Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in April 2011
Page 1 / 4   >   >>
Users, Service Providers At Odds Over Cloud Security, Study Says
Quick Hits  |  4/30/2011  | 
If providers don't get serious about security soon, users will stop buying cloud services, Ponemon/CA survey states
Sony Says PlayStation Credit Card Data Was Encrypted
News  |  4/29/2011  | 
Security Experts Say 'So What?' PlayStation account-holder data likely still at risk.
Expert: Attacks, Not Vulnerabilities, Are Keys To IT Defense
News  |  4/29/2011  | 
Attackers are increasingly cribbing code from existing exploits, rather than creating new ones
Sony Says PlayStation Credit Card Data Was Encrypted -- Security Experts Say, 'So What?'
News  |  4/29/2011  | 
PlayStation account-holder data likely still at risk
Black Hat, DEFCON Founder To Become CSO Of ICANN
Quick Hits  |  4/28/2011  | 
Jeff Moss will continue to work with Black Hat as conference chair
DHS Creates Public-Private Technology Exchange
News  |  4/28/2011  | 
The Department of Homeland Security gives companies the requirements of a technology, product, or service it's seeking and companies spend their own money to build prototypes.
Phishing Attackers Use Subdomain Registration Services
News  |  4/28/2011  | 
Online criminals doubled their use of unregulated subdomain registration services in the second half of 2010, according to a report by the Anti-Phishing Working Group.
Feds Ready To Take Next Step Of Uninstalling Coreflood Malware
News  |  4/28/2011  | 
Justice Department says it has slashed the botnet's C&C traffic by 90 percent
Global Internet Culture Emerges
News  |  4/28/2011  | 
Internet users worldwide want privacy, security, trust, and freedom of expression, says a report from the Oxford Internet Institute, graduate business school Insead, and comScore.
Schwartz On Security: Smile, Your Smartphone Is Watching
Commentary  |  4/28/2011  | 
In the wake of revelations that Apple devices have been insecurely storing and transmitting location data, it's time for enterprise IT managers to begin spying as well.
Report Questions Feds' 'Alarmist Rhetoric' About Cyberthreats
News  |  4/28/2011  | 
A report from the Mercatus Center at George Mason University warns that overinflating the potential fallout of an online attack could lead to unnecessary regulation of the Internet
Secret Storage Hides Encrypted Data In Plain Sight
News  |  4/27/2011  | 
Researchers identify new technique for disguising encrypted data as "noise" that looks like random disk fragmentation.
Enterprises Logging Security Data, But Still Struggle To Use It
Quick Hits  |  4/27/2011  | 
Seventh annual SANS log management survey shows log data still tough to find and correlate
Is Government Inflating Cyber Threats?
News  |  4/27/2011  | 
A report from the Mercatus Center at George Mason University questions "alarmist rhetoric" and asks whether government agencies can meaningfully improve the security of critical infrastructure.
Kind Of A Mess
Commentary  |  4/27/2011  | 
Internet needs an infrastructure that enables back ends and users to communicate with each other using better authentication--and allows any number of authentication technologies to sign into it
Sony Sued Over PlayStation Network Hack
News  |  4/27/2011  | 
A class action lawsuit charges that Sony failing to protect personal information and credit card numbers of up to 77 million users.
Another Researcher Hit With Threat Of German Anti-Hacking Law
News  |  4/27/2011  | 
German software firm warns researcher who disclosed a vulnerability in its software and offered his help
Apple Explains iPhone Tracking, Promises Fix
News  |  4/27/2011  | 
iPhones track Wi-Fi hotspots and cell towers, not users, Apple said in answering critics, while also promising to fixing a bug that kept too much data.
Iran Alleges Espionage Over Internet Worm
News  |  4/27/2011  | 
Senior government official says foreign governments are launching malware dubbed Stars at the country's nuclear facilities.
Hack Of PlayStation Network Threatens Personal Data Of 77 Million Users
News  |  4/27/2011  | 
After a week of downtime, Sony comes clean about hack, promises to restore service
Few Consumers Victimized By Online Fraud Report It
Quick Hits  |  4/26/2011  | 
New Ponemon Institute report shows consumers prefer using machine fingerprinting over personal information to verify their identities online
China Implicated In Hacking Of SMB Online Bank Accounts
News  |  4/26/2011  | 
FBI warns that small- to midsize businesses are being targeted in an attack that so far has bilked companies' accounts of millions of dollars and wired the money to Chinese companies
Napolitano Calls Cybersecurity A Shared Responsibility
News  |  4/26/2011  | 
The Department of Homeland Security secretary stressed the federal government's involvement in securing cyberspace alongside private companies to mitigate threats to critical infrastructure.
China Implicated In Hacking Of SMB Online Bank Accounts
News  |  4/26/2011  | 
FBI warns that small to midsize businesses are being targeted in an attack that so far has bilked companies' accounts of millions of dollars and wired the money to Chinese companies
Two-Factor Authentication Key To Online Healthcare Services
News  |  4/26/2011  | 
The National Strategy for Trusted Identities in Cyberspace also calls for wider adoption of unique security credentials
Federal ID Strategy To Boost Health Data Security
News  |  4/26/2011  | 
Voluntary plan which seeks two-factor authentication and for online identity management should find wide application in healthcare.
PCI Compliance May Mean Fewer Breaches, Study Says
News  |  4/26/2011  | 
But most professionals still don't think PCI has much of an impact on security, Ponemon/Imperva study says
A Not-So Targeted Targeted Attack
Commentary  |  4/25/2011  | 
RSA was likely among several targets associated with a broader campaign that was designed to seek out industrial secrets
Kidnapped Kaspersky Returns Safe; No Ransom Paid
Quick Hits  |  4/25/2011  | 
Son of security company founder is in a "safe location," company says
Users Still Careless With Email
News  |  4/25/2011  | 
Company employees still consistently send confidential and sensitive information via email in violation of rules and regulations, according to a survey by VaporStream.
