News & Commentary

Content posted in September 2011
Page 1 / 4   >   >>
Database Security Market To Grow 20 Percent Through 2014
News  |  9/30/2011  | 
Mobility, data volume, and difficulty patching still lead challenges in protecting databases
Microsoft: Kelihos Ring Sold 'Botnet-As-A-Service'
News  |  9/30/2011  | 
Software maker files suit against alleged organizer of a virus that turned more than 40,000 computers into 'zombie' PCs.
Mobile Security Exploits To Double
News  |  9/30/2011  | 
Many of the threats involve mobile operating systems with easy-to-exploit vulnerabilities that can lead to arbitrary code execution.
Study: Mobile Exploit Releases On Track To Double This Year
Quick Hits  |  9/30/2011  | 
Critical vulnerabilities could triple by the end of 2011, IBM X-Force study says
More Than One-Fourth of Google Chrome Extensions Contain Vulnerabilities
News  |  9/30/2011  | 
Extensions contain one or more vulnerabilities that could be exploited via the Web or unsecured Wi-Fi hotspots
TRICARE, SAIC Report Loss Of Data On 4.9 Million
News  |  9/29/2011  | 
Loss of backup tapes puts personal data of military personnel at risk
No Passwords, PINs For Most Smartphone And Tablet Users
Quick Hits  |  9/29/2011  | 
Most smartphones, tablets are personal devices being used at work, survey says
Businesses Backsliding On PCI Compliance
News  |  9/29/2011  | 
Most merchants that achieve compliance then fall out of it the next year, according to new Verizon data
Amazon Silk Browser Prompts Privacy Worries
News  |  9/29/2011  | 
The fast Web surfing Amazon promises on its Kindle Fire tablet involves a record of what you visit on the Net.
Top Google Chrome Extensions Leak Data
News  |  9/29/2011  | 
Study of 100 extensions found that 27% leave users vulnerable to Web or Wi-Fi attack.
Medicare Tests Alternative To Fraud-Fighting Smart Card
News  |  9/29/2011  | 
Magnetic stripe cards and conventional credit-card terminals may be a less costly way to go.
New BSIMM3 Guide Provides New Data On Secure Software Development
Quick Hits  |  9/29/2011  | 
Revised guide offers "measuring stick" for software security
In-House Malware Analysis: Why You Need It, How To Do It
News  |  9/29/2011  | 
In-depth malware analysis can be part of a comprehensive vulnerability management strategy. Here's how to get started
Get VM Backups Right
News  |  9/28/2011  | 
Protect disk files and data to keep virtual machines humming.
CIA Invests In Semantic Search, Wireless Networking
News  |  9/28/2011  | 
In-Q-Tel is partnering with NetBase and Connectify to make semantic search and virtual VPN technology available to the U.S. intelligence community.
Social Engineering Attacks Pose As Corporate Copiers
News  |  9/28/2011  | 
Malware disguised as communications from in-house copiers and scanners with document emailing capabilities is on the rise, researchers say.
iPhone App Can Fly Unmanned Aircraft
News  |  9/28/2011  | 
Boeing, MIT test technology to control mini-drones that may eventually be used by the U.S. military.
Supercookie Crackdown Sought By Lawmakers
News  |  9/28/2011  | 
FTC urged to investigate new persistent tracking technique, per its mandate to stop unfair and deceptive business practices.
Microsoft Claims Another Botnet Takedown
Quick Hits  |  9/28/2011  | 
After finishing off Rustock, software giant says it has neutralized Kelihos
Outdated Browsers Leave Many Enterprises Vulnerable To Attack
News  |  9/27/2011  | 
Despite efforts to get users to update browsers, the search for better security only begins with a patch
Why Cisco Didn't Fight Consumer IT
News  |  9/27/2011  | 
At the Mobilize conference, Cisco's Tom Gillis shares his company's experience with consumer IT: Resistance is futile.
LulzSec Suspect Learns Even HideMyAss.com Has Limits
News  |  9/27/2011  | 
After suspect's arrest, British HideMyAss VPN service said that its terms of service don't extend to illegal activities.
MySQL Malware Hack Cost Just $3,000
News  |  9/27/2011  | 
Oracle-owned site was hacked with Java to automatically begin downloading Blackhole malware onto Windows PCs.
Should ISPs Monitor Users' PCs To Stop Botnets?
News  |  9/27/2011  | 
Homeland Security's proposed code of conduct for notifying users when their PCs are infected by malware raises privacy concerns.
Eavesdropping Trojans Used In Cell Phone Spying Case
Commentary  |  9/26/2011  | 
Israeli case a reminder of all types of social engineering threats
MySQL Site Compromised To Serve Up BlackHole Exploits
Quick Hits  |  9/26/2011  | 
Researchers still analyzing attackers' end game
Physical, Logical Security Worlds Continue Slow Convergence
News  |  9/26/2011  | 
'Guards, gates, and guns' organizations say cybersecurity has become a top priority
The Best Spies Money Can Buy
News  |  9/26/2011  | 
Security firms have found evidence that espionage agents are buying time on leased botnets: Will cybercriminals services lead to more efficient spying?
