News & Commentary

Content posted in July 2009
Page 1 / 4   >   >>
Hacker Gary McKinnon Loses Extradition Appeal
News  |  7/31/2009  | 
Fighting to avoid what he fears will be unfair treatment from U.S. courts, U.K. hacker Gary McKinnon lost another appeal in his attempt to avoid being extradited.
Defcon: New Hack Hijacks Application Updates Via WiFi
News  |  7/31/2009  | 
Researchers will release a tool that lets attackers replace application updates with malware
Black Hat: Social Networks Reveal, Betray, Help Users
News  |  7/31/2009  | 
Researchers at security conference show how social networks can reveal more than users intend.
New iPhone SMS Threat No Reason To Panic
Commentary  |  7/31/2009  | 
You may have heard that researcher Charlie Miller has released details about a vulnerability that allows an attacker to take over an iPhone remotely with a SMS message. Now everyone is rushing to offer homegrown advice on how to fix the problem. But I'm going to offer a different point of view.
McAfee Buys Cloud Security Provider MX Logic For $140 Million
Quick Hits  |  7/31/2009  | 
Acquisition expands McAfee's security software-as-a-service offerings
'MonkeyFist' Launches Dynamic CSRF Web Attacks
News  |  7/30/2009  | 
Researchers release tool that automates cross-site request forgery attacks
Black Hat: Mac OS X Rootkit Debuts
News  |  7/30/2009  | 
The development of a proof-of-concept rootkit for Mac OS X reinforces the fact that security concerns aren't just for Windows users.
Corporate Patch Management Lags In Maturity
Commentary  |  7/30/2009  | 
If one of the most important disciplines necessary for keeping systems secure is a systematic vulnerability management program, why have so few organizations reached a decent level of maturity in their patch management efforts?
DoD Official Says U.S. Needs Separate Cyberczar For Online Identity
Quick Hits  |  7/30/2009  | 
Deputy Assistant Secretary of Defense Robert Lentz said a national leader is needed for reducing problems with anonymity on the Net
Pwnie Awards Bring Fame And Shame
Commentary  |  7/30/2009  | 
The third annual Pwnie Awards at Black Hat in Las Vegas, hosted by Alex Sotirov, Dino Dai Zovi, HD Moore, Halvar Flake, and Rich, celebrated the highs and lows in the security industry. As Dino said, "First we reward for great work, then we shame."
Black Hat, Day One: Rationalizing And Reinforcing My Pessimistic World View
Commentary  |  7/30/2009  | 
When I arrived in Las Vegas, I already smoldered and grumbled about the facts that online trust mechanisms are untrustworthy, and that browsers' fundamental weaknesses persist despite the fact that better browsers would make an incalculable impact on overall Web security. Yesterday's sessions simply added more kindling to the fire.
Rolling Review: Symantec's DLP-9
News  |  7/30/2009  | 
Symantec's DLP software provides robust leak prevention for endpoints and on the network.
Small Businesses Should Move To Shared Storage Sooner
Commentary  |  7/30/2009  | 
With the cost of direct attached storage (DAS) dropping and the capacity that it can deliver for those dollars increasing, you would think that the demand for shared storage is dwindling. Reality is that shared storage is on the rise and the biggest reason for its growth has little to do with storage management or even data protection. Those are nice side benefits, however the real motivator is server virtualization.
Black Hat: PKI Hack Demonstrates Flaws in Digital Certificate Technology
News  |  7/30/2009  | 
Researcher Dan Kaminsky illuminates flaws in X.509 authentication
Google Safe Browsing Feature Could Compromise Privacy
News  |  7/29/2009  | 
Researcher RSnake has discovered that Google's anti-malware and anti-phishing features for Chrome and Firefox tracks information about user's browsing habits
Black Hat: Android, iPhone SMS Flaws Revealed
News  |  7/29/2009  | 
Security researchers have identified several SMS vulnerabilities that can be used to deny service to mobile phones. They're presenting on Thursday but their findings have been published.
Metasploit Meterpreter For Mac Coming Soon
Commentary  |  7/29/2009  | 
Meterpreter is by far one of the most powerful and most advanced payloads included in the Metasploit Framework. It's been the joy of penetration testers and the bane of incident responders and until now, it's only been a payload targeted at Windows systems, while Mac users have dodged a bullet. But that won't be the case for much longer, as demonstrated by Dino Dai Zovi in a 20-minute breakout session at Black Hat today titled "Macsploitation with Meterpreter."
