Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in August 2012
Page 1 / 3   >   >>
Toyota Accuses Former IT Contractor Of Data Breach
Quick Hits  |  8/31/2012  | 
Third-party IT contractor breached Toyota's systems, compromised sensitive data, automaker says
Security Experts: Java Should Be Disabled Unless Necessary
News  |  8/31/2012  | 
Security researchers say Java's popularity as an attack vector means it should be disabled unless it is needed
FinFisher Mobile Spyware Tracking Political Activists
News  |  8/31/2012  | 
Developer of spyware that can take over iPhone and BlackBerry devices draws fire after researchers spot the spyware in use against activists in Bahrain.
Accused LulzSec Hackers Attended College Together
News  |  8/31/2012  | 
The two students accused of Sony Pictures hack participated in Cyber Defense Competition team exercises at the University of Advanced Technology in Arizona.
ABCs Of Factoring Risk Into Cloud Service Decisions
News  |  8/31/2012  | 
Taking an empirical, risk-based approach to deciding on third-party, shared-infrastructure services
Second Middle Eastern Utility Hit By Malware Attack
Quick Hits  |  8/30/2012  | 
Qatar gas company hack similar pattern as that of Saudi Arabian oil company -- shades of Shamoon?
Air Force Seeks Offensive Cyber Weapons
News  |  8/30/2012  | 
Agency solicits proposals on capabilities ranging from attack to mapping networks.
Oracle Issues Patch That Kills Latest Java Attack
News  |  8/30/2012  | 
New Java 7 Update 7 release fixes the two vulnerabilities used in tandem in recent wave of attacks -- plus other flaws
Laptop Fingerprint Readers Vulnerable To Password Hacks
News  |  8/30/2012  | 
Security software included with UPEK fingerprint scanners stores Windows passwords in plaintext, making them retrievable by an attacker.
Java Zero-Day Malware Attack: 6 Facts
News  |  8/30/2012  | 
New details reveal Oracle knew about the Java exploit in April, but has yet to release a patch. Here's how to protect yourself against active attacks.
Hacktivists Continue To Own Systems Through SQL Injection
News  |  8/30/2012  | 
LulzSec indictment and GhostShell attacks bring the spotlight back onto black hats' favorite data theft technique
New 'Reliable' Java Attack Spreading Fast, Uses Two Zero-Day Bugs
News  |  8/29/2012  | 
Hundreds of domains serving up attack, tens of thousands of new victim machines since Java exploit was added to BlackHole toolkit
U.S. Intelligence Agencies Seek A Private Cloud OS
News  |  8/29/2012  | 
CIA's investment arm has partnered with Adaptive Computing to develop a cloud OS for agencies' use. OpenStack platform may be used.
Java Zero Day Attack: Second Bug Found
News  |  8/29/2012  | 
Were security researchers irresponsible to detail the zero-day vulnerabilities without first working with Oracle to craft a patch?
Keeping DNS Services Safe And Operational
Quick Hits  |  8/28/2012  | 
Domain Name System technology is critical to your Internet communications. Here are some tips for keeping your DNS services -- and your data -- secure
GhostShell Haunts Websites With SQL Injection
Quick Hits  |  8/28/2012  | 
Admin and user accounts from websites breached and posted online
Lessons In Campus Cybersecurity
News  |  8/28/2012  | 
What universities are doing -- and should be doing -- in response to increased cyberthreats, and how students can protect their suddenly very valuable IDs
The State Of Virtual Data Protection And Recovery
Commentary  |  8/28/2012  | 
Hybrid physical/virtual storage environments present their own challenges to data protection and backup. Start with a solid plan.
ID Don't Mean A Thing Unless It's Got That Integration Thing
Commentary  |  8/28/2012  | 
Architecture astronauts talk identity strategy, but pros talk identity integration logistics
Java Zero-Day Attack Could Hit Enterprises Hard
News  |  8/28/2012  | 
In-the-wild exploit targets unpatched Java 7 vulnerability affecting Windows, OS X, and Linux. Security experts advise disabling Java in browsers.
Cyberattacks Carried Out Against Forces In Afghanistan, U.S. General Says
Quick Hits  |  8/27/2012  | 
Marine Corps Lt. General Richard Mills says electronic warfare played an important role in Afghanistan campaigns
30,000 Machines Infected In Targeted Attack On Saudi Aramco
News  |  8/27/2012  | 
Oil company's revelation matches counts by hackers claiming responsibility and Shamoon connection
Saudi Aramco Restores Network After Shamoon Malware Attack
News  |  8/27/2012  | 
Hacktivist-launched virus takes out 75% of state-owned oil company's workstations, signals the growing power of attackers with social or political agendas.
Dropbox Two-Factor Authentication Has Kinks, Users Say
News  |  8/27/2012  | 
Cloud storage provider upgrades security after attacker stole data from Dropbox employee's account. But users say the beta version needs tweaks.
