News & Commentary

Content posted in April 2011
Page 1 / 4   >   >>
Users, Service Providers At Odds Over Cloud Security, Study Says
Quick Hits  |  4/30/2011  | 
If providers don't get serious about security soon, users will stop buying cloud services, Ponemon/CA survey states
Sony Says PlayStation Credit Card Data Was Encrypted
News  |  4/29/2011  | 
Security Experts Say 'So What?' PlayStation account-holder data likely still at risk.
Expert: Attacks, Not Vulnerabilities, Are Keys To IT Defense
News  |  4/29/2011  | 
Attackers are increasingly cribbing code from existing exploits, rather than creating new ones
Sony Says PlayStation Credit Card Data Was Encrypted -- Security Experts Say, 'So What?'
News  |  4/29/2011  | 
PlayStation account-holder data likely still at risk
Black Hat, DEFCON Founder To Become CSO Of ICANN
Quick Hits  |  4/28/2011  | 
Jeff Moss will continue to work with Black Hat as conference chair
DHS Creates Public-Private Technology Exchange
News  |  4/28/2011  | 
The Department of Homeland Security gives companies the requirements of a technology, product, or service it's seeking and companies spend their own money to build prototypes.
Phishing Attackers Use Subdomain Registration Services
News  |  4/28/2011  | 
Online criminals doubled their use of unregulated subdomain registration services in the second half of 2010, according to a report by the Anti-Phishing Working Group.
Feds Ready To Take Next Step Of Uninstalling Coreflood Malware
News  |  4/28/2011  | 
Justice Department says it has slashed the botnet's C&C traffic by 90 percent
Global Internet Culture Emerges
News  |  4/28/2011  | 
Internet users worldwide want privacy, security, trust, and freedom of expression, says a report from the Oxford Internet Institute, graduate business school Insead, and comScore.
Schwartz On Security: Smile, Your Smartphone Is Watching
Commentary  |  4/28/2011  | 
In the wake of revelations that Apple devices have been insecurely storing and transmitting location data, it's time for enterprise IT managers to begin spying as well.
Report Questions Feds' 'Alarmist Rhetoric' About Cyberthreats
News  |  4/28/2011  | 
A report from the Mercatus Center at George Mason University warns that overinflating the potential fallout of an online attack could lead to unnecessary regulation of the Internet
Secret Storage Hides Encrypted Data In Plain Sight
News  |  4/27/2011  | 
Researchers identify new technique for disguising encrypted data as "noise" that looks like random disk fragmentation.
Enterprises Logging Security Data, But Still Struggle To Use It
Quick Hits  |  4/27/2011  | 
Seventh annual SANS log management survey shows log data still tough to find and correlate
Is Government Inflating Cyber Threats?
News  |  4/27/2011  | 
A report from the Mercatus Center at George Mason University questions "alarmist rhetoric" and asks whether government agencies can meaningfully improve the security of critical infrastructure.
Kind Of A Mess
Commentary  |  4/27/2011  | 
Internet needs an infrastructure that enables back ends and users to communicate with each other using better authentication--and allows any number of authentication technologies to sign into it
Sony Sued Over PlayStation Network Hack
News  |  4/27/2011  | 
A class action lawsuit charges that Sony failing to protect personal information and credit card numbers of up to 77 million users.
Another Researcher Hit With Threat Of German Anti-Hacking Law
News  |  4/27/2011  | 
German software firm warns researcher who disclosed a vulnerability in its software and offered his help
Apple Explains iPhone Tracking, Promises Fix
News  |  4/27/2011  | 
iPhones track Wi-Fi hotspots and cell towers, not users, Apple said in answering critics, while also promising to fixing a bug that kept too much data.
Iran Alleges Espionage Over Internet Worm
News  |  4/27/2011  | 
Senior government official says foreign governments are launching malware dubbed Stars at the country's nuclear facilities.
Hack Of PlayStation Network Threatens Personal Data Of 77 Million Users
News  |  4/27/2011  | 
After a week of downtime, Sony comes clean about hack, promises to restore service
Few Consumers Victimized By Online Fraud Report It
Quick Hits  |  4/26/2011  | 
New Ponemon Institute report shows consumers prefer using machine fingerprinting over personal information to verify their identities online
China Implicated In Hacking Of SMB Online Bank Accounts
News  |  4/26/2011  | 
FBI warns that small- to midsize businesses are being targeted in an attack that so far has bilked companies' accounts of millions of dollars and wired the money to Chinese companies
Napolitano Calls Cybersecurity A Shared Responsibility
News  |  4/26/2011  | 
The Department of Homeland Security secretary stressed the federal government's involvement in securing cyberspace alongside private companies to mitigate threats to critical infrastructure.
China Implicated In Hacking Of SMB Online Bank Accounts
News  |  4/26/2011  | 
FBI warns that small to midsize businesses are being targeted in an attack that so far has bilked companies' accounts of millions of dollars and wired the money to Chinese companies
Two-Factor Authentication Key To Online Healthcare Services
News  |  4/26/2011  | 
The National Strategy for Trusted Identities in Cyberspace also calls for wider adoption of unique security credentials
Federal ID Strategy To Boost Health Data Security
News  |  4/26/2011  | 
Voluntary plan which seeks two-factor authentication and for online identity management should find wide application in healthcare.
