Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in May 2012
Page 1 / 3   >   >>
Companies See Business In 'Doxing' The Adversary
News  |  5/31/2012  | 
It's not a malware problem -- it's an adversary problem: More security firms are focusing on the people behind the keyboards in order to stymie attacks
Is Lax SMB Security A Myth?
News  |  5/31/2012  | 
Small and mid-size businesses defy perception by spending more than ever on security, according to a new IDC report. Now growing twice as fast as overall IT budgets, SMB security spending will total $5.6 billion in 2015.
State-Sponsored Backdoor Or Programming Faux Pas?
Commentary  |  5/31/2012  | 
Backdoor in Android-based handsets sponsor, bad programming, or a #win for Apple's stringent application QA process?
Former Federal Reserve Bank Contractor Pleads Guilty In Code Theft
Quick Hits  |  5/31/2012  | 
Deal in case of theft of accounting software worth $9.5 million could cut programmer's prison sentence from 10 years to less than two
How Flame Hid In Plain Sight For Years
News  |  5/31/2012  | 
Easy-to-crack encryption likely helped keep Flame alive, as well as its resemblance to conventional software
Flame Malware's Ties To Stuxnet, Duqu: Details Emerge
News  |  5/31/2012  | 
All three pieces of malware seemingly commissioned by the same entity and developed on the same platform, but by different groups of developers, security researchers say.
New Advanced Persistent Threat, IXESHE, On The Rise
Quick Hits  |  5/31/2012  | 
Malware makes use of targeted email with malicious attachments
U of Nebraska Breach Highlights Education In Crosshairs
News  |  5/30/2012  | 
Database containing 654,000 exposed through 'targeted' attack
Iranian CERT Takes Center Stage With Flame
News  |  5/30/2012  | 
Yes, Iran has a Computer Emergency Response Team (CERT), too -- and it has made its debut in the global security arena with Flame research, removal tool
Obama Administration Partners With Industry To Fight Botnets
News  |  5/30/2012  | 
At a White House event Wednesday, officials unveiled a series of initiatives meant to fight botnet infections
Kim Dotcom Gets Access To FBI's Megaupload Documents
News  |  5/30/2012  | 
Dotcom's defense campaign won a boost when a New Zealand judge refused to rubber-stamp U.S. prosecutors' request for extradition.
Flame FAQ: 11 Facts About Complex Malware
News  |  5/30/2012  | 
Size of Flame dwarfs existing spyware, keyloggers, and other malware. Drill down for a closer look at the crucial technology and military issues.
Flame's Big Question: What Else Is Lurking?
News  |  5/30/2012  | 
Stealth and scope of Flame intrigues researchers looking for other nation-state sponsored spyware and attacks.
Database Monitoring, SIEM Top IT's List
Quick Hits  |  5/29/2012  | 
IT organizations want better visibility into their network in order to react more quickly to advanced threats, McAfee report finds
Top 5 Myths About Insider Threats
News  |  5/29/2012  | 
Myths about who insiders are and how they're putting data at risk keep mitigation efforts at bay
Are Your Secrets Safe In The Cloud?
News  |  5/29/2012  | 
With so much data being hosted in the cloud, companies need to look at side-channel attacks to make sure they know who has access to their data and how to keep it secret
'Flame' Fans Notion Of More Weapons Yet To Be Found
News  |  5/29/2012  | 
Targeted attack looks a lot like conventional spyware, but with some major twists -- and questions about links to Stuxnet, Duqu
Data Breach Costs Massachusetts Hospital $750K
News  |  5/29/2012  | 
South Shore Hospital pays a hefty $750,000 to settle a lawsuit alleging that it failed to protect personal and confidential patient information.
SSD Tiering: Why Caching Won't Die
Commentary  |  5/29/2012  | 
Solid state storage is fast, but speed alone doesn't solve data management challenges.
FBI Busts Mayor For Hacking Recall Website
News  |  5/29/2012  | 
New Jersey mayor and son arrested and accused of targeting website and email account associated with a campaign to recall the mayor.
Newly Discovered 'Flame' Cyberespionage Tool Infects Iran, Middle East
News  |  5/29/2012  | 
Malware, described as the most complex ever discovered, has the markings of Western intelligence agencies and has been around since at least 2010
Flame Espionage Malware Seeks Middle East Data
News  |  5/29/2012  | 
Flame malware, described as the most complex ever discovered, has the markings of Western intelligence agencies. Security researchers believe it's been gathering information from Iran, Lebanon, Syria, and other countries since at least 2010.
Social Engineers Steal 500,000 Customers' Data From WHMCS
Quick Hits  |  5/29/2012  | 
Client management billing platform provider says its hosting provider was breached
Cutting The Lag Between Detection And Action
News  |  5/25/2012  | 
Detecting a threat does little good if the targeted company is not ready to respond. Security experts weigh in on ways to speed a business' response to threats
Reopen Google Wi-Fi Investigation, Say Lawmakers
News  |  5/25/2012  | 
Two Congressmen call on the Department of Justice to investigate whether Google's wardriving practices violate wiretapping laws.
Fatalism, Realism -- Or The New Normal
Commentary  |  5/25/2012  | 
The 'new' reality that you can't stop a determined attacker and you've likely already been hacked has become an accepted mantra
IBM Bans Dropbox: Should SMBs Follow Suit?
