News & Commentary

Content posted in March 2011
Page 1 / 4   >   >>
NSA Investigating Nasdaq Hack
Commentary  |  3/31/2011  | 
Last month when we covered the attack on the Nasdaq's Directors Desk collaboration platform, we said the incident posed plenty of questions, while the Nasdaq proffered (at least publicly) few answers. It seems the National Security Agency agrees.
Lizamoon SQL Injection: Dead From The Get-Go
Commentary  |  3/31/2011  | 
The latest round of headline-grabbing SQL injection attacks aren't new, and they aren't very effective; in fact, Lizamoon might as well be called the little injection that couldn't
Trend Micro Nukes Zeus Botnet Server
News  |  3/31/2011  | 
PayPal, eBay, and the customers of at least 15 banks were targeted by the eliminated botnet.
Microsoft Blames Poor Development Practices For Security Risks
News  |  3/31/2011  | 
Windows and Internet Explorer are at greater risk of attacks because developers don't use mitigation technologies built into the software, said Microsoft.
Most Windows Applications Use Microsoft's DEP
News  |  3/31/2011  | 
SDL Progress Report from Microsoft shows one-third of popular consumer apps using ASLR
Searching For Security's Yardstick
News  |  3/30/2011  | 
Despite rising threats, most security organizations still don't have clear metrics for measuring their performance -- or their enterprises' security posture
Comodo Hack Highlights Chinks In Net Infrastructure
News  |  3/30/2011  | 
The certificate authority's issuance of valid certs to a supposedly Iranian hacker causes experts to question the capability of the certificate infrastructure to respond to attacks
NASA Servers At High Risk Of Cyber Attack
News  |  3/30/2011  | 
Auditors were able to pull encryption keys, passwords, and user account information over the Internet from systems that help control spacecraft and process critical data.
Schwartz On Security: Online Privacy Battles Advertising Profits
Commentary  |  3/30/2011  | 
Do businesses have the right to make money from the unregulated buying and selling of personal information?
Comodo Reports Two More Registration Authorities Hacked
News  |  3/30/2011  | 
The digital certificate issuer has deactivated the affected accounts and begun to implement security and validation reforms.
(Slightly) More Organizations Proactively Managing Security Efforts
Commentary  |  3/30/2011  | 
Security vendor survey at the RSA Conference 2011 shows more organizations planning and coordinating their security efforts across security and IT operations teams and risk management groups. But don't plan on a party and fireworks celebration just yet - the improvements are minor.
BP Loses Laptop With Gulf Claimant Data
News  |  3/30/2011  | 
The missing computer, containing personally identifiable information on 13,000 people, was password-protected, but not encrypted.
'Silos' Of Security Processes Still Not Integrated, Study Says
Quick Hits  |  3/30/2011  | 
Log management, compliance reporting, real-time monitoring, forensic investigation, and incident response still not coordinated, according to SenSage study
'Cree.py' Social Engineering Tool Pinpoints A Person's Physical Location
Quick Hits  |  3/29/2011  | 
Free tool automates process of pulling geolocation, other information on 'targets'
SecurID Breach Warning Signs In The Audit Logs
News  |  3/29/2011  | 
SANS Internet Storm Center on what to look out for in your ACE server logs in the aftermath of the RSA SecurID breach
Rustock Takedown Cut Spam By 33%
News  |  3/29/2011  | 
Bagel and other botnets seem to be picking up the slack, according to Symantec.
In Ironic Twist, MySQL's Own Database Is Hacked Via SQL Injection
News  |  3/28/2011  | 
Open-source database company's customer names, passwords revealed following database attack
Do Not Track Momentum Mounts
News  |  3/28/2011  | 
Legislation to be proposed by Senator John Kerry and analysis of business comments to the FTC may point toward stronger privacy protections.
Bank Of America Customers In Michigan Report Account Theft
Quick Hits  |  3/28/2011  | 
Thousands might be affected; origin of electronic theft still uncertain
Iranian Claims Credit For Comodo Hack
News  |  3/28/2011  | 
Mozilla apologizes for not publicizing the attack more quickly and criticizes Comodo's security.
'Comodo Hacker' Says He Acted Alone
News  |  3/28/2011  | 
The plot thickens: In an effort to back up his claims, alleged hacker dumps apparent evidence of pilfered database from breached Comodo reseller, as well as Mozilla add-on site certificate
Collecting The SSD Garbage
Commentary  |  3/28/2011  | 
Solid state storage (SSS) is the performance alternative to mechanical hard disk drives (HDD). Flash memory, thanks to its reduced cost compared to DRAM, has become the primary way the (SSS) is delivered. Suppliers of flash systems, especially in the enterprise, have to overcome two flash deficiencies that, as we discussed in our last entry, will cause unpredictable performance and reduce reliability.
Netgear Intros Gateway Security Appliance For SMBs
News  |  3/28/2011  | 
The ProSecure UTM150 unified threat management appliance polices Web traffic to help protect company networks against employee-introduced risks from social media or malicious links.
Microsoft Wins A Botnet Battle
Commentary  |  3/28/2011  | 
The Rustok botnet was estimated to be one million PCs strong, underlining the dangers that malware can cause to businesses and consumers.
"Trusted" Sites Fail To Clean Malvertising Scourge
Commentary  |  3/27/2011  | 
Reports indicate that users of Facebook and the European music service, Spotify, have been exposed recently to malvertising attacks.
