News & Commentary

Content posted in June 2012
Page 1 / 3   >   >>
The Secret World Of Compliance Auditors
Quick Hits  |  6/30/2012  | 
Working with an auditor can be a harrowing experience -- or a good one. Here are some tips for making things go well
U.S. Critical Infrastructure Cyberattack Reports Jump Dramatically
News  |  6/29/2012  | 
A new report from ICS-CERT shows the number of reported incidents increased from 9 to 198 between 2009 and 2011
In-Q-Tel Partners With Looxcie On Next-Gen Videocam
News  |  6/29/2012  | 
CIA's venture investment firm wants to develop a wearable video camera for use by the DHS.
Banking Trojan Harvests Newspaper Readers' Credentials
News  |  6/29/2012  | 
Financial malware performs brute-force guesses of valid usernames and passwords, possibly for attacks against consumer bank accounts.
GPS Spoofer Hacks Civilian Drone Navigation System
News  |  6/29/2012  | 
University of Texas researchers built a $1,000 system able to forcibly reroute or crash a civilian drone.
Not Much To Learn From The Second Kick Of The Mule
Commentary  |  6/29/2012  | 
Repeating compliance and security failures shows a lack of progress
6 Ways Apple Is Polishing Mac Security
News  |  6/29/2012  | 
Apple no longer markets Macs as malware-free, but rather "built for security," and refines protection in Mountain Lion.
9 Ways CSOs Can Avoid A LinkedIn-Type Breach Debacle
News  |  6/29/2012  | 
Top CSOs provide tips on locking down databases in the organization
The Apps Users Don't Patch
Quick Hits  |  6/28/2012  | 
Secunia data shows Shockwave, QuickTime, and Java JRE get updated the least by PC users
Black Hat: Developer Aims To Make Attack Recovery More Intelligent
News  |  6/28/2012  | 
One company uses threat information, virtualization and analysis to build a better way to disinfect compromised systems
4 Signs That Apple's Sharpening Its Security Game
News  |  6/28/2012  | 
Apple is quietly making some subtle, incremental security moves in the face of new threats to its products
Breach At U.S. Regulatory Agency Puts Employee Data At Risk
Quick Hits  |  6/27/2012  | 
Phishing attack at Commodity Futures Trading Commission fools employee into giving up account data
FTC Takes On Wyndham For Security Lapses
News  |  6/27/2012  | 
Lawsuit alleges deceptive practice in privacy policy following three breaches in two years
Free App Encrypts, Destroys Mobile Messages
News  |  6/27/2012  | 
Startup Wickr launches today with iPhone, iPad, iTouch app that ‘leaves no trace’ of text, video, and picture messages
FTC Sues Wyndham Hotels Over Data Security Failures
News  |  6/27/2012  | 
Hotel chain slammed for poor information security practices, leading to attackers obtaining 600,000 credit card numbers and committing millions of dollars in fraud.
FTC Sets Consumer Data Collection Limits
Commentary  |  6/27/2012  | 
As Spokeo gets fined $800,000, FTC tries to enforce differences between consumer-reporting services and people-search services, which gather and sell large amounts of publicly accessible personal data.
Healthcare Patient Data Laws Outdated: Consumers Union
News  |  6/27/2012  | 
Laws covering privacy and security of health data haven't kept pace with changes in health IT, report from Consumers Union and Center for Democracy and Technology says.
Startup Arms CSOs With Heat Maps
Quick Hits  |  6/26/2012  | 
Technology aims to help CSOs and other security pros translate security issues and risk for upper management
'High Roller' Online Financial Fraud Ring Robs Big Money Bank Accounts
News  |  6/26/2012  | 
Attackers do their dirty work from their own cloud-based server infrastructure rather than on the victim's PC in order to camouflage the crime
RSA SecurID 800 Token Attack Detailed By Researchers
News  |  6/26/2012  | 
Cryptographic attack requires as little as 13 minutes to compromise a token's secret key, and works against at least eight types of cryptographic tokens. RSA dismissed the attack.
New Forensics Method May Nab Insider Thieves
News  |  6/26/2012  | 
Black Hat presentation features a new methodology that has already produced real-world results
LinkedIn Password Breach: 9 Facts Key To Lawsuit
News  |  6/26/2012  | 
LinkedIn's privacy policy promised users "industry standard protocols and technology," but a class action lawsuit claims LinkedIn failed to deliver. Take a closer look at the security issues.
Teen Hackers Plead Guilty To LulzSec Attacks
Quick Hits  |  6/25/2012  | 
Cleary, Davis admit to hacking CIA, Pentagon, and many other sensitive websites as members of hacktivist group
Researchers Beat Up Google's Bouncer
News  |  6/25/2012  | 
The gatekeeper for the Android app store has major growing pains ahead, as security researchers find ways to bypass it
The Enterprise Strikes Back
News  |  6/25/2012  | 
Gathering intel on cyberespionage and cybercrimine attackers and baiting them with fake information are some of the ways victim organizations are going on the offensive
TSA Wants To Monitor Employee Computer Activities
News  |  6/25/2012  | 
Transportation Security Administration seeks software to monitor employee keystrokes, emails, attachments, screen captures, file transfers, chats, network activities, and website visits.
