News & Commentary

Content posted in August 2012
Page 1 / 3   >   >>
Toyota Accuses Former IT Contractor Of Data Breach
Quick Hits  |  8/31/2012  | 
Third-party IT contractor breached Toyota's systems, compromised sensitive data, automaker says
Security Experts: Java Should Be Disabled Unless Necessary
News  |  8/31/2012  | 
Security researchers say Java's popularity as an attack vector means it should be disabled unless it is needed
FinFisher Mobile Spyware Tracking Political Activists
News  |  8/31/2012  | 
Developer of spyware that can take over iPhone and BlackBerry devices draws fire after researchers spot the spyware in use against activists in Bahrain.
Accused LulzSec Hackers Attended College Together
News  |  8/31/2012  | 
The two students accused of Sony Pictures hack participated in Cyber Defense Competition team exercises at the University of Advanced Technology in Arizona.
ABCs Of Factoring Risk Into Cloud Service Decisions
News  |  8/31/2012  | 
Taking an empirical, risk-based approach to deciding on third-party, shared-infrastructure services
Second Middle Eastern Utility Hit By Malware Attack
Quick Hits  |  8/30/2012  | 
Qatar gas company hack similar pattern as that of Saudi Arabian oil company -- shades of Shamoon?
Air Force Seeks Offensive Cyber Weapons
News  |  8/30/2012  | 
Agency solicits proposals on capabilities ranging from attack to mapping networks.
Oracle Issues Patch That Kills Latest Java Attack
News  |  8/30/2012  | 
New Java 7 Update 7 release fixes the two vulnerabilities used in tandem in recent wave of attacks -- plus other flaws
Laptop Fingerprint Readers Vulnerable To Password Hacks
News  |  8/30/2012  | 
Security software included with UPEK fingerprint scanners stores Windows passwords in plaintext, making them retrievable by an attacker.
Java Zero-Day Malware Attack: 6 Facts
News  |  8/30/2012  | 
New details reveal Oracle knew about the Java exploit in April, but has yet to release a patch. Here's how to protect yourself against active attacks.
Hacktivists Continue To Own Systems Through SQL Injection
News  |  8/30/2012  | 
LulzSec indictment and GhostShell attacks bring the spotlight back onto black hats' favorite data theft technique
New 'Reliable' Java Attack Spreading Fast, Uses Two Zero-Day Bugs
News  |  8/29/2012  | 
Hundreds of domains serving up attack, tens of thousands of new victim machines since Java exploit was added to BlackHole toolkit
U.S. Intelligence Agencies Seek A Private Cloud OS
News  |  8/29/2012  | 
CIA's investment arm has partnered with Adaptive Computing to develop a cloud OS for agencies' use. OpenStack platform may be used.
Java Zero Day Attack: Second Bug Found
News  |  8/29/2012  | 
Were security researchers irresponsible to detail the zero-day vulnerabilities without first working with Oracle to craft a patch?
Keeping DNS Services Safe And Operational
Quick Hits  |  8/28/2012  | 
Domain Name System technology is critical to your Internet communications. Here are some tips for keeping your DNS services -- and your data -- secure
GhostShell Haunts Websites With SQL Injection
Quick Hits  |  8/28/2012  | 
Admin and user accounts from websites breached and posted online
Lessons In Campus Cybersecurity
News  |  8/28/2012  | 
What universities are doing -- and should be doing -- in response to increased cyberthreats, and how students can protect their suddenly very valuable IDs
The State Of Virtual Data Protection And Recovery
Commentary  |  8/28/2012  | 
Hybrid physical/virtual storage environments present their own challenges to data protection and backup. Start with a solid plan.
ID Don't Mean A Thing Unless It's Got That Integration Thing
Commentary  |  8/28/2012  | 
Architecture astronauts talk identity strategy, but pros talk identity integration logistics
Java Zero-Day Attack Could Hit Enterprises Hard
News  |  8/28/2012  | 
In-the-wild exploit targets unpatched Java 7 vulnerability affecting Windows, OS X, and Linux. Security experts advise disabling Java in browsers.
Cyberattacks Carried Out Against Forces In Afghanistan, U.S. General Says
Quick Hits  |  8/27/2012  | 
Marine Corps Lt. General Richard Mills says electronic warfare played an important role in Afghanistan campaigns
30,000 Machines Infected In Targeted Attack On Saudi Aramco
News  |  8/27/2012  | 
Oil company's revelation matches counts by hackers claiming responsibility and Shamoon connection
Saudi Aramco Restores Network After Shamoon Malware Attack
News  |  8/27/2012  | 
Hacktivist-launched virus takes out 75% of state-owned oil company's workstations, signals the growing power of attackers with social or political agendas.
Dropbox Two-Factor Authentication Has Kinks, Users Say
News  |  8/27/2012  | 
Cloud storage provider upgrades security after attacker stole data from Dropbox employee's account. But users say the beta version needs tweaks.
Winning By Losing
Commentary  |  8/26/2012  | 
Employers and customers will take everything you have to give, and then ask for more. You can bitch about it, or you can say no -- the choice is yours
Application Detects Social Network Spam, Malware
News  |  8/24/2012  | 
Using the social context of posts, researchers from UC Riverside create prototype Facebook app that detects social malware with 97 percent accuracy
Some 'Operation Ghost Click' IP Addresses Back From The Dead
Quick Hits  |  8/24/2012  | 
In advance of court proceedings, RIPE reallocates some IP address blocks that had been used by crime gang in DNSChanger malware scheme
Safer Boots: Feds Urge Malware-Resistant BIOS
News  |  8/24/2012  | 
NIST advises PC and server makers strengthen the security of BIOS ROM chip flashware. Attacks against BIOS can be used to create persistent rootkits that survive reboots.
