News & Commentary

Content posted in April 2012
Page 1 / 3   >   >>
Trustworthy Internet Movement Builds SSL 'Avengers'
Quick Hits  |  4/30/2012  | 
Industry's top names in SSL development agree to join task force
Picking Apart Malware In The Cloud
News  |  4/30/2012  | 
Setting up a lab to analyze potentially malicious binaries takes time, so more companies are signing up for services that handle the work
Advanced Attacks Call For New Defenses
News  |  4/30/2012  | 
With conventional wisdom now that 'advanced attacks happen,' has the time come to create the next-generation sandbox or other containment method?
Google Street View Pursued Wardriving By Design
News  |  4/30/2012  | 
FCC slaps Google with a $25,000 fine for obstructing its investigation, but finds no laws broken when Google sniffed unencrypted Wi-Fi data, including usernames and passwords.
Conficker Hard To Kill
News  |  4/30/2012  | 
Eight reasons why killing Conficker remains so tough
8 Reasons Conficker Malware Won't Die
News  |  4/30/2012  | 
Poor corporate password practices and continuing use of Autorun help explain why eradicating this three-year-old worm has been so difficult.
Anonymous Takes Action Following Passage Of CISPA Bill By House
Quick Hits  |  4/30/2012  | 
Anonymous video calls for protest, threatens attacks on multiple organizations in response to proposed legislation
How Would You Architect A New Security Monitoring Product?
Commentary  |  4/30/2012  | 
Cloud, appliance, software? If you were planning on developing a security monitoring platform, which architecture would you use?
Security Bugs And Proofs Of Concept
Commentary  |  4/27/2012  | 
Oracle's recent patch contained exploit code
Busted In 60 Seconds: Malware Reveals Itself In First Minute
News  |  4/27/2012  | 
Nearly half of all malicious programs attempt to communicate out to the Internet in the first minute. Companies need to listen more closely to their networks
Google Drive Privacy: 4 Misunderstood Facts
News  |  4/27/2012  | 
Privacy and security questions have bedeviled the launch of Google's new online file-storage service. Ignore the hype and consider these four key facts.
Logs Still Tough To Decipher, SANS Survey Says
Quick Hits  |  4/26/2012  | 
More organizations employ log management and SIEM tools, but are still struggling to sort the bad traffic from the good
Tech Insight: How To Hack The Password Problem
News  |  4/26/2012  | 
Though they are often the weakest link, passwords aren't going anywhere anytime soon. Here's how to shore up and manage your organization's passwords
Congress Raises Alarm On Iranian Cyber Threat
News  |  4/26/2012  | 
United States should pay attention to threat of Iranian cyber-attacks, say members of Congress and panelists.
Iranian Cyberthreat To U.S. A Growing Concern
News  |  4/26/2012  | 
'Seismic shift' in Iran's cyberstrategy, but the U.S. is lacking an official strategy for response and offense, experts tell Congress
VMware Breached, More Hypervisor Source Code To Come
News  |  4/26/2012  | 
Hacker Hardcore Charlie reveals stolen VMware source code and documents from Asian defense contractors, promises more disclosures in May.
Nissan Hack A Harsh Reminder About Protecting Data Stores From Spies
News  |  4/26/2012  | 
News of corporate espionage attacks against Nissan offers security practitioners a reminder of the real reason they bring home a paycheck
U.K. Users Still Falling Prey To Cyberscams
Quick Hits  |  4/25/2012  | 
Despite security awareness campaigns, many users still give away sensitive information
CounterTack Partners With HP To Enhance Visibility Into In-Progress Cyber Attacks
News  |  4/25/2012  | 
Event Horizon achieves HP ArcSight Common Event Format Certification
PCI: Dead Man(date) Walking?
Commentary  |  4/25/2012  | 
Is Visa's program to eliminate the requirement for assessments in lieu of EMV (chip and pin) transactions the death knell for PCI? Not yet, but the writing is on the wall
Microsoft: Conficker Worm Remains 'Ongoing' Threat
News  |  4/25/2012  | 
Three-year-old 'dead' Windows worm infection is still spreading -- mainly via weak or stolen passwords, new Microsoft report says
VMware Confirms Hacker Leaked Source Code For ESX Hypervisor
News  |  4/25/2012  | 
Officials at VMware have confirmed source code released by a hacker is legitimate, but said customers may not necessarily be at increased risk
Facebook's Newest Move To Tighten Security
News  |  4/25/2012  | 
Facebook enlists the help of Microsoft and four other security vendors as it improves defenses against malware, phishing, and spam. One tactic: Block malicious URLs.
Guardian Analytics Introduces New Anomaly Detection Solution To Protect Mobile Banking Channel
News  |  4/25/2012  | 
FraudMAP Mobile alerts financial institutions to suspicious mobile behavior across all mobile experiences
Mac Users Face Office Update Bugs, Flashback Variants
News  |  4/25/2012  | 
Microsoft removes an automated update for Office for Mac 2011 after users report corrupted Mac Outlook settings, and a new version of Flashback malware surfaces.
Security Teams Need Better Intel, More Offense
News  |  4/24/2012  | 
Adversaries go through five steps to prepare and execute an attack, but defenders only react to the last two steps. It's time for defenders to add intelligence gathering, counterintel, and even offense to the game, security experts say
Healthcare's Checklist Security Mentality Failing, Report Says
News  |  4/24/2012  | 
Despite conducting regular risk analysis, 27% of healthcare organizations suffered a data breach in the last 12 months, twice the percentage reported in 2010. Lack of cohesive security leadership might be to blame, report says.
