News & Commentary

Content posted in May 2012
Page 1 / 3   >   >>
Companies See Business In 'Doxing' The Adversary
News  |  5/31/2012  | 
It's not a malware problem -- it's an adversary problem: More security firms are focusing on the people behind the keyboards in order to stymie attacks
Is Lax SMB Security A Myth?
News  |  5/31/2012  | 
Small and mid-size businesses defy perception by spending more than ever on security, according to a new IDC report. Now growing twice as fast as overall IT budgets, SMB security spending will total $5.6 billion in 2015.
State-Sponsored Backdoor Or Programming Faux Pas?
Commentary  |  5/31/2012  | 
Backdoor in Android-based handsets sponsor, bad programming, or a #win for Apple's stringent application QA process?
Former Federal Reserve Bank Contractor Pleads Guilty In Code Theft
Quick Hits  |  5/31/2012  | 
Deal in case of theft of accounting software worth $9.5 million could cut programmer's prison sentence from 10 years to less than two
How Flame Hid In Plain Sight For Years
News  |  5/31/2012  | 
Easy-to-crack encryption likely helped keep Flame alive, as well as its resemblance to conventional software
Flame Malware's Ties To Stuxnet, Duqu: Details Emerge
News  |  5/31/2012  | 
All three pieces of malware seemingly commissioned by the same entity and developed on the same platform, but by different groups of developers, security researchers say.
New Advanced Persistent Threat, IXESHE, On The Rise
Quick Hits  |  5/31/2012  | 
Malware makes use of targeted email with malicious attachments
U of Nebraska Breach Highlights Education In Crosshairs
News  |  5/30/2012  | 
Database containing 654,000 exposed through 'targeted' attack
Iranian CERT Takes Center Stage With Flame
News  |  5/30/2012  | 
Yes, Iran has a Computer Emergency Response Team (CERT), too -- and it has made its debut in the global security arena with Flame research, removal tool
Obama Administration Partners With Industry To Fight Botnets
News  |  5/30/2012  | 
At a White House event Wednesday, officials unveiled a series of initiatives meant to fight botnet infections
Kim Dotcom Gets Access To FBI's Megaupload Documents
News  |  5/30/2012  | 
Dotcom's defense campaign won a boost when a New Zealand judge refused to rubber-stamp U.S. prosecutors' request for extradition.
Flame FAQ: 11 Facts About Complex Malware
News  |  5/30/2012  | 
Size of Flame dwarfs existing spyware, keyloggers, and other malware. Drill down for a closer look at the crucial technology and military issues.
Flame's Big Question: What Else Is Lurking?
News  |  5/30/2012  | 
Stealth and scope of Flame intrigues researchers looking for other nation-state sponsored spyware and attacks.
Database Monitoring, SIEM Top IT's List
Quick Hits  |  5/29/2012  | 
IT organizations want better visibility into their network in order to react more quickly to advanced threats, McAfee report finds
Top 5 Myths About Insider Threats
News  |  5/29/2012  | 
Myths about who insiders are and how they're putting data at risk keep mitigation efforts at bay
Are Your Secrets Safe In The Cloud?
News  |  5/29/2012  | 
With so much data being hosted in the cloud, companies need to look at side-channel attacks to make sure they know who has access to their data and how to keep it secret
'Flame' Fans Notion Of More Weapons Yet To Be Found
News  |  5/29/2012  | 
Targeted attack looks a lot like conventional spyware, but with some major twists -- and questions about links to Stuxnet, Duqu
Data Breach Costs Massachusetts Hospital $750K
News  |  5/29/2012  | 
South Shore Hospital pays a hefty $750,000 to settle a lawsuit alleging that it failed to protect personal and confidential patient information.
SSD Tiering: Why Caching Won't Die
Commentary  |  5/29/2012  | 
Solid state storage is fast, but speed alone doesn't solve data management challenges.
FBI Busts Mayor For Hacking Recall Website
News  |  5/29/2012  | 
New Jersey mayor and son arrested and accused of targeting website and email account associated with a campaign to recall the mayor.
Newly Discovered 'Flame' Cyberespionage Tool Infects Iran, Middle East
News  |  5/29/2012  | 
Malware, described as the most complex ever discovered, has the markings of Western intelligence agencies and has been around since at least 2010
Flame Espionage Malware Seeks Middle East Data
News  |  5/29/2012  | 
Flame malware, described as the most complex ever discovered, has the markings of Western intelligence agencies. Security researchers believe it's been gathering information from Iran, Lebanon, Syria, and other countries since at least 2010.
Social Engineers Steal 500,000 Customers' Data From WHMCS
Quick Hits  |  5/29/2012  | 
Client management billing platform provider says its hosting provider was breached
Cutting The Lag Between Detection And Action
News  |  5/25/2012  | 
Detecting a threat does little good if the targeted company is not ready to respond. Security experts weigh in on ways to speed a business' response to threats
Reopen Google Wi-Fi Investigation, Say Lawmakers
News  |  5/25/2012  | 
Two Congressmen call on the Department of Justice to investigate whether Google's wardriving practices violate wiretapping laws.
