News & Commentary

Content posted in May 2011
Page 1 / 3   >   >>
Sharing Relational Data In The Cloud
Commentary  |  5/31/2011  | 
Databases are designed to share data, so it's easy to leverage built-in security for cloud services
'APT' Among Top Three Security Worries In 2011
Quick Hits  |  5/31/2011  | 
nCircle survey finds wider understanding of risks, less financial support for security projects
A Tale Of Two Hacks
Commentary  |  5/31/2011  | 
The similarities and differences in the Lockheed and RSA attacks
Targeted Attacks On U.S. Defense Contractors: Fallout From RSA Breach?
News  |  5/31/2011  | 
No one's saying for sure, but the timing of the attack and Lockheed's reported SecurID token updates have sparked plenty of speculation
DOD Says Cyber Attacks May Mean War
News  |  5/31/2011  | 
The Pentagon's forthcoming cyber strategy will formalize the possibility of a physical response to a virtual attack, according to published reports.
PBS Website Hacked With Fake News
News  |  5/31/2011  | 
Attackers exploit zero-day vulnerability in MoveableType in retaliation for a Frontline episode's portrayal of WikiLeaks leaker Bradley Manning.
Tablets Cut Into Hard Disk Drive Revenue
News  |  5/31/2011  | 
Growth is slowing for HDDs due to the increasing use of low-cost, portable devices and cloud storage, reports IHS iSuppli.
Dark Reading Revamps SMB Security Tech Center
Commentary  |  5/31/2011  | 
As cybercriminals take aim at small businesses, Dark Reading offers new coverage
Lockheed Martin Suffers Massive Cyberattack
News  |  5/30/2011  | 
"Significant and tenacious" attack targeted multiple U.S. defense contractors and may have involved hack of RSA SecurID system.
Five Infamous Database Breaches So Far In 2011
News  |  5/27/2011  | 
An alarming trend of security companies getting hacked serves as a wake-up call that no one is immune
Product Watch: New Service Aims To Improved Botnet Detection Among Service Providers
News  |  5/27/2011  | 
Damballa CSP 1.6 automates subscriber notification and remediation of botnet infections
35 Million Google Profiles Captured In Database
News  |  5/27/2011  | 
A security researcher was able to collect information from Google Profiles and save millions of files in a SQL database in about a month.
Survey: Breaches Cost Some Healthcare Organizations $100K Per Day
Quick Hits  |  5/27/2011  | 
Even with due diligence on HIPAA, HITECH requirements, healthcare organizations are still suffering patient-data breaches
More Sony Problems Reported; Company Launches ID Theft Service
News  |  5/26/2011  | 
Debix gets the call to help thousands of PlayStation Network users affected by breach.
DNS Filtering Legislation Would Derail DNSSEC, Experts Contend
News  |  5/26/2011  | 
Senate bill that aims to protect copyright infringement online could backfire security-wise, according to a who's who of Internet infrastructure and security experts
DHS Advances Einstein Cybersecurity Deployment
News  |  5/26/2011  | 
The Department of Homeland Security plans to hire IT experts who can support Einstein and other security technologies.
The Top Three Malware-Based Threats To Small And Midsize Businesses
News  |  5/26/2011  | 
SMBs wrestle to handle Zeus Attacks, website infections, and business-logic vulnerabilities
Five Big Security Problems SMBs Face -- And What To Do About Them
Quick Hits  |  5/26/2011  | 
Digital issue of InformationWeek offers insights on security in small and midsize companies
Cookiejacking Attack Steals Website Access Credentials
News  |  5/26/2011  | 
All Internet Explorer users on all versions of Windows are at risk from zero-day attack that can steal any website cookie, allowing an attacker to impersonate their victim.
Google Fixes Authentication Flaw
News  |  5/26/2011  | 
Vulnerability leaves Android smartphones open to sidejacking
More Sony Problems Reported; Company Launches ID Theft Service
News  |  5/26/2011  | 
Debix gets the call to help thousands of PlayStation Network users affected by breach
Freebie Black Hole Exploit Kit Limited By Encoding
News  |  5/25/2011  | 
Obfuscated and encoded code prevents easy customization and creation of new versions
GlobalSign Markets Encryption Service To Healthcare
News  |  5/25/2011  | 
Healthcare organizations spend too much time on compliance, not enough on data security, according to a GlobalSign survey.
The Inconvenient Truth About Breaches
Quick Hits  |  5/25/2011  | 
Assume you've been attacked and line up the tools and information to predict, detect, and respond to it, new Dark Reading Analytics Alert says
Apple Promises MacDefender Fix
News  |  5/25/2011  | 
The impact of rogue security software attacks like MacDefender has prompted Apple to issue advice about the malware and to commit to issuing a software fix.
3 Banks Service Majority Of Spam-Driven Sales
News  |  5/25/2011  | 
95% of spam-advertised products are monetized using merchant services from just a handful of banks, suggesting payment handling is the weak link in the global spam value chain.
