Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in February 2012
<<   <   Page 2 / 4   >   >>
Microsoft Says Google Bypasses IE Privacy Controls
News  |  2/21/2012  | 
Google responds by calling IE's privacy system outmoded and impractical; Microsoft takes some heat for selective presentation of facts.
Mobile Malware On The Move, McAfee Report Says
Quick Hits  |  2/21/2012  | 
Report finds an average of 9,300 malicious websites per day in fourth quarter 2011
Exploit Unleashed That Crashes pcAnywhere
News  |  2/21/2012  | 
'PCAnywhere Nuke' code can create a denial of service against fully patched versions of the application
Symantec pcAnywhere Remote Attack Code Surfaces
News  |  2/21/2012  | 
Researchers warn that even fully patched pcAnywhere is vulnerable to newly revealed exploits.
Strategies For Fighting Mobile Device-Borne Malware
Quick Hits  |  2/18/2012  | 
Bad guys are increasingly targeting mobile devices as a means of penetrating your corporate data. Here are some tips that might help you stop them
Tech Insight: Getting The Picture With Data Visualization
News  |  2/18/2012  | 
Data visualization can be useful in log review, forensic analysis, and other security activities where large amounts of data must be vetted and analyzed
Google's Privacy Invasion: It's Your Fault
Commentary  |  2/17/2012  | 
If we really wanted privacy, we would turn off JavaScript, block ads, and browse in privacy mode through an anonymous proxy. But we would rather have free services.
What's Behind The Storage Startup Boom?
Commentary  |  2/17/2012  | 
Conditions have been ripe for new storage companies to launch. We're now seeing the fruits of their labor.
What Makes A Top Storage Startup?
Commentary  |  2/17/2012  | 
IT professionals need to keep an eye on the recent boom in innovative, new storage firms. Here's why.
8 Lessons From Nortel's 10-Year Security Breach
News  |  2/17/2012  | 
Learn from Nortel's missteps. Security experts warn that more businesses have been hit by ongoing, difficult to detect exploits.
How Microsoft Made Windows Secure From Ground Up
News  |  2/17/2012  | 
Microsoft's Steve Lipner, who was a major proponent of the need for a secure development methodology, talks about the successes of Microsoft's push--and the costs.
Most Small Healthcare Practices Hacked In The Past 12 Months
Quick Hits  |  2/16/2012  | 
Nearly 30 percent say breaches resulted in medical identity theft, new Ponemon report finds
Making Windows Secure From The Ground Up
News  |  2/16/2012  | 
Microsoft's Steve Lipner, who was a major proponent of the need for a secure development methodology, talks about the successes of Microsoft's push -- and the costs
Flash Zero-Day Used In Targeted Email Attacks
News  |  2/16/2012  | 
Rare universal XSS attack campaign aimed at taking over Webmail accounts
CIA Hunts For Malware In Binary Code
News  |  2/16/2012  | 
Agency invests in ReversingLabs, whose TitaniumCore software analyzes code at its most basic level to identify anomalies that might be malware.
Adobe Flash Flaw Under Attack, Update Issued
News  |  2/16/2012  | 
Cross-site scripting vulnerability in Flash is being targeted by emails containing malicious links. Oracle, Microsoft also issue patches.
Anonymous-Backed Attacks Took Nasdaq Website Offline
News  |  2/16/2012  | 
NASDAQ and BATS stock exchanges, and the Chicago Board Options Exchange (CBOE), were knocked offline earlier this week by hacktivists. Nasdaq emphasizes that stock trading remained unaffected.
Professionals Thrive, Enterprises Struggle In Skill-Starved Security Market
Quick Hits  |  2/16/2012  | 
(ISC)2 study says good security pros are hard to find -- and harder to retain
New Waledac Variant Goes Rogue
News  |  2/15/2012  | 
Disabled spamming botnet creates new variant that steals user credentials
Bad Password Management Exposes Critical Databases
News  |  2/15/2012  | 
Nortel breach shows how poor password management can give away keys to the kingdom
The Financial Industry's Effect On Database Security
Commentary  |  2/15/2012  | 
Security requirements for the financial-services industry differ from other industries
Public Key Used To Secure HTTPS Fails 'Sanity Check'
News  |  2/15/2012  | 
Researchers find two out of every 1,000 public keys can be easily cracked
DoD Taps PARC To Help Detect Insider Threats
News  |  2/15/2012  | 
PARC, famous for its innovations, will develop technology for the Department of Defense that aims to identify inside security threats, using behavioral data, social networks, and other sources.
Cryptographers Discover Public Key Infrastructure Flaw
News  |  2/15/2012  | 
Today's public key infrastructure used to secure HTTPS has security shortcomings that, in some cases, could help attackers steal data and attack servers.
