Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in March 2011
Page 1 / 4   >   >>
NSA Investigating Nasdaq Hack
Commentary  |  3/31/2011  | 
Last month when we covered the attack on the Nasdaq's Directors Desk collaboration platform, we said the incident posed plenty of questions, while the Nasdaq proffered (at least publicly) few answers. It seems the National Security Agency agrees.
Lizamoon SQL Injection: Dead From The Get-Go
Commentary  |  3/31/2011  | 
The latest round of headline-grabbing SQL injection attacks aren't new, and they aren't very effective; in fact, Lizamoon might as well be called the little injection that couldn't
Trend Micro Nukes Zeus Botnet Server
News  |  3/31/2011  | 
PayPal, eBay, and the customers of at least 15 banks were targeted by the eliminated botnet.
Microsoft Blames Poor Development Practices For Security Risks
News  |  3/31/2011  | 
Windows and Internet Explorer are at greater risk of attacks because developers don't use mitigation technologies built into the software, said Microsoft.
Most Windows Applications Use Microsoft's DEP
News  |  3/31/2011  | 
SDL Progress Report from Microsoft shows one-third of popular consumer apps using ASLR
Searching For Security's Yardstick
News  |  3/30/2011  | 
Despite rising threats, most security organizations still don't have clear metrics for measuring their performance -- or their enterprises' security posture
Comodo Hack Highlights Chinks In Net Infrastructure
News  |  3/30/2011  | 
The certificate authority's issuance of valid certs to a supposedly Iranian hacker causes experts to question the capability of the certificate infrastructure to respond to attacks
NASA Servers At High Risk Of Cyber Attack
News  |  3/30/2011  | 
Auditors were able to pull encryption keys, passwords, and user account information over the Internet from systems that help control spacecraft and process critical data.
Schwartz On Security: Online Privacy Battles Advertising Profits
Commentary  |  3/30/2011  | 
Do businesses have the right to make money from the unregulated buying and selling of personal information?
Comodo Reports Two More Registration Authorities Hacked
News  |  3/30/2011  | 
The digital certificate issuer has deactivated the affected accounts and begun to implement security and validation reforms.
(Slightly) More Organizations Proactively Managing Security Efforts
Commentary  |  3/30/2011  | 
Security vendor survey at the RSA Conference 2011 shows more organizations planning and coordinating their security efforts across security and IT operations teams and risk management groups. But don't plan on a party and fireworks celebration just yet - the improvements are minor.
BP Loses Laptop With Gulf Claimant Data
News  |  3/30/2011  | 
The missing computer, containing personally identifiable information on 13,000 people, was password-protected, but not encrypted.
'Silos' Of Security Processes Still Not Integrated, Study Says
Quick Hits  |  3/30/2011  | 
Log management, compliance reporting, real-time monitoring, forensic investigation, and incident response still not coordinated, according to SenSage study
'Cree.py' Social Engineering Tool Pinpoints A Person's Physical Location
Quick Hits  |  3/29/2011  | 
Free tool automates process of pulling geolocation, other information on 'targets'
SecurID Breach Warning Signs In The Audit Logs
News  |  3/29/2011  | 
SANS Internet Storm Center on what to look out for in your ACE server logs in the aftermath of the RSA SecurID breach
Rustock Takedown Cut Spam By 33%
News  |  3/29/2011  | 
Bagel and other botnets seem to be picking up the slack, according to Symantec.
In Ironic Twist, MySQL's Own Database Is Hacked Via SQL Injection
News  |  3/28/2011  | 
Open-source database company's customer names, passwords revealed following database attack
Do Not Track Momentum Mounts
News  |  3/28/2011  | 
Legislation to be proposed by Senator John Kerry and analysis of business comments to the FTC may point toward stronger privacy protections.
