtain administrator rights, as demonstrated by use of PowerShell.
CVE-2019-5727PUBLISHED: 2019-02-21
Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, 6.3.x before 6.3.12, 6.2.x before 6.2.14, 6.1.x before 6.1.14, and 6.0.x before 6.0.15 and Splunk Light before 6.6.0 has Persistent XSS, aka SPL-138827.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2019 UBM, All rights reserved
Tweet This