Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in August 2011
Page 1 / 4   >   >>
Changes To OAuth 2.0 Security Standard For Social Sharing At 'Last Call' Stage
News  |  8/31/2011  | 
OAuth 2.0 is mostly down to arguments over individual words in its requirements and recommendations
Insiders Behind Most Breaches Of Patient Health Data
Quick Hits  |  8/31/2011  | 
Most healthcare organizations say they've been hit by breaches of patient data in the past year
New Free Tools Simplify Analysis Of Android Malware
News  |  8/31/2011  | 
What did you do over your summer break? Two graduate students wrote tools that address heightened concern over eventual attacks against the Android platform
DARPA Seeks Software To Analyze Terrorist Videos
News  |  8/31/2011  | 
Visual Media Reasoning program seeks partners on software to extract intelligence from terrorist videos and photos.
14 Enterprise Security Tips From Anonymous Hacker
News  |  8/31/2011  | 
Former Anonymous member "SparkyBlaze" advises companies on how to avoid massive data breaches.
Endpoint Freedoms Leaving Businesses Vulnerable To Attack
Quick Hits  |  8/30/2011  | 
New survey finds IT professionals concerned about targeted attacks, but doing little to lock down weak links in their endpoints
Digital Certificate Authority Hacked, Dozens Of Phony Digital Certificates Issued
News  |  8/30/2011  | 
DigiNotar confirms it was breached and Google.com just one of 'several dozens' of fraudulently issued digital certificates obtained by hackers and now revoked
New Windows Worm Wriggling Through Networks
News  |  8/30/2011  | 
'Morto' targets weak passwords, usernames and spreads via the Remote Desktop Protocol.
Gmail Attack Highlights Web Insecurity
News  |  8/29/2011  | 
A man-in-the-middle attack that relied on an unauthorized Google SSL certificate has revived concern over whether any Web communication is really secure.
New Windows Worm Wriggling Through Networks
News  |  8/29/2011  | 
'Morto' targets weak passwords, usernames and spreads via the Remote Desktop Protocol
Unifying Compliance Initiatives To Make Budgets Last
News  |  8/29/2011  | 
Don't reinvent the wheel with fragmented compliance initiatives
One Third Of Security Pros Not Practicing What They Preach
Quick Hits  |  8/29/2011  | 
Survey shows security pros breaking security policies for convenience, and overall difficulty in making major changes to security technologies and strategies
Nokia Developer Site Hacked
News  |  8/29/2011  | 
E-mail addresses, user names, and other personally identifying information compromised in possible AntiSec breach.
Smartphones And Tablets Targets For Getting 'Juiced'
Commentary  |  8/29/2011  | 
Awareness campaign at DefCon shows how easy data can be stolen from smartphones using free charging kiosks
Researchers Uncover The Email That Led To The RSA Hack
Quick Hits  |  8/26/2011  | 
F-Secure labs analyst isolates the original exploit that led to the breach of SecureID
Researcher Names Insulin Pump Products Vulnerable To Hack
News  |  8/26/2011  | 
Four pumps from Medtronic--the number-one seller of insulin pumps in the U.S.--can be hacked wirelessly
Web-Searchable Databases An Increasing Security Risk
News  |  8/26/2011  | 
Breaches at Yale and the Southern California Medical-Legal Consultants demonstrate the importance of ensuring that databases that touch Web-facing interfaces aren't exposed by Web searches
4 Pre-Hurricane Disaster Prep Tips For SMBs
News  |  8/26/2011  | 
Earthquakes have passed, Hurricane Irene looms: Time to give your disaster readiness plan a check-up.
Insulin Pump Hack Controversy Grows
News  |  8/26/2011  | 
Security researcher--and pump user--who found the flaw takes medical device manufacturer Medtronic to task for its response to the security vulnerability.
Salesforce To Acquire Crypto Provider
News  |  8/26/2011  | 
SaaS provider's purchase of Navajo Systems could help allay some cloud security skeptics' concerns, experts say.
Apache Issues Workarounds For 'Killer' Attack
News  |  8/26/2011  | 
Development team spells out mitigation strategies for DDoS threat in advance of patch release.
Workarounds Issued For 'Apache Killer' Attack
News  |  8/25/2011  | 
'Active use' of attack tool spotted as Apache team spells out mitigation strategies and promises a patch within 24 hours
Researcher To Release Free 'Slow HTTP Attack' Tool
Quick Hits  |  8/25/2011  | 
'Slowhttptest' could be expanded to test for so-called "ApacheKiller" hack
Intelligence Agencies Seek Tools To Predict Global Events
News  |  8/25/2011  | 
IARPA wants to analyze data from websites, blogs, wikis, social media and other sources to better predict events such as international crises and disease or violence outbreaks.
HIE Accreditation Service Offered To Software Vendors
News  |  8/25/2011  | 
The Electronic Healthcare Network Accreditation Commission announces a privacy and security testing program to accompany existing health information exchange accreditation.
Fingerprint Readers Boost Healthcare Security
News  |  8/25/2011  | 
Biometrics technology locks up Children's Clinics patient data while cutting down on password-reset requests.
