Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in July 2010
Page 1 / 4   >   >>
Be Careful What You Search For
Commentary  |  7/31/2010  | 
Viruses and malware used to spread and try to find computer users to infect. Today, research released at DefCON 18, shows that increasingly search engines are bringing users are going straight to the malware.
Researcher Intercepts GSM Cell Phones During Defcon Demo
News  |  7/31/2010  | 
In the wake of pressure from the FCC, security expert demonstrates major GSM hack
Microsoft To Release Emergency Patch For Windows
News  |  7/30/2010  | 
The "out of band" emergency update addresses a Windows vulnerability that is being exploited by attackers using a "highly virulent strain" of malware.
Real-World Attacks With Social Engineering Tookit
Commentary  |  7/30/2010  | 
Social engineering has always been a penetration tester's (and hacker's) most effective tool. I would say it's their best weapon, but not everyone is good at the softer, human side of social engineering. However, when it comes to the technical side, the tools are getting better and better, including the latest version of the Social Engineering Toolkit released at BSides Las Vegas on Wednesday.
Most SSL Sites Poorly Configured
News  |  7/30/2010  | 
Half of all SSL servers run older, insecure version of SSL; attacks against HTTPS browser sessions detailed at Black Hat
Former NSA, CIA Director Says Intelligence-Gathering Isn't Cyberwar
News  |  7/30/2010  | 
Efforts to crack U.S. cyberdefenses are standard operating procedure, Hayden tells Black Hat audience
New Tool Allows Websites To Keep Serving Pages After Infection
Quick Hits  |  7/30/2010  | 
"Mod_antimalware" strips out malware instead of blocking infected pages, Black Hat presenter says
Google Cleared Of UK Street View Privacy Breach
News  |  7/30/2010  | 
"Meaningful personal details" weren't disclosed when Google's cars collected publicly broadcast Wi-Fi network names and MAC addresses, finds British government authorities.
Rite Aid's $1 Million Settlement: More Good Enforcement News
Commentary  |  7/30/2010  | 
Rite Aid Corp. having to pay a $1 million settlement to possible Health Insurance Portability and Accountability Act (HIPAA) violations is another right step in the direction of enforcement.
Adobe Joins Microsoft's Advance-Alert Program For Security Vendors
Quick Hits  |  7/29/2010  | 
Microsoft's MAPP program will now include advance information on Adobe product vulnerabilities
Smarsh Launches Employee Text Message Archiving
News  |  7/29/2010  | 
Expanding on its social media, instant message and email archiving offerings, Smarsh has launched a mobile message archiving module for BlackBerry, Android and Windows with iPhone support due later this year.
Malware Authors Leave Their Fingerprints On Their Work, Black Hat Researcher Says
News  |  7/29/2010  | 
Careful study of malware can help experts recognize its source and protect against it
Predicted Fallout Following WikiLeaks Video
News  |  7/29/2010  | 
Government agencies could become all the more secretive, says Gartner VP
ATMs At Risk, Researcher Warns At Black Hat
News  |  7/28/2010  | 
Barnaby Jack demonstrates remote and local exploits that work on popular bank machines
Internet Infrastructure Reaches Long-Awaited Security Milestone
News  |  7/28/2010  | 
The DNS root is now officially signed with security protocol DNSSEC -- next comes development, penetration-testing of the technology
Four Must-Have SMB Security Tools
Commentary  |  7/28/2010  | 
Regardless of their size, many SMBs still need to meet strict compliance regulations, such as PCI and HIPAA. In addition to any special requirements, there are a few security technologies every small business should have in place. Here are my four SMB security must-haves.
Black Hat: U.S. Infrastructure Vulnerable To Cyber Attack
News  |  7/28/2010  | 
This broad variety of platforms and applications provides many holes for hackers to get through, says the US-CERT Director.
Verizon Data Breach Report: Some Big Surprises
Commentary  |  7/28/2010  | 
One of the most comprehensive data breach reports available found the number of breaches to have declined significantly last year, and significant changes in how attackers are infiltrating companies.
CoreTrace Bouncer Improves Application Whitelisting
News  |  7/28/2010  | 
The Bouncer client enforces a whitelist of approved applications at the kernel level and provides list administration through a central management application.
Researcher Exposes Massive Automated Check Counterfeiting Operation Out of Russia
News  |  7/28/2010  | 
'Big Boss' operation used VPN-tunneling botnet, Zeus Trojan, database-hacking, and money mules to help print and cash phony checks
Google, Facebook, Apple Face Privacy Questions From Senators
News  |  7/28/2010  | 
Lawmakers are concerned about the tech companies' practice of collecting information about people's online activity and sharing it with third parties.
LinkedIn Valued At $2.26 Billion
News  |  7/28/2010  | 
Business networking site's value has more than doubled in two years.
Alleged Mariposa Botnet Creator Arrested In Slovenia
Quick Hits  |  7/28/2010  | 
Law enforcement agencies say they have the 23-year-old writer of "Butterfly"
WikiLeaks Tests Feasibility Of Government Data Security
News  |  7/28/2010  | 
Governments will always face the twin challenges of balancing the need for secrecy with the need to collaborate, say experts.
Breaches Down, Insider Attacks Up, Verizon Business/Secret Service Study Says
News  |  7/28/2010  | 
PCI compliance, saturation of black market may have driven decline, investigators say
Black Hat: Microsoft Brings Adobe Into Security Program
News  |  7/27/2010  | 
Adobe will soon be distributing security information through MAPP, the Microsoft Active Protections Program.
Stolen Records, Data Prices Decline
News  |  7/27/2010  | 
Verizon's 2010 Data Breach Investigations Report reveals some surprising shifts in cybercrime.
