News & Commentary

Content posted in June 2011
Page 1 / 4   >   >>
Researchers Report New, 'Indestructible' Botnet
Quick Hits  |  6/30/2011  | 
TDL-4 features new defenses, Kaspersky researchers say; other experts not so sure about the 'indestructible' part
BeyondTrust Acquires Likewise Software Assets, Launches PowerBroker Identity Services
News  |  6/30/2011  | 
PowerBroker Identity Services, Enterprise Edition addresses the authentication, audit and reporting needs of companies running multiple operating systems
Mass-Meshing A Gumblar Creation
Commentary  |  6/30/2011  | 
Who doesn't love a new buzzword? 'Mass-meshing' is a new term that describes an old problem first presented by the Gumblar attacks in 2009
When Consumers Go To The Cloud, Businesses Should Watch Out
News  |  6/30/2011  | 
Companies should take a look at what cloud services their employees are using following last week's authentication bug at Dropbox
Targeted Attacks 10 Times More Profitable Than Mass Campaigns
News  |  6/30/2011  | 
New Cisco report finds it costs five times as much for a cybercriminal to execute a targeted attack, but it pays much more than a mass attack
LulzSec Successors Press On, Hitting Viacom, AZ
News  |  6/30/2011  | 
Hacking groups Anonymous and #AntiSec mount attacks on media companies and a previous LulzSec government target.
Up-And-Coming Botnet Uses Same Malware Kit As Defunct Mariposa
News  |  6/29/2011  | 
'Butterfly bot' kit steals financial information, but its licensing model could ultimately lead authorities to its newest botmasters
Epsilon Outlines Post-Breach Security Plans
News  |  6/29/2011  | 
Working with Verizon Business, marketing firm launches new secure services
Tablets Require More 'Sophisticated' Security
Quick Hits  |  6/28/2011  | 
Forrester Research report finds tablets all the rage, while mobile security lags
Symantec Examines Security Approaches In Apple's iOS And Google's Android
News  |  6/28/2011  | 
The mass adoption of both consumer and managed mobile devices exposes enterprises to new security risks
LulzSec Went After Qakbot, Mariposa Bots
News  |  6/28/2011  | 
Meanwhile, Anonymous offering bot-herding, other hacker training for its recruits via IRC, security expert says
Microsoft Wins Patent For Internet Spying Technology
News  |  6/28/2011  | 
The company has patented a method for intercepting Web-based communications so they can silently be recorded.
New Chubb Service Helps Businesses Minimize Fallout From Data Breach
News  |  6/28/2011  | 
Service is available through eRisk Hub
LulzSec Members Apparently Outed
News  |  6/28/2011  | 
An anonymous post claims to put names to four of the group's six members, leading security experts to predict imminent arrests.
DHS, Mitre Name SQL Injection Flaws As Most Dangerous Software Error
Quick Hits  |  6/28/2011  | 
Top 25 list also cites OS command errors, buffer overflow vulns at top of list
Passwords: Tips For Better Security
News  |  6/27/2011  | 
You can make your passwords more secure if you follow a few simple rules: Don't reuse passwords, make them long and random, and don't be afraid to write them down, say security experts.
New Metasploit Tools Help Find Security Blind Spots
Commentary  |  6/27/2011  | 
Upcoming vSploit modules for the Metasploit Framework imitate compromised or vulnerable hosts in the network
LulzSec Signs Off, But Attacks Don't -- And Won't -- Stop
News  |  6/27/2011  | 
Anonymous dumps new round of passwords, corporate network IP addresses
Feds Identify Top 25 Software Vulnerabilities
News  |  6/27/2011  | 
Department of Homeland Security worked with non-profits and the private sector to come up with a list of the most worrisome threats and how organizations can mitigate them.
Health Data Losses: Don't Blame Hackers
News  |  6/27/2011  | 
Physical theft and lost computing devices are responsible for most of the health data that has been compromised, not hacking, according to U.S. Dept. of Health and Human Services.
LulzSec Hackers Retire: Time To Rethink Risk
News  |  6/27/2011  | 
The group stops hacking after a 50-day spree and security experts say IT had better learn a lesson about risk management.
DARPA Sharpens Focus On Video Analysis Technology
News  |  6/27/2011  | 
The VIRAT and PerSEAS programs aim to create better ways to detect dangerous behavior, such as burying improvised explosive devices, during combat.
DARPA To Invest $1 Billion In Defense Manufacturing
News  |  6/24/2011  | 
The investment over five years will support the Obama administration's Advanced Manufacturing Partnership, which includes an effort to spur innovation in American industry.
Drug Prescription Data Mining Cleared By Supreme Court
News  |  6/24/2011  | 
A Vermont Law that forbade using prescription information collected by pharmacies for marketing purposes was declared unconstitutional on First Amendment grounds.
Who Bears Online Fraud Burden: Bank Or Business?
News  |  6/24/2011  | 
Two recent court cases with very different outcomes call attention to the uncertain--and potentially expensive--regulatory and legal environment for small businesses and their online banking security.
Are LulzSec, Anonymous The Pissed-Off Canary In The Coal Mine?
Commentary  |  6/24/2011  | 
LulzSec and Anonymous could be doing the world a favor by showcasing weak systems, and their actions suggest these systems and others like them could have been compromised for months by those wanting to do harm
LulzSec Hacks Arizona Police Computers
News  |  6/24/2011  | 
Hacktivist group posts a torrent containing internal files lifted from law-enforcement as part of global cybercrime campaign against governments.
