News & Commentary

Content posted in September 2011
Page 1 / 4   >   >>
Database Security Market To Grow 20 Percent Through 2014
News  |  9/30/2011  | 
Mobility, data volume, and difficulty patching still lead challenges in protecting databases
Microsoft: Kelihos Ring Sold 'Botnet-As-A-Service'
News  |  9/30/2011  | 
Software maker files suit against alleged organizer of a virus that turned more than 40,000 computers into 'zombie' PCs.
Mobile Security Exploits To Double
News  |  9/30/2011  | 
Many of the threats involve mobile operating systems with easy-to-exploit vulnerabilities that can lead to arbitrary code execution.
Study: Mobile Exploit Releases On Track To Double This Year
Quick Hits  |  9/30/2011  | 
Critical vulnerabilities could triple by the end of 2011, IBM X-Force study says
More Than One-Fourth of Google Chrome Extensions Contain Vulnerabilities
News  |  9/30/2011  | 
Extensions contain one or more vulnerabilities that could be exploited via the Web or unsecured Wi-Fi hotspots
TRICARE, SAIC Report Loss Of Data On 4.9 Million
News  |  9/29/2011  | 
Loss of backup tapes puts personal data of military personnel at risk
No Passwords, PINs For Most Smartphone And Tablet Users
Quick Hits  |  9/29/2011  | 
Most smartphones, tablets are personal devices being used at work, survey says
Businesses Backsliding On PCI Compliance
News  |  9/29/2011  | 
Most merchants that achieve compliance then fall out of it the next year, according to new Verizon data
Amazon Silk Browser Prompts Privacy Worries
News  |  9/29/2011  | 
The fast Web surfing Amazon promises on its Kindle Fire tablet involves a record of what you visit on the Net.
Top Google Chrome Extensions Leak Data
News  |  9/29/2011  | 
Study of 100 extensions found that 27% leave users vulnerable to Web or Wi-Fi attack.
Medicare Tests Alternative To Fraud-Fighting Smart Card
News  |  9/29/2011  | 
Magnetic stripe cards and conventional credit-card terminals may be a less costly way to go.
New BSIMM3 Guide Provides New Data On Secure Software Development
Quick Hits  |  9/29/2011  | 
Revised guide offers "measuring stick" for software security
In-House Malware Analysis: Why You Need It, How To Do It
News  |  9/29/2011  | 
In-depth malware analysis can be part of a comprehensive vulnerability management strategy. Here's how to get started
Get VM Backups Right
News  |  9/28/2011  | 
Protect disk files and data to keep virtual machines humming.
CIA Invests In Semantic Search, Wireless Networking
News  |  9/28/2011  | 
In-Q-Tel is partnering with NetBase and Connectify to make semantic search and virtual VPN technology available to the U.S. intelligence community.
Social Engineering Attacks Pose As Corporate Copiers
News  |  9/28/2011  | 
Malware disguised as communications from in-house copiers and scanners with document emailing capabilities is on the rise, researchers say.
iPhone App Can Fly Unmanned Aircraft
News  |  9/28/2011  | 
Boeing, MIT test technology to control mini-drones that may eventually be used by the U.S. military.
Supercookie Crackdown Sought By Lawmakers
News  |  9/28/2011  | 
FTC urged to investigate new persistent tracking technique, per its mandate to stop unfair and deceptive business practices.
Microsoft Claims Another Botnet Takedown
Quick Hits  |  9/28/2011  | 
After finishing off Rustock, software giant says it has neutralized Kelihos
Outdated Browsers Leave Many Enterprises Vulnerable To Attack
News  |  9/27/2011  | 
Despite efforts to get users to update browsers, the search for better security only begins with a patch
Why Cisco Didn't Fight Consumer IT
News  |  9/27/2011  | 
At the Mobilize conference, Cisco's Tom Gillis shares his company's experience with consumer IT: Resistance is futile.
LulzSec Suspect Learns Even HideMyAss.com Has Limits
News  |  9/27/2011  | 
After suspect's arrest, British HideMyAss VPN service said that its terms of service don't extend to illegal activities.
MySQL Malware Hack Cost Just $3,000
News  |  9/27/2011  | 
Oracle-owned site was hacked with Java to automatically begin downloading Blackhole malware onto Windows PCs.
Should ISPs Monitor Users' PCs To Stop Botnets?
News  |  9/27/2011  | 
Homeland Security's proposed code of conduct for notifying users when their PCs are infected by malware raises privacy concerns.