Bank Of America Customers In Michigan Report Account Theft
Quick Hits  |  3/28/2011  | 
Thousands might be affected; origin of electronic theft still uncertain
Iranian Claims Credit For Comodo Hack
News  |  3/28/2011  | 
Mozilla apologizes for not publicizing the attack more quickly and criticizes Comodo's security.
'Comodo Hacker' Says He Acted Alone
News  |  3/28/2011  | 
The plot thickens: In an effort to back up his claims, alleged hacker dumps apparent evidence of pilfered database from breached Comodo reseller, as well as Mozilla add-on site certificate
Collecting The SSD Garbage
Commentary  |  3/28/2011  | 
Solid state storage (SSS) is the performance alternative to mechanical hard disk drives (HDD). Flash memory, thanks to its reduced cost compared to DRAM, has become the primary way the (SSS) is delivered. Suppliers of flash systems, especially in the enterprise, have to overcome two flash deficiencies that, as we discussed in our last entry, will cause unpredictable performance and reduce reliability.
Netgear Intros Gateway Security Appliance For SMBs
News  |  3/28/2011  | 
The ProSecure UTM150 unified threat management appliance polices Web traffic to help protect company networks against employee-introduced risks from social media or malicious links.
Microsoft Wins A Botnet Battle
Commentary  |  3/28/2011  | 
The Rustok botnet was estimated to be one million PCs strong, underlining the dangers that malware can cause to businesses and consumers.
"Trusted" Sites Fail To Clean Malvertising Scourge
Commentary  |  3/27/2011  | 
Reports indicate that users of Facebook and the European music service, Spotify, have been exposed recently to malvertising attacks.
Shocker! (Not Really): Users Apathetic When It Comes To Mobile Security
Commentary  |  3/26/2011  | 
Survey conducted by the Ponemon Institute shows just how lax users really are when it comes to securing their smartphone devices.
Cyber Attack Hits European Commission
News  |  3/25/2011  | 
Malware was blamed for the "major" breach, launched on the eve of a summit focusing on euro instability, the war in Libya, and nuclear safety.
Consumerization Of IT: Security Is No Excuse
News  |  3/25/2011  | 
At most companies, you can't just say "no" to consumer devices. Here's a plan to take the lead on information security issues.
McAfee Buyout of Sentrigo Sends Database Security Market In New Direction
News  |  3/25/2011  | 
Database security isn't just for database companies anymore, observers say
ANSI And Shared Assessments Launch Study On Financial Impact Of Breached Patient Data
Quick Hits  |  3/25/2011  | 
Study could help healthcare companies justify additional security spending
Understanding SSD Vendor Talk
Commentary  |  3/25/2011  | 
If you are either evaluating or getting ready to evaluate investing in solid state storage for your data center you are going to be faced with learning a new language, confronted with a new set of specs and a new set of debate around what features are most important. This will be the first entry in a series that will give you the decoder ring to understanding what Solid State Disk (SSD) vendors are talking about and what statistics are most important.
Consumerization Of IT: Security Is No Excuse
News  |  3/25/2011  | 
At most companies, you can't just say "no" to consumer devices. Here's a plan to take the lead on information security issues.
Dark Reading Report: How Malware Authors Battle To Evade Detection
News  |  3/24/2011  | 
A look at the new, ingenious ways bad guys use to frustrate analysts and evade automated security tools
Social Engineering 'Capture The Flag' Contest Returns To DefCon
Quick Hits  |  3/24/2011  | 
Changes to this year's contest include some volunteer, high-profile target companies
Are Industrial Control Systems The New Windows XP
Commentary  |  3/24/2011  | 
Earlier this week a security researcher posted nearly three dozen vulnerabilities in industrial control system software to a widely read security mailing list. The move has Supervisory Control and Data Acquisition systems (SCADA) system operators scrambling, and the US CERT issuing warnings.
Flawed Website Certificate Validation Process Led To Comodo Hack
News  |  3/24/2011  | 
Certificate authority points to Iran as likely attacker, while security experts say certificate registration and validation process needs repair
Gmail, Hotmail Pose Government Security Risk
News  |  3/24/2011  | 
Australian auditor recommends blocking Webmail on government networks to prevent insider and external threats.