Verizon Breach Report Shows Database Security Not Just About Credit Cards Anymore
News  |  4/22/2011  | 
The number of breached records is down, but database servers are still the hot target of attackers--and smaller organizations are also in the bull's eye.
What's Good About iPhone's Location Tracking
Commentary  |  4/22/2011  | 
The iPhone tracking disclosure this week showcases an unfortunate tendency for device manufacturers to focus excessively on their needs and forget those of their users
EV SSL Still A Rarity, Survey Shows
Quick Hits  |  4/22/2011  | 
New Netcraft survey shows EV SSL more popular among heavy-traffic, financial sites
So What If iPhones Spy User Locations
Commentary  |  4/22/2011  | 
The iPhone keeps track on its owner's whereabouts, but without that crucial location data, many services that help make the smartphone so popular wouldn't function.
Verizon Breach Report Shows Database Security Not Just About Credit Cards Anymore
News  |  4/22/2011  | 
The number of breached records is down, but database servers are still the hot target of attackers—and smaller organizations are also in the bull's eye
Hacking Becomes Leading Cause Of Data Breaches
News  |  4/22/2011  | 
Businesses are the main target, and lost data is rarely password-protected or encrypted, according to a report from the Identity Theft Resource Center.
iPhone Logging Your Every Move
News  |  4/22/2011  | 
Introduced with iOS 4, the Apple smartphone is reportedly logging user location information on the phone and computers that syncs the phone via iTunes.
Credit Card Hacker Pleads Guilty
News  |  4/22/2011  | 
Rogelio Hackett Jr. faces 12 years in prison and $500,000 in fines for selling 675,000 credit card numbers used to generate more than $36 million in fraudulent transactions.
Malware Bypasses Security On 64-Bit Windows OS
News  |  4/22/2011  | 
The latest TDL rookit family contains malware that evades security mechanisms built into the latest x64 operating systems, including Microsoft's Windows Vista and Windows 7.
Weaponizing GPS Tracking Devices
News  |  4/22/2011  | 
Researcher demonstrates how he was able to easily turn Zoombak personal GPS devices against their owners
iPhone Tracking Only Tip Of Security Iceberg
News  |  4/21/2011  | 
Mobile devices will present ongoing security and privacy challenges, particularly to businesses that permit personal usage of corporate devices.
Microsoft Updates Vulnerability Disclosure Policies
News  |  4/21/2011  | 
The software company clarifies its vulnerability-handling guidelines and begins issuing security bulletins for third-party products.
One-Fourth Of SSL Websites At Risk
News  |  4/21/2011  | 
Many sites haven't applied patches for well-known 'renegotiation' flaw
Forget Tape Vs. Disk, Use Them Together
Commentary  |  4/21/2011  | 
Tape is ideal for third tier backup data and the cost per GB, performance, and reliability make it an ideal compliment to disk backup.
Phishing Attack Hits Oak Ridge National Laboratory
News  |  4/21/2011  | 
The government lab expects to restore Internet access and external email service next week after losing nearly 1 gigabyte of unclassified data.
Son Of Kaspersky Lab Founder Reportedly Gone Missing
Quick Hits  |  4/21/2011  | 
Russian news reports that 20-year-old Ivan Kaspersky was kidnapped and his captors are demanding ransom
Continuous Monitoring Still A Long Way Off For The Feds
News  |  4/20/2011  | 
Deadline for FISMA compliance reporting via automated tool has past, and few agencies are using it
How To Sort Through Enterprise Mobility Challenges
Commentary  |  4/20/2011  | 
Mobility is demanding the attention of IT. Whether it's building a scalable wireless infrastructure, or supporting the newest smartphone or tablet, the choices are daunting. Interop's wireless and mobility conference track can help sort out these challenges.
Microsoft Issues First Security Alerts For Third-Party Apps
Quick Hits  |  4/20/2011  | 
Monthly or quarterly advisories on deck in the near-term, and Microsoft will only disclose an unfixed bug and offer workarounds if attacks hit
iPhone Software Tracks Location Of Users
News  |  4/20/2011  | 
Apple's iOS 4 operating system collects information about where iPhone users travel, two programmers revealed at the Where 2.0 conference.
Page 1 / 4   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8966
PUBLISHED: 2020-04-01
There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. Tiki-Wiki CMS all versions through 20.0 allows malicious users to cause the injection of malicious code fragments (scripts) into a legitimate web page.
CVE-2020-11463
PUBLISHED: 2020-04-01
An issue was discovered in Deskpro before 2019.8.0. The /api/email_accounts endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve cleartext credentials of all helpdesk email accounts, including incoming and outgoing email credentials. This enables an attacker to g...
CVE-2020-11464
PUBLISHED: 2020-04-01
An issue was discovered in Deskpro before 2019.8.0. The /api/people endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve sensitive information about all users registered on the system. This includes their full name, privilege, email address, phone number, etc.
CVE-2020-11465
PUBLISHED: 2020-04-01
An issue was discovered in Deskpro before 2019.8.0. The /api/apps/* endpoints failed to properly validate a user's privilege, allowing an attacker to control/install helpdesk applications and leak current applications' configurations, including applications used as user sources (used for authenticat...
CVE-2020-11466
PUBLISHED: 2020-04-01
An issue was discovered in Deskpro before 2019.8.0. The /api/tickets endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve arbitrary information about all helpdesk tickets stored in database with numerous filters. This leaked sensitive information to unauthorized ...