Fake Security Software Steals $34 Million Monthly
News  |  7/29/2009  | 
Cybercriminals are making a fortune by preying on gullible computer users.
Serious Internet Server Exploit Widely Available
Commentary  |  7/29/2009  | 
The ubiquitous DNS server standard, Bind 9, is vulnerable to an exploit that has already been made public, the Internet Systems Consortium warned.
UPDATE: BlackHat, Kinda: 'Real' Black Hats Hack Security Experts
Commentary  |  7/29/2009  | 
UPDATE: The rumor here is that the attacks did indeed happen, but the significance of it is actually quite small--not worth paying attention to, since attention is clearly what the attackers are seeking. More to come. BlackHat, Kinda: Yesterday a hacking group released details (http://sh0dan.org/zf05.txt) of a number of successful attacks they conducted, apparently with the principal purpose of embarrassing some of the security industry's most wel
IBM Acquires App Security Upstart Ounce Labs
Quick Hits  |  7/29/2009  | 
Source code security testing will become part of Big Blue's arsenal
Researcher Uncovers Massive, Sophisticated Trojan Targeting Top Businesses
News  |  7/29/2009  | 
Trojan may already have infected hundreds of thousands of PCs, botnet expert says
Black Hat: Smart Meter Worm Attack Planned
News  |  7/28/2009  | 
IOActive's Mike Davis intends to unleash a worm on a smart meter at the Black Hat security conference on Thursday.
Google Hot Trends Dictate Malware Targeting
News  |  7/28/2009  | 
Popular search terms get more dangerous, a security report finds. And crossword puzzle players should be particularly vigilant.
Microsoft Issues Emergency Fixes For IE, Visual Studio
News  |  7/28/2009  | 
Outside of its normal patch cycle, Microsoft has released two security bulletins to fix critical flaws.
Exploits Take Advantage Of Hot News, Search Queries
Quick Hits  |  7/28/2009  | 
Attackers look to attach their malware to hot Google searches, report says
AT&T Says DoS Attack Prompted Block Of 4chan Site
News  |  7/28/2009  | 
The popular bulletin board site had been under a constant attack by hackers for three weeks before it was detected by the telecom company.
After Years Of Struggle, SaaS Security Market Finally Catches Fire
News  |  7/28/2009  | 
Shifts in economy, threats make SaaS an easier choice, oldest providers say
Rogueware On A Roll: 640,000 New Variants Of Fake AV In Q3
News  |  7/28/2009  | 
PandaLabs researchers say fake antivirus distributors are ramping up production of new versions of their rogueware to evade detection
Obama Administration Going Soft On Cybersecurity
Commentary  |  7/28/2009  | 
Viruses, botnets with international botmasters, denial-of-service attacks on government properties, cyberbullying, and the increasing threat of identity theft plague every resident, from child to adult, regardless of whether they are actually ever online -- U.S. cybersecurity has been little more than a bad joke.
Microsoft Plans Emergency Patch Tuesday
News  |  7/27/2009  | 
Two out-of-band security bulletins will be issued tomorrow to fix a critical flaw in Internet Explorer and a related issue in Visual Studio. Microsoft is withholding details until the patches are released.
Nearly Half Of Companies Lack A Formal Patch Management Process
News  |  7/27/2009  | 
Microsoft-sponsored Project Quant survey finds patch management expensive, immature
Unifying The Infrastructure
Commentary  |  7/27/2009  | 
We've spent the last several entries discussing the unification of storage and there is one aspect of unification that I have not discussed; unifying the infrastructure. I do currently have a series of videos currently running with Information Week on FCoE so in this entry I'll just touc
Microsoft Offers Free Tool To Troubleshoot Office Bugs
News  |  7/27/2009  | 
Software giant also releases new security guide, updates on security collaboration programs -- and, meanwhile, says it will issue two emergency patches Tuesday
Network Solutions Breached For 574,000 E-Commerce Account Records
Quick Hits  |  7/27/2009  | 
Popular domain services provider says it doesn't know how rogue malware was planted on its servers
Close To Half Of SMBs Defenseless Against Cybercrime: Panda
Commentary  |  7/27/2009  | 
44% of U.S. small and midsized businesses have suffered at least one incident of cybercrime, according to a study just out from Panda Security. And considering how spotty, inconsistent and just plain missing SMB defenses are, it's a wonder the figure isn't any higher than it is.
