Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in July 2012
<<   <   Page 2 / 3   >   >>
Final Blow Kills Remainder Of Grum Botnet
News  |  7/18/2012  | 
Command and control servers shut down in Panama, Russia, Ukraine
Oracle Customers Urged To Defend Against DoS
News  |  7/18/2012  | 
Quarterly CPU fixes 87 vulnerabilities, including a Fusion Middleware hole rated a 10
YouTube Adds Face Blurring For Privacy
News  |  7/18/2012  | 
Tool addresses need to protect activists and others caught on camera against their will, but is not a guarantee, say experts.
Risks Deferred Are Risks Accepted
Commentary  |  7/18/2012  | 
Decisions to delay compliance and security efforts do not delay the risks
Mahdi Malware Hits Middle Eastern Targets
News  |  7/18/2012  | 
Despite attacking critical infrastructure, financial services, and government embassy targets in Iran and Israel, the "Messiah" malware doesn't appear to tie directly to Flame.
iPad App Allows Single Sign-On For Enterprise Apps
News  |  7/18/2012  | 
OneLogin's iPad app also lets enterprise users tab between multiple SaaS apps using one interface. Netflix is an early customer.
A Common-Sense Secret For Cheaper PCI Audits
News  |  7/18/2012  | 
Pre-audit logistics prep can go a long way toward saving on PCI assessment costs
No Sign Of DDoSes Diminishing
Quick Hits  |  7/17/2012  | 
Application-layer DDoS attacks decline for the first time last quarter, but "slow and low" attacks gaining ground
Firefox 14 Secures Google Search Queries
News  |  7/17/2012  | 
Security, interface, and gaming improvements debut in the latest version of Mozilla's Web browser.
Will Advanced Attackers Laugh At Your WAF?
News  |  7/17/2012  | 
Companies should not trust vendors' claims about Web application firewalls, says security engineer who at Black Hat USA will show 150 different ways attackers can get around Web defenses
'Waldo' Finds Ways To Abuse HTML5 WebSockets
News  |  7/17/2012  | 
Black Hat USA researchers to release free hacking tool and demonstrate how new communication channel could be used for XSS, denial-of-service, and hiding malicious or unauthorized traffic
Symantec Debuts Android Antivirus Software For Enterprises
News  |  7/17/2012  | 
Software interfaces with Symantec service that assesses apps from more than 70 app markets and blacklists malicious or suspicious choices.
Identity And Access Management: An Introduction
Quick Hits  |  7/17/2012  | 
A solid approach to identity and access management can cut costs and make your organization more secure. Here are some tips for laying the foundation
AT&T To Sponsor Zero-Day Contest For Kids
News  |  7/16/2012  | 
Second annual DefCon Kids highlights mobile app security, responsible disclosure, social engineering, and other topics aimed at teaching the ways of white-hat hacking
Tufin Survey Reveals Security Suffers As Organizations Cut Costs
News  |  7/16/2012  | 
Survey taken at InfoSecurity Europe 2012 uncovers that almost half of IT security professionals are pushed to focus on cost savings at the expense of security
Dark Reading Launches Tech Centers On Risk, Identity Management
Commentary  |  7/16/2012  | 
New Dark Reading subsites focus on risk measurement and strategy, identity and access management
Nvidia Investigates Password Breach
News  |  7/16/2012  | 
Hacker posts "Apollo Project" leak involving 800 forum and developer passwords.
4 Reasons Why IT Security Needs Risk Management
News  |  7/16/2012  | 
Risk management ties infosec to the rest of the enterprise
Evaluating And Choosing Threat Intelligence Tools
Quick Hits  |  7/15/2012  | 
So you want to collect and analyze your own threat data. What tools do you need? Here are some tips for finding the right ones
Data Loss Prevention: What's The Use?
Commentary  |  7/13/2012  | 
Why deploy data loss prevention technologies if there are ways to circumvent the system?
Black Hat Researcher: Rethink And Refine Your IDS
News  |  7/13/2012  | 
Attackers routinely go unnoticed, both because intrusion detection systems are failing to do their jobs and because security teams need to rethink how they use them
Apple In-App Store Hacked
News  |  7/13/2012  | 
Hacker finds way to loot in-app store items and posts a how-to on YouTube.
Yahoo Password Breach: 7 Lessons Learned
News  |  7/13/2012  | 
What should businesses, users, and regulators take away from the Yahoo password breach? Start with encryption for all stored passwords.
More Data Breaches, Fewer Details For Victims
News  |  7/13/2012  | 
The number of hack attacks that result in breaches has increased, but businesses are releasing less information about what was stolen--or who's at fault.
Yahoo Password Breach: New Risks
News  |  7/13/2012  | 
Yahoo confirms 450,000 passwords breached. While leaked data appears partially outdated, hackers likely had access to more user-provided personal details.
Crimeware Developers Shift To More Obfuscation, Java Exploits
News  |  7/12/2012  | 
After making their code harder to reverse-engineer, exploit kits are now focusing on improving attacks
How To Select A DDoS Mitigation Service
News  |  7/12/2012  | 
Distributed denial-of-service attacks can flare up quickly and do serious damage. Time to call in the experts?