Shocker! (Not Really): Users Apathetic When It Comes To Mobile Security
Commentary  |  3/26/2011  | 
Survey conducted by the Ponemon Institute shows just how lax users really are when it comes to securing their smartphone devices.
Cyber Attack Hits European Commission
News  |  3/25/2011  | 
Malware was blamed for the "major" breach, launched on the eve of a summit focusing on euro instability, the war in Libya, and nuclear safety.
Consumerization Of IT: Security Is No Excuse
News  |  3/25/2011  | 
At most companies, you can't just say "no" to consumer devices. Here's a plan to take the lead on information security issues.
McAfee Buyout of Sentrigo Sends Database Security Market In New Direction
News  |  3/25/2011  | 
Database security isn't just for database companies anymore, observers say
ANSI And Shared Assessments Launch Study On Financial Impact Of Breached Patient Data
Quick Hits  |  3/25/2011  | 
Study could help healthcare companies justify additional security spending
Understanding SSD Vendor Talk
Commentary  |  3/25/2011  | 
If you are either evaluating or getting ready to evaluate investing in solid state storage for your data center you are going to be faced with learning a new language, confronted with a new set of specs and a new set of debate around what features are most important. This will be the first entry in a series that will give you the decoder ring to understanding what Solid State Disk (SSD) vendors are talking about and what statistics are most important.
Consumerization Of IT: Security Is No Excuse
News  |  3/25/2011  | 
At most companies, you can't just say "no" to consumer devices. Here's a plan to take the lead on information security issues.
Dark Reading Report: How Malware Authors Battle To Evade Detection
News  |  3/24/2011  | 
A look at the new, ingenious ways bad guys use to frustrate analysts and evade automated security tools
Social Engineering 'Capture The Flag' Contest Returns To DefCon
Quick Hits  |  3/24/2011  | 
Changes to this year's contest include some volunteer, high-profile target companies
Are Industrial Control Systems The New Windows XP
Commentary  |  3/24/2011  | 
Earlier this week a security researcher posted nearly three dozen vulnerabilities in industrial control system software to a widely read security mailing list. The move has Supervisory Control and Data Acquisition systems (SCADA) system operators scrambling, and the US CERT issuing warnings.
Flawed Website Certificate Validation Process Led To Comodo Hack
News  |  3/24/2011  | 
Certificate authority points to Iran as likely attacker, while security experts say certificate registration and validation process needs repair
Gmail, Hotmail Pose Government Security Risk
News  |  3/24/2011  | 
Australian auditor recommends blocking Webmail on government networks to prevent insider and external threats.
DHS Outlines Cybersecurity Strategy
News  |  3/24/2011  | 
Automation, interoperability, and authentication are the building blocks for a secure network defense, says the Department of Homeland Security.
Iran Fingered For Fraudulent Comodo SSL Certificates
News  |  3/24/2011  | 
Gmail, Hotmail, and Skype are among the domains affected by fraudulently obtained digital certificates, said Comodo.
McAfee's DAM Acquisition
Commentary  |  3/23/2011  | 
Sentrigo acquisition fills data center security hole in McAfee's offerings
SCADA Attack Code Released For 35 Vulnerabilities
News  |  3/23/2011  | 
Systems from Siemens, Iconics, 7-Technologies, and DATAC have security holes in their supervisory control and data acquisition software, leading the Industrial Control Systems Cyber Emergency Response Team to issue security warnings.
Federal Cyber Attacks Rose 39% In 2010
News  |  3/23/2011  | 
While total incidents reported to US-CERT were down, government networks experienced more attacks than in 2009, according to a Congressional report.
Hackers Take Schools To School
Quick Hits  |  3/23/2011  | 
Nearly two-thirds of schools suffer two breaches or more per year, Panda Security study says
McAfee To Acquire Database Security Vendor Sentrigo
News  |  3/23/2011  | 
Intel's McAfee is taking on industry heavyweights Oracle and IBM with its move to shape an enterprise database security platform.
Schwartz On Security: Advanced Threats Persist And Annoy
Commentary  |  3/23/2011  | 
APTs are today's normal threat, and companies such as RSA must do better, even as the odds against them keep increasing.
ICS-CERT Issues Warnings On Vulnerabilities In Siemens, Other SCADA Products
Quick Hits  |  3/22/2011  | 
Researcher discloses 34 vulnerabilities, releases proof-of-concept attack code for four process control server software product lines
SecurID Customers Left To Assume The Worst
News  |  3/22/2011  | 
With scant details about RSA's hack, SecurID customers begin preparing to shore up defenses in case of multifactor authentication failure
Feds Bust Stock 'Pump And Dump' Botnet Scheme
News  |  3/22/2011  | 
Authorities said a group used hacking, spam, and malware to artificially inflate securities prices and then sell shares at a profit.
Adobe Patches Critical Security Flaw
News  |  3/22/2011  | 
With attackers actively exploiting the bug to remotely execute code, Adobe recommends that all Flash, Reader, and Acrobat users upgrade immediately.
Hospital Hacker 'GhostExodus' Sentenced To 9 Years
News  |  3/22/2011  | 
Contract security guard installed malware on sensitive hospital systems to attack the Anonymous hacking collective.
Page 1 / 4   >   >>


13 Russians Indicted for Massive Operation to Sway US Election
Kelly Sheridan, Associate Editor, Dark Reading,  2/16/2018
Facebook Aims to Make Security More Social
Kelly Sheridan, Associate Editor, Dark Reading,  2/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.