DHS Outlines Cybersecurity Strategy
News  |  3/24/2011  | 
Automation, interoperability, and authentication are the building blocks for a secure network defense, says the Department of Homeland Security.
Iran Fingered For Fraudulent Comodo SSL Certificates
News  |  3/24/2011  | 
Gmail, Hotmail, and Skype are among the domains affected by fraudulently obtained digital certificates, said Comodo.
McAfee's DAM Acquisition
Commentary  |  3/23/2011  | 
Sentrigo acquisition fills data center security hole in McAfee's offerings
SCADA Attack Code Released For 35 Vulnerabilities
News  |  3/23/2011  | 
Systems from Siemens, Iconics, 7-Technologies, and DATAC have security holes in their supervisory control and data acquisition software, leading the Industrial Control Systems Cyber Emergency Response Team to issue security warnings.
Federal Cyber Attacks Rose 39% In 2010
News  |  3/23/2011  | 
While total incidents reported to US-CERT were down, government networks experienced more attacks than in 2009, according to a Congressional report.
Hackers Take Schools To School
Quick Hits  |  3/23/2011  | 
Nearly two-thirds of schools suffer two breaches or more per year, Panda Security study says
McAfee To Acquire Database Security Vendor Sentrigo
News  |  3/23/2011  | 
Intel's McAfee is taking on industry heavyweights Oracle and IBM with its move to shape an enterprise database security platform.
Schwartz On Security: Advanced Threats Persist And Annoy
Commentary  |  3/23/2011  | 
APTs are today's normal threat, and companies such as RSA must do better, even as the odds against them keep increasing.
ICS-CERT Issues Warnings On Vulnerabilities In Siemens, Other SCADA Products
Quick Hits  |  3/22/2011  | 
Researcher discloses 34 vulnerabilities, releases proof-of-concept attack code for four process control server software product lines
SecurID Customers Left To Assume The Worst
News  |  3/22/2011  | 
With scant details about RSA's hack, SecurID customers begin preparing to shore up defenses in case of multifactor authentication failure
Feds Bust Stock 'Pump And Dump' Botnet Scheme
News  |  3/22/2011  | 
Authorities said a group used hacking, spam, and malware to artificially inflate securities prices and then sell shares at a profit.
Adobe Patches Critical Security Flaw
News  |  3/22/2011  | 
With attackers actively exploiting the bug to remotely execute code, Adobe recommends that all Flash, Reader, and Acrobat users upgrade immediately.
Hospital Hacker 'GhostExodus' Sentenced To 9 Years
News  |  3/22/2011  | 
Contract security guard installed malware on sensitive hospital systems to attack the Anonymous hacking collective.
Page 1 / 4   >   >>

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Incorporating a Prevention Mindset into Threat Detection and Response
Threat detection and response systems, by definition, are reactive because they have to wait for damage to be done before finding the attack. With a prevention-mindset, security teams can proactively anticipate the attacker's next move, rather than reacting to specific threats or trying to detect the latest techniques in real-time. The report covers areas enterprises should focus on: What positive response looks like. Improving security hygiene. Combining preventive actions with red team efforts.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-05-24
Opencast is a free and open source solution for automated video capture and distribution at scale. Prior to Opencast 10.14 and 11.7, users could pass along URLs for files belonging to organizations other than the user's own, which Opencast would then import into the current organization, bypassing o...
PUBLISHED: 2022-05-24
GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite `TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC` is agreed and the server uses 512 bit GOST secret keys are vulnerable to buffer overflow. GOST engine version 3.0...
PUBLISHED: 2022-05-24
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. Prior to version 6.1.11, he USBX DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. In particular cases this may allow an attacker to bypass security features or...
PUBLISHED: 2022-05-24
The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure of ...
PUBLISHED: 2022-05-24
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.