Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in August 2011
Page 1 / 4   >   >>
Changes To OAuth 2.0 Security Standard For Social Sharing At 'Last Call' Stage
News  |  8/31/2011  | 
OAuth 2.0 is mostly down to arguments over individual words in its requirements and recommendations
Insiders Behind Most Breaches Of Patient Health Data
Quick Hits  |  8/31/2011  | 
Most healthcare organizations say they've been hit by breaches of patient data in the past year
New Free Tools Simplify Analysis Of Android Malware
News  |  8/31/2011  | 
What did you do over your summer break? Two graduate students wrote tools that address heightened concern over eventual attacks against the Android platform
DARPA Seeks Software To Analyze Terrorist Videos
News  |  8/31/2011  | 
Visual Media Reasoning program seeks partners on software to extract intelligence from terrorist videos and photos.
14 Enterprise Security Tips From Anonymous Hacker
News  |  8/31/2011  | 
Former Anonymous member "SparkyBlaze" advises companies on how to avoid massive data breaches.
Endpoint Freedoms Leaving Businesses Vulnerable To Attack
Quick Hits  |  8/30/2011  | 
New survey finds IT professionals concerned about targeted attacks, but doing little to lock down weak links in their endpoints
Digital Certificate Authority Hacked, Dozens Of Phony Digital Certificates Issued
News  |  8/30/2011  | 
DigiNotar confirms it was breached and Google.com just one of 'several dozens' of fraudulently issued digital certificates obtained by hackers and now revoked
New Windows Worm Wriggling Through Networks
News  |  8/30/2011  | 
'Morto' targets weak passwords, usernames and spreads via the Remote Desktop Protocol.
Gmail Attack Highlights Web Insecurity
News  |  8/29/2011  | 
A man-in-the-middle attack that relied on an unauthorized Google SSL certificate has revived concern over whether any Web communication is really secure.
New Windows Worm Wriggling Through Networks
News  |  8/29/2011  | 
'Morto' targets weak passwords, usernames and spreads via the Remote Desktop Protocol
Unifying Compliance Initiatives To Make Budgets Last
News  |  8/29/2011  | 
Don't reinvent the wheel with fragmented compliance initiatives
One Third Of Security Pros Not Practicing What They Preach
Quick Hits  |  8/29/2011  | 
Survey shows security pros breaking security policies for convenience, and overall difficulty in making major changes to security technologies and strategies
Nokia Developer Site Hacked
News  |  8/29/2011  | 
E-mail addresses, user names, and other personally identifying information compromised in possible AntiSec breach.
Smartphones And Tablets Targets For Getting 'Juiced'
Commentary  |  8/29/2011  | 
Awareness campaign at DefCon shows how easy data can be stolen from smartphones using free charging kiosks
Researchers Uncover The Email That Led To The RSA Hack
Quick Hits  |  8/26/2011  | 
F-Secure labs analyst isolates the original exploit that led to the breach of SecureID
Researcher Names Insulin Pump Products Vulnerable To Hack
News  |  8/26/2011  | 
Four pumps from Medtronic--the number-one seller of insulin pumps in the U.S.--can be hacked wirelessly
Web-Searchable Databases An Increasing Security Risk
News  |  8/26/2011  | 
Breaches at Yale and the Southern California Medical-Legal Consultants demonstrate the importance of ensuring that databases that touch Web-facing interfaces aren't exposed by Web searches
4 Pre-Hurricane Disaster Prep Tips For SMBs
News  |  8/26/2011  | 
Earthquakes have passed, Hurricane Irene looms: Time to give your disaster readiness plan a check-up.
Insulin Pump Hack Controversy Grows
News  |  8/26/2011  | 
Security researcher--and pump user--who found the flaw takes medical device manufacturer Medtronic to task for its response to the security vulnerability.
Salesforce To Acquire Crypto Provider
News  |  8/26/2011  | 
SaaS provider's purchase of Navajo Systems could help allay some cloud security skeptics' concerns, experts say.
Apache Issues Workarounds For 'Killer' Attack
News  |  8/26/2011  | 
Development team spells out mitigation strategies for DDoS threat in advance of patch release.
Workarounds Issued For 'Apache Killer' Attack
News  |  8/25/2011  | 
'Active use' of attack tool spotted as Apache team spells out mitigation strategies and promises a patch within 24 hours
Researcher To Release Free 'Slow HTTP Attack' Tool
Quick Hits  |  8/25/2011  | 
'Slowhttptest' could be expanded to test for so-called "ApacheKiller" hack
Intelligence Agencies Seek Tools To Predict Global Events
News  |  8/25/2011  | 
IARPA wants to analyze data from websites, blogs, wikis, social media and other sources to better predict events such as international crises and disease or violence outbreaks.
HIE Accreditation Service Offered To Software Vendors
News  |  8/25/2011  | 
The Electronic Healthcare Network Accreditation Commission announces a privacy and security testing program to accompany existing health information exchange accreditation.
Fingerprint Readers Boost Healthcare Security
News  |  8/25/2011  | 
Biometrics technology locks up Children's Clinics patient data while cutting down on password-reset requests.
