Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in April 2012
<<   <   Page 2 / 3   >   >>
Apple Mac Attack Began With Infected WordPress Sites
News  |  4/20/2012  | 
Security researchers watch for a possible Flashback comeback by the botnet operators.
FBI Seizes Anonymizing Email Service Server
News  |  4/20/2012  | 
Privacy activists criticize the FBI's anonymous remailer server takedown that resulted from a bomb threat investigation.
You Need Help, Not An Accomplice
Commentary  |  4/20/2012  | 
Compliance is about being better and not just proving you are right
Linsanity, Whitney's Death, And New Android Threats Dominate This Quarter's Cybercrime Scene
News  |  4/20/2012  | 
Trend Micro issues new security roundup report for Q1 2012
Apple Mac Attack Began With Infected WordPress Sites
News  |  4/19/2012  | 
Meanwhile, researchers await a possible Flashback comeback by the botnet operators
Cybercriminals Check In At Hotel Point-Of-Sale Systems
Quick Hits  |  4/19/2012  | 
New attack tool sold in black hat underground targets the hotel front desk at a global hotel chain
Anonymous Builds New Haven For Stolen Data
News  |  4/19/2012  | 
Saying Pastebin has censored its posts, Anonymous creates AnonPaste, a new site where hacktivists can dump stolen data.
Federal IT Survey: Hacktivists, Cybercriminals Are Top Threats
News  |  4/19/2012  | 
Our first Federal Government Cybersecurity Survey reveals what concerns IT teams the most, and how they’re fighting back with continuous monitoring and other technologies.
Anonymous Must Evolve Or Break Down, Say Researchers
News  |  4/19/2012  | 
The movement started as an Internet meme and grew into a complex and chaotic community. Security experts argue that the Anonymous brand is now in danger of imploding
Three Security Snags That Expose The Database
News  |  4/19/2012  | 
Insecure Web apps, no linkage to IAM, and poorly configured segmentation all contribute to database vulnerability
FBI Charges Man In $1 Million Stock-Fraud Hacking Scheme
News  |  4/18/2012  | 
Hacking crew used accounts under its control to conduct sham trades
Former FBI Cybercrime Top Cop Joins Startup That Targets The Attacker
News  |  4/18/2012  | 
Shawn Henry now heading up services arm of CrowdStrike, the semi-stealth startup that plans to more aggressively profile, target, and, ultimately, help unmask sophisticated cyberattackers
Mac Trojan Fallout: Apple Security Glory Days Gone?
Commentary  |  4/18/2012  | 
Apple's reputation as an unattractive target for malware writers changed when the Flashback trojan hit more than 600,000 Macs. But Windows security still looks worse.
Flashback Malware Eradication Campaign Slower Than Expected
News  |  4/18/2012  | 
Efforts to remove infection from Apple computers is not as effective as security experts had hoped.
FBI Arrests Another Anonymous Member
News  |  4/18/2012  | 
Authorities said they busted John Anthony Borell III after he failed to properly anonymize his identity
Anonymous Hackers Not Smart On Anonymity, Feds Say
News  |  4/18/2012  | 
For second time recently, authorities arrest an alleged Anonymous member after he shared too many details via social media.
How Did They Get In? A Guide To Tracking Down The Source Of An APT
Quick Hits  |  4/18/2012  | 
Advanced persistent threats can be complex and sophisticated. Here are some tips on how to analyze them
DOE Lab Releases Open-Source Attack Intelligence Tool
News  |  4/17/2012  | 
Pacific Northwest National Laboratory offers up, continues to build out a tool that drills down into the processes and apps employed by the bad guys
NYC No. 1 In E-Commerce Fraud
Quick Hits  |  4/17/2012  | 
New report says most online fraud in the U.S. comes from the Big Apple, followed by Atlanta, Chicago, Los Angeles, and Omaha, Neb.
CISPA Bill: 5 Main Privacy Worries
News  |  4/17/2012  | 
Privacy rights groups have launched a week of protests against the House bill, warning that CISPA will weaken current wiretapping and electronic communication laws.
Feds Bust 'Farmer's Market' For Online Drugs
News  |  4/17/2012  | 
Eight people arrested on charges of running The Farmer's Market, an online bazaar offering a range of narcotics, including LSD and marijuana, to customers in 34 countries.
Making Compliance Work
Quick Hits  |  4/17/2012  | 
New Dark Reading Alert offers closer look at the successes and failures of security compliance
Owned, Managed, Or Cloud? Choosing A Security Strategy
News  |  4/16/2012  | 
Cloud saves money, managed provides expertise, and do-it-yourself security offers more control. The choice depends on priorities and financial realities
Botnet Takedowns Can Incur Collateral Damage
News  |  4/16/2012  | 
Microsoft Zeus botnet case demonstrates risks, challenges associated with takedowns when multiple groups are tracking the same botnet
Two Mac Trojans: Apple Patching Fast Enough?
News  |  4/16/2012  | 
Attackers behind the Flashback and SabPub malware likely reverse-engineered a Java vulnerability patched for Windows almost two months ago by Oracle.
Log Standards: Put Up, Shut Up, Give Up, Or Throw Up?
Commentary  |  4/16/2012  | 
Do we need logging standards, or should we just follow the leaders to help direct our logging efforts?
Your Compliance Is Decaying Every Day
Commentary  |  4/16/2012  | 
As soon as you train your colleagues about compliance, noncompliance is back in charge
Quantum Debuts LTFS Storage Appliances
News  |  4/16/2012  | 
Quantum enters soon-to-be crowded linear tape file system space, catering to customers who need to store and access huge amounts of data on tape.
