News & Commentary

Content posted in July 2011
Page 1 / 3   >   >>
Legacy Support Leaves Chip-And-PIN Vulnerable, Researcher Says
News  |  7/31/2011  | 
Black Hat talk will show that security and backwards compatibility are at odds in popular authentication technology
Study: Users Would Give Up Free Coffee To Get Better Mobile Device Access At Work
Quick Hits  |  7/30/2011  | 
Some users would even trade a vacation day -- but is consumerization safe for enterprises?
Shortened Breach Disclosure Periods Could Hurt Consumers
News  |  7/29/2011  | 
Breach notification window in proposed law will make disclosure less beneficial to victims.
Mac OS X Lion Password Vulnerability: Sleep Mode
News  |  7/29/2011  | 
Forensic software can exploit a seven-year-old FireWire design error to snoop system memory for passwords, even for devices that are locked or in sleep mode.
Facebook Dinner Date Turns Supermarket Robbery
News  |  7/29/2011  | 
Robbers in Belgium used a fake Facebook profile to kidnap a supermarket manager, steal his keys, and empty the store's safe.
'Smart' Batteries May Leave Laptop Users Vulnerable, Researcher Says
News  |  7/28/2011  | 
In Black Hat talk, security expert will show a hack on an unexpected component: the laptop battery
Navy CIO Details IT Cost Cuts
News  |  7/28/2011  | 
The Navy will consolidate applications and data centers, mandate enterprise licensing, improve IT governance, pursue cloud computing, and take other steps to cut IT costs 25% over five years.
Putting Data In The Cloud? Retain Control
News  |  7/28/2011  | 
Security researcher warns many companies are trading catastrophic problems for gains in efficiency
Apple iOS Bug Worse Than Advertised
News  |  7/28/2011  | 
Off-the-shelf sniffing tools can exploit the threat, but users of older iPhones and iPod Touches won't see a fix
NSA Wrestles With Phone Location Data Tracking
News  |  7/28/2011  | 
National Security Agency says it may have the authority to track U.S. citizens using mobile-device location data under "certain circumstances."
Security Best Practices A Big FAIL In Most Organizations
Quick Hits  |  7/28/2011  | 
Enterprises, government agencies mostly missing the boat in proper security practices
RSA SecurID Breach Cost $66 Million
News  |  7/28/2011  | 
EMC details second quarter 2011 cost to replace tokens, monitor customers, and handle fallout from RSA's SecurID breach.
Alleged LulzSec Spokesman Arrested In Scotland
News  |  7/28/2011  | 
British police arrest 18-year-old on hacking charges as part of ongoing investigation into Anonymous and LulzSec.
Police Arrest Alleged LulzSec Leader -- But Do They Have The Right Man?
Quick Hits  |  7/28/2011  | 
London police say they nabbed 'Topiary,' but others say they were duped
Social Media Vs. Organized Crime
News  |  7/27/2011  | 
White House launches plan to leverage social networks and new intelligence and information sharing technologies to fight crime on a global scale.
A Stuxnet Comeback?
News  |  7/27/2011  | 
DHS officials warn of potential for son-of-Stuxnet aimed at U.S. critical infrastructure, but security experts say it won't be quite the same
Black Hat Pwnies Nominate LulzSec, Anonymous
News  |  7/27/2011  | 
Hacker groups among nominees for "Epic 0wnage" award, while Sony is sole nominee for "Epic Fail" distinction.
Anonymous Boycotts PayPal, Arrest Fallout Continues
News  |  7/27/2011  | 
Alleged hacker arrested in FBI sting on PayPal attacks faces Internet ban, while hacktivist group calls for PayPal boycott.
Metasploit Pro Gets SIEM, Cloud Integration
Quick Hits  |  7/26/2011  | 
Rapid7's new Metasploit Pro release, 4.0, automates more workflow tasks
Peer Pressure Drives Many To Acquire Security Certifications
News  |  7/26/2011  | 
New survey reveals how security pros really feel about the value -- or lack thereof -- of certs
Personal Mobile Devices Still Vex IT
Commentary  |  7/26/2011  | 
Two thirds of large enterprises surveyed by Courion say that employees are causing security breaches by connecting personal mobile devices to the corporate network.
FBI Data Exchange System Now Fully Operational
News  |  7/26/2011  | 
The National Data Exchange system lets the agency share information with 18,000 local and regional criminal justice organizations.
Apple OS X Targeted By Remote Backdoor Malware
News  |  7/26/2011  | 
Researchers say a remote-controlled Trojan application, known as the Olyx backdoor, is going after OS X devices.
Aruba Brings NSA-Grade Crypto To Wireless Networks
News  |  7/26/2011  | 
With new Suite B cryptography support, Aruba says it aims to make wireless networks as secure as wired.
Product Watch: Norman Introduces 'Hybrid Sandboxing' Malware Analysis
News  |  7/26/2011  | 
Malware Analyzer G2 combines emulation, virtualization in one environment
'War Texting' Attack Hacks Car Alarm System
News  |  7/25/2011  | 
Researcher will demonstrate at Black Hat USA next week how 'horrifyingly' easy it is to disarm a car alarm system and control other GSM and cell-connected devices
DOD Website Sells Public On Cybersecurity Strategy
News  |  7/25/2011  | 
Department of Defense creates new site that rounds up content related to cybersecurity strategy launched less than two weeks ago.