PCI Compliance May Mean Fewer Breaches, Study Says
News  |  4/26/2011  | 
But most professionals still don't think PCI has much of an impact on security, Ponemon/Imperva study says
A Not-So Targeted Targeted Attack
Commentary  |  4/25/2011  | 
RSA was likely among several targets associated with a broader campaign that was designed to seek out industrial secrets
Kidnapped Kaspersky Returns Safe; No Ransom Paid
Quick Hits  |  4/25/2011  | 
Son of security company founder is in a "safe location," company says
Users Still Careless With Email
News  |  4/25/2011  | 
Company employees still consistently send confidential and sensitive information via email in violation of rules and regulations, according to a survey by VaporStream.
Verizon Breach Report Shows Database Security Not Just About Credit Cards Anymore
News  |  4/22/2011  | 
The number of breached records is down, but database servers are still the hot target of attackers--and smaller organizations are also in the bull's eye.
What's Good About iPhone's Location Tracking
Commentary  |  4/22/2011  | 
The iPhone tracking disclosure this week showcases an unfortunate tendency for device manufacturers to focus excessively on their needs and forget those of their users
EV SSL Still A Rarity, Survey Shows
Quick Hits  |  4/22/2011  | 
New Netcraft survey shows EV SSL more popular among heavy-traffic, financial sites
So What If iPhones Spy User Locations
Commentary  |  4/22/2011  | 
The iPhone keeps track on its owner's whereabouts, but without that crucial location data, many services that help make the smartphone so popular wouldn't function.
Verizon Breach Report Shows Database Security Not Just About Credit Cards Anymore
News  |  4/22/2011  | 
The number of breached records is down, but database servers are still the hot target of attackers—and smaller organizations are also in the bull's eye
Hacking Becomes Leading Cause Of Data Breaches
News  |  4/22/2011  | 
Businesses are the main target, and lost data is rarely password-protected or encrypted, according to a report from the Identity Theft Resource Center.
iPhone Logging Your Every Move
News  |  4/22/2011  | 
Introduced with iOS 4, the Apple smartphone is reportedly logging user location information on the phone and computers that syncs the phone via iTunes.
Credit Card Hacker Pleads Guilty
News  |  4/22/2011  | 
Rogelio Hackett Jr. faces 12 years in prison and $500,000 in fines for selling 675,000 credit card numbers used to generate more than $36 million in fraudulent transactions.
Malware Bypasses Security On 64-Bit Windows OS
News  |  4/22/2011  | 
The latest TDL rookit family contains malware that evades security mechanisms built into the latest x64 operating systems, including Microsoft's Windows Vista and Windows 7.
Weaponizing GPS Tracking Devices
News  |  4/22/2011  | 
Researcher demonstrates how he was able to easily turn Zoombak personal GPS devices against their owners
iPhone Tracking Only Tip Of Security Iceberg
News  |  4/21/2011  | 
Mobile devices will present ongoing security and privacy challenges, particularly to businesses that permit personal usage of corporate devices.
Microsoft Updates Vulnerability Disclosure Policies
News  |  4/21/2011  | 
The software company clarifies its vulnerability-handling guidelines and begins issuing security bulletins for third-party products.
One-Fourth Of SSL Websites At Risk
News  |  4/21/2011  | 
Many sites haven't applied patches for well-known 'renegotiation' flaw
Forget Tape Vs. Disk, Use Them Together
Commentary  |  4/21/2011  | 
Tape is ideal for third tier backup data and the cost per GB, performance, and reliability make it an ideal compliment to disk backup.
Phishing Attack Hits Oak Ridge National Laboratory
News  |  4/21/2011  | 
The government lab expects to restore Internet access and external email service next week after losing nearly 1 gigabyte of unclassified data.
Son Of Kaspersky Lab Founder Reportedly Gone Missing
Quick Hits  |  4/21/2011  | 
Russian news reports that 20-year-old Ivan Kaspersky was kidnapped and his captors are demanding ransom
Continuous Monitoring Still A Long Way Off For The Feds
News  |  4/20/2011  | 
Deadline for FISMA compliance reporting via automated tool has past, and few agencies are using it
How To Sort Through Enterprise Mobility Challenges
Commentary  |  4/20/2011  | 
Mobility is demanding the attention of IT. Whether it's building a scalable wireless infrastructure, or supporting the newest smartphone or tablet, the choices are daunting. Interop's wireless and mobility conference track can help sort out these challenges.
Microsoft Issues First Security Alerts For Third-Party Apps
Quick Hits  |  4/20/2011  | 
Monthly or quarterly advisories on deck in the near-term, and Microsoft will only disclose an unfixed bug and offer workarounds if attacks hit
iPhone Software Tracks Location Of Users
News  |  4/20/2011  | 
Apple's iOS 4 operating system collects information about where iPhone users travel, two programmers revealed at the Where 2.0 conference.
Page 1 / 4   >   >>


More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark Reading,  5/24/2018
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11505
PUBLISHED: 2018-05-26
The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output.
CVE-2018-6409
PUBLISHED: 2018-05-26
An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.
CVE-2018-6410
PUBLISHED: 2018-05-26
An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter.
CVE-2018-6411
PUBLISHED: 2018-05-26
An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form_elements SQL Injection.
CVE-2018-11500
PUBLISHED: 2018-05-26
An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account.