Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in June 2012
<<   <   Page 2 / 3   >   >>
Gen Y Blows Off Mobile Security Policy
Quick Hits  |  6/19/2012  | 
Twenty-somethings worldwide expect to BYOD, and most say it's a right, not a privilege
Advanced JavaScript Attack Threatens SOHO Routers
News  |  6/19/2012  | 
Using JavaScript and cross-site request forgery, two researchers plan to show it's possible to attack routers leveraging computers on the internal network
Stuxnet, Duqu, Flame Targeted Illegal Windows Systems In Iran
News  |  6/19/2012  | 
Pirated software the norm in the region
Deduplication Performance: More Than Processing Power
Commentary  |  6/19/2012  | 
Storage performance problems can't be solved by just throwing more processing power at them.
Former HP TippingPoint Researchers Start Vulnerability Buying Firm
Quick Hits  |  6/18/2012  | 
Exodus Intelligence will buy the rights to zero-day flaws and use them to build a vulnerability intelligence service
When Will End Users Stop Being Fooled By Online Scams?
News  |  6/18/2012  | 
Despite millions of dollars in security tools and hours of awareness training, many organizations still find themselves breached by phishing and old-school social engineering attacks. Is there a way to build a better, smarter user?
Zeus/SpyEye 'Automatic Transfer' Module Masks Online Banking Theft
News  |  6/18/2012  | 
Automated attack bypasses two-factor authentication
Logging Smarter, Not Just Harder
Commentary  |  6/18/2012  | 
The problem is not just Big Data -- it's variable data. We attempt to find the answer in late-night commercials
The Compliance Officer's Dirty Little Secret
News  |  6/18/2012  | 
Fines may not equal cost of regulatory compliance, but they aren't the only cost of noncompliance
VMware Patches Virtualization Flaws
News  |  6/18/2012  | 
Bugs would allow attackers with administrator-level access to cause a denial of service or even take control of a targeted environment.
Ironman And Captain America Fight Over Compliance
Commentary  |  6/18/2012  | 
Defending your company requires both warriors and soldiers
Risk-Based Security Strategies: More Concept Than Reality
Quick Hits  |  6/16/2012  | 
Nearly 80 percent of enterprises say they are committed to risk-based security management, but less than half have done anything, Ponemon study says
Tech Insight: Defenders Take the Offensive
News  |  6/15/2012  | 
Sexy pen-testing tools aren't just for offensive security; defenders can leverage the same tools to proactively detect vulnerabilities and shore up defenses
Johns Hopkins Embraces Single-Sign On Technology
News  |  6/15/2012  | 
Simple badge taps let medical personnel quickly and securely log on to any of the institution's hundreds of publicly accessed hospital workstations.
Security Startups Focusing On Threats, Not Malware
News  |  6/14/2012  | 
Stopping malware is so yesterday. Eclectic groups of security people have banded together to make life difficult for attackers
How To Defend Against Infrastructure Attacks
News  |  6/14/2012  | 
Gartner security experts offer defense strategies for four big attack threats
Google, Facebook, Twitter, AOL Fight Badware
News  |  6/14/2012  | 
Tech giants, Internet Advertising Bureau, and StopBadware form the Ads Integrity Alliance to battle malicious advertising.
Former Obama Cybersecurity Czar: More Walk, Less Talk Needed
News  |  6/14/2012  | 
Howard Schmidt says the U.S. government needs to start implementing its blueprints for secure identities and its international strategy for cybersecurity. Also warns about "cascading" effect of targeted malware.
Microsoft Issues 'FixIt' For ZeroDay Plus New Updater For Windows That Fights Flame
Quick Hits  |  6/14/2012  | 
As of August, Microsoft will no longer support RSA keys of less than 1,024 bits for certificates
LinkedIn: Our Tech Team Includes 'World-Class Security Experts'
News  |  6/14/2012  | 
Social network defends its security posture and response to last week's breach
Microsoft Fights Flame Malware With Certificate Killer
News  |  6/14/2012  | 
Flame malware spoofed a Microsoft digital certificate to automatically install itself on targeted PCs, leading Microsoft to tweak Windows to receive a daily update listing untrusted certificates.
Study: UTM Market To Grow To Nearly $4B In Next Three Years
Quick Hits  |  6/14/2012  | 
Blended attacks strengthen business case for unified threat management, Frost & Sullivan says
Expect A Surge In Breaches Following MySQL Vulnerability
News  |  6/13/2012  | 
Vulnerability is so easily attacked and so prevalent that we're bound for a bump in database exposures
Former White House Cybersecurity Czar Calls For Security Action
News  |  6/13/2012  | 
Howard Schmidt declines to comment on reported U.S. involvement in Stuxnet, but warns about 'cascading' effect of targeted malware
LinkedIn Defends Security Practices, Leadership
News  |  6/13/2012  | 
Social network details info security lines of authority after being criticized for lacking a chief security officer.