Former College Kid's Guilty Plea To Hacking Highlights Low-Tech DB Theft
News  |  6/24/2011  | 
Defendants targeted university's databases of faculty, staff, alumni, and student information, and financial accounts with a social engineering scheme that used poisoned USBs, phishing emails
More Than Half Of Companies Have Experienced Multiple Breaches, Study Says
Quick Hits  |  6/24/2011  | 
Ninety percent have had at least one breach; 41 percent say a breach cost them $500,000 or more
High-Profile Hacks Prompt High-Powered Hires
News  |  6/23/2011  | 
From rock-star CSOs to hot-shot junior incident-response specialists, recruiting is on the rise as breaches dominate the headlines
Eavesdropper Steals Quantum Crypto Keys
News  |  6/23/2011  | 
So-called "perfect eavesdropper" steals keys while they're being negotiated, without alerting users.
Privacy Surveys Breed Privacy Fear, Google Researchers Say
News  |  6/23/2011  | 
Survey bias is creating misunderstanding of our feelings on online privacy, Google says. One privacy advocate weighs in.
Two Fake AV Rings Busted By FBI In 'Operation Trident Tribunal'
Quick Hits  |  6/23/2011  | 
Reports out of the Ukraine appear to indicate that the Conficker worm might have been one of the vehicles for spreading the scareware
FBI Breaks Up Two Big Scareware Rings
News  |  6/23/2011  | 
Feds seize equipment and trigger arrests as "Operation Trident Tribunal" targets scareware campaigns that collectively stole $74 million.
Next Virus Victim: Your Doctor's Or Nurse's iPad?
News  |  6/23/2011  | 
Networked devices used by medical personnel carry vulnerability to viruses and security threats, requiring careful teamwork between IT and clinical engineering, experts say.
Massive Spam Campaign Masquerades As Failed Wire Transfer
Quick Hits  |  6/23/2011  | 
Graphics hosted by Federal Reserve bear the password-stealing Zeus Trojan
Spear Phishers Aiming At SMBs
News  |  6/22/2011  | 
Pilfered email addresses and personal information from Epsilon and Sony breaches will make attacks on SMBs even more likely.
WordPress Warns Of Trojanized Plug-Ins, Urges Patching
News  |  6/22/2011  | 
Attackers added a back door to three plug-ins that were available for download from WordPress for more than 24 hours.
LulzSec Takes Hit, Keeps On Hacking
News  |  6/22/2011  | 
British authorities charge teenager with launching DDoS attack, and anti-LulzSec group says it's tracing identities of the hacking group's members.
'John The Ripper' Gets A Face-Lift
News  |  6/22/2011  | 
Popular open-source password-cracking tool now faster, and backed with Rapid7 sponsorship
Spear Phishers Aiming At SMBs
News  |  6/22/2011  | 
Pilfered email addresses and personal information from Epsilon and Sony breaches will make attacks on SMBs even more likely
SMBs Face Social Media Security Challenges
News  |  6/22/2011  | 
Wedge Networks upgrades its deep content inspection network gateway to monitor social media and Web application traffic for security risks.
The End Is Near For Paid Antivirus On PCs
Commentary  |  6/22/2011  | 
The rise of free but "good enough" software spells an end to the days of having to pay for PC antivirus software.
IT Pros Lose Sleep Over Spyware, Not APT
Quick Hits  |  6/21/2011  | 
eEye survey finds most IT admins, managers, and C-level executives consider Stuxnet, Operation Aurora, and other high-profile targeted threats 'minor' concerns
LulzSec, Anonymous: Feds Most Wanted
News  |  6/21/2011  | 
While the hacker groups have drawn attention with public boasts, federal investigators have set up shop in numerous social media sites, going undercover where necessary to root cyber criminals.
Malware Increasingly Being Signed With Stolen Certificates
News  |  6/21/2011  | 
Cybercriminals target legitimate software vendors looking for the keys needed to sign software, helping them defeat security measures
Using DNS As Malware-, Botnet-Fighting Tool
News  |  6/21/2011  | 
New feature in OpenDNS service blocks bad IPs, stops bots from 'phoning home'
RPost Email Encryption Upgrade Adds Enterprise Security Intelligence
News  |  6/21/2011  | 
RPost email encryption upgrade permits senders to have message security anywhere
Dropbox Files Left Unprotected, Open To All
News  |  6/21/2011  | 
A software bug rendered the account authentication mechanism non-functional for four hours, leaving customers fuming over the latest security lapse at the popular online file storage service.
Page 1 / 4   >   >>


Data Privacy Careers Are Helping to Close the IT Gender Gap
Dana Simberkoff, Chief Risk, Privacy, and Information Security Officer, AvePoint, Inc.,  8/20/2018
Ohio Man Sentenced To 15 Months For BEC Scam
Dark Reading Staff 8/20/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15667
PUBLISHED: 2018-08-21
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. It registers and uses the airmail:// URL scheme. The "send" command in the URL scheme allows an external application to send arbitrary emails from an active account without authentication. The handler has no restriction on who can...
CVE-2018-15668
PUBLISHED: 2018-08-21
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The "send" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL parameters for the "send" command with the "attachment_" prefix designate atta...
CVE-2018-15669
PUBLISHED: 2018-08-21
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are...
CVE-2018-15670
PUBLISHED: 2018-08-21
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that OpenURL is the default URL handler. A navigation request is processed by the default URL handler only if t...
CVE-2018-15671
PUBLISHED: 2018-08-21
An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stack consumption has been detected in the function H5P__get_cb() in H5Pint.c during an attempted parse of a crafted HDF file. This results in denial of service.