Attackers Step Away From Mainstream, Target Lesser-Known Apps
News  |  5/25/2011  | 
Attackers Step Away From Mainstream, Target Lesser-Known Apps.
Ping Rolls Out Cloud Identity Connectors For LinkedIn, Twitter And Microsoft Live
News  |  5/25/2011  | 
Ping Identity can now connect cloud businesses with six of the largest cloud service and social network sites
Scareware Is Evolving
Commentary  |  5/24/2011  | 
That's right -- scareware is still proving an effective way for threat actors to make quick cash on the Internet
Half Of Lost Or Stolen Mobile Devices Store Sensitive Company Data
Quick Hits  |  5/24/2011  | 
Carnegie Mellon, McAfee report finds that one-third of lost mobile device cases resulted in financial loss to the organization
Attackers Step Away From Mainstream, Target Lesser-Known Apps
News  |  5/24/2011  | 
After beating up Microsoft, Oracle, and Adobe, hackers draw a bead on smaller software vendors
Siemens To Issue Patches For SCADA Products 'In Next Few Weeks'
News  |  5/24/2011  | 
Says attacks would only affect plants without IT security systems
Researcher Challenges Siemens' Public Reaction To New SCADA Flaws
News  |  5/24/2011  | 
Initial solution suggested by Siemens to remedy the critical vulnerabilities failed.
Audio Captchas Easy To Defeat
News  |  5/24/2011  | 
Security researchers have designed automated software that regularly defeats most audio challenge-and-response systems on websites.
LinkedIn Faces Cookie Vulnerabilities
News  |  5/24/2011  | 
The social networking site is set to reduce the length of time before cookies expire and add HTTPS across its site.
Oracle 11G Available On AWS
Commentary  |  5/24/2011  | 
When testing Oracle on Amazon AWS, consider how you will secure your data
Qakbot Malware Infections Spike
News  |  5/23/2011  | 
Worm that targets financial information infected 1,500 Massachusetts state PCs, potentially exposing 250,000 residents' personal details.
From Device to Device, From Site To Site
Commentary  |  5/23/2011  | 
Obama administration's digital identities initiative relies on private industry to come together and make it work
Researcher Challenges Siemens' Public Reaction To New SCADA Flaws
News  |  5/23/2011  | 
Initial solution suggested by Siemens to remedy the critical vulnerabilities failed
Security Pros Keys To The Kingdom Leave Encrypted Data At Risk
Quick Hits  |  5/23/2011  | 
Survey finds that, if abused, IT pros' access to encryption keys could do some serious damage to their organizations
Sony Data Breach Cleanup To Cost $171 Million
News  |  5/23/2011  | 
If identify theft or credit card fraud takes place, the company said its actual costs could rise substantially.
British Trade Union Overwhelmed By DDoS Attack
Quick Hits  |  5/21/2011  | 
Poised for a strike vote, Public and Commercial Services Union site is virtually shut down
Sony A Poster Child For Self-Destructive Security
Commentary  |  5/20/2011  | 
Sony has repeatedly made poor decisions in security and control -- costing the company billions of dollars and giving critical markets it once controlled to Apple, Microsoft, and Nintendo
Hacker Exposes NASA Security Hole
News  |  5/20/2011  | 
A Goddard Space Flight Center FTP server was breached by a Romanian whitehat hacker known as TinKode, who cracked a European Space Agency network a month ago.
Tech Insight: Finding And Securing Your Enterprise's Most Sensitive Data
News  |  5/20/2011  | 
The headlines are full of companies facing serious breaches. Here are some basic steps to protect your enterprise's critical data -- and stay out of the news
Most Common Cause Of Net Downtime Is Human Error, Study Says
Quick Hits  |  5/20/2011  | 
Two-thirds of IT pros say misconfiguration of network devices is source of most security issues
Researchers Decide Not To Give SCADA Vulnerability Talk
News  |  5/19/2011  | 
Last-minute change in plans spurred by Siemens, government officials
Move To Cloud Means Closer Look At Encryption, Experts Say
News  |  5/19/2011  | 
Recent compromises in cloud environments spur new cryptography strategies
SanDisk To Acquire Enterprise SSD Maker
News  |  5/19/2011  | 
The $327 million offer for Pliant signifies an expansion from SanDisk's traditional retail flash memory base into solid state drives for industry.
Survey: Database Administrators, IT Security Still Not On The Same Page
News  |  5/18/2011  | 
DBAs lack understanding of change control, patch management, ISUG study says
Page 1 / 3   >   >>


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15504
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
CVE-2018-15505
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 a...
CVE-2018-15492
PUBLISHED: 2018-08-18
A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.
CVE-2018-15494
PUBLISHED: 2018-08-18
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
CVE-2018-15495
PUBLISHED: 2018-08-18
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.