U.S. Military Robots Of The Future: Visual Tour
Slideshows  |  4/24/2012  | 
Meet robots that fight fires, climb ladders, search for bombs, and race across the battlefield. The technological singularity is near, say military strategists.
Healthcare Industry Now Sharing Attack Intelligence
News  |  4/24/2012  | 
New HITRUST Cybersecurity Incident Response and Coordination Center lets healthcare organizations, U.S. Department of Health and Human Services swap information, forensics from firsthand attack experiences, other threats
Google Drive: Hands-On Winner
Commentary  |  4/24/2012  | 
Google's new online storage service represents the natural evolution of Google Docs, and another transformation for the world of collaborative file management.
DNS Changer: FBI Updates Net Access Shutoff Plans
News  |  4/24/2012  | 
The FBI called: Your malware-infected PC or router needs to get clean, or lose Internet access.
Federal Cyber Overhaul Cost: $710 Million Through 2017
News  |  4/24/2012  | 
Changes to the Federal Information Security Management Act would set the federal government back $710 million over the next five years, according to an estimate by the non-partisan Congressional Budget Office.
Mac Security After Flashback: 5 Key Points
News  |  4/24/2012  | 
Where does the Apple security situation stand in the wake of the Flashback Trojan outbreak? Consider these important data points.
Dead And Dying Targeted In ID Theft
Quick Hits  |  4/24/2012  | 
IDs of 2.5 million dead Americans abused annually, new study shows
Veracode Study Of Software Related Cybersecurity Risks In Public Companies Finds Majority Of Applications Are A Risk
News  |  4/24/2012  | 
Report hones in on the vulnerabilities in the software applications of publicly traded companies
Should FDA Assess Medical Device Defenses Against Hackers?
News  |  4/24/2012  | 
Federal advisory board calls for Congress to assign responsibility for preventing medical cyber-attacks.
2 Medicaid Data Breaches, 1 Weak Link: Employees
News  |  4/24/2012  | 
Second data breach at a state Medicaid agency in less than a month shows need to limit employee access to confidential data, regardless of other security procedures.
Insecure API Implementations Threaten Cloud
News  |  4/24/2012  | 
Web and cloud services allow third-party access by exposing application programming interfaces, but many developers and customers do not adequately secure the keys to the cloud and their data, experts say
How To Boost Enterprise Security Via FFIEC Compliance
Quick Hits  |  4/24/2012  | 
The banking industry's security guidelines might be your ticket to building out your security strategy. Here's how
Compliance Policy Development Do's And Don'ts
News  |  4/23/2012  | 
Policies are the keystone to good GRC, but many organizations don't write them well
Why Megaupload's Kim Dotcom Might Walk Free
News  |  4/23/2012  | 
Racketeering warrant has yet to be served against Megaupload, meaning the charges might fail to meet New Zealand's extradition threshold.
Iran: Oil Industry Hit By Malware Attack
News  |  4/23/2012  | 
Deja vu all over again as Iranian government-owned systems reportedly targeted by a 'worm'
Online Calendar Mistakes Cost Doctors Group $100,000
News  |  4/23/2012  | 
HHS penalizes Phoenix Cardiac Surgery for violating HIPAA privacy regulations, including making patient appointments publicly available on the Internet.
How To Secure Large Data Warehouses
Quick Hits  |  4/22/2012  | 
As more businesses consolidate sensitive data in high-capacity warehouses, the question becomes how to properly secure these potential treasure-houses. Here are some tips
2012 U.S. Election And Targeted Attack Predictions
Commentary  |  4/22/2012  | 
How the increased level and sophistication of of targeted attacks since 2008 may impact this year's U.S. Presidential election campaigns
Anonymous Drives Security Fears, But Not Spending
News  |  4/20/2012  | 
Information security budgets remain focused on stopping malware and advanced persistent threats (APTs), which tend to do more damage in the long run than hacktivists' SQL injection and DDoS attacks.
Making Mobile Banking Safe
News  |  4/20/2012  | 
Banks finding ways to balance security with convenience, but consumers have no way of determining what's safe to use
TSA Tests Identity Verification System
News  |  4/20/2012  | 
In wake of invalid boarding pass scares, Transportation Security Agency seeks to automate the process of authenticating travel documents and matching them to IDs.
Many Identity Theft Protection Services Promise The Impossible
News  |  4/20/2012  | 
Consumer Federation of America report warns about ID theft service providers that offer vague, misleading, or incomplete assurances about their services.
How To Protect Big Data Analytics
Commentary  |  4/20/2012  | 
Big data analytics often means big challenges when it comes to data protection. Here are some things to keep in mind when you're working in these environments.
Page 1 / 3   >   >>


More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark Reading,  5/24/2018
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11471
PUBLISHED: 2018-05-25
Cockpit 0.5.5 has XSS via a collection, form, or region.
CVE-2018-11472
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php).
CVE-2018-11473
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration).
CVE-2018-11474
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at admin/index.php?id=users&action=edit&user_id=1 does not invalidate a session that is open in a different browser.
CVE-2018-11475
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1/edit does not invalidate a session that is open in a different browser.