Making Storage Management Easier
Commentary  |  7/27/2010  | 
As we discussed in our last entry no matter how easy the storage protocol or storage system you select at some point someone is going to have to interact with the storage itself. It may be a problem that needs to be resolved or it may be a need to provision a new server but something will come up. In most mid-sized data centers managing storage is no one's full time job. It is something that is dealt with
Sourcefire Rolls Out Open-Source 'Razorback'
News  |  7/27/2010  | 
New platform aimed at better detecting and defending against advanced, targeted attacks
Yahoo Japan Selects Google Search
News  |  7/27/2010  | 
Microsoft's search technology was not strong enough for its needs, according to Yahoo Japan, in announcing Google as the new search partner.
'App Genome Project' Exposes Potential Smartphone Risks
Quick Hits  |  7/27/2010  | 
Researchers from Lookout will present their findings thus far in study of freebie Android, iPhone apps
McCain: Wikileaks Is Anti-U.S.
News  |  7/27/2010  | 
Arizona senator says Julian Assange's underground organization is operating with a biased agenda.
Sophos Blocks Windows Shell Attacks
News  |  7/27/2010  | 
Malware protection tool doesn't blank out shortcut icons like Microsoft's proposed workaround for the active exploit.
DoD Report Details Illicit Content Probe
News  |  7/27/2010  | 
An Inspector General report reveals that Pentagon employees and contractors were investigated, and some prosecuted, as part of an Immigration and Customs Enforcement probe into child pornography.
Third-Party Content Could Threaten Websites, Study Says
News  |  7/26/2010  | 
Widgets, ads, and applications from third parties could give hackers an in, Dasient warns
Google Apps Fitted With Government Controls
News  |  7/26/2010  | 
To accelerate adoption of cloud computing in the public sector, Google has launched a version of Google Apps that meets government regulatory requirements.
Report: British Ministry Of Defense Lost More Than 1,000 Storage Devices In Two Years
Quick Hits  |  7/26/2010  | 
Many of the devices were unencrypted; other agencies also at risk
Citibank Warns Of iPhone App Security Flaw
News  |  7/26/2010  | 
Mobile banking customers in the U.S. who use Citibank's Citi Mobile app have been advised to update the app.
Zeus Malware Anti Piracy Measures Thwarts Competitors, Researchers
News  |  7/26/2010  | 
Zbot financial malware only works when executed on one specific machine and from one specific path, similar to hardware-based licensing systems employed by major software companies.
One Breach = $1 Million To $53 Million In Damages Per Year, Report Says
News  |  7/26/2010  | 
New Ponemon report studies real attack cases and their financial fallout; new Digital Forensics Association study tallies five-year public breach data
ZTE $1.5 Billion Development Hits Snags
News  |  7/26/2010  | 
The contract manufacturer is addressing concerns about its planned manufacturing, research, and training base in southern China.
What You Should Know About Tokenization
Commentary  |  7/26/2010  | 
A week ago Visa released a set of best practices and recommendations for tokenization. Unfortunately, "best practices" leaves plenty of room for poor implementations.
Mozilla Patches Critical Firefox Security Patch
Commentary  |  7/26/2010  | 
Just a few days after issuing more than a dozen security updates, many of them critical, the foundation that published the popular Firefox web browser issues a patch to fix its patch.
Killed By Code: The FDA And Implantable Devices Security
Commentary  |  7/26/2010  | 
A new report from the Software Freedom Law Center deals with the security implications of bionic medical devices being implanted into the human body.
Texas Firm Says It Holds A Patent On Spam Filtering
Quick Hits  |  7/23/2010  | 
Lanier Law Firm files suit against 36 companies, including top security tool vendors
Security BSides Grows, But Not Too Much
Commentary  |  7/23/2010  | 
The security "unconference" is back in Vegas, and this time the setting is a gated private resort with multiple swimming pools and a sand beach, and the number of attendees signed up so far for the free -- yes, free -- event has doubled. But that doesn't mean Security BSides will lose the intimate vibe that its organizers envisioned and encouraged when they first launched it in Las Vegas a year ago.
Black Hat USA 2010: Complete Coverage
News  |  7/23/2010  | 
A round-up of articles leading up to and live coverage from Black Hat USA 2010, July 24 to 29, Las Vegas
Tech Insight: How To Cut Security Costs Without A Lot Of Pain
News  |  7/23/2010  | 
Everything from trading costly training for local conferences to outsourcing some security tasks can save money --- but first carefully consider the options
Imperva Identifies Cloud Based Phishing Kit
News  |  7/23/2010  | 
Cybercriminals can create attacks spoofing 16 sites, including Facebook, RapidShare and Skype, using the next-generation phishing toolkit.
Windows Shell Attacks Increase
News  |  7/23/2010  | 
Microsoft and Siemens released tools to combat the zero-day exploits which autorun malicious code from USB drives.
Page 1 / 4   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-41154
PUBLISHED: 2021-10-18
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions an attacker with read access to a "SVN core" repository could execute arbitrary SQL queries. The following versions contain the fix: Tuleap Community Edition 11.1...
CVE-2021-41155
PUBLISHED: 2021-10-18
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following versions contain the fix...
CVE-2021-41152
PUBLISHED: 2021-10-18
OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In affected versions by manipulating the HTTP request an attacker can modify the path of a requested file download in the folder component to point to anywhere on t...
CVE-2021-41153
PUBLISHED: 2021-10-18
The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In `evm` crate `< 0.31.0`, `JUMPI` opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. Thi...
CVE-2021-41156
PUBLISHED: 2021-10-18
anuko/timetracker is an, open source time tracking system. In affected versions Time Tracker uses browser_today hidden control on a few pages to collect the today's date from user browsers. Because of not checking this parameter for sanity in versions prior to 1.19.30.5601, it was possible to craft ...