News & Commentary

Content posted in April 2011
Page 1 / 4   >   >>
Users, Service Providers At Odds Over Cloud Security, Study Says
Quick Hits  |  4/30/2011  | 
If providers don't get serious about security soon, users will stop buying cloud services, Ponemon/CA survey states
Sony Says PlayStation Credit Card Data Was Encrypted
News  |  4/29/2011  | 
Security Experts Say 'So What?' PlayStation account-holder data likely still at risk.
Expert: Attacks, Not Vulnerabilities, Are Keys To IT Defense
News  |  4/29/2011  | 
Attackers are increasingly cribbing code from existing exploits, rather than creating new ones
Sony Says PlayStation Credit Card Data Was Encrypted -- Security Experts Say, 'So What?'
News  |  4/29/2011  | 
PlayStation account-holder data likely still at risk
Black Hat, DEFCON Founder To Become CSO Of ICANN
Quick Hits  |  4/28/2011  | 
Jeff Moss will continue to work with Black Hat as conference chair
DHS Creates Public-Private Technology Exchange
News  |  4/28/2011  | 
The Department of Homeland Security gives companies the requirements of a technology, product, or service it's seeking and companies spend their own money to build prototypes.
Phishing Attackers Use Subdomain Registration Services
News  |  4/28/2011  | 
Online criminals doubled their use of unregulated subdomain registration services in the second half of 2010, according to a report by the Anti-Phishing Working Group.
Feds Ready To Take Next Step Of Uninstalling Coreflood Malware
News  |  4/28/2011  | 
Justice Department says it has slashed the botnet's C&C traffic by 90 percent
Global Internet Culture Emerges
News  |  4/28/2011  | 
Internet users worldwide want privacy, security, trust, and freedom of expression, says a report from the Oxford Internet Institute, graduate business school Insead, and comScore.
Schwartz On Security: Smile, Your Smartphone Is Watching
Commentary  |  4/28/2011  | 
In the wake of revelations that Apple devices have been insecurely storing and transmitting location data, it's time for enterprise IT managers to begin spying as well.
Report Questions Feds' 'Alarmist Rhetoric' About Cyberthreats
News  |  4/28/2011  | 
A report from the Mercatus Center at George Mason University warns that overinflating the potential fallout of an online attack could lead to unnecessary regulation of the Internet
Secret Storage Hides Encrypted Data In Plain Sight
News  |  4/27/2011  | 
Researchers identify new technique for disguising encrypted data as "noise" that looks like random disk fragmentation.
Enterprises Logging Security Data, But Still Struggle To Use It
Quick Hits  |  4/27/2011  | 
Seventh annual SANS log management survey shows log data still tough to find and correlate
Is Government Inflating Cyber Threats?
News  |  4/27/2011  | 
A report from the Mercatus Center at George Mason University questions "alarmist rhetoric" and asks whether government agencies can meaningfully improve the security of critical infrastructure.
Kind Of A Mess
Commentary  |  4/27/2011  | 
Internet needs an infrastructure that enables back ends and users to communicate with each other using better authentication--and allows any number of authentication technologies to sign into it
Sony Sued Over PlayStation Network Hack
News  |  4/27/2011  | 
A class action lawsuit charges that Sony failing to protect personal information and credit card numbers of up to 77 million users.
Another Researcher Hit With Threat Of German Anti-Hacking Law
News  |  4/27/2011  | 
German software firm warns researcher who disclosed a vulnerability in its software and offered his help
Apple Explains iPhone Tracking, Promises Fix
News  |  4/27/2011  | 
iPhones track Wi-Fi hotspots and cell towers, not users, Apple said in answering critics, while also promising to fixing a bug that kept too much data.
Iran Alleges Espionage Over Internet Worm
News  |  4/27/2011  | 
Senior government official says foreign governments are launching malware dubbed Stars at the country's nuclear facilities.
Hack Of PlayStation Network Threatens Personal Data Of 77 Million Users
News  |  4/27/2011  | 
After a week of downtime, Sony comes clean about hack, promises to restore service
Few Consumers Victimized By Online Fraud Report It
Quick Hits  |  4/26/2011  | 
New Ponemon Institute report shows consumers prefer using machine fingerprinting over personal information to verify their identities online
China Implicated In Hacking Of SMB Online Bank Accounts
News  |  4/26/2011  | 
FBI warns that small- to midsize businesses are being targeted in an attack that so far has bilked companies' accounts of millions of dollars and wired the money to Chinese companies
Napolitano Calls Cybersecurity A Shared Responsibility
News  |  4/26/2011  | 
The Department of Homeland Security secretary stressed the federal government's involvement in securing cyberspace alongside private companies to mitigate threats to critical infrastructure.
China Implicated In Hacking Of SMB Online Bank Accounts
News  |  4/26/2011  | 
FBI warns that small to midsize businesses are being targeted in an attack that so far has bilked companies' accounts of millions of dollars and wired the money to Chinese companies
Two-Factor Authentication Key To Online Healthcare Services
News  |  4/26/2011  | 
The National Strategy for Trusted Identities in Cyberspace also calls for wider adoption of unique security credentials
Federal ID Strategy To Boost Health Data Security
News  |  4/26/2011  | 
Voluntary plan which seeks two-factor authentication and for online identity management should find wide application in healthcare.