Avoid Net Shutdown Related To DNSChanger: SMB Tips
News  |  6/25/2012  | 
FBI will shut down servers associated with the DNSChanger malware on July 9, knocking 300,000-plus computers still affected offline. Here's what SMBs need to know.
Senators Float National Data Breach Law, Take Four
News  |  6/25/2012  | 
Data Security Bill is fourth attempt to craft a national law to supersede legislation now on the books in more than 40 states. But it's weaker than some state laws.
Patching Goes Up In Flames
Commentary  |  6/24/2012  | 
The Flame malware throws the integrity of patching into question, which creates quite a quandary for those trained to patch early and often. This represents a significant inflection point for security -- or does it?
Flame: Reading Between The Ones And Zeros
Commentary  |  6/23/2012  | 
As more information about Flame is revealed, let's consider what we might infer from Flame's composition
Radiant Logic Releases Federated Identity Service
News  |  6/22/2012  | 
RadiantOne VDS 6 enables authentication and authorization across multiple identity sources and authentication protocols
Broader Digital Landscape Means More Places To Hide
News  |  6/22/2012  | 
With IPv6, a deluge of new top-level domains, and DNSSEC all coming, the Internet will become a much bigger place. Defenses that worked in the past won't work in the future
FTC Charges Two Companies With Exposing Data Via P2P Downloads
Quick Hits  |  6/22/2012  | 
Firms did not use reasonable security methods to prevent installation of vulnerable software, FTC alleges
Firefox Promises Privacy Patch Against Tab Spying
News  |  6/22/2012  | 
Shared PC warning: Firefox 13 browser records and stores a user's most-visited pages, including sensitive content otherwise protected by HTTPS.
Hackers Cite 'Idiot Tax,' Release Loan Records
News  |  6/22/2012  | 
Rex Mundi hacker group publishes thousands of records containing personal loan application data after payday lender AmeriCash Advance refuses $20,000 hush money request.
Twitter Crash: Hack Or Hardware Fail?
News  |  6/21/2012  | 
Twitter blames a cascading bug, but hacking group UGNazi claims responsibility.
The Intersection Between Cyberespionage And Cybercrime
News  |  6/21/2012  | 
Chinese cyberspies and traditional cybercriminals are relying on some of the same malware tools -- and some cyberspies even appear to be moonlighting
AutoCAD Worm Targets Design Documents In Possible Espionage Campaign
News  |  6/21/2012  | 
A worm is stealing AutoCAD documents and sending them to email accounts opened at two Chinese Internet providers
Feds Bust Hacker For Selling Government Supercomputer Access
News  |  6/21/2012  | 
Pennsylvania man allegedly offered to sell login access to two Department of Energy supercomputers, as well as remote administration capabilities, for $50,000.
Facebook Settles Lawsuit Over Sponsored Stories
News  |  6/21/2012  | 
Proposes paying $10 million to settle class action lawsuit over using Facebook users' names and images in advertising without their permission.
6 Biggest Breaches Of 2012
News  |  6/21/2012  | 
Take stock and learn from the security mistakes of others.
Microsoft Names Finalists In Contest For New Security Defenses
Quick Hits  |  6/21/2012  | 
Three BlueHat Prize contestants invented ways to mitigate attacks exploiting memory-safety vulnerabilities
Google Adds New Security Features
Quick Hits  |  6/21/2012  | 
Two-step verification, integration with Active Directory will help protect Google Apps, search engine giant says
Startup Wraps User Tasks In Virtual Containers
News  |  6/20/2012  | 
Bromium announces micro-VM technology that protects the OS, network, from users' security missteps
Hackers Offer Free Porn To Beat Security Checks
News  |  6/20/2012  | 
Spammers are enticing consumers with free porn or games in exchange for help cracking CAPTCHAs on targeted websites, security researchers say.
Secret Spy Satellite Takes Off: Stunning Images
Slideshows  |  6/20/2012  | 
The National Reconnaissance Office provides satellite imagery for intelligence operations and national defense. Here's a look at the agency's most recent rocket launches.
Apple Gets Patent For Polluting Electronic Profiles
News  |  6/20/2012  | 
Apple patent describes how privacy can be protected by disseminating fake data.
6 Biggest Breaches Of 2012 So Far
News  |  6/20/2012  | 
Take stock and learn from the mistakes of others
LinkedIn Security Breach Triggers $5 Million Lawsuit
News  |  6/20/2012  | 
Class action lawsuit alleges that social network failed to protect users' data and didn't use industry standard protocols and technology.
Page 1 / 3   >   >>


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-2765
PUBLISHED: 2018-08-20
pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks.
CVE-2018-15594
PUBLISHED: 2018-08-20
arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests.
CVE-2018-15572
PUBLISHED: 2018-08-20
The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.
CVE-2018-15573
PUBLISHED: 2018-08-20
** DISPUTED ** An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata parameter and a pathname in the lf...
CVE-2018-15574
PUBLISHED: 2018-08-20
** DISPUTED ** An issue was discovered in the license editor in Reprise License Manager (RLM) through 12.2BL2. It is a cross-site scripting vulnerability in the /goform/edit_lf_get_data lf parameter via GET or POST. NOTE: the vendor has stated "We do not consider this a vulnerability."