Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in May 2012
<<   <   Page 3 / 3
Windows Gets Privacy Boost For DNS
News  |  5/9/2012  | 
New public-domain 'VPN For DNS' technology encrypts exposed link between Windows machines and DNS
Mass SQL Injections Spike Again
News  |  5/9/2012  | 
Experts warn orgs to keep up with patches and sanitize input to mitigate risks
Twitter Downplays Breach That Exposed Passwords
News  |  5/9/2012  | 
Nearly 60,000 Twitter usernames and passwords released via Pastebin, but social networking service says half are for blocked spam accounts or duplicates.
Army Eyes Monitoring Tools To Stop WikiLeaks Repeat
News  |  5/9/2012  | 
Keystroke monitoring may be just a start as Army seeks ways to sift through soldiers' website visits, search queries, and other work, watching for abnormal behavior and trying to stop inside attacks.
Trojans Make Up 80 Percent Of All New Malware
Quick Hits  |  5/8/2012  | 
China has the most infected PCs in the world, and 6 million new pieces of malware appeared in Q1 2012, new PandaLabs report says
McAfee Adds Scale, VMWare Support To Security Platform
McAfee Adds Scale, VMWare Support To Security Platform
Dark Reading Videos  |  5/8/2012  | 
McAfee announced three new additions to its security family at Interop in Las Vegas this week, including an improvement in performance and scalability, and some enhancements to its support for virtual environments.
Targeted Attack Infiltrates At Least 20 Companies
News  |  5/8/2012  | 
Attackers conducted a sustained espionage campaign against a score of private- and public-sector targets with links to policies of interest to China
How To Better Measure Botnet Size
News  |  5/8/2012  | 
Efforts under way to get more accurate accounting of bot-infected machines
Myspace Settles FTC Privacy Complaint
News  |  5/8/2012  | 
Now faded social network must tell the truth about how it handles personal information and undergo privacy audits for the next two decades.
Apple Fixes Serious iOS Security Bugs
News  |  5/8/2012  | 
Apple iOS version 5.1.1 patches three big iPhone and iPad vulnerabilities. But OS X Lion update results in FileVault passwords being stored in plaintext.
Screw Compliance, We're Trying to Survive
Commentary  |  5/8/2012  | 
In tough times, compliance efforts may seem optional
DHS Warns Of Cyberattack On Natural Gas Pipeline Companies
Quick Hits  |  5/7/2012  | 
Cybercampaign against multiple U.S. utility companies began four months ago, agency says
Crypto In The Cloud Secures Data In Spite Of Providers
News  |  5/7/2012  | 
With companies increasingly worried about their data in the cloud, a number of providers have cropped up to offer various types of encryption
Security Top Concern Of Federal CIOs
News  |  5/7/2012  | 
CIOs at federal agencies want better advance planning and new metrics for security monitoring as they deal with growing internal and external threats.
10 Symptoms Of Check-Box Compliance
News  |  5/7/2012  | 
These telltale signs show you care more about what the auditors think than what the attackers do
Jericho Botnet Targets Banks And Financial Institutions
Quick Hits  |  5/6/2012  | 
Botnet operators seek to steal passwords and credentials for financial gain, Palo Alto Networks researchers say
IBM Profiles The New CSO, Security Exec
News  |  5/4/2012  | 
Infosec leaders say their role in the business is maturing, with roughly three-fourths now doing more than just responding to breaches and handling compliance, a new survey reveals
Analyzing Android, iOS Apps For Weak Data Protection, Cleartext Passwords
Commentary  |  5/4/2012  | 
Analysis reveals mobile apps designed to protect files and passwords do a poor job, often storing them in plain text and use weak obfuscation techniques.
5 Facebook Privacy Blind Spots
News  |  5/4/2012  | 
Consumer Reports survey reveals how users put their privacy at risk on the social network
Has Anonymous Ruined Online Anonymity?
Commentary  |  5/4/2012  | 
Anonymous, the hacktivist collective, has given anonymity a bad name. Yes, anonymous online services may be used to send bomb threats or abusive messages, but anonymity also does some good online.
Norton 360 Everywhere Available Today
News  |  5/3/2012  | 
Provides protection for PCs, Macs, Android-based phones, and tablets
2012 Strategic Security Survey: Pick The Right Battles
News  |  5/3/2012  | 
Whether it's cloud computing, mobile devices, or insecure software, some threats are more prevalent than others. Our latest survey delves into where security pros are putting their resources.