Blended Web Attacks Hitting More Websites
News  |  7/25/2011  | 
Hackers increasingly use four top techniques, such as cross site scripting and SQL injection, in combination, researchers say.
US-CERT Director Resigns
News  |  7/25/2011  | 
Randy Vickers' departure comes at a critical time for the organization
Websites Are Attacked Once Every Two Minutes
Quick Hits  |  7/25/2011  | 
New study show directory traversal, XSS most common attacks, not SQL injection
Apple Laptop Batteries Hacked By Researcher
News  |  7/25/2011  | 
Attackers could use a password weakness to render your laptop's battery useless--or overcharge it to start a fire, researcher warns.
Sony Insurer Disputes Breach Insurance Claims
News  |  7/25/2011  | 
A cautionary tale for enterprises that think they have data breach insurance.
Future Clouds: Centralized Or Decentralized?
Commentary  |  7/25/2011  | 
The trend might be moving toward putting more eggs in fewer, more secure baskets
Sony Insurer Disputes Breach Insurance Claims
News  |  7/22/2011  | 
A cautionary tale for enterprises that think they have data breach insurance
New Targeted Attack Campaign Against Defense Contractors Under Way
Quick Hits  |  7/22/2011  | 
Researchers at Invincea, ThreatGrid discover stealthy attack that lets attackers quietly steal information from victims
Not Your Average Linux Distribution: DOD's Flavor
News  |  7/22/2011  | 
The Department of Defense has released a unique Linux distribution with special security considerations for telecommuters.
How To Respond To A Denial Of Service Attack
News  |  7/22/2011  | 
You can't prevent an overwhelming DDoS attack, but you can minimize its impact. Here's how.
Tech Insight: How To Respond To A Denial-Of-Service Attack
News  |  7/21/2011  | 
You can't prevent an overwhelming DDoS attack, but you can minimize its impact. Here's how
Embedded Web Servers Exposing Organizations To Attack
News  |  7/21/2011  | 
Black Hat USA speaker's experimental Internet scan turns up multitude of unsecured copiers, scanners, VoIP systems, storage devices
Lieberman Software, Hewlett-Packard Integration Controls Privileged Access To Lights-Out Management Devices
News  |  7/21/2011  | 
Solution makes it easier for organizations to comply with government and industry regulations
NATO Servers Latest Anonymous Hack?
News  |  7/21/2011  | 
Group claims to 'have lots of restricted material'
Anonymous Claims Hack On NATO Servers
News  |  7/21/2011  | 
The hacktivist group said it's holding 1 gigabyte of information from the international alliance, as it would be "irresponsible" to release most of it.
How to Choose A Cloud Storage Provider: Security
Commentary  |  7/21/2011  | 
In the first of a three-part series, we outline security considerations in selecting a place to store your data in the cloud.
Most IT Security Pros Disabling Security Functions In Favor Of Network Speed
Quick Hits  |  7/21/2011  | 
New survey shows dilemma faced by organizations over performance trade-offs with network security products
Google Hacking Tools Prepped For Black Hat
News  |  7/21/2011  | 
'Diggity' family of search tools will help security teams and pen testers find searchable flaws before bad guys, Stach & Liu researchers say.
Attack On PNNL Started At Public Web Servers
News  |  7/21/2011  | 
Zero-day Flash payload infected visitors to Department of Energy contractor Pacific Northwest National Lab's public-facing Web servers.
Researchers Prepare Google Hacking Tools For Black Hat -- Hot Diggity!
News  |  7/20/2011  | 
Family of search tools will help security teams and pen testers find searchable flaws before bad guys, Stach & Liu researchers say
Attack On Pacific Northwest National Lab Started At Public Web Servers
News  |  7/20/2011  | 
Zero-day Flash payload infected visitors to lab's public-facing Web servers
Google Tries Flagging Malware For Users
Quick Hits  |  7/20/2011  | 
Search engine will warn users if it detects a specific attack on their machines
Google Warns Searchers Of Windows Malware Infection
News  |  7/20/2011  | 
Google has started alerting users running Windows about a specific form of local malware it can detect through network traffic flows.
Page 1 / 3   >   >>


Microsoft President: Governments Must Cooperate on Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/8/2018
To Click or Not to Click: The Answer Is Easy
Kowsik Guruswamy, Chief Technology Officer at Menlo Security,  11/14/2018
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19279
PUBLISHED: 2018-11-14
PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non-SSD devices, this is limited to a 5-second window and file sizes less than 600 bytes. The effect on SSD devices may be greater.
CVE-2018-19280
PUBLISHED: 2018-11-14
Centreon 3.4.x has XSS via the resource name or macro expression of a poller macro.
CVE-2018-19281
PUBLISHED: 2018-11-14
Centreon 3.4.x allows SNMP trap SQL Injection.
CVE-2018-17960
PUBLISHED: 2018-11-14
CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste.
CVE-2018-19278
PUBLISHED: 2018-11-14
Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed lengt...