Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in June 2012
<<   <   Page 3 / 3
Acunetix Launches WebsiteDefender
News  |  6/7/2012  | 
Online security monitoring service helps secure your websites or blogs against malware and hacker activity
Microsoft Hardens Windows Update After Flame Attacks
News  |  6/7/2012  | 
Microsoft spells out effort to prevent attackers from abusing Windows Update again
Google Play Exploits Bypass Malware Checks
News  |  6/7/2012  | 
Security researchers find multiple ways to bypass Bouncer, Google's automated service for spotting malicious Android apps.
When Is A Breach Not A Breach?
Commentary  |  6/7/2012  | 
Monitoring: It's not just for breaches anymore -- and actually it never was. Here are some of the other uses for security monitoring
LinkedIn Confirms Password Breach, Phishing Intensifies
News  |  6/7/2012  | 
First your work life, now your love life? Hacker who stole at least 6.5 million LinkedIn passwords this week also uploaded 1.5 million password hashes from dating site eHarmony to a Russian hacking forum.
The Truth Is Not Believable
Commentary  |  6/7/2012  | 
Too many businesses don’t want to know about their compliance problems
Was U.S. Government's Stuxnet Brag A Mistake?
Commentary  |  6/7/2012  | 
Some lawmakers accuse Obama administration of failing to manage its secrets, but Stuxnet now stands as a warning of America's cyber-warfare capabilities.
15 Ways To Get More Value From Security Log And Event Data
Quick Hits  |  6/7/2012  | 
Enterprises have a wealth of security information that can help stop attacks. Here are some tips on how to use it
Siemens Enhances Security In Post-Stuxnet SCADA World
News  |  6/6/2012  | 
Firewall, VPN features now embedded in some products as Siemens gradually beefs up its security strategy
6.5 Million LinkedIn Users Possibly Exposed
News  |  6/6/2012  | 
Report now at least partially confirmed by the social network
LinkedIn Users: Change Password Now
News  |  6/6/2012  | 
Attackers appear to have obtained--and may have already decrypted--at least 6.5 million LinkedIn passwords.
Flame Prompts Microsoft To Strengthen Windows Update
News  |  6/6/2012  | 
Emergency patch just the first step in stopping future Flame-type attacks.
When Antivirus Fails, All Is Not Lost
News  |  6/6/2012  | 
Following Flame, Stuxnet, and Duqu, even the antivirus industry is questioning its ability to stop targeted attacks. Yet other technologies exist to catch malware in the corporate network.
Hacker Says He Accessed Pair Of Presidential Hopeful Romney's Online Accounts
News  |  6/6/2012  | 
Breach suggests Mitt Romney--or his aides--used same password across multiple Web services
Romney Campaign Investigates Hotmail Account Hack
News  |  6/6/2012  | 
Attacker claims one-off access of Romney's Hotmail and Dropbox accounts was accomplished by guessing the name of a favorite pet.
Google To Warn Users About State-Sponsored Attacks
Quick Hits  |  6/5/2012  | 
Warning banner to display atop Google user accounts potentially being targeted
When Antivirus Fails, All Is Not Lost
News  |  6/5/2012  | 
Following Flame, Stuxnet, and Duqu, even the antivirus industry is questioning its ability to stop targeted attacks. Yet other technologies exist to catch malware in the corporate network
Microsoft Will Strengthen Windows Update To Repel Flame
News  |  6/5/2012  | 
Emergency patch was just the first step in stopping further Flame-type attacks
Google Issues Warnings For State-Sponsored Attacks
News  |  6/5/2012  | 
Google plans to let users know when government-sponsored hackers may be trying to hijack Google accounts.
5 Ways You're Wasting Compliance Dollars
News  |  6/4/2012  | 
Fighting redundancy and ineffectual practices leaves more money for meaningful security
When To Outsource Security -- And When Not To
Quick Hits  |  6/4/2012  | 
New Dark Reading report offers insights on the advantages and pitfalls of bringing in a third party to help with security
Google Apps Security Beat By CloudFlare Hackers
News  |  6/4/2012  | 
Google's Gmail password recovery routine allowed two-factor authentication to be bypassed.
Flame Burns Microsoft With Digital Certificate Hack
News  |  6/4/2012  | 
Microsoft issues emergency patch in wake of digital certificate abuse, and new details revealed on massive Flame C&C infrastructure
Microsoft IE10 Privacy Settings Draw Advertiser Fire
News  |  6/4/2012  | 
Privacy advocates laud Microsoft's decision to turn on "Do Not Track" by default in Internet Explorer 10.
Federal Officials Say Cybersecurity Is Greatest High-Risk Skill Gap
Quick Hits  |  6/2/2012  | 
In Digital Government panel, government and industry leaders agree that cybersecurity personnel shortage is becoming more acute
5 Flame Security Lessons For SMBs
News  |  6/1/2012  | 
Flame malware case offers small and midsize businesses (SMBs) a valuable refresher course in security.
Tech Insight: Making Data Leak Prevention Work In The Enterprise
News  |  6/1/2012  | 
Second of a two-part series on implementing DLP
Google Chrome Tabs Let Malware Sneak Into Businesses
News  |  6/1/2012  | 
Enterprises need to watch for "bring your own browser" attacks. Using Google Chrome tabs, malware could piggyback into a corporate environment in two ways.
Systems Are Not Compliant; Organizations Are Compliant
Commentary  |  6/1/2012  | 
IT cannot make your organization compliant
<<   <   Page 3 / 3


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27180
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail (aka WorldClient). It can be exploited via a GET request. It allows performing any action with the privileges of the attacked user.
CVE-2021-27181
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the application. Having the va...
CVE-2021-27182
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail (aka WorldClient). It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user.
CVE-2021-27183
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location of the filesystem, or he may be able to modify existing files. This vulnerability may directly lead...
CVE-2021-29449
PUBLISHED: 2021-04-14
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details.