News & Commentary

Content posted in August 2011
Page 1 / 4   >   >>
Changes To OAuth 2.0 Security Standard For Social Sharing At 'Last Call' Stage
News  |  8/31/2011  | 
OAuth 2.0 is mostly down to arguments over individual words in its requirements and recommendations
Insiders Behind Most Breaches Of Patient Health Data
Quick Hits  |  8/31/2011  | 
Most healthcare organizations say they've been hit by breaches of patient data in the past year
New Free Tools Simplify Analysis Of Android Malware
News  |  8/31/2011  | 
What did you do over your summer break? Two graduate students wrote tools that address heightened concern over eventual attacks against the Android platform
DARPA Seeks Software To Analyze Terrorist Videos
News  |  8/31/2011  | 
Visual Media Reasoning program seeks partners on software to extract intelligence from terrorist videos and photos.
14 Enterprise Security Tips From Anonymous Hacker
News  |  8/31/2011  | 
Former Anonymous member "SparkyBlaze" advises companies on how to avoid massive data breaches.
Endpoint Freedoms Leaving Businesses Vulnerable To Attack
Quick Hits  |  8/30/2011  | 
New survey finds IT professionals concerned about targeted attacks, but doing little to lock down weak links in their endpoints
Digital Certificate Authority Hacked, Dozens Of Phony Digital Certificates Issued
News  |  8/30/2011  | 
DigiNotar confirms it was breached and Google.com just one of 'several dozens' of fraudulently issued digital certificates obtained by hackers and now revoked
New Windows Worm Wriggling Through Networks
News  |  8/30/2011  | 
'Morto' targets weak passwords, usernames and spreads via the Remote Desktop Protocol.
Gmail Attack Highlights Web Insecurity
News  |  8/29/2011  | 
A man-in-the-middle attack that relied on an unauthorized Google SSL certificate has revived concern over whether any Web communication is really secure.
New Windows Worm Wriggling Through Networks
News  |  8/29/2011  | 
'Morto' targets weak passwords, usernames and spreads via the Remote Desktop Protocol
Unifying Compliance Initiatives To Make Budgets Last
News  |  8/29/2011  | 
Don't reinvent the wheel with fragmented compliance initiatives
One Third Of Security Pros Not Practicing What They Preach
Quick Hits  |  8/29/2011  | 
Survey shows security pros breaking security policies for convenience, and overall difficulty in making major changes to security technologies and strategies
Nokia Developer Site Hacked
News  |  8/29/2011  | 
E-mail addresses, user names, and other personally identifying information compromised in possible AntiSec breach.
Smartphones And Tablets Targets For Getting 'Juiced'
Commentary  |  8/29/2011  | 
Awareness campaign at DefCon shows how easy data can be stolen from smartphones using free charging kiosks
Researchers Uncover The Email That Led To The RSA Hack
Quick Hits  |  8/26/2011  | 
F-Secure labs analyst isolates the original exploit that led to the breach of SecureID
Researcher Names Insulin Pump Products Vulnerable To Hack
News  |  8/26/2011  | 
Four pumps from Medtronic--the number-one seller of insulin pumps in the U.S.--can be hacked wirelessly
Web-Searchable Databases An Increasing Security Risk
News  |  8/26/2011  | 
Breaches at Yale and the Southern California Medical-Legal Consultants demonstrate the importance of ensuring that databases that touch Web-facing interfaces aren't exposed by Web searches
4 Pre-Hurricane Disaster Prep Tips For SMBs
News  |  8/26/2011  | 
Earthquakes have passed, Hurricane Irene looms: Time to give your disaster readiness plan a check-up.
Insulin Pump Hack Controversy Grows
News  |  8/26/2011  | 
Security researcher--and pump user--who found the flaw takes medical device manufacturer Medtronic to task for its response to the security vulnerability.
Salesforce To Acquire Crypto Provider
News  |  8/26/2011  | 
SaaS provider's purchase of Navajo Systems could help allay some cloud security skeptics' concerns, experts say.
Apache Issues Workarounds For 'Killer' Attack
News  |  8/26/2011  | 
Development team spells out mitigation strategies for DDoS threat in advance of patch release.
Workarounds Issued For 'Apache Killer' Attack
News  |  8/25/2011  | 
'Active use' of attack tool spotted as Apache team spells out mitigation strategies and promises a patch within 24 hours
Researcher To Release Free 'Slow HTTP Attack' Tool
Quick Hits  |  8/25/2011  | 
'Slowhttptest' could be expanded to test for so-called "ApacheKiller" hack
Intelligence Agencies Seek Tools To Predict Global Events
News  |  8/25/2011  | 
IARPA wants to analyze data from websites, blogs, wikis, social media and other sources to better predict events such as international crises and disease or violence outbreaks.
HIE Accreditation Service Offered To Software Vendors
News  |  8/25/2011  | 
The Electronic Healthcare Network Accreditation Commission announces a privacy and security testing program to accompany existing health information exchange accreditation.
Fingerprint Readers Boost Healthcare Security
News  |  8/25/2011  | 
Biometrics technology locks up Children's Clinics patient data while cutting down on password-reset requests.
