News & Commentary
Content posted in June 2011
|
Researchers Report New, 'Indestructible' Botnet
TDL-4 features new defenses, Kaspersky researchers say; other experts not so sure about the 'indestructible' part
Goode Intelligence Reveals Reasons To Use Mobile Phones For Biometric Security Purposes
Releases new analyst report
BeyondTrust Acquires Likewise Software Assets, Launches PowerBroker Identity Services
PowerBroker Identity Services, Enterprise Edition addresses the authentication, audit and reporting needs of companies running multiple operating systems
Mass-Meshing A Gumblar Creation
Who doesn't love a new buzzword? 'Mass-meshing' is a new term that describes an old problem first presented by the Gumblar attacks in 2009
When Consumers Go To The Cloud, Businesses Should Watch Out
Companies should take a look at what cloud services their employees are using following last week's authentication bug at Dropbox
Targeted Attacks 10 Times More Profitable Than Mass Campaigns
New Cisco report finds it costs five times as much for a cybercriminal to execute a targeted attack, but it pays much more than a mass attack
LulzSec Successors Press On, Hitting Viacom, AZ
Hacking groups Anonymous and #AntiSec mount attacks on media companies and a previous LulzSec government target.
Up-And-Coming Botnet Uses Same Malware Kit As Defunct Mariposa
'Butterfly bot' kit steals financial information, but its licensing model could ultimately lead authorities to its newest botmasters
Epsilon Outlines Post-Breach Security Plans
Working with Verizon Business, marketing firm launches new secure services
Tablets Require More 'Sophisticated' Security
Forrester Research report finds tablets all the rage, while mobile security lags
Symantec Examines Security Approaches In Apple's iOS And Google's Android
The mass adoption of both consumer and managed mobile devices exposes enterprises to new security risks
LulzSec Went After Qakbot, Mariposa Bots
Meanwhile, Anonymous offering bot-herding, other hacker training for its recruits via IRC, security expert says
Microsoft Wins Patent For Internet Spying Technology
The company has patented a method for intercepting Web-based communications so they can silently be recorded.
New Chubb Service Helps Businesses Minimize Fallout From Data Breach
Service is available through eRisk Hub
LulzSec Members Apparently Outed
An anonymous post claims to put names to four of the group's six members, leading security experts to predict imminent arrests.
DHS, Mitre Name SQL Injection Flaws As Most Dangerous Software Error
Top 25 list also cites OS command errors, buffer overflow vulns at top of list
Passwords: Tips For Better Security
You can make your passwords more secure if you follow a few simple rules: Don't reuse passwords, make them long and random, and don't be afraid to write them down, say security experts.
New Metasploit Tools Help Find Security Blind Spots
Upcoming vSploit modules for the Metasploit Framework imitate compromised or vulnerable hosts in the network
LulzSec Signs Off, But Attacks Don't -- And Won't -- Stop
Anonymous dumps new round of passwords, corporate network IP addresses
Feds Identify Top 25 Software Vulnerabilities
Department of Homeland Security worked with non-profits and the private sector to come up with a list of the most worrisome threats and how organizations can mitigate them.
Health Data Losses: Don't Blame Hackers
Physical theft and lost computing devices are responsible for most of the health data that has been compromised, not hacking, according to U.S. Dept. of Health and Human Services.
LulzSec Hackers Retire: Time To Rethink Risk
The group stops hacking after a 50-day spree and security experts say IT had better learn a lesson about risk management.
DARPA Sharpens Focus On Video Analysis Technology
The VIRAT and PerSEAS programs aim to create better ways to detect dangerous behavior, such as burying improvised explosive devices, during combat.
DARPA To Invest $1 Billion In Defense Manufacturing
The investment over five years will support the Obama administration's Advanced Manufacturing Partnership, which includes an effort to spur innovation in American industry.
Drug Prescription Data Mining Cleared By Supreme Court
A Vermont Law that forbade using prescription information collected by pharmacies for marketing purposes was declared unconstitutional on First Amendment grounds.
Who Bears Online Fraud Burden: Bank Or Business?
Two recent court cases with very different outcomes call attention to the uncertain--and potentially expensive--regulatory and legal environment for small businesses and their online banking security.
Are LulzSec, Anonymous The Pissed-Off Canary In The Coal Mine?
LulzSec and Anonymous could be doing the world a favor by showcasing weak systems, and their actions suggest these systems and others like them could have been compromised for months by those wanting to do harm
LulzSec Hacks Arizona Police Computers
Hacktivist group posts a torrent containing internal files lifted from law-enforcement as part of global cybercrime campaign against governments.