News  |  5/24/2012  | 
IBM's about-face on bring-your-own policy might be too draconian for small companies, but it serves as a reminder that some popular cloud services come with inherent risks.
Stolen Laptop Exposes Boston Hospital Patient Data
News  |  5/24/2012  | 
An email attachment containing patient data was unencrypted and accessible
Malware Mania: Badware And Botnets Explode
Quick Hits  |  5/24/2012  | 
McAfee's new threat report for Q1 shows bots and PC and mobile malware on the rise
Security Expert Fools, Records Fake Antivirus Scammers
News  |  5/24/2012  | 
Phony AV scammers posing as Microsoft dialed the wrong number when they inadvertently phoned a security researcher at home -- who exposed their obvious lack of technical know-how
Android Malware Surges, Botnet Business Booms
News  |  5/24/2012  | 
McAfee reports thousands of new malware apps targeting Android appeared early this year, along with a steady stream of botnet updates.
London 2012 Olympics Scammers Seek Malicious Gold
News  |  5/24/2012  | 
Expect escalating levels of malware, fake mobile apps, and online scams in the lead-up to this summer's Olympics, warns the Department of Homeland Security.
Don't Be The Nerdiest Person In The Room
Commentary  |  5/24/2012  | 
Technical language has its place, but overuse hampers compliance
How To Detect And Root Out Sophisticated Malware
Quick Hits  |  5/24/2012  | 
New report offers insights on excising that hard-to-detect malware
Project Finds, Purges Vulnerable Code Snippets From The Net
News  |  5/23/2012  | 
Community effort hopes to clean up insecure code found in the public domain
Poorly Managed Firewall Rule Sets Will Flag An Audit
News  |  5/23/2012  | 
Auditors and compliance managers alike are depending on firewall management principles and tools to cut through the complexity
Google Spreads Word On DNSChanger Malware
News  |  5/23/2012  | 
After taking down the botnet, the FBI is still trying to alert 500,000 people that their PCs are infected with the malware. Some Google search users are now getting direct warnings.
7 Lessons From MilitarySingles.com Hack
News  |  5/23/2012  | 
LulzSec Reborn hacktivist group exploited the site's poor security checks on user-uploaded content, made away with easily cracked passwords.
Microsoft Bloatware Cleaning Offer Treats You Like Dirt
Commentary  |  5/23/2012  | 
For just $99, Microsoft will eliminate the junk added to its Windows 7 PCs by OEM manufacturers. Steve Jobs would have enjoyed this development.
Malware 'Licensing' Could Stymie Automated Analysis
News  |  5/22/2012  | 
The use of encryption and digital-rights management techniques by the authors of malicious code could make automated analysis of malware take longer and require human intervention more often
Are You A Human Confirms Man Or Machine With Games
Quick Hits  |  5/22/2012  | 
Start-up offers new type of CAPTCHA that doesn't rely on discerning and typing letters and numbers from distorted text prompts
Researchers 'Map' Android Malware Genome
News  |  5/22/2012  | 
New initiative promotes sharing of Android malware research worldwide, beefing up mobile anti-malware tools
Anonymous Hacks, Leaks U.S. Bureau of Justice Database
News  |  5/22/2012  | 
'Monday Mail Mayhem' campaign by hactivist group posts 1.7-GB archive of emails and other data online
Anonymous Leaks 1.7 GB Justice Department Database
News  |  5/22/2012  | 
Attackers were assisted by Anonymous affiliate AntiS3curityOPS, which launched its own anti-NATO attack against the Chicago Police Department website.
State Of Utah Fires Tech Director Over Breach
Quick Hits  |  5/22/2012  | 
Utah IT director 'lacked oversight and leadership' in incident that exposed personal details of 780,000, governor says
Revamp Mobile Policy To Secure The Cloud
News  |  5/21/2012  | 
A majority of employees bring their own devices into work and connect out to the cloud -- now it's time to gain greater control over the security of these devices
Iranian Hackers Claim They Compromised NASA SSL Digital Certificate
News  |  5/21/2012  | 
'Cyber Warriors Team' says it stole information on thousands of NASA researchers via a man-in-the middle attack
9 Lessons From Utah Data Breach
News  |  5/21/2012  | 
Breach of unencrypted data affected 28% of the state's residents; one in 10 had Social Security numbers stolen. How can you avoid such an epic fail?
Overlook The Obvious And Risk Everything
Commentary  |  5/21/2012  | 
Failure to follow fundamental common-sense security policies can produce disastrous results, as the state of Utah discovered
Security Leaders Urged To Take Action, Responsibility
Quick Hits  |  5/20/2012  | 
Talk is no longer enough for IT security pros, keynote speakers say at ISSA-LA conference
Page 1 / 3   >   >>

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-07-04
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, where a user with high privileges can chain another vulnerability to this vulnerability, causing an integer overflow, possibly leading to code execution, escalation of privileges, denial of service, compromised integrity, and informat...
PUBLISHED: 2022-07-04
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmbiosPei, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure.
PUBLISHED: 2022-07-04
NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with elevated privileges and a preconditioned heap can exploit an out-of-bounds write vulnerability, which may lead to code execution, denial of service, data integrity impact, and information disclosure.
PUBLISHED: 2022-07-04
NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global data can exploit improper validation of an array index to cause code execution, which may lead to denial of service, data integrity impact, and information disclosu...
PUBLISHED: 2022-07-04
NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other ...