Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in June 2011
Page 1 / 4   >   >>
Researchers Report New, 'Indestructible' Botnet
Quick Hits  |  6/30/2011  | 
TDL-4 features new defenses, Kaspersky researchers say; other experts not so sure about the 'indestructible' part
BeyondTrust Acquires Likewise Software Assets, Launches PowerBroker Identity Services
News  |  6/30/2011  | 
PowerBroker Identity Services, Enterprise Edition addresses the authentication, audit and reporting needs of companies running multiple operating systems
Mass-Meshing A Gumblar Creation
Commentary  |  6/30/2011  | 
Who doesn't love a new buzzword? 'Mass-meshing' is a new term that describes an old problem first presented by the Gumblar attacks in 2009
When Consumers Go To The Cloud, Businesses Should Watch Out
News  |  6/30/2011  | 
Companies should take a look at what cloud services their employees are using following last week's authentication bug at Dropbox
Targeted Attacks 10 Times More Profitable Than Mass Campaigns
News  |  6/30/2011  | 
New Cisco report finds it costs five times as much for a cybercriminal to execute a targeted attack, but it pays much more than a mass attack
LulzSec Successors Press On, Hitting Viacom, AZ
News  |  6/30/2011  | 
Hacking groups Anonymous and #AntiSec mount attacks on media companies and a previous LulzSec government target.
Up-And-Coming Botnet Uses Same Malware Kit As Defunct Mariposa
News  |  6/29/2011  | 
'Butterfly bot' kit steals financial information, but its licensing model could ultimately lead authorities to its newest botmasters
Epsilon Outlines Post-Breach Security Plans
News  |  6/29/2011  | 
Working with Verizon Business, marketing firm launches new secure services
Tablets Require More 'Sophisticated' Security
Quick Hits  |  6/28/2011  | 
Forrester Research report finds tablets all the rage, while mobile security lags
Symantec Examines Security Approaches In Apple's iOS And Google's Android
News  |  6/28/2011  | 
The mass adoption of both consumer and managed mobile devices exposes enterprises to new security risks
LulzSec Went After Qakbot, Mariposa Bots
News  |  6/28/2011  | 
Meanwhile, Anonymous offering bot-herding, other hacker training for its recruits via IRC, security expert says
Microsoft Wins Patent For Internet Spying Technology
News  |  6/28/2011  | 
The company has patented a method for intercepting Web-based communications so they can silently be recorded.
New Chubb Service Helps Businesses Minimize Fallout From Data Breach
News  |  6/28/2011  | 
Service is available through eRisk Hub
LulzSec Members Apparently Outed
News  |  6/28/2011  | 
An anonymous post claims to put names to four of the group's six members, leading security experts to predict imminent arrests.
DHS, Mitre Name SQL Injection Flaws As Most Dangerous Software Error
Quick Hits  |  6/28/2011  | 
Top 25 list also cites OS command errors, buffer overflow vulns at top of list
Passwords: Tips For Better Security
News  |  6/27/2011  | 
You can make your passwords more secure if you follow a few simple rules: Don't reuse passwords, make them long and random, and don't be afraid to write them down, say security experts.
New Metasploit Tools Help Find Security Blind Spots
Commentary  |  6/27/2011  | 
Upcoming vSploit modules for the Metasploit Framework imitate compromised or vulnerable hosts in the network
LulzSec Signs Off, But Attacks Don't -- And Won't -- Stop
News  |  6/27/2011  | 
Anonymous dumps new round of passwords, corporate network IP addresses
Feds Identify Top 25 Software Vulnerabilities
News  |  6/27/2011  | 
Department of Homeland Security worked with non-profits and the private sector to come up with a list of the most worrisome threats and how organizations can mitigate them.
Health Data Losses: Don't Blame Hackers
News  |  6/27/2011  | 
Physical theft and lost computing devices are responsible for most of the health data that has been compromised, not hacking, according to U.S. Dept. of Health and Human Services.
LulzSec Hackers Retire: Time To Rethink Risk
News  |  6/27/2011  | 
The group stops hacking after a 50-day spree and security experts say IT had better learn a lesson about risk management.
DARPA Sharpens Focus On Video Analysis Technology
News  |  6/27/2011  | 
The VIRAT and PerSEAS programs aim to create better ways to detect dangerous behavior, such as burying improvised explosive devices, during combat.
DARPA To Invest $1 Billion In Defense Manufacturing
News  |  6/24/2011  | 
The investment over five years will support the Obama administration's Advanced Manufacturing Partnership, which includes an effort to spur innovation in American industry.
Drug Prescription Data Mining Cleared By Supreme Court
News  |  6/24/2011  | 
A Vermont Law that forbade using prescription information collected by pharmacies for marketing purposes was declared unconstitutional on First Amendment grounds.
Who Bears Online Fraud Burden: Bank Or Business?
News  |  6/24/2011  | 
Two recent court cases with very different outcomes call attention to the uncertain--and potentially expensive--regulatory and legal environment for small businesses and their online banking security.
Are LulzSec, Anonymous The Pissed-Off Canary In The Coal Mine?
Commentary  |  6/24/2011  | 
LulzSec and Anonymous could be doing the world a favor by showcasing weak systems, and their actions suggest these systems and others like them could have been compromised for months by those wanting to do harm
LulzSec Hacks Arizona Police Computers
News  |  6/24/2011  | 
Hacktivist group posts a torrent containing internal files lifted from law-enforcement as part of global cybercrime campaign against governments.
