News & Commentary

Content posted in May 2012
Page 1 / 3   >   >>
Companies See Business In 'Doxing' The Adversary
News  |  5/31/2012  | 
It's not a malware problem -- it's an adversary problem: More security firms are focusing on the people behind the keyboards in order to stymie attacks
Is Lax SMB Security A Myth?
News  |  5/31/2012  | 
Small and mid-size businesses defy perception by spending more than ever on security, according to a new IDC report. Now growing twice as fast as overall IT budgets, SMB security spending will total $5.6 billion in 2015.
State-Sponsored Backdoor Or Programming Faux Pas?
Commentary  |  5/31/2012  | 
Backdoor in Android-based handsets sponsor, bad programming, or a #win for Apple's stringent application QA process?
Former Federal Reserve Bank Contractor Pleads Guilty In Code Theft
Quick Hits  |  5/31/2012  | 
Deal in case of theft of accounting software worth $9.5 million could cut programmer's prison sentence from 10 years to less than two
How Flame Hid In Plain Sight For Years
News  |  5/31/2012  | 
Easy-to-crack encryption likely helped keep Flame alive, as well as its resemblance to conventional software
Flame Malware's Ties To Stuxnet, Duqu: Details Emerge
News  |  5/31/2012  | 
All three pieces of malware seemingly commissioned by the same entity and developed on the same platform, but by different groups of developers, security researchers say.
New Advanced Persistent Threat, IXESHE, On The Rise
Quick Hits  |  5/31/2012  | 
Malware makes use of targeted email with malicious attachments
U of Nebraska Breach Highlights Education In Crosshairs
News  |  5/30/2012  | 
Database containing 654,000 exposed through 'targeted' attack
Iranian CERT Takes Center Stage With Flame
News  |  5/30/2012  | 
Yes, Iran has a Computer Emergency Response Team (CERT), too -- and it has made its debut in the global security arena with Flame research, removal tool
Obama Administration Partners With Industry To Fight Botnets
News  |  5/30/2012  | 
At a White House event Wednesday, officials unveiled a series of initiatives meant to fight botnet infections
Kim Dotcom Gets Access To FBI's Megaupload Documents
News  |  5/30/2012  | 
Dotcom's defense campaign won a boost when a New Zealand judge refused to rubber-stamp U.S. prosecutors' request for extradition.
Flame FAQ: 11 Facts About Complex Malware
News  |  5/30/2012  | 
Size of Flame dwarfs existing spyware, keyloggers, and other malware. Drill down for a closer look at the crucial technology and military issues.
Flame's Big Question: What Else Is Lurking?
News  |  5/30/2012  | 
Stealth and scope of Flame intrigues researchers looking for other nation-state sponsored spyware and attacks.
Database Monitoring, SIEM Top IT's List
Quick Hits  |  5/29/2012  | 
IT organizations want better visibility into their network in order to react more quickly to advanced threats, McAfee report finds
Top 5 Myths About Insider Threats
News  |  5/29/2012  | 
Myths about who insiders are and how they're putting data at risk keep mitigation efforts at bay
Are Your Secrets Safe In The Cloud?
News  |  5/29/2012  | 
With so much data being hosted in the cloud, companies need to look at side-channel attacks to make sure they know who has access to their data and how to keep it secret
'Flame' Fans Notion Of More Weapons Yet To Be Found
News  |  5/29/2012  | 
Targeted attack looks a lot like conventional spyware, but with some major twists -- and questions about links to Stuxnet, Duqu
Data Breach Costs Massachusetts Hospital $750K
News  |  5/29/2012  | 
South Shore Hospital pays a hefty $750,000 to settle a lawsuit alleging that it failed to protect personal and confidential patient information.
SSD Tiering: Why Caching Won't Die
Commentary  |  5/29/2012  | 
Solid state storage is fast, but speed alone doesn't solve data management challenges.
FBI Busts Mayor For Hacking Recall Website
News  |  5/29/2012  | 
New Jersey mayor and son arrested and accused of targeting website and email account associated with a campaign to recall the mayor.
Newly Discovered 'Flame' Cyberespionage Tool Infects Iran, Middle East
News  |  5/29/2012  | 
Malware, described as the most complex ever discovered, has the markings of Western intelligence agencies and has been around since at least 2010
Flame Espionage Malware Seeks Middle East Data
News  |  5/29/2012  | 
Flame malware, described as the most complex ever discovered, has the markings of Western intelligence agencies. Security researchers believe it's been gathering information from Iran, Lebanon, Syria, and other countries since at least 2010.
Social Engineers Steal 500,000 Customers' Data From WHMCS
Quick Hits  |  5/29/2012  | 
Client management billing platform provider says its hosting provider was breached
Cutting The Lag Between Detection And Action
News  |  5/25/2012  | 
Detecting a threat does little good if the targeted company is not ready to respond. Security experts weigh in on ways to speed a business' response to threats
Reopen Google Wi-Fi Investigation, Say Lawmakers
News  |  5/25/2012  | 
Two Congressmen call on the Department of Justice to investigate whether Google's wardriving practices violate wiretapping laws.
Fatalism, Realism -- Or The New Normal
Commentary  |  5/25/2012  | 
The 'new' reality that you can't stop a determined attacker and you've likely already been hacked has become an accepted mantra
IBM Bans Dropbox: Should SMBs Follow Suit?
News  |  5/24/2012  | 
IBM's about-face on bring-your-own policy might be too draconian for small companies, but it serves as a reminder that some popular cloud services come with inherent risks.
