Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in July 2011
Page 1 / 3   >   >>
Legacy Support Leaves Chip-And-PIN Vulnerable, Researcher Says
News  |  7/31/2011  | 
Black Hat talk will show that security and backwards compatibility are at odds in popular authentication technology
Study: Users Would Give Up Free Coffee To Get Better Mobile Device Access At Work
Quick Hits  |  7/30/2011  | 
Some users would even trade a vacation day -- but is consumerization safe for enterprises?
Shortened Breach Disclosure Periods Could Hurt Consumers
News  |  7/29/2011  | 
Breach notification window in proposed law will make disclosure less beneficial to victims.
Mac OS X Lion Password Vulnerability: Sleep Mode
News  |  7/29/2011  | 
Forensic software can exploit a seven-year-old FireWire design error to snoop system memory for passwords, even for devices that are locked or in sleep mode.
Facebook Dinner Date Turns Supermarket Robbery
News  |  7/29/2011  | 
Robbers in Belgium used a fake Facebook profile to kidnap a supermarket manager, steal his keys, and empty the store's safe.
'Smart' Batteries May Leave Laptop Users Vulnerable, Researcher Says
News  |  7/28/2011  | 
In Black Hat talk, security expert will show a hack on an unexpected component: the laptop battery
Navy CIO Details IT Cost Cuts
News  |  7/28/2011  | 
The Navy will consolidate applications and data centers, mandate enterprise licensing, improve IT governance, pursue cloud computing, and take other steps to cut IT costs 25% over five years.
Putting Data In The Cloud? Retain Control
News  |  7/28/2011  | 
Security researcher warns many companies are trading catastrophic problems for gains in efficiency
Apple iOS Bug Worse Than Advertised
News  |  7/28/2011  | 
Off-the-shelf sniffing tools can exploit the threat, but users of older iPhones and iPod Touches won't see a fix
NSA Wrestles With Phone Location Data Tracking
News  |  7/28/2011  | 
National Security Agency says it may have the authority to track U.S. citizens using mobile-device location data under "certain circumstances."
Security Best Practices A Big FAIL In Most Organizations
Quick Hits  |  7/28/2011  | 
Enterprises, government agencies mostly missing the boat in proper security practices
RSA SecurID Breach Cost $66 Million
News  |  7/28/2011  | 
EMC details second quarter 2011 cost to replace tokens, monitor customers, and handle fallout from RSA's SecurID breach.
Alleged LulzSec Spokesman Arrested In Scotland
News  |  7/28/2011  | 
British police arrest 18-year-old on hacking charges as part of ongoing investigation into Anonymous and LulzSec.
Police Arrest Alleged LulzSec Leader -- But Do They Have The Right Man?
Quick Hits  |  7/28/2011  | 
London police say they nabbed 'Topiary,' but others say they were duped
Social Media Vs. Organized Crime
News  |  7/27/2011  | 
White House launches plan to leverage social networks and new intelligence and information sharing technologies to fight crime on a global scale.
A Stuxnet Comeback?
News  |  7/27/2011  | 
DHS officials warn of potential for son-of-Stuxnet aimed at U.S. critical infrastructure, but security experts say it won't be quite the same
Black Hat Pwnies Nominate LulzSec, Anonymous
News  |  7/27/2011  | 
Hacker groups among nominees for "Epic 0wnage" award, while Sony is sole nominee for "Epic Fail" distinction.
Anonymous Boycotts PayPal, Arrest Fallout Continues
News  |  7/27/2011  | 
Alleged hacker arrested in FBI sting on PayPal attacks faces Internet ban, while hacktivist group calls for PayPal boycott.
Metasploit Pro Gets SIEM, Cloud Integration
Quick Hits  |  7/26/2011  | 
Rapid7's new Metasploit Pro release, 4.0, automates more workflow tasks
Peer Pressure Drives Many To Acquire Security Certifications
News  |  7/26/2011  | 
New survey reveals how security pros really feel about the value -- or lack thereof -- of certs
Personal Mobile Devices Still Vex IT
Commentary  |  7/26/2011  | 
Two thirds of large enterprises surveyed by Courion say that employees are causing security breaches by connecting personal mobile devices to the corporate network.
FBI Data Exchange System Now Fully Operational
News  |  7/26/2011  | 
The National Data Exchange system lets the agency share information with 18,000 local and regional criminal justice organizations.
Apple OS X Targeted By Remote Backdoor Malware
News  |  7/26/2011  | 
Researchers say a remote-controlled Trojan application, known as the Olyx backdoor, is going after OS X devices.
Aruba Brings NSA-Grade Crypto To Wireless Networks
News  |  7/26/2011  | 
With new Suite B cryptography support, Aruba says it aims to make wireless networks as secure as wired.
Product Watch: Norman Introduces 'Hybrid Sandboxing' Malware Analysis
News  |  7/26/2011  | 
Malware Analyzer G2 combines emulation, virtualization in one environment
'War Texting' Attack Hacks Car Alarm System
News  |  7/25/2011  | 
Researcher will demonstrate at Black Hat USA next week how 'horrifyingly' easy it is to disarm a car alarm system and control other GSM and cell-connected devices
DOD Website Sells Public On Cybersecurity Strategy
News  |  7/25/2011  | 
Department of Defense creates new site that rounds up content related to cybersecurity strategy launched less than two weeks ago.
