News & Commentary
Content posted in April 2012
|
Trustworthy Internet Movement Builds SSL 'Avengers'
Industry's top names in SSL development agree to join task force
Picking Apart Malware In The Cloud
Setting up a lab to analyze potentially malicious binaries takes time, so more companies are signing up for services that handle the work
Advanced Attacks Call For New Defenses
With conventional wisdom now that 'advanced attacks happen,' has the time come to create the next-generation sandbox or other containment method?
Google Street View Pursued Wardriving By Design
FCC slaps Google with a $25,000 fine for obstructing its investigation, but finds no laws broken when
Google sniffed unencrypted Wi-Fi data, including usernames and passwords.
Conficker Hard To Kill
Eight reasons why killing Conficker remains so tough
8 Reasons Conficker Malware Won't Die
Poor corporate password practices and continuing use of Autorun help explain why eradicating this three-year-old worm has been so difficult.
Anonymous Takes Action Following Passage Of CISPA Bill By House
Anonymous video calls for protest, threatens attacks on multiple organizations in response to proposed legislation
How Would You Architect A New Security Monitoring Product?
Cloud, appliance, software? If you were planning on developing a security monitoring platform, which architecture would you use?
Security Bugs And Proofs Of Concept
Oracle's recent patch contained exploit code
Busted In 60 Seconds: Malware Reveals Itself In First Minute
Nearly half of all malicious programs attempt to communicate out to the Internet in the first minute. Companies need to listen more closely to their networks
Google Drive Privacy: 4 Misunderstood Facts
Privacy and security questions have bedeviled the launch of Google's new online file-storage service. Ignore the hype and consider these four key facts.
Logs Still Tough To Decipher, SANS Survey Says
More organizations employ log management and SIEM tools, but are still struggling to sort the bad traffic from the good
Tech Insight: How To Hack The Password Problem
Though they are often the weakest link, passwords aren't going anywhere anytime soon. Here's how to shore up and manage your organization's passwords
Congress Raises Alarm On Iranian Cyber Threat
United States should pay attention to threat of Iranian cyber-attacks, say members of Congress and panelists.
Iranian Cyberthreat To U.S. A Growing Concern
'Seismic shift' in Iran's cyberstrategy, but the U.S. is lacking an official strategy for response and offense, experts tell Congress
VMware Breached, More Hypervisor Source Code To Come
Hacker Hardcore Charlie reveals stolen VMware source code and documents from Asian defense contractors, promises more disclosures in May.
Nissan Hack A Harsh Reminder About Protecting Data Stores From Spies
News of corporate espionage attacks against Nissan offers security practitioners a reminder of the real reason they bring home a paycheck
U.K. Users Still Falling Prey To Cyberscams
Despite security awareness campaigns, many users still give away sensitive information
CounterTack Partners With HP To Enhance Visibility Into In-Progress Cyber Attacks
Event Horizon achieves HP ArcSight Common Event Format Certification
PCI: Dead Man(date) Walking?
Is Visa's program to eliminate the requirement for assessments in lieu of EMV (chip and pin) transactions the death knell for PCI? Not yet, but the writing is on the wall
Microsoft: Conficker Worm Remains 'Ongoing' Threat
Three-year-old 'dead' Windows worm infection is still spreading -- mainly via weak or stolen passwords, new Microsoft report says
VMware Confirms Hacker Leaked Source Code For ESX Hypervisor
Officials at VMware have confirmed source code released by a hacker is legitimate, but said customers may not necessarily be at increased risk
Facebook's Newest Move To Tighten Security
Facebook enlists the help of Microsoft and four other security vendors as it improves defenses against malware, phishing, and spam. One tactic: Block malicious URLs.
Guardian Analytics Introduces New Anomaly Detection Solution To Protect Mobile Banking Channel
FraudMAP Mobile alerts financial institutions to suspicious mobile behavior across all mobile experiences
Mac Users Face Office Update Bugs, Flashback Variants
Microsoft removes an automated update for Office for Mac 2011
after users report corrupted Mac Outlook settings, and a new version of Flashback malware surfaces.
Security Teams Need Better Intel, More Offense
Adversaries go through five steps to prepare and execute an attack, but defenders only react to the last two steps. It's time for defenders to add intelligence gathering, counterintel, and even offense to the game, security experts say
Healthcare's Checklist Security Mentality Failing, Report Says
Despite conducting regular risk analysis, 27% of healthcare organizations suffered a data breach in the last 12 months, twice the percentage reported in 2010. Lack of cohesive security leadership might be to blame, report says.
U.S. Military Robots Of The Future: Visual Tour
Meet robots that fight fires, climb ladders, search for bombs, and race across the battlefield. The technological singularity is near, say military strategists.
Healthcare Industry Now Sharing Attack Intelligence
New HITRUST Cybersecurity Incident Response and Coordination Center lets healthcare organizations, U.S. Department of Health and Human Services swap information, forensics from firsthand attack experiences, other threats
Google Drive: Hands-On Winner
Google's new online storage service represents the natural evolution of Google Docs, and another transformation for the world of collaborative file management.
DNS Changer: FBI Updates Net Access Shutoff Plans
The FBI called: Your malware-infected PC or router needs to get clean, or lose Internet access.
Federal Cyber Overhaul Cost: $710 Million Through 2017
Changes to the Federal Information Security Management Act would set the federal government back $710 million over the next five years, according to an estimate by the non-partisan Congressional Budget Office.
Mac Security After Flashback: 5 Key Points
Where does the Apple security situation stand in the wake of the Flashback Trojan outbreak? Consider these important data points.
Dead And Dying Targeted In ID Theft
IDs of 2.5 million dead Americans abused annually, new study shows
Veracode Study Of Software Related Cybersecurity Risks In Public Companies Finds Majority Of Applications Are A Risk
Report hones in on the vulnerabilities in the software applications of publicly traded companies
Should FDA Assess Medical Device Defenses Against Hackers?
Federal advisory board calls for Congress to assign responsibility for preventing medical cyber-attacks.
2 Medicaid Data Breaches, 1 Weak Link: Employees
Second data breach at a state Medicaid agency in less than a month shows need to limit employee access to confidential data, regardless of other security procedures.
Insecure API Implementations Threaten Cloud
Web and cloud services allow third-party access by exposing application programming interfaces, but many developers and customers do not adequately secure the keys to the cloud and their data, experts say
How To Boost Enterprise Security Via FFIEC Compliance
The banking industry's security guidelines might be your ticket to building out your security strategy. Here's how
Compliance Policy Development Do's And Don'ts
Policies are the keystone to good GRC, but many organizations don't write them well
Why Megaupload's Kim Dotcom Might Walk Free
Racketeering warrant has yet to be served against Megaupload, meaning the charges might fail to meet New Zealand's extradition threshold.
Iran: Oil Industry Hit By Malware Attack
Deja vu all over again as Iranian government-owned systems reportedly targeted by a 'worm'
Online Calendar Mistakes Cost Doctors Group $100,000
HHS penalizes Phoenix Cardiac Surgery for violating HIPAA privacy regulations, including making patient appointments publicly available on the Internet.
How To Secure Large Data Warehouses
As more businesses consolidate sensitive data in high-capacity warehouses, the question becomes how to properly secure these potential treasure-houses. Here are some tips
2012 U.S. Election And Targeted Attack Predictions
How the increased level and sophistication of of targeted attacks since 2008 may impact this year's U.S. Presidential election campaigns
Anonymous Drives Security Fears, But Not Spending
Information security budgets remain focused on stopping malware and advanced persistent threats (APTs), which tend to do more damage in the long run than hacktivists' SQL injection and DDoS attacks.
Making Mobile Banking Safe
Banks finding ways to balance security with convenience, but consumers have no way of determining what's safe to use
TSA Tests Identity Verification System
In wake of invalid boarding pass scares, Transportation Security Agency seeks to automate the process of authenticating travel documents and matching them to IDs.
Many Identity Theft Protection Services Promise The Impossible
Consumer Federation of America report warns about ID theft service providers that offer vague, misleading, or incomplete assurances about their services.
How To Protect Big Data Analytics
Big data analytics often means big challenges when it comes to data protection. Here are some things to keep in mind when you're working in these environments.
|
White Papers
Video
1 Comments
Current Issue
Flash Poll
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security — even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-10839
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
From DHS/US-CERT's National Vulnerability Database CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This