Apple iPhone Security Weaknesses Exposed On YouTube
News  |  7/27/2009  | 
Deleted voice mail, e-mail, and other data on the iPhone 3GS is vulnerable to hackers, a security expert claims in two video tutorials.
Congress Taking Steps To Secure Electric Grid
Commentary  |  7/25/2009  | 
So the theory goes: one strategic Electromagnetic Pulse explosion (EMP) detonation over the mid-west United States could cripple the power grid, and even stop most electronic devices from a car's ignition to medical devices to radios and TVs to PCs from functioning. So what, if anything, are we doing about it?
Microsoft Unveils Security Tools, Resources At Black Hat
News  |  7/24/2009  | 
Dealing with the changing threat landscape requires information sharing, Microsoft says, and it has developed software, guidelines, and programs to help make that happen.
Spammers Exploiting Free File Storage On Websites
Quick Hits  |  7/24/2009  | 
Automated account creation exploit lets spammers hide behind legitimate file storage services, researchers say
Tech Insight: Social Networking In The Enterprise -- What Should Security Pros Do About It?
News  |  7/24/2009  | 
As Facebook and LinkedIn become more popular at work, security solutions become trickier for IT
6,000 New Malware Threats A Day: McAfee
Commentary  |  7/24/2009  | 
Think you've seen explosive growth in the number of threats your business faces? Think again. New figures from McAfee indicate that the malware makers have put their creations on a growth curve aimed at flooding cyberspace with cybertraps, as many as 6,000 new ones a day. Every day. All year long (so far).
Malware Counts: Uncomfortably Numb
Commentary  |  7/23/2009  | 
McAfee's security research group Avert Labs shows a more than doubling of malware from the first half of 2009 compared with the same period in 2008: that's 1.2 million unique malware applications up from about 500,000 in 2008. With the numbers now reaching the millions in a six-month period -- does virus and malware counting really provide us any value anymore?
The BlackBerry 'Trojan Horse'
Commentary  |  7/23/2009  | 
Research In Motion's announcement that users in the United Arab Emirates (UAE) who installed an update on their BlackBerrys ended up with a surveillance application raises some key questions.
Privacy Tool Makes Internet Postings Vanish
News  |  7/23/2009  | 
The open source tool called Vanish encrypts any text that's entered into a browser and scatters it, in disappearing pieces, across a network.
Adobe Warns Of Critical Flash Vulnerability
News  |  7/23/2009  | 
Echoing security warnings issued earlier this year, Adobe is warning users of Flash Player, Reader, and Acrobat to exercise caution online due to a zero-day vulnerability that's being actively exploited.
One In Two Security Pros Unhappy In Their Jobs
News  |  7/23/2009  | 
Major career survey finds security professionals are well-paid, but feel unchallenged and underutilized
Rising Internet Fraud, Darknets On Agenda At Black Hat
News  |  7/23/2009  | 
The information-security community is set to converge for the industry's premier conference as Black Hat comes to Las Vegas on July 25 - 30.
Healthcare Industry Weak In Security And Worried About Insider Threats
Quick Hits  |  7/23/2009  | 
New Deloitte survey says healthcare and life sciences companies need to 'catch up' in security
The Encryption Gap
Commentary  |  7/23/2009  | 
Things that make us say "hmmm" include these stats: The percentage of respondents to our 2009 Strategic Security Survey who rated encrytion as effective in reducing risk dropped from 57% in 2008 to 48% in 2009. Use of disk, file, and backup media encryption ALL fell year over year by at least five percentage points. Backup encryption usage is down 10 points.
Page 1 / 4   >   >>


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11771
PUBLISHED: 2018-08-16
When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream,...
CVE-2018-1715
PUBLISHED: 2018-08-16
IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 14700...
CVE-2017-13106
PUBLISHED: 2018-08-15
Cheetahmobile CM Launcher 3D - Theme, wallpaper, Secure, Efficient, 5.0.3, 2017-09-19, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13107
PUBLISHED: 2018-08-15
Live.me - live stream video chat, 3.7.20, 2017-11-06, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13108
PUBLISHED: 2018-08-15
DFNDR Security Antivirus, Anti-hacking & Cleaner, 5.0.9, 2017-11-01, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.