Blended Web Attacks Hitting More Websites
News  |  7/25/2011  | 
Hackers increasingly use four top techniques, such as cross site scripting and SQL injection, in combination, researchers say.
US-CERT Director Resigns
News  |  7/25/2011  | 
Randy Vickers' departure comes at a critical time for the organization
Websites Are Attacked Once Every Two Minutes
Quick Hits  |  7/25/2011  | 
New study show directory traversal, XSS most common attacks, not SQL injection
Apple Laptop Batteries Hacked By Researcher
News  |  7/25/2011  | 
Attackers could use a password weakness to render your laptop's battery useless--or overcharge it to start a fire, researcher warns.
Sony Insurer Disputes Breach Insurance Claims
News  |  7/25/2011  | 
A cautionary tale for enterprises that think they have data breach insurance.
Future Clouds: Centralized Or Decentralized?
Commentary  |  7/25/2011  | 
The trend might be moving toward putting more eggs in fewer, more secure baskets
Sony Insurer Disputes Breach Insurance Claims
News  |  7/22/2011  | 
A cautionary tale for enterprises that think they have data breach insurance
New Targeted Attack Campaign Against Defense Contractors Under Way
Quick Hits  |  7/22/2011  | 
Researchers at Invincea, ThreatGrid discover stealthy attack that lets attackers quietly steal information from victims
Not Your Average Linux Distribution: DOD's Flavor
News  |  7/22/2011  | 
The Department of Defense has released a unique Linux distribution with special security considerations for telecommuters.
How To Respond To A Denial Of Service Attack
News  |  7/22/2011  | 
You can't prevent an overwhelming DDoS attack, but you can minimize its impact. Here's how.
Tech Insight: How To Respond To A Denial-Of-Service Attack
News  |  7/21/2011  | 
You can't prevent an overwhelming DDoS attack, but you can minimize its impact. Here's how
Embedded Web Servers Exposing Organizations To Attack
News  |  7/21/2011  | 
Black Hat USA speaker's experimental Internet scan turns up multitude of unsecured copiers, scanners, VoIP systems, storage devices
Lieberman Software, Hewlett-Packard Integration Controls Privileged Access To Lights-Out Management Devices
News  |  7/21/2011  | 
Solution makes it easier for organizations to comply with government and industry regulations
NATO Servers Latest Anonymous Hack?
News  |  7/21/2011  | 
Group claims to 'have lots of restricted material'
Anonymous Claims Hack On NATO Servers
News  |  7/21/2011  | 
The hacktivist group said it's holding 1 gigabyte of information from the international alliance, as it would be "irresponsible" to release most of it.
How to Choose A Cloud Storage Provider: Security
Commentary  |  7/21/2011  | 
In the first of a three-part series, we outline security considerations in selecting a place to store your data in the cloud.
Most IT Security Pros Disabling Security Functions In Favor Of Network Speed
Quick Hits  |  7/21/2011  | 
New survey shows dilemma faced by organizations over performance trade-offs with network security products
Google Hacking Tools Prepped For Black Hat
News  |  7/21/2011  | 
'Diggity' family of search tools will help security teams and pen testers find searchable flaws before bad guys, Stach & Liu researchers say.
Attack On PNNL Started At Public Web Servers
News  |  7/21/2011  | 
Zero-day Flash payload infected visitors to Department of Energy contractor Pacific Northwest National Lab's public-facing Web servers.
Researchers Prepare Google Hacking Tools For Black Hat -- Hot Diggity!
News  |  7/20/2011  | 
Family of search tools will help security teams and pen testers find searchable flaws before bad guys, Stach & Liu researchers say
Attack On Pacific Northwest National Lab Started At Public Web Servers
News  |  7/20/2011  | 
Zero-day Flash payload infected visitors to lab's public-facing Web servers
Google Tries Flagging Malware For Users
Quick Hits  |  7/20/2011  | 
Search engine will warn users if it detects a specific attack on their machines
Google Warns Searchers Of Windows Malware Infection
News  |  7/20/2011  | 
Google has started alerting users running Windows about a specific form of local malware it can detect through network traffic flows.
Page 1 / 3   >   >>

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-10-18
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions an attacker with read access to a "SVN core" repository could execute arbitrary SQL queries. The following versions contain the fix: Tuleap Community Edition 11.1...
PUBLISHED: 2021-10-18
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following versions contain the fix...
PUBLISHED: 2021-10-18
OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In affected versions by manipulating the HTTP request an attacker can modify the path of a requested file download in the folder component to point to anywhere on t...
PUBLISHED: 2021-10-18
The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In `evm` crate `< 0.31.0`, `JUMPI` opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. Thi...
PUBLISHED: 2021-10-18
anuko/timetracker is an, open source time tracking system. In affected versions Time Tracker uses browser_today hidden control on a few pages to collect the today's date from user browsers. Because of not checking this parameter for sanity in versions prior to, it was possible to craft ...