Product Watch: Startup Rolls Out New Approach To User Authentication
News  |  2/14/2012  | 
WWPass offers single device that authenticates users to many systems; secure storage technology protects data by storing it in geographically distributed fragments
Citadel Malware Brings Service To Cybercrime
News  |  2/14/2012  | 
Using many of the hallmarks of open-source project management, the Citadel project looks likely to become a major botnet threat
Nearly 80% Of All Bugs Are In Third-Party Apps
Quick Hits  |  2/14/2012  | 
Secunia annual report says only 10 percent of bugs in 2011 were in Microsoft software
Nortel Breach Gave Hackers Access For Years, Report Says
News  |  2/14/2012  | 
Hackers breached Nortel security and maintained access for years, reportedly making off with a treasure trove of corporate email and documents
Linux Live Environments: Cool Tools Even For Windows Folks
Commentary  |  2/14/2012  | 
Preconfigured Linux environments provide powerful tools to aid in pen testing, mobile security testing, malware analysis, and forensics
Google Becomes Largest Public DNS Provider
News  |  2/14/2012  | 
Search giant's DNS service, now handling 70 billion requests a day, also makes Google more knowledgeable about what people are doing online.
Another Hurdle For IPsec
News  |  2/14/2012  | 
Some organizations are taking a second look at IPsec for more security, but, like SSL, it also relies on a flawed trust model
4 Disaster Recovery Tips For SMBs
News  |  2/14/2012  | 
Think your SMB can't afford to prep for an IT disaster? Learn from the CIO of Granite Rock, located on the San Andreas Fault--where an earthquake isn't just possible, it's probable.
Help Wanted: Businesses Seek Information Security Professionals
News  |  2/14/2012  | 
Enterprises worldwide need more 'infosec' professionals and are willing to pay high salaries for experienced talent, says new survey.
Looking For Love? Don't Trust Online Dating Sites
News  |  2/14/2012  | 
When it comes to how dating websites secure and share information about their users, be sure to read the fine print, and don't be afraid to walk away.
Being A Security Bully Does Not Make You Compliant
Commentary  |  2/14/2012  | 
Compliance is not a tool for dodging work or dismissing business needs
Been Caught Stealin'
Commentary  |  2/14/2012  | 
Emergence of machine to machine (M2M) devices makes life easier for thieves and hackers -- and more dangerous for victims
How To Defend Your Database From Malicious Insiders
Quick Hits  |  2/13/2012  | 
The biggest threat to your sensitive information might be those who are authorized to access it. Here are some tips on how to defend your organization
Avoid Putting IT In A GRC Vacuum
News  |  2/13/2012  | 
When infosec pros are asked to set security and compliance policies with no line-of-business input, problems are inevitable
Ambient Cloud Reduces Costs, Boosts Security
News  |  2/13/2012  | 
Distributed -- or ambient -- cloud storage requires that users chip in by providing disk space and gives them equivalent space in the cloud. Can storing others' data locally be secure?
500 Malware Networks Available To Launch Attacks
News  |  2/13/2012  | 
Many online attacks this year will come from malware delivery networks that can be rented and set to infect PCs, says security vendor Blue Coat Systems.
StopTheHacker Launches
News  |  2/13/2012  | 
New Web security-as-a-service firm comes out of stealth mode with new funding and new services
RSA Conference 2012: Complete Coverage
News  |  2/13/2012  | 
A round-up of articles leading up to and live coverage from RSA Conference 2012, Feb. 27 - March 2, San Francisco
Hactivists Take Down CIA's Website
News  |  2/13/2012  | 
Hit by apparent DDoS, website has been experiencing intermittent period of inaccessibility since Friday
Health Data Breaches Up 97% in 2011
News  |  2/13/2012  | 
Redspin report calls for tougher HIPAA standards, regular security audits, and more employee education.
CIA Website Hacked, Struggles To Recover
News  |  2/13/2012  | 
Anonymous and other hacktivists also left their marks on the U.S. Census Bureau, Interpol, and Mexico, as well as law enforcement websites in Alabama and Texas.
External Self-Encrypting Drive (SED) Meets Opal Standard
News  |  2/13/2012  | 
Wave software selected to manage CMS's external self-encrypting drives
5 Tactical Security Metrics to Watch
News  |  2/10/2012  | 
Wondering how secure your corporate network is? Experts offer a checklist of things to do and areas to monitor.
Five Tactical Security Metrics To Watch
News  |  2/10/2012  | 
Wondering how secure the corporate network is? Here's five operational security metrics that can help. First of a two-part series
On Determining Online Identities
Commentary  |  2/10/2012  | 
Forging a stronger tie between the sign-on process and the actual known user who owns that particular account
Tech Insight: Penetration-Testing Your Cloud Provider
News  |  2/10/2012  | 
Vulnerability assessments and penetration tests can be a great way to validate the security posture of these organizations
<<   <   Page 2 / 4   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30485
PUBLISHED: 2021-04-11
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.