News & Commentary

Content posted in August 2011
Page 1 / 4   >   >>
Changes To OAuth 2.0 Security Standard For Social Sharing At 'Last Call' Stage
News  |  8/31/2011  | 
OAuth 2.0 is mostly down to arguments over individual words in its requirements and recommendations
Insiders Behind Most Breaches Of Patient Health Data
Quick Hits  |  8/31/2011  | 
Most healthcare organizations say they've been hit by breaches of patient data in the past year
New Free Tools Simplify Analysis Of Android Malware
News  |  8/31/2011  | 
What did you do over your summer break? Two graduate students wrote tools that address heightened concern over eventual attacks against the Android platform
DARPA Seeks Software To Analyze Terrorist Videos
News  |  8/31/2011  | 
Visual Media Reasoning program seeks partners on software to extract intelligence from terrorist videos and photos.
14 Enterprise Security Tips From Anonymous Hacker
News  |  8/31/2011  | 
Former Anonymous member "SparkyBlaze" advises companies on how to avoid massive data breaches.
Endpoint Freedoms Leaving Businesses Vulnerable To Attack
Quick Hits  |  8/30/2011  | 
New survey finds IT professionals concerned about targeted attacks, but doing little to lock down weak links in their endpoints
Digital Certificate Authority Hacked, Dozens Of Phony Digital Certificates Issued
News  |  8/30/2011  | 
DigiNotar confirms it was breached and just one of 'several dozens' of fraudulently issued digital certificates obtained by hackers and now revoked
New Windows Worm Wriggling Through Networks
News  |  8/30/2011  | 
'Morto' targets weak passwords, usernames and spreads via the Remote Desktop Protocol.
Gmail Attack Highlights Web Insecurity
News  |  8/29/2011  | 
A man-in-the-middle attack that relied on an unauthorized Google SSL certificate has revived concern over whether any Web communication is really secure.
New Windows Worm Wriggling Through Networks
News  |  8/29/2011  | 
'Morto' targets weak passwords, usernames and spreads via the Remote Desktop Protocol
Unifying Compliance Initiatives To Make Budgets Last
News  |  8/29/2011  | 
Don't reinvent the wheel with fragmented compliance initiatives
One Third Of Security Pros Not Practicing What They Preach
Quick Hits  |  8/29/2011  | 
Survey shows security pros breaking security policies for convenience, and overall difficulty in making major changes to security technologies and strategies
Nokia Developer Site Hacked
News  |  8/29/2011  | 
E-mail addresses, user names, and other personally identifying information compromised in possible AntiSec breach.
Smartphones And Tablets Targets For Getting 'Juiced'
Commentary  |  8/29/2011  | 
Awareness campaign at DefCon shows how easy data can be stolen from smartphones using free charging kiosks
Researchers Uncover The Email That Led To The RSA Hack
Quick Hits  |  8/26/2011  | 
F-Secure labs analyst isolates the original exploit that led to the breach of SecureID
Researcher Names Insulin Pump Products Vulnerable To Hack
News  |  8/26/2011  | 
Four pumps from Medtronic--the number-one seller of insulin pumps in the U.S.--can be hacked wirelessly
Web-Searchable Databases An Increasing Security Risk
News  |  8/26/2011  | 
Breaches at Yale and the Southern California Medical-Legal Consultants demonstrate the importance of ensuring that databases that touch Web-facing interfaces aren't exposed by Web searches
4 Pre-Hurricane Disaster Prep Tips For SMBs
News  |  8/26/2011  | 
Earthquakes have passed, Hurricane Irene looms: Time to give your disaster readiness plan a check-up.
Insulin Pump Hack Controversy Grows
News  |  8/26/2011  | 
Security researcher--and pump user--who found the flaw takes medical device manufacturer Medtronic to task for its response to the security vulnerability.
Salesforce To Acquire Crypto Provider
News  |  8/26/2011  | 
SaaS provider's purchase of Navajo Systems could help allay some cloud security skeptics' concerns, experts say.
Apache Issues Workarounds For 'Killer' Attack
News  |  8/26/2011  | 
Development team spells out mitigation strategies for DDoS threat in advance of patch release.
Workarounds Issued For 'Apache Killer' Attack
News  |  8/25/2011  | 
'Active use' of attack tool spotted as Apache team spells out mitigation strategies and promises a patch within 24 hours
Researcher To Release Free 'Slow HTTP Attack' Tool
Quick Hits  |  8/25/2011  | 
'Slowhttptest' could be expanded to test for so-called "ApacheKiller" hack
Intelligence Agencies Seek Tools To Predict Global Events
News  |  8/25/2011  | 
IARPA wants to analyze data from websites, blogs, wikis, social media and other sources to better predict events such as international crises and disease or violence outbreaks.
HIE Accreditation Service Offered To Software Vendors
News  |  8/25/2011  | 
The Electronic Healthcare Network Accreditation Commission announces a privacy and security testing program to accompany existing health information exchange accreditation.
Fingerprint Readers Boost Healthcare Security
News  |  8/25/2011  | 
Biometrics technology locks up Children's Clinics patient data while cutting down on password-reset requests.