White House, Facebook, MTV Fight Cyberbullying
News  |  9/26/2011  | 
President Obama's CTO and cybersecurity coordinator have launched an effort to protect young people from harmful behavior on the Web.
QSAs Share What Drives Improved PCI Practices
News  |  9/26/2011  | 
As organizations shift attitudes and overcome misconceptions, PCI compliance and security improve
Homeland Security Revamps Cyber Arm
News  |  9/26/2011  | 
National Protection and Programs Directorate will add a new deputy undersecretary for cybersecurity and shift other non-cybersecurity responsibilities onto another official.
Integrated Security Reduces Health IT Data Breaches
News  |  9/26/2011  | 
PricewaterhouseCoopers finds fewer breaches in healthcare organizations that have integrated privacy and security compliance efforts.
Corporate Espionage's New Friend: Embedded Web Servers
News  |  9/26/2011  | 
Many types of Web-connected photocopiers, scanners, and VoIP servers have no default passwords or other security enabled to stop remote eavesdropping.
FBI Arrests Two Suspected LulzSec, Anonymous Members
Quick Hits  |  9/25/2011  | 
Feds look to crack down on AntiSec players
Identity Federation Versus PKI
Commentary  |  9/24/2011  | 
Neither technology alone offers the ultimate user authentication infrastructure
New FFIEC Authentication Guidance Calls For Layers
Commentary  |  9/24/2011  | 
Increased threats and weaknesses in certain accepted authentication mechanisms, FFIEC warns
Sound Database Security Starts With Segmentation
News  |  9/23/2011  | 
Segmenting the network and segregating data by importance is key, experts say
Feds Seek Advice To Battle Botnets
News  |  9/23/2011  | 
Homeland Security and Commerce Departments want to develop voluntary, standard practices that will protect and mitigate attacks on the private sector.
Adobe Flash Player 11 Promises Security Improvements
News  |  9/23/2011  | 
Flash Player upgrade will add SSL and better crypto features, while Android version gets the ability to nuke Flash cookies.
Wardriving Burglars Hacked Business Wi-Fi Networks
News  |  9/23/2011  | 
Three men are indicted for using a tricked-out Mercedes with specialized antennas and network-cracking tools to steal financial data via businesses' wireless networks.
FBI Busts Suspected LulzSec Hacker In Sony Breach
News  |  9/23/2011  | 
Authorities have charged three men as part of ongoing investigations into LulzSec and Anonymous attacks against government servers and Sony websites.
Exclusive Research: Why Identity Management Is Critical Right Now
News  |  9/22/2011  | 
Breached partners, mobility, SaaS, consumerization. If you don't know exactly who's doing what on your network, you're cruising for data loss.
'Lurid' APT-Type Attacks Target Former USSR Region
News  |  9/22/2011  | 
Researchers uncover a year-long-plus cyberespionage campaign
Smartphone Attacks Under Way
Quick Hits  |  9/22/2011  | 
New data finds more than half of U.S. smartphone users hit with at least one security incident in the past 12 months
Web App Attacks Rise, Disclosed Bugs Decline
News  |  9/22/2011  | 
Mismatch between vulnerability disclosures and actual number of new vulnerabilities strengthens case for using Web application firewalls and virtual patching.
Apple's Lion OS At Risk To Password Vulnerability
News  |  9/21/2011  | 
Apple OS X 10.7 flaw would enable hacker to change a pair of passwords
A Call To Disarm Black Hat Hackers In China
News  |  9/21/2011  | 
Two infamous Chinese hackers issue a 'convention' document rallying hackers to disavow illegal hacking activities
NIST Releases Federal Risk Assessment Guide
News  |  9/21/2011  | 
Federal technology standards body issues new guidelines for evaluating cyber security vulnerabilities.
Identity Federation: Waiting On Access Control
Commentary  |  9/21/2011  | 
Separate authentication by websites will remain the reality until access control is done right in Web apps
Social Engineering Attacks Cost Companies
News  |  9/21/2011  | 
Half of businesses have experienced more than 25 successful social engineering attacks in the past two years, with some having to spend up to $100,000 per incident in cleanup costs.
Page 1 / 4   >   >>


New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Google to Delete 'Secure' Label from HTTPS Sites
Kelly Sheridan, Staff Editor, Dark Reading,  5/21/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "The one you have not seen, won't be remembered".
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-9317
PUBLISHED: 2018-05-23
Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device.
CVE-2018-1193
PUBLISHED: 2018-05-23
Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections.
CVE-2018-1122
PUBLISHED: 2018-05-23
procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.
CVE-2018-1123
PUBLISHED: 2018-05-23
procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).
CVE-2018-1125
PUBLISHED: 2018-05-23
procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.