PCI Compliance May Mean Fewer Breaches, Study Says
News  |  4/26/2011  | 
But most professionals still don't think PCI has much of an impact on security, Ponemon/Imperva study says
A Not-So Targeted Targeted Attack
Commentary  |  4/25/2011  | 
RSA was likely among several targets associated with a broader campaign that was designed to seek out industrial secrets
Kidnapped Kaspersky Returns Safe; No Ransom Paid
Quick Hits  |  4/25/2011  | 
Son of security company founder is in a "safe location," company says
Users Still Careless With Email
News  |  4/25/2011  | 
Company employees still consistently send confidential and sensitive information via email in violation of rules and regulations, according to a survey by VaporStream.
Verizon Breach Report Shows Database Security Not Just About Credit Cards Anymore
News  |  4/22/2011  | 
The number of breached records is down, but database servers are still the hot target of attackers--and smaller organizations are also in the bull's eye.
What's Good About iPhone's Location Tracking
Commentary  |  4/22/2011  | 
The iPhone tracking disclosure this week showcases an unfortunate tendency for device manufacturers to focus excessively on their needs and forget those of their users
EV SSL Still A Rarity, Survey Shows
Quick Hits  |  4/22/2011  | 
New Netcraft survey shows EV SSL more popular among heavy-traffic, financial sites
So What If iPhones Spy User Locations
Commentary  |  4/22/2011  | 
The iPhone keeps track on its owner's whereabouts, but without that crucial location data, many services that help make the smartphone so popular wouldn't function.
Verizon Breach Report Shows Database Security Not Just About Credit Cards Anymore
News  |  4/22/2011  | 
The number of breached records is down, but database servers are still the hot target of attackers—and smaller organizations are also in the bull's eye
Hacking Becomes Leading Cause Of Data Breaches
News  |  4/22/2011  | 
Businesses are the main target, and lost data is rarely password-protected or encrypted, according to a report from the Identity Theft Resource Center.
iPhone Logging Your Every Move
News  |  4/22/2011  | 
Introduced with iOS 4, the Apple smartphone is reportedly logging user location information on the phone and computers that syncs the phone via iTunes.
Credit Card Hacker Pleads Guilty
News  |  4/22/2011  | 
Rogelio Hackett Jr. faces 12 years in prison and $500,000 in fines for selling 675,000 credit card numbers used to generate more than $36 million in fraudulent transactions.
Malware Bypasses Security On 64-Bit Windows OS
News  |  4/22/2011  | 
The latest TDL rookit family contains malware that evades security mechanisms built into the latest x64 operating systems, including Microsoft's Windows Vista and Windows 7.
Weaponizing GPS Tracking Devices
News  |  4/22/2011  | 
Researcher demonstrates how he was able to easily turn Zoombak personal GPS devices against their owners
iPhone Tracking Only Tip Of Security Iceberg
News  |  4/21/2011  | 
Mobile devices will present ongoing security and privacy challenges, particularly to businesses that permit personal usage of corporate devices.
Microsoft Updates Vulnerability Disclosure Policies
News  |  4/21/2011  | 
The software company clarifies its vulnerability-handling guidelines and begins issuing security bulletins for third-party products.
One-Fourth Of SSL Websites At Risk
News  |  4/21/2011  | 
Many sites haven't applied patches for well-known 'renegotiation' flaw
Forget Tape Vs. Disk, Use Them Together
Commentary  |  4/21/2011  | 
Tape is ideal for third tier backup data and the cost per GB, performance, and reliability make it an ideal compliment to disk backup.
Phishing Attack Hits Oak Ridge National Laboratory
News  |  4/21/2011  | 
The government lab expects to restore Internet access and external email service next week after losing nearly 1 gigabyte of unclassified data.
Son Of Kaspersky Lab Founder Reportedly Gone Missing
Quick Hits  |  4/21/2011  | 
Russian news reports that 20-year-old Ivan Kaspersky was kidnapped and his captors are demanding ransom
Continuous Monitoring Still A Long Way Off For The Feds
News  |  4/20/2011  | 
Deadline for FISMA compliance reporting via automated tool has past, and few agencies are using it
How To Sort Through Enterprise Mobility Challenges
Commentary  |  4/20/2011  | 
Mobility is demanding the attention of IT. Whether it's building a scalable wireless infrastructure, or supporting the newest smartphone or tablet, the choices are daunting. Interop's wireless and mobility conference track can help sort out these challenges.
Microsoft Issues First Security Alerts For Third-Party Apps
Quick Hits  |  4/20/2011  | 
Monthly or quarterly advisories on deck in the near-term, and Microsoft will only disclose an unfixed bug and offer workarounds if attacks hit
iPhone Software Tracks Location Of Users
News  |  4/20/2011  | 
Apple's iOS 4 operating system collects information about where iPhone users travel, two programmers revealed at the Where 2.0 conference.
Page 1 / 4   >   >>


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15594
PUBLISHED: 2018-08-20
arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests.
CVE-2018-15572
PUBLISHED: 2018-08-20
The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.
CVE-2018-15573
PUBLISHED: 2018-08-20
** DISPUTED ** An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata parameter and a pathname in the lf...
CVE-2018-15574
PUBLISHED: 2018-08-20
** DISPUTED ** An issue was discovered in the license editor in Reprise License Manager (RLM) through 12.2BL2. It is a cross-site scripting vulnerability in the /goform/edit_lf_get_data lf parameter via GET or POST. NOTE: the vendor has stated "We do not consider this a vulnerability."
CVE-2018-15570
PUBLISHED: 2018-08-20
In waimai Super Cms 20150505, there is stored XSS via the /admin.php/Foodcat/editsave fcname parameter.