Former College Kid's Guilty Plea To Hacking Highlights Low-Tech DB Theft
Defendants targeted university's databases of faculty, staff, alumni, and student information, and financial accounts with a social engineering scheme that used poisoned USBs, phishing emails
More Than Half Of Companies Have Experienced Multiple Breaches, Study Says
Ninety percent have had at least one breach; 41 percent say a breach cost them $500,000 or more
High-Profile Hacks Prompt High-Powered Hires
From rock-star CSOs to hot-shot junior incident-response specialists, recruiting is on the rise as breaches dominate the headlines
Eavesdropper Steals Quantum Crypto Keys
So-called "perfect eavesdropper" steals keys while they're being negotiated, without alerting users.
Privacy Surveys Breed Privacy Fear, Google Researchers Say
Survey bias is creating misunderstanding of our feelings on online privacy, Google says. One privacy advocate weighs in.
Two Fake AV Rings Busted By FBI In 'Operation Trident Tribunal'
Reports out of the Ukraine appear to indicate that the Conficker worm might have been one of the vehicles for spreading the scareware
FBI Breaks Up Two Big Scareware Rings
Feds seize equipment and trigger arrests as "Operation Trident Tribunal" targets scareware campaigns that collectively stole $74 million.
Next Virus Victim: Your Doctor's Or Nurse's iPad?
Networked devices used by medical personnel carry vulnerability to viruses and security threats, requiring careful teamwork between IT and clinical engineering, experts say.
Massive Spam Campaign Masquerades As Failed Wire Transfer
Graphics hosted by Federal Reserve bear the password-stealing Zeus Trojan
Spear Phishers Aiming At SMBs
Pilfered email addresses and personal information from Epsilon and Sony breaches will make attacks on SMBs even more likely.
WordPress Warns Of Trojanized Plug-Ins, Urges Patching
Attackers added a back door to three plug-ins that were available for download from WordPress for more than 24 hours.
LulzSec Takes Hit, Keeps On Hacking
British authorities charge teenager with launching DDoS attack, and anti-LulzSec group says it's tracing identities of the hacking group's members.
'John The Ripper' Gets A Face-Lift
Popular open-source password-cracking tool now faster, and backed with Rapid7 sponsorship
Spear Phishers Aiming At SMBs
Pilfered email addresses and personal information from Epsilon and Sony breaches will make attacks on SMBs even more likely
SMBs Face Social Media Security Challenges
Wedge Networks upgrades its deep content inspection network gateway to monitor social media and Web application traffic for security risks.
The End Is Near For Paid Antivirus On PCs
The rise of free but "good enough" software spells an end to the days of having to pay for PC antivirus software.
IT Pros Lose Sleep Over Spyware, Not APT
eEye survey finds most IT admins, managers, and C-level executives consider Stuxnet, Operation Aurora, and other high-profile targeted threats 'minor' concerns
LulzSec, Anonymous: Feds Most Wanted
While the hacker groups have drawn attention with public boasts, federal investigators have set up shop in numerous social media sites, going undercover where necessary to root cyber criminals.
Malware Increasingly Being Signed With Stolen Certificates
Cybercriminals target legitimate software vendors looking for the keys needed to sign software, helping them defeat security measures
Using DNS As Malware-, Botnet-Fighting Tool
New feature in OpenDNS service blocks bad IPs, stops bots from 'phoning home'
RPost Email Encryption Upgrade Adds Enterprise Security Intelligence
RPost email encryption upgrade permits senders to have message security anywhere
Dropbox Files Left Unprotected, Open To All
A software bug rendered the account authentication mechanism non-functional for four hours, leaving customers fuming over the latest security lapse at the popular online file storage service.
|
White Papers
Video
3 Comments
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-19333
PUBLISHED: 2018-11-17
PUBLISHED: 2018-11-17
PUBLISHED: 2018-11-17
PUBLISHED: 2018-11-17
PUBLISHED: 2018-11-17
From DHS/US-CERT's National Vulnerability Database CVE-2018-19333
PUBLISHED: 2018-11-17
pkg/sentry/kernel/shm/shm.go in Google gVisor before 2018-11-01 allows attackers to overwrite memory locations in processes running as root (but not escape the sandbox) via vectors involving IPC_RMID shmctl calls, because reference counting is mishandled.
CVE-2018-19340PUBLISHED: 2018-11-17
Guriddo Form PHP 5.3 has XSS via the demos/jqform/defaultnodb/default.php OrderID, ShipName, ShipAddress, ShipCity, ShipPostalCode, ShipCountry, Freight, or details parameter.
CVE-2018-19327PUBLISHED: 2018-11-17
An issue was discovered in JTBC(PHP) 3.0.1.7. aboutus/manage.php?type=action&action=add allows CSRF.
CVE-2018-19328PUBLISHED: 2018-11-17
LAOBANCMS 2.0 allows install/mysql_hy.php?riqi=../ Directory Traversal.
CVE-2018-19329PUBLISHED: 2018-11-17
GreenCMS v2.3.0603 allows remote authenticated administrators to delete arbitrary files by modifying a base64-encoded pathname in an m=admin&c=media&a=delfilehandle&id= call, related to the m=admin&c=media&a=restorefile delete button.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This