Stolen Laptop Exposes Boston Hospital Patient Data
News  |  5/24/2012  | 
An email attachment containing patient data was unencrypted and accessible
Malware Mania: Badware And Botnets Explode
Quick Hits  |  5/24/2012  | 
McAfee's new threat report for Q1 shows bots and PC and mobile malware on the rise
Security Expert Fools, Records Fake Antivirus Scammers
News  |  5/24/2012  | 
Phony AV scammers posing as Microsoft dialed the wrong number when they inadvertently phoned a security researcher at home -- who exposed their obvious lack of technical know-how
Android Malware Surges, Botnet Business Booms
News  |  5/24/2012  | 
McAfee reports thousands of new malware apps targeting Android appeared early this year, along with a steady stream of botnet updates.
London 2012 Olympics Scammers Seek Malicious Gold
News  |  5/24/2012  | 
Expect escalating levels of malware, fake mobile apps, and online scams in the lead-up to this summer's Olympics, warns the Department of Homeland Security.
Don't Be The Nerdiest Person In The Room
Commentary  |  5/24/2012  | 
Technical language has its place, but overuse hampers compliance
How To Detect And Root Out Sophisticated Malware
Quick Hits  |  5/24/2012  | 
New report offers insights on excising that hard-to-detect malware
Project Finds, Purges Vulnerable Code Snippets From The Net
News  |  5/23/2012  | 
Community effort hopes to clean up insecure code found in the public domain
Poorly Managed Firewall Rule Sets Will Flag An Audit
News  |  5/23/2012  | 
Auditors and compliance managers alike are depending on firewall management principles and tools to cut through the complexity
Google Spreads Word On DNSChanger Malware
News  |  5/23/2012  | 
After taking down the botnet, the FBI is still trying to alert 500,000 people that their PCs are infected with the malware. Some Google search users are now getting direct warnings.
7 Lessons From MilitarySingles.com Hack
News  |  5/23/2012  | 
LulzSec Reborn hacktivist group exploited the site's poor security checks on user-uploaded content, made away with easily cracked passwords.
Microsoft Bloatware Cleaning Offer Treats You Like Dirt
Commentary  |  5/23/2012  | 
For just $99, Microsoft will eliminate the junk added to its Windows 7 PCs by OEM manufacturers. Steve Jobs would have enjoyed this development.
Malware 'Licensing' Could Stymie Automated Analysis
News  |  5/22/2012  | 
The use of encryption and digital-rights management techniques by the authors of malicious code could make automated analysis of malware take longer and require human intervention more often
Are You A Human Confirms Man Or Machine With Games
Quick Hits  |  5/22/2012  | 
Start-up offers new type of CAPTCHA that doesn't rely on discerning and typing letters and numbers from distorted text prompts
Researchers 'Map' Android Malware Genome
News  |  5/22/2012  | 
New initiative promotes sharing of Android malware research worldwide, beefing up mobile anti-malware tools
Anonymous Hacks, Leaks U.S. Bureau of Justice Database
News  |  5/22/2012  | 
'Monday Mail Mayhem' campaign by hactivist group posts 1.7-GB archive of emails and other data online
Anonymous Leaks 1.7 GB Justice Department Database
News  |  5/22/2012  | 
Attackers were assisted by Anonymous affiliate AntiS3curityOPS, which launched its own anti-NATO attack against the Chicago Police Department website.
State Of Utah Fires Tech Director Over Breach
Quick Hits  |  5/22/2012  | 
Utah IT director 'lacked oversight and leadership' in incident that exposed personal details of 780,000, governor says
Revamp Mobile Policy To Secure The Cloud
News  |  5/21/2012  | 
A majority of employees bring their own devices into work and connect out to the cloud -- now it's time to gain greater control over the security of these devices
Iranian Hackers Claim They Compromised NASA SSL Digital Certificate
News  |  5/21/2012  | 
'Cyber Warriors Team' says it stole information on thousands of NASA researchers via a man-in-the middle attack
9 Lessons From Utah Data Breach
News  |  5/21/2012  | 
Breach of unencrypted data affected 28% of the state's residents; one in 10 had Social Security numbers stolen. How can you avoid such an epic fail?
Overlook The Obvious And Risk Everything
Commentary  |  5/21/2012  | 
Failure to follow fundamental common-sense security policies can produce disastrous results, as the state of Utah discovered
Security Leaders Urged To Take Action, Responsibility
Quick Hits  |  5/20/2012  | 
Talk is no longer enough for IT security pros, keynote speakers say at ISSA-LA conference
Page 1 / 3   >   >>


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15572
PUBLISHED: 2018-08-20
The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.
CVE-2018-15573
PUBLISHED: 2018-08-20
** DISPUTED ** An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata parameter and a pathname in the lf...
CVE-2018-15574
PUBLISHED: 2018-08-20
** DISPUTED ** An issue was discovered in the license editor in Reprise License Manager (RLM) through 12.2BL2. It is a cross-site scripting vulnerability in the /goform/edit_lf_get_data lf parameter via GET or POST. NOTE: the vendor has stated "We do not consider this a vulnerability."
CVE-2018-15570
PUBLISHED: 2018-08-20
In waimai Super Cms 20150505, there is stored XSS via the /admin.php/Foodcat/editsave fcname parameter.
CVE-2018-15564
PUBLISHED: 2018-08-20
An issue was discovered in daveismyname simple-cms through 2014-03-11. There is a CSRF vulnerability that can delete any page via admin/?delpage=8.