Anonymous Hacker Girlfriend Pictures Revealed Much, Police Say
News  |  4/16/2012  | 
Alleged member of hacktivist group Anonymous busted after GPS coordinates in an iPhone image led authorities to his Australian girlfriend.
Caution: That New Angry Birds Game Could Be Malware
Quick Hits  |  4/16/2012  | 
New Android malware claims to be new game version, but actually turns your Droid into a bot
Is Monitoring The New Must-Have Of Security?
News  |  4/14/2012  | 
With attacks regularly getting past the perimeter, detecting anomalies early is increasingly important. Companies should go beyond compliance, experts say
Cognizant Selects Savvis Cloud And Data Services To Expand Capabilities
News  |  4/13/2012  | 
Cognizant will combine Savvis' services with remote infrastructure management, application, consulting, and business process services
Firefox To Require Permission For Plug-Ins
News  |  4/13/2012  | 
Mozilla hopes to make Firefox more secure by having users opt in for plug-ins.
DHS Network Monitoring: 4th Amendment Problems?
News  |  4/13/2012  | 
Einstein network monitoring system, designed to spot cyber attacks, could raise privacy concerns related to Fourth amendment, Congressional Research Service says.
Biggest Threats Come From Inside The Enterprise, Survey Says
Quick Hits  |  4/13/2012  | 
Lack of network visibility, insider threats are top worries in survey of security pros
Controversy Erupts Over Microsoft's Recent Takedown Of A Zeus Botnet
News  |  4/12/2012  | 
Dutch researchers accuse Microsoft of mishandling the recent Zeus botnet takedown and hurting other investigations -- but others defend Microsoft's operation as thorough
Using Reverse Proxies To Secure Databases
Commentary  |  4/12/2012  | 
A look at database monitoring and reverse proxies
Apple Changes Security Playbook With Flashback Response
News  |  4/12/2012  | 
Responding to malware spread by the huge Flashback botnet, Apple has for the first time come clean about a threat before it's readied a fix. Is it a new security day in Cupertino?
Court Reverses Conviction Of Former Goldman Sachs Employee In Source-Code Theft Case
News  |  4/12/2012  | 
An appeals court found a former programmer did not violate the laws he was charged with when he uploaded proprietary code to a remote server
Samba Patch: Linux Users Should Apply Immediately
News  |  4/12/2012  | 
Dangerous vulnerability in a pervasive tool for running Linux systems in a Windows environment opens door for an attacker to access systems without requiring any authentication.
Monitoring And Understanding User Activity
Quick Hits  |  4/12/2012  | 
Effective monitoring of user behavior can tip you off to a threat before it goes too far. Here are some tips on how to do it right
Slide Show: 10 SQL Injection Tools For Database Pwnage
Slideshows  |  4/11/2012  | 
Black hat hackers and pen testers alike use these tools to dump data, perform privilege escalations, and effectively take over sensitive databases
Linux Users Beware: Patch New Samba Flaw 'Immediately'
News  |  4/11/2012  | 
Samba bug could spur targeted attacks or a worm -- but not all affected systems will get patched
Financial Services Firms Hit By DDoS Attacks According To Prolexic's Q1 2012 Report
News  |  4/11/2012  | 
Malicious packet volume increases 3,000% quarter over quarter
Intel Debuts First Enterprise PCIe SSD Adapter
News  |  4/11/2012  | 
New 910 Series PCIe priced at less than $5 per gigabyte, about half the price of other enterprise-class PCIe products.
Utah's Medicaid Data Breach Worse Than Expected
News  |  4/11/2012  | 
Utah Department of Technology Services (DTS) reveals 780,000 individuals have been affected by the theft of sensitive Medicaid information. That's far worse than initial estimates.
Be Ready To Clean Up That Mess
Commentary  |  4/11/2012  | 
Compliant systems do more than prevent problems -- they help solve problems that happen
Apple, Kaspersky Attack Massive Mac Trojan
News  |  4/11/2012  | 
Free Flashback Trojan detection and removal tools introduced for Mac users as bot counts drop.
Malware Writers Pack In Better Encryption
News  |  4/11/2012  | 
Expert analysis finds the bad guys increasingly use stronger encryption to protect their malware and botnets.
Malware Encryption Efforts Mixed, But Getting Stronger
News  |  4/10/2012  | 
Russian botnets mostly use crypto, Chinese attacks mostly don't, but attack analysis finds that the bad guys are increasingly using better encryption
<<   <   Page 2 / 3   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-39229
PUBLISHED: 2021-09-20
Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. In affected versions users who use Apprise granting them access to the IFTTT plugin (which just comes out of the box) are subject to a denial of service attack...
CVE-2021-41083
PUBLISHED: 2021-09-20
Dada Mail is a web-based e-mail list management system. In affected versions a bad actor could give someone a carefully crafted web page via email, SMS, etc, that - when visited, allows them control of the list control panel as if the bad actor was logged in themselves. This includes changing any ma...
CVE-2021-34650
PUBLISHED: 2021-09-20
The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the ~/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.6.
CVE-2021-41082
PUBLISHED: 2021-09-20
Discourse is a platform for community discussion. In affected versions any private message that includes a group had its title and participating user exposed to users that do not have access to the private messages. However, access control for the private messages was not compromised as users were n...
CVE-2020-16630
PUBLISHED: 2021-09-20
TI&acirc;&euro;&trade;s BLE stack caches and reuses the LTK&acirc;&euro;&trade;s property for a bonded mobile. A LTK can be an unauthenticated-and-no-MITM-protection key created by Just Works or an authenticated-and-MITM-protection key created by Passkey Entry, Numeric Comparison or OOB. Assume that...