Winning By Losing
Commentary  |  8/26/2012  | 
Employers and customers will take everything you have to give, and then ask for more. You can bitch about it, or you can say no -- the choice is yours
Application Detects Social Network Spam, Malware
News  |  8/24/2012  | 
Using the social context of posts, researchers from UC Riverside create prototype Facebook app that detects social malware with 97 percent accuracy
Some 'Operation Ghost Click' IP Addresses Back From The Dead
Quick Hits  |  8/24/2012  | 
In advance of court proceedings, RIPE reallocates some IP address blocks that had been used by crime gang in DNSChanger malware scheme
Safer Boots: Feds Urge Malware-Resistant BIOS
News  |  8/24/2012  | 
NIST advises PC and server makers strengthen the security of BIOS ROM chip flashware. Attacks against BIOS can be used to create persistent rootkits that survive reboots.
Create A Mac Zombie Army, Cheap: Hacker Emptor
News  |  8/24/2012  | 
NetWeird malware toolkit promises to convert Macs into zombies ready to do botnet bidding. But some security experts say this is a case of criminals trying to out-scam each other.
The Attacker's Trade-Off: Stealth Versus Resilience
News  |  8/24/2012  | 
Trade-offs are a fact of life for network defenders, but attackers have to abide them as well. Understanding attackers' problems can help companies better use them to their advantage
10 Tips For Protecting Mobile Users
News  |  8/23/2012  | 
Mobile employees, devices, and data need protecting. Here are 10 tips to make it happen.
Google 'Red Team' To Test Product Privacy
News  |  8/23/2012  | 
Taking privacy seriously translates into new hires for Google.
Gauss Researchers Collide
Quick Hits  |  8/23/2012  | 
Kaspersky Lab's sinkhole for the malware mistaken by FireEye researchers as live Gauss activity
Windows Password Clues Easy To Crack
News  |  8/23/2012  | 
Metasploit penetration testing framework has been updated with an attack that retrieves all Windows 7 and 8 password clues.
The Case For A Cyber Arms Treaty
Commentary  |  8/23/2012  | 
In the wake of Stuxnet, could an international 'cyber arms' agreement forestall U.S. cyber warfare with China and other countries?
DARPA Seeks 'Plan X' Cyber Warfare Tools
News  |  8/23/2012  | 
Defense Department looks for hardened operating systems and other new technologies for managing cyber warfare in real time on a large scale.
Top 5 Deadliest Mobile Malware Threats Of 2012
News  |  8/22/2012  | 
Security pros discuss the most prolific and complex mobile malware threats to appear so far in 2012
Shamoon, Saudi Aramco, And Targeted Destruction
News  |  8/22/2012  | 
Still no definitive connection between Shamoon and Saudi Aramco breach, but new clues emerge
LulzSec Leader Sabu, Still Working With Feds, Gets Temporary Sentencing Reprieve
Quick Hits  |  8/22/2012  | 
Hector Xavier Monsegur, a.k.a. Sabu, gets six more months before he's sentenced for 12 counts of computing hacking conspiracies and other crimes
iPhone Security Unbreakable? Security Gurus Disagree
News  |  8/22/2012  | 
Hardened PIN entry and full-disk encryption make Apple smartphones extremely tough to crack, says forensic expert, prompting much debate.
Shamoon Malware Might Be Flame Copycat
News  |  8/22/2012  | 
August attack on Saudi energy company likely work of "anti-tyranny" hacktivist group Cutting Sword of Justice, probably a Flame copycat, say security experts.
5 Systems You're Forgetting To Patch
News  |  8/22/2012  | 
Workstation patching is vital, but these systems need frequent updates, too
Most Paid Apple iOS, Google Android Apps Have Been Hacked
Quick Hits  |  8/21/2012  | 
New study finds that less than 5 percent of popular mobile apps use professional-grade defenses
Sexy Monitoring
Commentary  |  8/21/2012  | 
We examine security monitoring in the context of "sexy defense"
Crisis Financial Malware Spreads Via Virtual Machines
News  |  8/21/2012  | 
Malicious code, disguised as a VeriSign-approved Adobe Flash installer, affects Macs, Windows PCs, and Windows Mobile devices.
Managed Services Growth About Security, Not Compliance
News  |  8/21/2012  | 
Small businesses seek better security; large enterprises look to reduce costs and free up internal security teams
Security Snags Loom Over Social Login
News  |  8/21/2012  | 
Even with standards, social authenticators are hardly secure enough for enterprises
SpiderOak Encrypted Cloud Storage: Dropbox Alternative
News  |  8/20/2012  | 
Enterprise online storage can be secure and private, CEO Ethan Oberman insists. Defense Dept. is an early customer.
Don't Trust That Text Message: Tool Simplifies iOS SMS-Spoofing
Quick Hits  |  8/20/2012  | 
Known SMS flaw isn't in the phone itself, however
How To Protect Your Commercial Web Server
News  |  8/20/2012  | 
Public Internet servers are among criminals’ favorite targets. Is your security strategy up to the challenge?
Page 1 / 3   >   >>

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-10-22
BQE BillQuick Web Suite 2018 through 2021 before allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include ...
PUBLISHED: 2021-10-22
Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Configuration module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username input field.
PUBLISHED: 2021-10-22
Aplioxio PDF ShapingUp contains a buffer overflow which allows attackers to cause a denial of service (DoS) via a crafted PDF file.
PUBLISHED: 2021-10-22
Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file.
PUBLISHED: 2021-10-22
Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the 'path' parameter of the 'list' and 'download' exception-handling.