Army Partners With Google, Apple On Secure Tablets
News  |  8/25/2011  | 
The military arm and its technology partners are testing an "iPad-like" device now, to shore up security before deployment.
Tech Insight: Navigating The Murky Waters Of PCI Implementation
News  |  8/24/2011  | 
PCI compliance can work for your security program. The key is understanding your assessor's needs
Salesforce To Announce Acquisition Of Crypto Provider
News  |  8/24/2011  | 
SaaS provider's purchase of Navajo Systems could help allay concerns of some cloud security skeptics, experts say
Google Gives Up $500M In Revenue From Canadian Online Pharmacies
Quick Hits  |  8/24/2011  | 
Search engine giant should not have sold ads to unauthorized pharmacies, Department of Justice says
Google+ Naming Policy Causes Social Butterflies
Commentary  |  8/24/2011  | 
How far out there do you want to be? Readers debate rising tensions related to social network privacy.
Insulin Pump Hack Catches Congressional Attention
News  |  8/24/2011  | 
Members of the House communications and technology subcommittee raise concerns about vulnerability of wireless-based medical devices in wake of Black Hat USA demonstration
Microsoft's Vista Hacker Speaks: 7 Lessons Learned
News  |  8/24/2011  | 
Chris Paget served on the "final security review" team that assessed Vista before release. Check out what he learned about software hardening.
PCI QSA Status Revocation A Shot Across The Bow For QSAs?
Commentary  |  8/24/2011  | 
The PCI Security Council's move spells trouble for unscrupulous QSAs and shows that the Council means business in enforcing its quality standards
How Security Pros Can Make Compliance Initiatives Work For Them
News  |  8/24/2011  | 
Security efforts and compliance efforts aren't always in sync. Here's how security teams can make compliance an ally
Facebook Gives Users Some Privacy
News  |  8/23/2011  | 
More granular control over privacy settings
Worm Morphs, Attacks Banks With Zeus-Like Features
Quick Hits  |  8/23/2011  | 
Revamped Ramnit malware 'a powerful weapon,' researcher says
Chinese Military Documentary Reveals Alleged Attack Software
News  |  8/23/2011  | 
Government-run TV channel program accidentally reveals what appears to be software designed for cyber warfare.
Fraud Detection And DAM
Commentary  |  8/23/2011  | 
DAM can be used for fraud detection, but you need to review your alerts
Google Patches Critical Chrome Bug
News  |  8/23/2011  | 
Chrome browser update includes patches for 11 vulnerabilities, including several discovered by Google bug bounty winners.
Hacked Medical Device Sparks Congressional Inquiry
News  |  8/23/2011  | 
Legislators demand answers after a security researcher remotely controlled his own insulin pump using a $20 radio frequency transmitter at Black Hat.
Apple: Stop Tracking iOS Users By Device IDs
News  |  8/23/2011  | 
Documentation changes to the iOS 5 beta tell developers to track users via their own applications, not the serial number associated with each device.
Baking Security Into Open WiFi Networks
News  |  8/22/2011  | 
New approach lets WiFi networks remain open and secure
How Security Breaches Happen -- And What You Can Do About It
Quick Hits  |  8/22/2011  | 
Join Dark Reading/InformationWeek virtual event Thursday for firsthand insight on security breaches
5 Reasons Google+'s Name Policy Fails
News  |  8/22/2011  | 
Google should rethink its policy and empower users rather than restrict them.
Anonymous Hackers Are Hypocrites, Not Hacktivists
Commentary  |  8/22/2011  | 
An amorphous group of hackers has proven its ability to breach, torment, and embarrass. But as its dance with BART shows, its larger ambitions ring hollow.
McAfee Stews; HP Speculation Brews
Commentary  |  8/22/2011  | 
McAfee takes heat for fear mongering, while HP watches its future predicted. One scenario envisions an Oracle takeover.
EHR Data In Cloud Needs Strong Security Trail
News  |  8/22/2011  | 
Presenters at a recent Legal EHR Summit warn healthcare providers to press their vendors for clear answers on security.
McAfee Blew Shady RAT Analysis, Kaspersky Says
News  |  8/22/2011  | 
Security expert Eugene Kaspersky dismissed the seriousness of the Shady RAT botnet and suggested McAfee was purposefully alarmist in its report.
GingerMaster Is First Malware To Utilize A Root Exploit On Android 2.3
Quick Hits  |  8/21/2011  | 
New attack can successfully avoid detection by antivirus programs, university research team says
Page 1 / 4   >   >>


RIP, 'IT Security'
Kevin Kurzawa, Senior Information Security Auditor,  11/13/2018
Empathy: The Next Killer App for Cybersecurity?
Shay Colson, CISSP, Senior Manager, CyberClarity360,  11/13/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I spy, you spy, we all spy...a spy...
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19367
PUBLISHED: 2018-11-20
Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case.
CVE-2018-19335
PUBLISHED: 2018-11-20
Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug reports.
CVE-2018-19334
PUBLISHED: 2018-11-20
Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axis) can be used to obtain sensitive information about the content of bug reports.
CVE-2018-10099
PUBLISHED: 2018-11-20
Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated columns) can be used to obtain sensitive information about the content of bug reports.
CVE-2018-17906
PUBLISHED: 2018-11-19
Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to compromise a component of the system.