Army Partners With Google, Apple On Secure Tablets
News  |  8/25/2011  | 
The military arm and its technology partners are testing an "iPad-like" device now, to shore up security before deployment.
Tech Insight: Navigating The Murky Waters Of PCI Implementation
News  |  8/24/2011  | 
PCI compliance can work for your security program. The key is understanding your assessor's needs
Salesforce To Announce Acquisition Of Crypto Provider
News  |  8/24/2011  | 
SaaS provider's purchase of Navajo Systems could help allay concerns of some cloud security skeptics, experts say
Google Gives Up $500M In Revenue From Canadian Online Pharmacies
Quick Hits  |  8/24/2011  | 
Search engine giant should not have sold ads to unauthorized pharmacies, Department of Justice says
Google+ Naming Policy Causes Social Butterflies
Commentary  |  8/24/2011  | 
How far out there do you want to be? Readers debate rising tensions related to social network privacy.
Insulin Pump Hack Catches Congressional Attention
News  |  8/24/2011  | 
Members of the House communications and technology subcommittee raise concerns about vulnerability of wireless-based medical devices in wake of Black Hat USA demonstration
Microsoft's Vista Hacker Speaks: 7 Lessons Learned
News  |  8/24/2011  | 
Chris Paget served on the "final security review" team that assessed Vista before release. Check out what he learned about software hardening.
PCI QSA Status Revocation A Shot Across The Bow For QSAs?
Commentary  |  8/24/2011  | 
The PCI Security Council's move spells trouble for unscrupulous QSAs and shows that the Council means business in enforcing its quality standards
How Security Pros Can Make Compliance Initiatives Work For Them
News  |  8/24/2011  | 
Security efforts and compliance efforts aren't always in sync. Here's how security teams can make compliance an ally
Facebook Gives Users Some Privacy
News  |  8/23/2011  | 
More granular control over privacy settings
Worm Morphs, Attacks Banks With Zeus-Like Features
Quick Hits  |  8/23/2011  | 
Revamped Ramnit malware 'a powerful weapon,' researcher says
Chinese Military Documentary Reveals Alleged Attack Software
News  |  8/23/2011  | 
Government-run TV channel program accidentally reveals what appears to be software designed for cyber warfare.
Fraud Detection And DAM
Commentary  |  8/23/2011  | 
DAM can be used for fraud detection, but you need to review your alerts
Google Patches Critical Chrome Bug
News  |  8/23/2011  | 
Chrome browser update includes patches for 11 vulnerabilities, including several discovered by Google bug bounty winners.
Hacked Medical Device Sparks Congressional Inquiry
News  |  8/23/2011  | 
Legislators demand answers after a security researcher remotely controlled his own insulin pump using a $20 radio frequency transmitter at Black Hat.
Apple: Stop Tracking iOS Users By Device IDs
News  |  8/23/2011  | 
Documentation changes to the iOS 5 beta tell developers to track users via their own applications, not the serial number associated with each device.
Baking Security Into Open WiFi Networks
News  |  8/22/2011  | 
New approach lets WiFi networks remain open and secure
How Security Breaches Happen -- And What You Can Do About It
Quick Hits  |  8/22/2011  | 
Join Dark Reading/InformationWeek virtual event Thursday for firsthand insight on security breaches
5 Reasons Google+'s Name Policy Fails
News  |  8/22/2011  | 
Google should rethink its policy and empower users rather than restrict them.
Anonymous Hackers Are Hypocrites, Not Hacktivists
Commentary  |  8/22/2011  | 
An amorphous group of hackers has proven its ability to breach, torment, and embarrass. But as its dance with BART shows, its larger ambitions ring hollow.
McAfee Stews; HP Speculation Brews
Commentary  |  8/22/2011  | 
McAfee takes heat for fear mongering, while HP watches its future predicted. One scenario envisions an Oracle takeover.
EHR Data In Cloud Needs Strong Security Trail
News  |  8/22/2011  | 
Presenters at a recent Legal EHR Summit warn healthcare providers to press their vendors for clear answers on security.
McAfee Blew Shady RAT Analysis, Kaspersky Says
News  |  8/22/2011  | 
Security expert Eugene Kaspersky dismissed the seriousness of the Shady RAT botnet and suggested McAfee was purposefully alarmist in its report.
GingerMaster Is First Malware To Utilize A Root Exploit On Android 2.3
Quick Hits  |  8/21/2011  | 
New attack can successfully avoid detection by antivirus programs, university research team says
Page 1 / 4   >   >>

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-10-22
BQE BillQuick Web Suite 2018 through 2021 before allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include ...
PUBLISHED: 2021-10-22
Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Configuration module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username input field.
PUBLISHED: 2021-10-22
Aplioxio PDF ShapingUp contains a buffer overflow which allows attackers to cause a denial of service (DoS) via a crafted PDF file.
PUBLISHED: 2021-10-22
Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file.
PUBLISHED: 2021-10-22
Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the 'path' parameter of the 'list' and 'download' exception-handling.