Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in June 2012
Page 1 / 3   >   >>
The Secret World Of Compliance Auditors
Quick Hits  |  6/30/2012  | 
Working with an auditor can be a harrowing experience -- or a good one. Here are some tips for making things go well
U.S. Critical Infrastructure Cyberattack Reports Jump Dramatically
News  |  6/29/2012  | 
A new report from ICS-CERT shows the number of reported incidents increased from 9 to 198 between 2009 and 2011
In-Q-Tel Partners With Looxcie On Next-Gen Videocam
News  |  6/29/2012  | 
CIA's venture investment firm wants to develop a wearable video camera for use by the DHS.
Banking Trojan Harvests Newspaper Readers' Credentials
News  |  6/29/2012  | 
Financial malware performs brute-force guesses of valid usernames and passwords, possibly for attacks against consumer bank accounts.
GPS Spoofer Hacks Civilian Drone Navigation System
News  |  6/29/2012  | 
University of Texas researchers built a $1,000 system able to forcibly reroute or crash a civilian drone.
Not Much To Learn From The Second Kick Of The Mule
Commentary  |  6/29/2012  | 
Repeating compliance and security failures shows a lack of progress
6 Ways Apple Is Polishing Mac Security
News  |  6/29/2012  | 
Apple no longer markets Macs as malware-free, but rather "built for security," and refines protection in Mountain Lion.
9 Ways CSOs Can Avoid A LinkedIn-Type Breach Debacle
News  |  6/29/2012  | 
Top CSOs provide tips on locking down databases in the organization
The Apps Users Don't Patch
Quick Hits  |  6/28/2012  | 
Secunia data shows Shockwave, QuickTime, and Java JRE get updated the least by PC users
Black Hat: Developer Aims To Make Attack Recovery More Intelligent
News  |  6/28/2012  | 
One company uses threat information, virtualization and analysis to build a better way to disinfect compromised systems
4 Signs That Apple's Sharpening Its Security Game
News  |  6/28/2012  | 
Apple is quietly making some subtle, incremental security moves in the face of new threats to its products
Breach At U.S. Regulatory Agency Puts Employee Data At Risk
Quick Hits  |  6/27/2012  | 
Phishing attack at Commodity Futures Trading Commission fools employee into giving up account data
FTC Takes On Wyndham For Security Lapses
News  |  6/27/2012  | 
Lawsuit alleges deceptive practice in privacy policy following three breaches in two years
Free App Encrypts, Destroys Mobile Messages
News  |  6/27/2012  | 
Startup Wickr launches today with iPhone, iPad, iTouch app that ‘leaves no trace’ of text, video, and picture messages
FTC Sues Wyndham Hotels Over Data Security Failures
News  |  6/27/2012  | 
Hotel chain slammed for poor information security practices, leading to attackers obtaining 600,000 credit card numbers and committing millions of dollars in fraud.
FTC Sets Consumer Data Collection Limits
Commentary  |  6/27/2012  | 
As Spokeo gets fined $800,000, FTC tries to enforce differences between consumer-reporting services and people-search services, which gather and sell large amounts of publicly accessible personal data.
Healthcare Patient Data Laws Outdated: Consumers Union
News  |  6/27/2012  | 
Laws covering privacy and security of health data haven't kept pace with changes in health IT, report from Consumers Union and Center for Democracy and Technology says.
Startup Arms CSOs With Heat Maps
Quick Hits  |  6/26/2012  | 
Technology aims to help CSOs and other security pros translate security issues and risk for upper management
'High Roller' Online Financial Fraud Ring Robs Big Money Bank Accounts
News  |  6/26/2012  | 
Attackers do their dirty work from their own cloud-based server infrastructure rather than on the victim's PC in order to camouflage the crime
RSA SecurID 800 Token Attack Detailed By Researchers
News  |  6/26/2012  | 
Cryptographic attack requires as little as 13 minutes to compromise a token's secret key, and works against at least eight types of cryptographic tokens. RSA dismissed the attack.
New Forensics Method May Nab Insider Thieves
News  |  6/26/2012  | 
Black Hat presentation features a new methodology that has already produced real-world results
LinkedIn Password Breach: 9 Facts Key To Lawsuit
News  |  6/26/2012  | 
LinkedIn's privacy policy promised users "industry standard protocols and technology," but a class action lawsuit claims LinkedIn failed to deliver. Take a closer look at the security issues.
Teen Hackers Plead Guilty To LulzSec Attacks
Quick Hits  |  6/25/2012  | 
Cleary, Davis admit to hacking CIA, Pentagon, and many other sensitive websites as members of hacktivist group
Researchers Beat Up Google's Bouncer
News  |  6/25/2012  | 
The gatekeeper for the Android app store has major growing pains ahead, as security researchers find ways to bypass it
The Enterprise Strikes Back
News  |  6/25/2012  | 
Gathering intel on cyberespionage and cybercrimine attackers and baiting them with fake information are some of the ways victim organizations are going on the offensive
TSA Wants To Monitor Employee Computer Activities
News  |  6/25/2012  | 
Transportation Security Administration seeks software to monitor employee keystrokes, emails, attachments, screen captures, file transfers, chats, network activities, and website visits.