No Exploit Required: How Attackers Exploit Business Logic Flaws
Quick Hits  |  5/3/2012  | 
NT Objectives lists the main vectors of attack that exploit not bugs, but weaknesses in an application
Facebook Privacy: 5 Most Ignored Mistakes
News  |  5/3/2012  | 
A Consumer Reports survey of Facebook users reveals many people still ignore privacy controls and sharing risks. Do you understand the common mistakes that could bite back?
Microsoft Fingers Chinese Firewall/IPS Vendor In Windows Exploit Leak
News  |  5/3/2012  | 
Chinese firewall and IPS vendor Hangzhou DPTech Technologies kicked out of Microsoft Active Protections Program (MAPP) for its role in disclosure of Windows Remote Desktop (RDP) flaw earlier this year
6 Discoveries That Prove Mobile Malware's Mettle
News  |  5/3/2012  | 
Trojans, botnets, adware, and more are jumping from theoretical to practical
Global Payments Breach: Fresh Questions On Timing
News  |  5/3/2012  | 
Did the Global Payments data breach that exposed at least 1.5 million credit and debit card numbers date back to 2011? As new evidence is reported, Global Payments declines comment on timeframe.
Slide Show: Security Gets Graphic
News  |  5/3/2012  | 
Notice that security companies have started producing a lot of infographics? We sure have. Here's a selection
Anonymous, LulzSec Case In U.S. Expanded By Feds
News  |  5/3/2012  | 
Expanded indictment against Anonymous, LulzSec leaders now includes Jeremy Hammond, accused of masterminding hacktivist attacks against Arizona police and Stratfor websites.
7 Ways Oracle Hurts Database Customers' Security
News  |  5/3/2012  | 
Oracle's missteps during the TNS Poison disclosure debacle highlight its ongoing failures in helping customers secure their databases.
7 Ways Oracle Puts Database Customers At Risk
News  |  5/2/2012  | 
Oracle's missteps during the TNS Poison disclosure debacle highlights its failures in helping customers secure their databases
How To Fix The Gaping Holes In Mobile Security
News  |  5/2/2012  | 
IT's juggling laptop policies and Wi-Fi policies and BYOD policies--and the result is unacceptable security gaps.
New Service Lets Users Scramble Data On Social Networks
Quick Hits  |  5/2/2012  | 
Scrambls service makes postings unreadable to all but those with permission
Microsoft Skype IP Leakage Not New, Report Contends
News  |  5/2/2012  | 
Microsoft says it is investigating a report of a vulnerability that can expose the IP addresses of Skype users
Skype Bug Divulges IP Addresses
News  |  5/2/2012  | 
Microsoft investigating feature that lets attacker identify the internal and external IP addresses of anyone who's logged into Skype.
Effective Security Policy: Emphasis On Execution
Commentary  |  5/2/2012  | 
When it comes to mounting a successful defense in what is a fast-changing threat environment, best practices require consistent execution
Russian Cybercrime Doubled Last Year To $2.3 Billion
Quick Hits  |  5/2/2012  | 
Organized crime groups unite Russian cybercrime gangs, report says
What Works For One Does Not Work For Two
Commentary  |  5/1/2012  | 
To remain compliant, your approach must grow in scale with your business
Apple Mac Flashback Trojan Gang Still Making Money
News  |  5/1/2012  | 
Meanwhile, a 3-year-old patched bug in Microsoft Office for Macintosh is still being exploited
Mac Flashback Malware Bags Big Bucks
News  |  5/1/2012  | 
Analysis of the Flashback malware code estimates that botnet operators are earning $10,000 per day. Users of older Mac operating systems remain at risk.
Android Apps Slurp Excessive Data
News  |  5/1/2012  | 
Nearly half of leading Android apps access more types of data than they require, finds a new security study.
Healthcare Unable To Keep Up With Insider Threats
News  |  5/1/2012  | 
Insiders played a role in recent breaches at Utah Department of Health, Emory, and South Carolina Department of Health and Human Services
Google Wardriving: How Engineering Trumped Privacy
Commentary  |  5/1/2012  | 
Blame the Street View data collection practices on a "more is more" engineering mindset. And rethink your notions about privacy for unencrypted Wi-Fi data.
<<   <   Page 3 / 3


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-16060
PUBLISHED: 2021-10-15
Mitsubishi Electric SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI.
CVE-2018-16061
PUBLISHED: 2021-10-15
Mitsubishi Electric SmartRTU devices allow XSS via the username parameter or PATH_INFO to login.php.
CVE-2021-27561
PUBLISHED: 2021-10-15
Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.
CVE-2020-4951
PUBLISHED: 2021-10-15
IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information.
CVE-2021-28021
PUBLISHED: 2021-10-15
Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file.