Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in May 2011
<<   <   Page 2 / 3   >   >>
Not All Nations A Slam Dunk For U.S. Global Internet Cybersecurity Policy
News  |  5/18/2011  | 
Fighting cybercrime and cyberattacks at home isn't easy for countries that lack the necessary legal power and resources
Despite Reports, Sony Says PlayStation Network Was Not Hacked Again
News  |  5/18/2011  | 
Password reset issues cause network downtime, but no new hacks occurred, company says.
Federal Agencies Fail Health IT Security Audits
News  |  5/18/2011  | 
The Office of the National Coordinator for Health Information Technology and the Centers for Medicare and Medicaid Services both received failing grades.
Despite Reports, Sony Says PlayStation Network Was Not Hacked Again
Quick Hits  |  5/18/2011  | 
Password reset issues cause network downtime, but no new hacks occurred, company says
Stuxnet: How It Happened And How Your Enterprise Can Avoid Similar Attacks
News  |  5/18/2011  | 
A look back at one of the industry's most complex attacks--and the lessons it teaches.
Google Brings TRUSTe Certification To Apps Marketplace
News  |  5/18/2011  | 
Business users of Web apps should soon be able to better assess vendors' data handling and privacy practices.
Microsoft Claims IE9 Stops Most Social Engineering Threats
News  |  5/18/2011  | 
Application reputation feature in the browser blocks more than 20 million malware infections per month by white-listing applications from approved publishers, the software maker says.
Schwartz On Security: Developers Battle Piracy Channels
Commentary  |  5/18/2011  | 
Business Software Alliance report finds widespread software piracy, but experts say market pressures are to blame.
Cybercriminals Target Online Banking Culture In Latin America
News  |  5/17/2011  | 
Botnets and malware creation are on the rise in the region, which also could host first big wave of smartphone malware writers
Organizational Rivalries, Bureaucracy Big Impediment To Monitoring
News  |  5/17/2011  | 
Sometimes politics can deter even the best security technology deployments
Stuxnet: How It Happened And How Your Enterprise Can Avoid Similar Attacks
News  |  5/17/2011  | 
A look back at one of the industry's most complex attacks -- and the lessons it teaches
Majority Of Websites Fail To Deploy Online Trust Measures
Quick Hits  |  5/17/2011  | 
Social media, e-commerce, financial services ahead of federal agencies in protecting consumers online, Online Trust Alliance report says
Geek.com Site Hacked Via Exploit Kit
News  |  5/17/2011  | 
Popular website is serving up malware, Zscaler researchers say
Reduce Your Android Security Risks
Commentary  |  5/17/2011  | 
Threats against Google's mobile platform have increased 400% in the last year, but common sense will protect users against many of the attacks.
Enterprises Struggling With SSL Apps That Evade Traditional Controls
Quick Hits  |  5/16/2011  | 
More than a third of enterprise traffic is comprised of apps that use encryption or port-hopping, annual Palo Alto Networks study says
SMBs At Risk For Financial Fraud
News  |  5/16/2011  | 
Small and midsize businesses are at greater risk than consumers and need to improve identification and response, according to Javelin Strategy & Research.
Success, Failure And The Advanced Threat
Commentary  |  5/16/2011  | 
You can't judge the sophistication of an attack by its success or failure
White House Sets Global Cybersecurity Strategy
News  |  5/16/2011  | 
Policy vision includes keeping the Internet secure, open, interoperable, and reliable worldwide
Dropbox Accused Of Misleading Customers On Security
News  |  5/16/2011  | 
FTC complaint charges that the file-sharing service hasn't told the truth about the security it applies to stored files, as well as who can access or view those files.
Sony Strengthens Security, Restores Some PlayStation Services
News  |  5/16/2011  | 
Online services get stronger encryption, more firewalls, and an early detection system to try to prevent future attacks; users are required to update gaming console's firmware and password before going online.
PlayStation Network Comes Back On After Hack
Quick Hits  |  5/15/2011  | 
After three weeks down, Sony game players are back online
Adobe Adds Flash Privacy Controls
News  |  5/13/2011  | 
Flash Player and Google Chrome get patches against attacks currently seen in the wild.
The Social Reality -- And How To Keep It Secure
News  |  5/13/2011  | 
Social media sites and other Web 2.0 technologies are now a fact of life in the enterprise
Michaels Breach Evidence Of Growing POS Skimming Trend
News  |  5/13/2011  | 
Craft chain had Payment Application Data Security Standard (PA DSS)-certified POS terminals and PIN pads, but attackers swapped them with with rigged ones
Mobile Security Needs Executive Involvement
Commentary  |  5/13/2011  | 
IT managers need a plan for managing a highly variable fleet of devices through mobile device management, according to panelists at InformationWeek Analytics Live sessions at Interop 2011.
Microsoft: Cybercrime Falling Into Two Distinct Camps
News  |  5/12/2011  | 
New Microsoft Security Intelligence Report outlines 'marketing campaign' strategies being employed by one group, and related rise in phishing and rogue antivirus software.
DOD Explores Virtual Worlds For Military Training
News  |  5/12/2011  | 
The armed services aim to simulate real combat situations via virtual reality technology similar to Second Life and other computer games.
White House Releases Cybersecurity Plans
News  |  5/12/2011  | 
The Obama administration's legislative proposal includes critical infrastructure protection, breach notification, privacy requirements, and overhauls for internal government cybersecurity.
Graphics Cards Face Internet-Borne Threats
News  |  5/12/2011  | 
The WebGL 3-D graphics specification implemented in Firefox and Chrome, and included in Safari, is subject to denial of service attacks.
Schwartz On Security: Sony Must Do More
Commentary  |  5/12/2011  | 
Forget free ID theft monitoring. Sony should release its police reports, so that 101 million people can obtain a free credit freeze to proactively battle ID thieves.
McAfee, Intel Launch Cloud Security Platform
News  |  5/12/2011  | 
The security service uses data loss prevention policies to stop leakage of sensitive data via mobile devices, end users, social networks, and private cloud applications.
Social Networking Here To Stay Despite Security Risks
News  |  5/12/2011  | 
IT pros must find a way to balance the risks and rewards of Web 2.0 platforms like Facebook and Linked In, security expert says.
White House Proposes Cybersecurity Bill
News  |  5/12/2011  | 
National breach disclosure, security information sharing, critical infrastructure are among areas of focus
Microsoft: Cybercrime Falling Into Two Distinct Camps
News  |  5/12/2011  | 
New Microsoft Security Intelligence Report outlines 'marketing campaign' strategies being employed by one group, and related rise in phishing and rogue antivirus software
Enterprises Skimp On Testing Third-Party Code
Quick Hits  |  5/12/2011  | 
Seventy percent run security, vulnerability assessments on internal code, but only 35 percent do the same for third-party code they bring in-house, Forrester/Coverity report finds
Facebook Apps Leaked Access To User Profiles, Pictures, Chats
Quick Hits  |  5/11/2011  | 
Symantec discovers application security hole, Facebook closes it -- and Congress wants answers
SIEM Vendor Gains Traction Among VARs
News  |  5/11/2011  | 
Longtime partner BryTech commends TriGeo for its solutions and approach to the channel.
Google, VUPEN Spar Over Chrome Hack
News  |  5/11/2011  | 
If bypass of Chrome's sandbox indeed used a new Flash vulnerability in the browser, then it's both a Flash bug and a Chrome hack, says security researcher Dan Kaminksy.
Java Bot Software Could Signal New Vector For Malware Authors
News  |  5/11/2011  | 
Flexible programming language offers some advantages for cybercriminals, researchers say.
DOJ Wants Wireless Carriers To Collect Location Data
News  |  5/11/2011  | 
Congress worries that location-based information could be misused by tech companies, but the DOJ wants to use it to catch criminals.
Google, VUPEN Spar Over Chrome Hack
News  |  5/11/2011  | 
If bypass of Chrome's sandbox indeed used a new Flash vulnerability in the browser, then it's both a Flash bug and a Chrome hack, says security researcher Dan Kaminksy
Facebook Patches Access Token Leak
News  |  5/11/2011  | 
Users should change their passwords to mitigate threats posed by the accidental leak of perhaps millions of account identity details.
Microsoft Patches Critical Windows Vulnerability
News  |  5/11/2011  | 
The software maker also tweaked its exploitability index, which predicts the likelihood that vulnerabilities will soon be compromised.
Sony: Playstation Network Will Be Down 'At Least A Few More Days'
News  |  5/11/2011  | 
Hacked network has been inaccessible for three weeks
Presidential Alerts Soon Mandatory On Your Phone
Commentary  |  5/10/2011  | 
The U.S. Government and major wireless carriers announced a new messaging system that supplements the current emergency system. While some alerts will be optional, presidential alerts will be mandatory.
Java Bot Software Could Signal New Vector For Malware Authors
News  |  5/10/2011  | 
Flexible programming language offers some advantages for cybercriminals, researchers say
Zeus Trojan's Source Code Leaked In The Wild
Quick Hits  |  5/10/2011  | 
'Open source' Zeus could result in widespread infections
Secure Access To Relational Data
Commentary  |  5/10/2011  | 
How to secure relational data in cloud data centers
Feds, Carriers Unveil Mobile Emergency Alert System
News  |  5/10/2011  | 
Mobile phone users in New York City and Washington will be the first to have access to the system, which will push out alerts during emergencies.
Hackers Subvert Google Chrome Sandbox
News  |  5/10/2011  | 
Vulnerability research firm Vupen said it's found a way to execute arbitrary code in the browser.
<<   <   Page 2 / 3   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27180
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail (aka WorldClient). It can be exploited via a GET request. It allows performing any action with the privileges of the attacked user.
CVE-2021-27181
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the application. Having the va...
CVE-2021-27182
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail (aka WorldClient). It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user.
CVE-2021-27183
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location of the filesystem, or he may be able to modify existing files. This vulnerability may directly lead...
CVE-2021-29449
PUBLISHED: 2021-04-14
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details.