Former College Kid's Guilty Plea To Hacking Highlights Low-Tech DB Theft
News  |  6/24/2011  | 
Defendants targeted university's databases of faculty, staff, alumni, and student information, and financial accounts with a social engineering scheme that used poisoned USBs, phishing emails
More Than Half Of Companies Have Experienced Multiple Breaches, Study Says
Quick Hits  |  6/24/2011  | 
Ninety percent have had at least one breach; 41 percent say a breach cost them $500,000 or more
High-Profile Hacks Prompt High-Powered Hires
News  |  6/23/2011  | 
From rock-star CSOs to hot-shot junior incident-response specialists, recruiting is on the rise as breaches dominate the headlines
Eavesdropper Steals Quantum Crypto Keys
News  |  6/23/2011  | 
So-called "perfect eavesdropper" steals keys while they're being negotiated, without alerting users.
Privacy Surveys Breed Privacy Fear, Google Researchers Say
News  |  6/23/2011  | 
Survey bias is creating misunderstanding of our feelings on online privacy, Google says. One privacy advocate weighs in.
Two Fake AV Rings Busted By FBI In 'Operation Trident Tribunal'
Quick Hits  |  6/23/2011  | 
Reports out of the Ukraine appear to indicate that the Conficker worm might have been one of the vehicles for spreading the scareware
FBI Breaks Up Two Big Scareware Rings
News  |  6/23/2011  | 
Feds seize equipment and trigger arrests as "Operation Trident Tribunal" targets scareware campaigns that collectively stole $74 million.
Next Virus Victim: Your Doctor's Or Nurse's iPad?
News  |  6/23/2011  | 
Networked devices used by medical personnel carry vulnerability to viruses and security threats, requiring careful teamwork between IT and clinical engineering, experts say.
Massive Spam Campaign Masquerades As Failed Wire Transfer
Quick Hits  |  6/23/2011  | 
Graphics hosted by Federal Reserve bear the password-stealing Zeus Trojan
Spear Phishers Aiming At SMBs
News  |  6/22/2011  | 
Pilfered email addresses and personal information from Epsilon and Sony breaches will make attacks on SMBs even more likely.
WordPress Warns Of Trojanized Plug-Ins, Urges Patching
News  |  6/22/2011  | 
Attackers added a back door to three plug-ins that were available for download from WordPress for more than 24 hours.
LulzSec Takes Hit, Keeps On Hacking
News  |  6/22/2011  | 
British authorities charge teenager with launching DDoS attack, and anti-LulzSec group says it's tracing identities of the hacking group's members.
'John The Ripper' Gets A Face-Lift
News  |  6/22/2011  | 
Popular open-source password-cracking tool now faster, and backed with Rapid7 sponsorship
Spear Phishers Aiming At SMBs
News  |  6/22/2011  | 
Pilfered email addresses and personal information from Epsilon and Sony breaches will make attacks on SMBs even more likely
SMBs Face Social Media Security Challenges
News  |  6/22/2011  | 
Wedge Networks upgrades its deep content inspection network gateway to monitor social media and Web application traffic for security risks.
The End Is Near For Paid Antivirus On PCs
Commentary  |  6/22/2011  | 
The rise of free but "good enough" software spells an end to the days of having to pay for PC antivirus software.
IT Pros Lose Sleep Over Spyware, Not APT
Quick Hits  |  6/21/2011  | 
eEye survey finds most IT admins, managers, and C-level executives consider Stuxnet, Operation Aurora, and other high-profile targeted threats 'minor' concerns
LulzSec, Anonymous: Feds Most Wanted
News  |  6/21/2011  | 
While the hacker groups have drawn attention with public boasts, federal investigators have set up shop in numerous social media sites, going undercover where necessary to root cyber criminals.
Malware Increasingly Being Signed With Stolen Certificates
News  |  6/21/2011  | 
Cybercriminals target legitimate software vendors looking for the keys needed to sign software, helping them defeat security measures
Using DNS As Malware-, Botnet-Fighting Tool
News  |  6/21/2011  | 
New feature in OpenDNS service blocks bad IPs, stops bots from 'phoning home'
RPost Email Encryption Upgrade Adds Enterprise Security Intelligence
News  |  6/21/2011  | 
RPost email encryption upgrade permits senders to have message security anywhere
Dropbox Files Left Unprotected, Open To All
News  |  6/21/2011  | 
A software bug rendered the account authentication mechanism non-functional for four hours, leaving customers fuming over the latest security lapse at the popular online file storage service.
Page 1 / 4   >   >>

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-10-22
Rasa X before 0.42.4 allows Directory Traversal during archive extraction. In the functionality that allows a user to load a trained model archive, an attacker has arbitrary write capability within specific directories via a crafted archive file.
PUBLISHED: 2021-10-22
SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled PHP file under the web root, because only the all-lowercase PHP file extensions were blo...
PUBLISHED: 2021-10-22
IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X...
PUBLISHED: 2021-10-22
eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows attackers to bypass a brute-force protection mechanism by using many different forged PHPSESSID values in HTTP Cookie header. This issue has been addressed by implementing bru...
PUBLISHED: 2021-10-22
GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack.