News & Commentary

Content posted in May 2011
Page 1 / 3   >   >>
Sharing Relational Data In The Cloud
Commentary  |  5/31/2011  | 
Databases are designed to share data, so it's easy to leverage built-in security for cloud services
'APT' Among Top Three Security Worries In 2011
Quick Hits  |  5/31/2011  | 
nCircle survey finds wider understanding of risks, less financial support for security projects
A Tale Of Two Hacks
Commentary  |  5/31/2011  | 
The similarities and differences in the Lockheed and RSA attacks
Targeted Attacks On U.S. Defense Contractors: Fallout From RSA Breach?
News  |  5/31/2011  | 
No one's saying for sure, but the timing of the attack and Lockheed's reported SecurID token updates have sparked plenty of speculation
DOD Says Cyber Attacks May Mean War
News  |  5/31/2011  | 
The Pentagon's forthcoming cyber strategy will formalize the possibility of a physical response to a virtual attack, according to published reports.
PBS Website Hacked With Fake News
News  |  5/31/2011  | 
Attackers exploit zero-day vulnerability in MoveableType in retaliation for a Frontline episode's portrayal of WikiLeaks leaker Bradley Manning.
Tablets Cut Into Hard Disk Drive Revenue
News  |  5/31/2011  | 
Growth is slowing for HDDs due to the increasing use of low-cost, portable devices and cloud storage, reports IHS iSuppli.
Dark Reading Revamps SMB Security Tech Center
Commentary  |  5/31/2011  | 
As cybercriminals take aim at small businesses, Dark Reading offers new coverage
Lockheed Martin Suffers Massive Cyberattack
News  |  5/30/2011  | 
"Significant and tenacious" attack targeted multiple U.S. defense contractors and may have involved hack of RSA SecurID system.
Five Infamous Database Breaches So Far In 2011
News  |  5/27/2011  | 
An alarming trend of security companies getting hacked serves as a wake-up call that no one is immune
Product Watch: New Service Aims To Improved Botnet Detection Among Service Providers
News  |  5/27/2011  | 
Damballa CSP 1.6 automates subscriber notification and remediation of botnet infections
35 Million Google Profiles Captured In Database
News  |  5/27/2011  | 
A security researcher was able to collect information from Google Profiles and save millions of files in a SQL database in about a month.
Survey: Breaches Cost Some Healthcare Organizations $100K Per Day
Quick Hits  |  5/27/2011  | 
Even with due diligence on HIPAA, HITECH requirements, healthcare organizations are still suffering patient-data breaches
More Sony Problems Reported; Company Launches ID Theft Service
News  |  5/26/2011  | 
Debix gets the call to help thousands of PlayStation Network users affected by breach.
DNS Filtering Legislation Would Derail DNSSEC, Experts Contend
News  |  5/26/2011  | 
Senate bill that aims to protect copyright infringement online could backfire security-wise, according to a who's who of Internet infrastructure and security experts
DHS Advances Einstein Cybersecurity Deployment
News  |  5/26/2011  | 
The Department of Homeland Security plans to hire IT experts who can support Einstein and other security technologies.
The Top Three Malware-Based Threats To Small And Midsize Businesses
News  |  5/26/2011  | 
SMBs wrestle to handle Zeus Attacks, website infections, and business-logic vulnerabilities
Five Big Security Problems SMBs Face -- And What To Do About Them
Quick Hits  |  5/26/2011  | 
Digital issue of InformationWeek offers insights on security in small and midsize companies
Cookiejacking Attack Steals Website Access Credentials
News  |  5/26/2011  | 
All Internet Explorer users on all versions of Windows are at risk from zero-day attack that can steal any website cookie, allowing an attacker to impersonate their victim.
Google Fixes Authentication Flaw
News  |  5/26/2011  | 
Vulnerability leaves Android smartphones open to sidejacking
More Sony Problems Reported; Company Launches ID Theft Service
News  |  5/26/2011  | 
Debix gets the call to help thousands of PlayStation Network users affected by breach
Freebie Black Hole Exploit Kit Limited By Encoding
News  |  5/25/2011  | 
Obfuscated and encoded code prevents easy customization and creation of new versions
GlobalSign Markets Encryption Service To Healthcare
News  |  5/25/2011  | 
Healthcare organizations spend too much time on compliance, not enough on data security, according to a GlobalSign survey.
The Inconvenient Truth About Breaches
Quick Hits  |  5/25/2011  | 
Assume you've been attacked and line up the tools and information to predict, detect, and respond to it, new Dark Reading Analytics Alert says
Apple Promises MacDefender Fix
News  |  5/25/2011  | 
The impact of rogue security software attacks like MacDefender has prompted Apple to issue advice about the malware and to commit to issuing a software fix.
3 Banks Service Majority Of Spam-Driven Sales
News  |  5/25/2011  | 
95% of spam-advertised products are monetized using merchant services from just a handful of banks, suggesting payment handling is the weak link in the global spam value chain.