Create A Mac Zombie Army, Cheap: Hacker Emptor
News  |  8/24/2012  | 
NetWeird malware toolkit promises to convert Macs into zombies ready to do botnet bidding. But some security experts say this is a case of criminals trying to out-scam each other.
The Attacker's Trade-Off: Stealth Versus Resilience
News  |  8/24/2012  | 
Trade-offs are a fact of life for network defenders, but attackers have to abide them as well. Understanding attackers' problems can help companies better use them to their advantage
10 Tips For Protecting Mobile Users
News  |  8/23/2012  | 
Mobile employees, devices, and data need protecting. Here are 10 tips to make it happen.
Google 'Red Team' To Test Product Privacy
News  |  8/23/2012  | 
Taking privacy seriously translates into new hires for Google.
Gauss Researchers Collide
Quick Hits  |  8/23/2012  | 
Kaspersky Lab's sinkhole for the malware mistaken by FireEye researchers as live Gauss activity
Windows Password Clues Easy To Crack
News  |  8/23/2012  | 
Metasploit penetration testing framework has been updated with an attack that retrieves all Windows 7 and 8 password clues.
The Case For A Cyber Arms Treaty
Commentary  |  8/23/2012  | 
In the wake of Stuxnet, could an international 'cyber arms' agreement forestall U.S. cyber warfare with China and other countries?
DARPA Seeks 'Plan X' Cyber Warfare Tools
News  |  8/23/2012  | 
Defense Department looks for hardened operating systems and other new technologies for managing cyber warfare in real time on a large scale.
Top 5 Deadliest Mobile Malware Threats Of 2012
News  |  8/22/2012  | 
Security pros discuss the most prolific and complex mobile malware threats to appear so far in 2012
Shamoon, Saudi Aramco, And Targeted Destruction
News  |  8/22/2012  | 
Still no definitive connection between Shamoon and Saudi Aramco breach, but new clues emerge
LulzSec Leader Sabu, Still Working With Feds, Gets Temporary Sentencing Reprieve
Quick Hits  |  8/22/2012  | 
Hector Xavier Monsegur, a.k.a. Sabu, gets six more months before he's sentenced for 12 counts of computing hacking conspiracies and other crimes
iPhone Security Unbreakable? Security Gurus Disagree
News  |  8/22/2012  | 
Hardened PIN entry and full-disk encryption make Apple smartphones extremely tough to crack, says forensic expert, prompting much debate.
Shamoon Malware Might Be Flame Copycat
News  |  8/22/2012  | 
August attack on Saudi energy company likely work of "anti-tyranny" hacktivist group Cutting Sword of Justice, probably a Flame copycat, say security experts.
5 Systems You're Forgetting To Patch
News  |  8/22/2012  | 
Workstation patching is vital, but these systems need frequent updates, too
Most Paid Apple iOS, Google Android Apps Have Been Hacked
Quick Hits  |  8/21/2012  | 
New study finds that less than 5 percent of popular mobile apps use professional-grade defenses
Sexy Monitoring
Commentary  |  8/21/2012  | 
We examine security monitoring in the context of "sexy defense"
Crisis Financial Malware Spreads Via Virtual Machines
News  |  8/21/2012  | 
Malicious code, disguised as a VeriSign-approved Adobe Flash installer, affects Macs, Windows PCs, and Windows Mobile devices.
Managed Services Growth About Security, Not Compliance
News  |  8/21/2012  | 
Small businesses seek better security; large enterprises look to reduce costs and free up internal security teams
Security Snags Loom Over Social Login
News  |  8/21/2012  | 
Even with standards, social authenticators are hardly secure enough for enterprises
SpiderOak Encrypted Cloud Storage: Dropbox Alternative
News  |  8/20/2012  | 
Enterprise online storage can be secure and private, CEO Ethan Oberman insists. Defense Dept. is an early customer.
Don't Trust That Text Message: Tool Simplifies iOS SMS-Spoofing
Quick Hits  |  8/20/2012  | 
Known SMS flaw isn't in the phone itself, however
How To Protect Your Commercial Web Server
News  |  8/20/2012  | 
Public Internet servers are among criminals’ favorite targets. Is your security strategy up to the challenge?
Page 1 / 3   >   >>


Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
Election Websites, Backend Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10510
PUBLISHED: 2018-08-15
A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations.
CVE-2018-10511
PUBLISHED: 2018-08-15
A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations.
CVE-2018-10512
PUBLISHED: 2018-08-15
A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server (DoS).
CVE-2018-8753
PUBLISHED: 2018-08-15
The IKEv1 implementation in Clavister cOS Core before 11.00.11, 11.20.xx before 11.20.06, and 12.00.xx before 12.00.09 allows remote attackers to decrypt RSA-encrypted nonces by leveraging a Bleichenbacher attack.
CVE-2018-9129
PUBLISHED: 2018-08-15
ZyXEL ZyWALL/USG series devices have a Bleichenbacher vulnerability in their Internet Key Exchange (IKE) handshake implementation used for IPsec based VPN connections.