Digital Bond Spear-Phishing May Link to Larger Attack Campaign
News  |  6/13/2012  | 
Similarities uncovered between the attack on Digital Bond and attacks targeting other organizations
New Virtualization Vulnerability Allows Escape To Hypervisor Attacks
News  |  6/13/2012  | 
Local privilege escalation vulnerability affects multiple virtualization products on Xen platform, would allow attacker to run arbitrary code or access any account, warns US-CERT.
Charleston Tests Predictive Analytics For Crime Prevention
News  |  6/13/2012  | 
Police department will use IBM software to detect robbery patterns and deploy officers to trouble spots.
Don't Blame Me, I'm Just An Employee
Commentary  |  6/12/2012  | 
If you're looking for a cure for mishandling of sensitive data, then look no further than your own management team
The Importance Of Interviews In Insider Investigations
News  |  6/12/2012  | 
Exit interviews speed up investigations, prove intent, and cover your legal bases
Black Hat USA 2012: Complete Coverage
News  |  6/12/2012  | 
A round-up of articles leading up to and live coverage from Black Hat USA 2012, July 21-26, Las Vegas
Feds Bust Credit Card Fraud Ring
News  |  6/12/2012  | 
A Dutch man, together with Maryland accomplice, is accused of running a site for buying and selling credit card data.
Tenable Network Security Reveals Next Generation SIEM
News  |  6/12/2012  | 
Log Correlation Engine Version 4 introduces several new enhancements that speed results, optimize workflow, and improve system reliability
Actifio Boosts Storage Efficiency, Capacity
News  |  6/12/2012  | 
Protection and Availability Storage 5.0 eliminates extra copies of snapshot, backup, disaster recovery, business continuity, and other data.
Attackers Turn Password Recovery Into Backdoor
News  |  6/12/2012  | 
Assault on CloudFlare shows that companies need to pay attention to how their security services are locked down, and how the credentials for those services can be recovered.
LinkedIn Failed To Cover The Basics
News  |  6/12/2012  | 
Recent breach of millions of LinkedIn passwords highlights an all-too-common issue.
IT Pros Say Privileged Accounts Getting '0wned'
Quick Hits  |  6/12/2012  | 
Businesses see insiders as the No. 1 threat, new survey says
How Attackers Find And Exploit Database Vulnerabilities
Quick Hits  |  6/11/2012  | 
A look at bad guys' strategies for cracking your most valuable data stores -- and how you can stop them
Attackers Turn Password Recovery Into Backdoor
News  |  6/11/2012  | 
The assault on CloudFlare shows that companies have to pay attention to how their security services are locked down and how the credentials for those services can be recovered
LinkedIn: Making Insecure Connections
Commentary  |  6/11/2012  | 
The recent breach of millions of LinkedIn passwords highlights an all-too-common issue
'Conclusive' Link Found Between Stuxnet And Flame
News  |  6/11/2012  | 
Researchers say Flame predates Stuxnet and shares some source code with first-generation version of Stuxnet
British Judge Forces Facebook To Identify Trolls
News  |  6/11/2012  | 
Harassment case billed as the first instance in Britain in which a private suit is used to unmask people who allegedly made offensive, anonymous taunts.
Flame Malware Code Traced To Stuxnet
News  |  6/11/2012  | 
Researchers find a link between the two different pieces of malware, suggesting that the U.S. government may be behind both.
How To Monitor And Control Privileged Users
Quick Hits  |  6/9/2012  | 
Top executives, power users, and IT administrators may have access to more than they should. Here are some tips for keeping them in check
MobileIron Distributes Enterprise Apps, Simplifies Android
News  |  6/8/2012  | 
With 3 new mobile app services, MobileIron hopes to help companies update their business processes for the phone and tablet era.
Keep Watch On Accounts For Stolen Passwords
News  |  6/8/2012  | 
Log management and a well-refined ruleset can help companies pinpoint suspicious activity on accounts that suggest a password compromise
7 Tips To Toughen Passwords
News  |  6/8/2012  | 
As this week's LinkedIn and eHarmony--and likely, Last.fm--breaches demonstrate, many website users continue to pick atrocious, easily cracked passwords. Are your passwords safe?
Research Find 'At Least 20' Ways To Bypass Google's Bouncer
News  |  6/8/2012  | 
Google's automated service for spotting malicious Android apps can be bypassed, they say
Most Consumers Don't Understand Breach Notifications
Quick Hits  |  6/7/2012  | 
Victims say breach notification letter didn't include enough detail, or they had trouble understanding it
IPv6 Arrives, But Not Everywhere
News  |  6/7/2012  | 
This week marked a major milestone as IPv6 went live on the Internet -- a look at some potential security hurdles for enterprises
<<   <   Page 2 / 3   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24028
PUBLISHED: 2021-04-14
An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.
CVE-2021-29370
PUBLISHED: 2021-04-13
A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website.
CVE-2021-3460
PUBLISHED: 2021-04-13
The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.
CVE-2021-3462
PUBLISHED: 2021-04-13
A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.
CVE-2021-3463
PUBLISHED: 2021-04-13
A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error.