Attackers Step Away From Mainstream, Target Lesser-Known Apps
News  |  5/25/2011  | 
Attackers Step Away From Mainstream, Target Lesser-Known Apps.
Ping Rolls Out Cloud Identity Connectors For LinkedIn, Twitter And Microsoft Live
News  |  5/25/2011  | 
Ping Identity can now connect cloud businesses with six of the largest cloud service and social network sites
Scareware Is Evolving
Commentary  |  5/24/2011  | 
That's right -- scareware is still proving an effective way for threat actors to make quick cash on the Internet
Half Of Lost Or Stolen Mobile Devices Store Sensitive Company Data
Quick Hits  |  5/24/2011  | 
Carnegie Mellon, McAfee report finds that one-third of lost mobile device cases resulted in financial loss to the organization
Attackers Step Away From Mainstream, Target Lesser-Known Apps
News  |  5/24/2011  | 
After beating up Microsoft, Oracle, and Adobe, hackers draw a bead on smaller software vendors
Siemens To Issue Patches For SCADA Products 'In Next Few Weeks'
News  |  5/24/2011  | 
Says attacks would only affect plants without IT security systems
Researcher Challenges Siemens' Public Reaction To New SCADA Flaws
News  |  5/24/2011  | 
Initial solution suggested by Siemens to remedy the critical vulnerabilities failed.
Audio Captchas Easy To Defeat
News  |  5/24/2011  | 
Security researchers have designed automated software that regularly defeats most audio challenge-and-response systems on websites.
LinkedIn Faces Cookie Vulnerabilities
News  |  5/24/2011  | 
The social networking site is set to reduce the length of time before cookies expire and add HTTPS across its site.
Oracle 11G Available On AWS
Commentary  |  5/24/2011  | 
When testing Oracle on Amazon AWS, consider how you will secure your data
Qakbot Malware Infections Spike
News  |  5/23/2011  | 
Worm that targets financial information infected 1,500 Massachusetts state PCs, potentially exposing 250,000 residents' personal details.
From Device to Device, From Site To Site
Commentary  |  5/23/2011  | 
Obama administration's digital identities initiative relies on private industry to come together and make it work
Researcher Challenges Siemens' Public Reaction To New SCADA Flaws
News  |  5/23/2011  | 
Initial solution suggested by Siemens to remedy the critical vulnerabilities failed
Security Pros Keys To The Kingdom Leave Encrypted Data At Risk
Quick Hits  |  5/23/2011  | 
Survey finds that, if abused, IT pros' access to encryption keys could do some serious damage to their organizations
Sony Data Breach Cleanup To Cost $171 Million
News  |  5/23/2011  | 
If identify theft or credit card fraud takes place, the company said its actual costs could rise substantially.
British Trade Union Overwhelmed By DDoS Attack
Quick Hits  |  5/21/2011  | 
Poised for a strike vote, Public and Commercial Services Union site is virtually shut down
Sony A Poster Child For Self-Destructive Security
Commentary  |  5/20/2011  | 
Sony has repeatedly made poor decisions in security and control -- costing the company billions of dollars and giving critical markets it once controlled to Apple, Microsoft, and Nintendo
Hacker Exposes NASA Security Hole
News  |  5/20/2011  | 
A Goddard Space Flight Center FTP server was breached by a Romanian whitehat hacker known as TinKode, who cracked a European Space Agency network a month ago.
Tech Insight: Finding And Securing Your Enterprise's Most Sensitive Data
News  |  5/20/2011  | 
The headlines are full of companies facing serious breaches. Here are some basic steps to protect your enterprise's critical data -- and stay out of the news
Most Common Cause Of Net Downtime Is Human Error, Study Says
Quick Hits  |  5/20/2011  | 
Two-thirds of IT pros say misconfiguration of network devices is source of most security issues
Researchers Decide Not To Give SCADA Vulnerability Talk
News  |  5/19/2011  | 
Last-minute change in plans spurred by Siemens, government officials
Move To Cloud Means Closer Look At Encryption, Experts Say
News  |  5/19/2011  | 
Recent compromises in cloud environments spur new cryptography strategies
SanDisk To Acquire Enterprise SSD Maker
News  |  5/19/2011  | 
The $327 million offer for Pliant signifies an expansion from SanDisk's traditional retail flash memory base into solid state drives for industry.
Survey: Database Administrators, IT Security Still Not On The Same Page
News  |  5/18/2011  | 
DBAs lack understanding of change control, patch management, ISUG study says
Page 1 / 3   >   >>


13 Russians Indicted for Massive Operation to Sway US Election
Kelly Sheridan, Associate Editor, Dark Reading,  2/16/2018
Facebook Aims to Make Security More Social
Kelly Sheridan, Associate Editor, Dark Reading,  2/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.