Army Partners With Google, Apple On Secure Tablets
News  |  8/25/2011  | 
The military arm and its technology partners are testing an "iPad-like" device now, to shore up security before deployment.
Tech Insight: Navigating The Murky Waters Of PCI Implementation
News  |  8/24/2011  | 
PCI compliance can work for your security program. The key is understanding your assessor's needs
Salesforce To Announce Acquisition Of Crypto Provider
News  |  8/24/2011  | 
SaaS provider's purchase of Navajo Systems could help allay concerns of some cloud security skeptics, experts say
Google Gives Up $500M In Revenue From Canadian Online Pharmacies
Quick Hits  |  8/24/2011  | 
Search engine giant should not have sold ads to unauthorized pharmacies, Department of Justice says
Google+ Naming Policy Causes Social Butterflies
Commentary  |  8/24/2011  | 
How far out there do you want to be? Readers debate rising tensions related to social network privacy.
Insulin Pump Hack Catches Congressional Attention
News  |  8/24/2011  | 
Members of the House communications and technology subcommittee raise concerns about vulnerability of wireless-based medical devices in wake of Black Hat USA demonstration
Microsoft's Vista Hacker Speaks: 7 Lessons Learned
News  |  8/24/2011  | 
Chris Paget served on the "final security review" team that assessed Vista before release. Check out what he learned about software hardening.
PCI QSA Status Revocation A Shot Across The Bow For QSAs?
Commentary  |  8/24/2011  | 
The PCI Security Council's move spells trouble for unscrupulous QSAs and shows that the Council means business in enforcing its quality standards
How Security Pros Can Make Compliance Initiatives Work For Them
News  |  8/24/2011  | 
Security efforts and compliance efforts aren't always in sync. Here's how security teams can make compliance an ally
Facebook Gives Users Some Privacy
News  |  8/23/2011  | 
More granular control over privacy settings
Worm Morphs, Attacks Banks With Zeus-Like Features
Quick Hits  |  8/23/2011  | 
Revamped Ramnit malware 'a powerful weapon,' researcher says
Chinese Military Documentary Reveals Alleged Attack Software
News  |  8/23/2011  | 
Government-run TV channel program accidentally reveals what appears to be software designed for cyber warfare.
Fraud Detection And DAM
Commentary  |  8/23/2011  | 
DAM can be used for fraud detection, but you need to review your alerts
Google Patches Critical Chrome Bug
News  |  8/23/2011  | 
Chrome browser update includes patches for 11 vulnerabilities, including several discovered by Google bug bounty winners.
Hacked Medical Device Sparks Congressional Inquiry
News  |  8/23/2011  | 
Legislators demand answers after a security researcher remotely controlled his own insulin pump using a $20 radio frequency transmitter at Black Hat.
Apple: Stop Tracking iOS Users By Device IDs
News  |  8/23/2011  | 
Documentation changes to the iOS 5 beta tell developers to track users via their own applications, not the serial number associated with each device.
Baking Security Into Open WiFi Networks
News  |  8/22/2011  | 
New approach lets WiFi networks remain open and secure
How Security Breaches Happen -- And What You Can Do About It
Quick Hits  |  8/22/2011  | 
Join Dark Reading/InformationWeek virtual event Thursday for firsthand insight on security breaches
5 Reasons Google+'s Name Policy Fails
News  |  8/22/2011  | 
Google should rethink its policy and empower users rather than restrict them.
Anonymous Hackers Are Hypocrites, Not Hacktivists
Commentary  |  8/22/2011  | 
An amorphous group of hackers has proven its ability to breach, torment, and embarrass. But as its dance with BART shows, its larger ambitions ring hollow.
McAfee Stews; HP Speculation Brews
Commentary  |  8/22/2011  | 
McAfee takes heat for fear mongering, while HP watches its future predicted. One scenario envisions an Oracle takeover.
EHR Data In Cloud Needs Strong Security Trail
News  |  8/22/2011  | 
Presenters at a recent Legal EHR Summit warn healthcare providers to press their vendors for clear answers on security.
McAfee Blew Shady RAT Analysis, Kaspersky Says
News  |  8/22/2011  | 
Security expert Eugene Kaspersky dismissed the seriousness of the Shady RAT botnet and suggested McAfee was purposefully alarmist in its report.
GingerMaster Is First Malware To Utilize A Root Exploit On Android 2.3
Quick Hits  |  8/21/2011  | 
New attack can successfully avoid detection by antivirus programs, university research team says
Page 1 / 4   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23416
PUBLISHED: 2021-07-28
This affects all versions of package curly-bracket-parser. When used as a template library, it does not properly sanitize the user input.
CVE-2021-23417
PUBLISHED: 2021-07-28
All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function.
CVE-2021-23415
PUBLISHED: 2021-07-28
This affects the package elFinder.AspNet before 1.1.1. The user-controlled file name is not properly sanitized before it is used to create a file system path.
CVE-2020-4974
PUBLISHED: 2021-07-28
IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.
CVE-2020-5004
PUBLISHED: 2021-07-28
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957.