Fatalism, Realism -- Or The New Normal
Commentary  |  5/25/2012  | 
The 'new' reality that you can't stop a determined attacker and you've likely already been hacked has become an accepted mantra
IBM Bans Dropbox: Should SMBs Follow Suit?
News  |  5/24/2012  | 
IBM's about-face on bring-your-own policy might be too draconian for small companies, but it serves as a reminder that some popular cloud services come with inherent risks.
Stolen Laptop Exposes Boston Hospital Patient Data
News  |  5/24/2012  | 
An email attachment containing patient data was unencrypted and accessible
Malware Mania: Badware And Botnets Explode
Quick Hits  |  5/24/2012  | 
McAfee's new threat report for Q1 shows bots and PC and mobile malware on the rise
Security Expert Fools, Records Fake Antivirus Scammers
News  |  5/24/2012  | 
Phony AV scammers posing as Microsoft dialed the wrong number when they inadvertently phoned a security researcher at home -- who exposed their obvious lack of technical know-how
Android Malware Surges, Botnet Business Booms
News  |  5/24/2012  | 
McAfee reports thousands of new malware apps targeting Android appeared early this year, along with a steady stream of botnet updates.
London 2012 Olympics Scammers Seek Malicious Gold
News  |  5/24/2012  | 
Expect escalating levels of malware, fake mobile apps, and online scams in the lead-up to this summer's Olympics, warns the Department of Homeland Security.
Don't Be The Nerdiest Person In The Room
Commentary  |  5/24/2012  | 
Technical language has its place, but overuse hampers compliance
How To Detect And Root Out Sophisticated Malware
Quick Hits  |  5/24/2012  | 
New report offers insights on excising that hard-to-detect malware
Project Finds, Purges Vulnerable Code Snippets From The Net
News  |  5/23/2012  | 
Community effort hopes to clean up insecure code found in the public domain
Poorly Managed Firewall Rule Sets Will Flag An Audit
News  |  5/23/2012  | 
Auditors and compliance managers alike are depending on firewall management principles and tools to cut through the complexity
Google Spreads Word On DNSChanger Malware
News  |  5/23/2012  | 
After taking down the botnet, the FBI is still trying to alert 500,000 people that their PCs are infected with the malware. Some Google search users are now getting direct warnings.
7 Lessons From MilitarySingles.com Hack
News  |  5/23/2012  | 
LulzSec Reborn hacktivist group exploited the site's poor security checks on user-uploaded content, made away with easily cracked passwords.
Microsoft Bloatware Cleaning Offer Treats You Like Dirt
Commentary  |  5/23/2012  | 
For just $99, Microsoft will eliminate the junk added to its Windows 7 PCs by OEM manufacturers. Steve Jobs would have enjoyed this development.
Malware 'Licensing' Could Stymie Automated Analysis
News  |  5/22/2012  | 
The use of encryption and digital-rights management techniques by the authors of malicious code could make automated analysis of malware take longer and require human intervention more often
Are You A Human Confirms Man Or Machine With Games
Quick Hits  |  5/22/2012  | 
Start-up offers new type of CAPTCHA that doesn't rely on discerning and typing letters and numbers from distorted text prompts
Researchers 'Map' Android Malware Genome
News  |  5/22/2012  | 
New initiative promotes sharing of Android malware research worldwide, beefing up mobile anti-malware tools
Anonymous Hacks, Leaks U.S. Bureau of Justice Database
News  |  5/22/2012  | 
'Monday Mail Mayhem' campaign by hactivist group posts 1.7-GB archive of emails and other data online
Anonymous Leaks 1.7 GB Justice Department Database
News  |  5/22/2012  | 
Attackers were assisted by Anonymous affiliate AntiS3curityOPS, which launched its own anti-NATO attack against the Chicago Police Department website.
State Of Utah Fires Tech Director Over Breach
Quick Hits  |  5/22/2012  | 
Utah IT director 'lacked oversight and leadership' in incident that exposed personal details of 780,000, governor says
Revamp Mobile Policy To Secure The Cloud
News  |  5/21/2012  | 
A majority of employees bring their own devices into work and connect out to the cloud -- now it's time to gain greater control over the security of these devices
Iranian Hackers Claim They Compromised NASA SSL Digital Certificate
News  |  5/21/2012  | 
'Cyber Warriors Team' says it stole information on thousands of NASA researchers via a man-in-the middle attack
9 Lessons From Utah Data Breach
News  |  5/21/2012  | 
Breach of unencrypted data affected 28% of the state's residents; one in 10 had Social Security numbers stolen. How can you avoid such an epic fail?
Overlook The Obvious And Risk Everything
Commentary  |  5/21/2012  | 
Failure to follow fundamental common-sense security policies can produce disastrous results, as the state of Utah discovered
Security Leaders Urged To Take Action, Responsibility
Quick Hits  |  5/20/2012  | 
Talk is no longer enough for IT security pros, keynote speakers say at ISSA-LA conference
Page 1 / 3   >   >>


13 Russians Indicted for Massive Operation to Sway US Election
Kelly Sheridan, Associate Editor, Dark Reading,  2/16/2018
From DevOps to DevSecOps: Structuring Communication for Better Security
Robert Hawk, Privacy & Security Lead at xMatters,  2/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.