Army Partners With Google, Apple On Secure Tablets
News  |  8/25/2011  | 
The military arm and its technology partners are testing an "iPad-like" device now, to shore up security before deployment.
Tech Insight: Navigating The Murky Waters Of PCI Implementation
News  |  8/24/2011  | 
PCI compliance can work for your security program. The key is understanding your assessor's needs
Salesforce To Announce Acquisition Of Crypto Provider
News  |  8/24/2011  | 
SaaS provider's purchase of Navajo Systems could help allay concerns of some cloud security skeptics, experts say
Google Gives Up $500M In Revenue From Canadian Online Pharmacies
Quick Hits  |  8/24/2011  | 
Search engine giant should not have sold ads to unauthorized pharmacies, Department of Justice says
Google+ Naming Policy Causes Social Butterflies
Commentary  |  8/24/2011  | 
How far out there do you want to be? Readers debate rising tensions related to social network privacy.
Insulin Pump Hack Catches Congressional Attention
News  |  8/24/2011  | 
Members of the House communications and technology subcommittee raise concerns about vulnerability of wireless-based medical devices in wake of Black Hat USA demonstration
Microsoft's Vista Hacker Speaks: 7 Lessons Learned
News  |  8/24/2011  | 
Chris Paget served on the "final security review" team that assessed Vista before release. Check out what he learned about software hardening.
PCI QSA Status Revocation A Shot Across The Bow For QSAs?
Commentary  |  8/24/2011  | 
The PCI Security Council's move spells trouble for unscrupulous QSAs and shows that the Council means business in enforcing its quality standards
How Security Pros Can Make Compliance Initiatives Work For Them
News  |  8/24/2011  | 
Security efforts and compliance efforts aren't always in sync. Here's how security teams can make compliance an ally
Facebook Gives Users Some Privacy
News  |  8/23/2011  | 
More granular control over privacy settings
Worm Morphs, Attacks Banks With Zeus-Like Features
Quick Hits  |  8/23/2011  | 
Revamped Ramnit malware 'a powerful weapon,' researcher says
Chinese Military Documentary Reveals Alleged Attack Software
News  |  8/23/2011  | 
Government-run TV channel program accidentally reveals what appears to be software designed for cyber warfare.
Fraud Detection And DAM
Commentary  |  8/23/2011  | 
DAM can be used for fraud detection, but you need to review your alerts
Google Patches Critical Chrome Bug
News  |  8/23/2011  | 
Chrome browser update includes patches for 11 vulnerabilities, including several discovered by Google bug bounty winners.
Hacked Medical Device Sparks Congressional Inquiry
News  |  8/23/2011  | 
Legislators demand answers after a security researcher remotely controlled his own insulin pump using a $20 radio frequency transmitter at Black Hat.
Apple: Stop Tracking iOS Users By Device IDs
News  |  8/23/2011  | 
Documentation changes to the iOS 5 beta tell developers to track users via their own applications, not the serial number associated with each device.
Baking Security Into Open WiFi Networks
News  |  8/22/2011  | 
New approach lets WiFi networks remain open and secure
How Security Breaches Happen -- And What You Can Do About It
Quick Hits  |  8/22/2011  | 
Join Dark Reading/InformationWeek virtual event Thursday for firsthand insight on security breaches
5 Reasons Google+'s Name Policy Fails
News  |  8/22/2011  | 
Google should rethink its policy and empower users rather than restrict them.
Anonymous Hackers Are Hypocrites, Not Hacktivists
Commentary  |  8/22/2011  | 
An amorphous group of hackers has proven its ability to breach, torment, and embarrass. But as its dance with BART shows, its larger ambitions ring hollow.
McAfee Stews; HP Speculation Brews
Commentary  |  8/22/2011  | 
McAfee takes heat for fear mongering, while HP watches its future predicted. One scenario envisions an Oracle takeover.
EHR Data In Cloud Needs Strong Security Trail
News  |  8/22/2011  | 
Presenters at a recent Legal EHR Summit warn healthcare providers to press their vendors for clear answers on security.
McAfee Blew Shady RAT Analysis, Kaspersky Says
News  |  8/22/2011  | 
Security expert Eugene Kaspersky dismissed the seriousness of the Shady RAT botnet and suggested McAfee was purposefully alarmist in its report.
GingerMaster Is First Malware To Utilize A Root Exploit On Android 2.3
Quick Hits  |  8/21/2011  | 
New attack can successfully avoid detection by antivirus programs, university research team says
Page 1 / 4   >   >>

Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Mozilla, Internet Society and Others Pressure Retailers to Demand Secure IoT Products
Curtis Franklin Jr., Senior Editor at Dark Reading,  2/14/2019
Register for Dark Reading Newsletters
White Papers
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-02-18
Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client.
PUBLISHED: 2019-02-18
The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
PUBLISHED: 2019-02-18
SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method may b...
PUBLISHED: 2019-02-18
An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting -> Mailbox configuration -> Registration email template" screen, and uploading an image file, as demonstrated by a .php filename and the "Content-Type: image/g...
PUBLISHED: 2019-02-18
An issue was discovered in WTCMS 1.0. It allows remote attackers to cause a denial of service (resource consumption) via crafted dimensions for the verification code image.