Startup 'Jumpshot' Aims To Help Grandma And Her IT Geek Grandkid
Quick Hits  |  7/12/2012  | 
Ex-HP TippingPoint security pros create an automated, animated tool targeting consumers and small businesses -- and giving geeks a little rest after-hours
Instagram Closes Security Hole
News  |  7/12/2012  | 
A security researcher says the vulnerability could allow people to access photos taken by others, while Instagram says private photos can not be accessed
New 'Warp' Trojan Poses As A Network Router
News  |  7/12/2012  | 
Attack uses ARP-spoofing to intercept traffic, propagate throughout the network
Blast Phishing Attack Fooled Many Users
News  |  7/12/2012  | 
Spam disguised as convincing emails from LinkedIn, Facebook, and other trusted entities were one targeted operation aimed at stealing online financial credentials, say Trend Micro researchers.
Hackers Leak Yahoo Voice Passwords
News  |  7/12/2012  | 
'DD3Ds Company' said it obtained the data by executing a SQL injection attack against an unnamed Yahoo subdomain
Let's Ask 'Why?'
Commentary  |  7/12/2012  | 
Why are big firms still vulnerable to SQL injection?
Free Android Apps Have Privacy Cost
News  |  7/12/2012  | 
More than half of free Android apps use advertising networks and exchanges. Most are legit, but about 5% interface with 'aggressive' networks that could threaten your privacy.
Yahoo Hack Leaks 453,000 Voice Passwords
News  |  7/12/2012  | 
Yahoo passwords were stored unencrypted and stolen via a SQL injection attack, attackers claim. Meanwhile, Formspring resets passwords for 28 million users after a password breach.
Achieving Compliance In The Smart Grid
Quick Hits  |  7/11/2012  | 
In the energy business, strict compliance mandates could be all that stands between business as usual and a catastrophic, long-term power outage
Stealing Documents Through Social Media Image-Sharing
News  |  7/11/2012  | 
Innocent-looking vacation pictures on Facebook could conceivably traffic exfiltrated documents, Black Hat researchers warn
Series Of Convincing Spam Runs Part Of One Massive Advanced Attack Campaign
News  |  7/11/2012  | 
Trend Micro researchers connect multiple spam attacks as single, targeted operation aimed at stealing online financial credentials
Slide Show: 10 Free Database Security Tools
Slideshows  |  7/11/2012  | 
While many database protection suites are an expensive proposition, there are a number of free tools available to organizations seeking cost-effective ways to begin securing their databases
Megaupload's Kim Dotcom Offers To Extradite Himself
News  |  7/11/2012  | 
Dotcom says he'll come to U.S. if DOJ will guarantee him a fair trial and unfreeze his assets to cover legal expenses and living costs.
More Android Malware Pulled From Google Play
News  |  7/11/2012  | 
Disguised as Mario Bros. and Grand Theft Auto games, the malware downloaded itself in stages to evade Google's automated security checks.
New International Plan To Tackle Cybercrime Launched
News  |  7/11/2012  | 
New research road map developed by leading international cybersecurity researchers
U.S. Medical ID Theft Cost Jumps To $41 Billion
Quick Hits  |  7/10/2012  | 
New Ponemon study finds that half of medical identity theft victims know the person who stole their IDs, and victims end up footing the bill in many cases
Apple 'Ban' Gives Miller Time To Hack Other Things
News  |  7/10/2012  | 
Charlie Miller reflects on how his NSA chops were a natural progression to Apple hacking, how hard hacking has become -- and his obsession with reality TV shows about stage moms
DarkComet Developer Retires Notorious Remote Access Tool
News  |  7/10/2012  | 
Some call DarkComet a tool; others call it a Trojan. RAT had been used by Syrian police and anti-Tibet organizations to spy on targeted computers.
Anonymous Takes Credit For 'Syria Files' Data Leak
News  |  7/10/2012  | 
According to Anonymous, downloading all of the data it ultimately acquired took several weeks
EMC Upgrades NetWorker For Performance, Clouds
News  |  7/10/2012  | 
EMC Networker 8.0 adds a new architecture to boost backup performance and includes multi-tenancy so service providers can support multiple clients in the cloud.
Anonymous Hands WikiLeaks 2.4 Million Syrian Emails
News  |  7/10/2012  | 
Hacktivist group claims credit for data breach; turned to WikiLeaks to help process the emails.
Pentagon's Electronic Warfare Strategy Incomplete, GAO Says
News  |  7/10/2012  | 
Government Accountability Office report finds DOD has not established clear lines of responsibility in electronic warfare and cyberspace operations.
DNSChanger Still A Threat
News  |  7/10/2012  | 
DNSChanger server shutdown on Monday didn't cause a significant disruption, but the danger is not over yet, security experts say.
<<   <   Page 2 / 3   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-39229
PUBLISHED: 2021-09-20
Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. In affected versions users who use Apprise granting them access to the IFTTT plugin (which just comes out of the box) are subject to a denial of service attack...
CVE-2021-41083
PUBLISHED: 2021-09-20
Dada Mail is a web-based e-mail list management system. In affected versions a bad actor could give someone a carefully crafted web page via email, SMS, etc, that - when visited, allows them control of the list control panel as if the bad actor was logged in themselves. This includes changing any ma...
CVE-2021-34650
PUBLISHED: 2021-09-20
The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the ~/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.6.
CVE-2021-41082
PUBLISHED: 2021-09-20
Discourse is a platform for community discussion. In affected versions any private message that includes a group had its title and participating user exposed to users that do not have access to the private messages. However, access control for the private messages was not compromised as users were n...
CVE-2020-16630
PUBLISHED: 2021-09-20
TI&acirc;&euro;&trade;s BLE stack caches and reuses the LTK&acirc;&euro;&trade;s property for a bonded mobile. A LTK can be an unauthenticated-and-no-MITM-protection key created by Just Works or an authenticated-and-MITM-protection key created by Passkey Entry, Numeric Comparison or OOB. Assume that...