Avoid Net Shutdown Related To DNSChanger: SMB Tips
News  |  6/25/2012  | 
FBI will shut down servers associated with the DNSChanger malware on July 9, knocking 300,000-plus computers still affected offline. Here's what SMBs need to know.
Senators Float National Data Breach Law, Take Four
News  |  6/25/2012  | 
Data Security Bill is fourth attempt to craft a national law to supersede legislation now on the books in more than 40 states. But it's weaker than some state laws.
Patching Goes Up In Flames
Commentary  |  6/24/2012  | 
The Flame malware throws the integrity of patching into question, which creates quite a quandary for those trained to patch early and often. This represents a significant inflection point for security -- or does it?
Flame: Reading Between The Ones And Zeros
Commentary  |  6/23/2012  | 
As more information about Flame is revealed, let's consider what we might infer from Flame's composition
Radiant Logic Releases Federated Identity Service
News  |  6/22/2012  | 
RadiantOne VDS 6 enables authentication and authorization across multiple identity sources and authentication protocols
Broader Digital Landscape Means More Places To Hide
News  |  6/22/2012  | 
With IPv6, a deluge of new top-level domains, and DNSSEC all coming, the Internet will become a much bigger place. Defenses that worked in the past won't work in the future
FTC Charges Two Companies With Exposing Data Via P2P Downloads
Quick Hits  |  6/22/2012  | 
Firms did not use reasonable security methods to prevent installation of vulnerable software, FTC alleges
Firefox Promises Privacy Patch Against Tab Spying
News  |  6/22/2012  | 
Shared PC warning: Firefox 13 browser records and stores a user's most-visited pages, including sensitive content otherwise protected by HTTPS.
Hackers Cite 'Idiot Tax,' Release Loan Records
News  |  6/22/2012  | 
Rex Mundi hacker group publishes thousands of records containing personal loan application data after payday lender AmeriCash Advance refuses $20,000 hush money request.
Twitter Crash: Hack Or Hardware Fail?
News  |  6/21/2012  | 
Twitter blames a cascading bug, but hacking group UGNazi claims responsibility.
The Intersection Between Cyberespionage And Cybercrime
News  |  6/21/2012  | 
Chinese cyberspies and traditional cybercriminals are relying on some of the same malware tools -- and some cyberspies even appear to be moonlighting
AutoCAD Worm Targets Design Documents In Possible Espionage Campaign
News  |  6/21/2012  | 
A worm is stealing AutoCAD documents and sending them to email accounts opened at two Chinese Internet providers
Feds Bust Hacker For Selling Government Supercomputer Access
News  |  6/21/2012  | 
Pennsylvania man allegedly offered to sell login access to two Department of Energy supercomputers, as well as remote administration capabilities, for $50,000.
Facebook Settles Lawsuit Over Sponsored Stories
News  |  6/21/2012  | 
Proposes paying $10 million to settle class action lawsuit over using Facebook users' names and images in advertising without their permission.
6 Biggest Breaches Of 2012
News  |  6/21/2012  | 
Take stock and learn from the security mistakes of others.
Microsoft Names Finalists In Contest For New Security Defenses
Quick Hits  |  6/21/2012  | 
Three BlueHat Prize contestants invented ways to mitigate attacks exploiting memory-safety vulnerabilities
Google Adds New Security Features
Quick Hits  |  6/21/2012  | 
Two-step verification, integration with Active Directory will help protect Google Apps, search engine giant says
Startup Wraps User Tasks In Virtual Containers
News  |  6/20/2012  | 
Bromium announces micro-VM technology that protects the OS, network, from users' security missteps
Hackers Offer Free Porn To Beat Security Checks
News  |  6/20/2012  | 
Spammers are enticing consumers with free porn or games in exchange for help cracking CAPTCHAs on targeted websites, security researchers say.
Secret Spy Satellite Takes Off: Stunning Images
Slideshows  |  6/20/2012  | 
The National Reconnaissance Office provides satellite imagery for intelligence operations and national defense. Here's a look at the agency's most recent rocket launches.
Apple Gets Patent For Polluting Electronic Profiles
News  |  6/20/2012  | 
Apple patent describes how privacy can be protected by disseminating fake data.
6 Biggest Breaches Of 2012 So Far
News  |  6/20/2012  | 
Take stock and learn from the mistakes of others
LinkedIn Security Breach Triggers $5 Million Lawsuit
News  |  6/20/2012  | 
Class action lawsuit alleges that social network failed to protect users' data and didn't use industry standard protocols and technology.
Page 1 / 3   >   >>

7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-11
RiyaLab CloudISO event item is added, special characters in specific field of time management page are not properly filtered, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks.
PUBLISHED: 2021-05-11
Special characters of IGT search function in igt+ are not filtered in specific fields, which allow remote authenticated attackers can inject malicious JavaScript and carry out DOM-based XSS (Cross-site scripting) attacks.
PUBLISHED: 2021-05-11
An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) without user confirmation. This could be used to achieve code execution.
PUBLISHED: 2021-05-10
In YzmCMS 5.6, XSS was discovered in member/member_content/init.html via the SRC attribute of an IFRAME element because of using UEditor
PUBLISHED: 2021-05-10
In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/ action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with arbitrary web script or HTML.