Eavesdropping Trojans Used In Cell Phone Spying Case
Commentary  |  9/26/2011  | 
Israeli case a reminder of all types of social engineering threats
MySQL Site Compromised To Serve Up BlackHole Exploits
Quick Hits  |  9/26/2011  | 
Researchers still analyzing attackers' end game
Physical, Logical Security Worlds Continue Slow Convergence
News  |  9/26/2011  | 
'Guards, gates, and guns' organizations say cybersecurity has become a top priority
The Best Spies Money Can Buy
News  |  9/26/2011  | 
Security firms have found evidence that espionage agents are buying time on leased botnets: Will cybercriminals services lead to more efficient spying?
White House, Facebook, MTV Fight Cyberbullying
News  |  9/26/2011  | 
President Obama's CTO and cybersecurity coordinator have launched an effort to protect young people from harmful behavior on the Web.
QSAs Share What Drives Improved PCI Practices
News  |  9/26/2011  | 
As organizations shift attitudes and overcome misconceptions, PCI compliance and security improve
Homeland Security Revamps Cyber Arm
News  |  9/26/2011  | 
National Protection and Programs Directorate will add a new deputy undersecretary for cybersecurity and shift other non-cybersecurity responsibilities onto another official.
Integrated Security Reduces Health IT Data Breaches
News  |  9/26/2011  | 
PricewaterhouseCoopers finds fewer breaches in healthcare organizations that have integrated privacy and security compliance efforts.
Corporate Espionage's New Friend: Embedded Web Servers
News  |  9/26/2011  | 
Many types of Web-connected photocopiers, scanners, and VoIP servers have no default passwords or other security enabled to stop remote eavesdropping.
FBI Arrests Two Suspected LulzSec, Anonymous Members
Quick Hits  |  9/25/2011  | 
Feds look to crack down on AntiSec players
Identity Federation Versus PKI
Commentary  |  9/24/2011  | 
Neither technology alone offers the ultimate user authentication infrastructure
New FFIEC Authentication Guidance Calls For Layers
Commentary  |  9/24/2011  | 
Increased threats and weaknesses in certain accepted authentication mechanisms, FFIEC warns
Sound Database Security Starts With Segmentation
News  |  9/23/2011  | 
Segmenting the network and segregating data by importance is key, experts say
Feds Seek Advice To Battle Botnets
News  |  9/23/2011  | 
Homeland Security and Commerce Departments want to develop voluntary, standard practices that will protect and mitigate attacks on the private sector.
Adobe Flash Player 11 Promises Security Improvements
News  |  9/23/2011  | 
Flash Player upgrade will add SSL and better crypto features, while Android version gets the ability to nuke Flash cookies.
Wardriving Burglars Hacked Business Wi-Fi Networks
News  |  9/23/2011  | 
Three men are indicted for using a tricked-out Mercedes with specialized antennas and network-cracking tools to steal financial data via businesses' wireless networks.
FBI Busts Suspected LulzSec Hacker In Sony Breach
News  |  9/23/2011  | 
Authorities have charged three men as part of ongoing investigations into LulzSec and Anonymous attacks against government servers and Sony websites.
Exclusive Research: Why Identity Management Is Critical Right Now
News  |  9/22/2011  | 
Breached partners, mobility, SaaS, consumerization. If you don't know exactly who's doing what on your network, you're cruising for data loss.
'Lurid' APT-Type Attacks Target Former USSR Region
News  |  9/22/2011  | 
Researchers uncover a year-long-plus cyberespionage campaign
Smartphone Attacks Under Way
Quick Hits  |  9/22/2011  | 
New data finds more than half of U.S. smartphone users hit with at least one security incident in the past 12 months
Web App Attacks Rise, Disclosed Bugs Decline
News  |  9/22/2011  | 
Mismatch between vulnerability disclosures and actual number of new vulnerabilities strengthens case for using Web application firewalls and virtual patching.
Apple's Lion OS At Risk To Password Vulnerability
News  |  9/21/2011  | 
Apple OS X 10.7 flaw would enable hacker to change a pair of passwords
A Call To Disarm Black Hat Hackers In China
News  |  9/21/2011  | 
Two infamous Chinese hackers issue a 'convention' document rallying hackers to disavow illegal hacking activities
NIST Releases Federal Risk Assessment Guide
News  |  9/21/2011  | 
Federal technology standards body issues new guidelines for evaluating cyber security vulnerabilities.
Identity Federation: Waiting On Access Control
Commentary  |  9/21/2011  | 
Separate authentication by websites will remain the reality until access control is done right in Web apps
Social Engineering Attacks Cost Companies
News  |  9/21/2011  | 
Half of businesses have experienced more than 25 successful social engineering attacks in the past two years, with some having to spend up to $100,000 per incident in cleanup costs.
Page 1 / 4   >   >>


Facebook Aims to Make Security More Social
Kelly Sheridan, Associate Editor, Dark Reading,  2/20/2018
SEC: Companies Must Disclose More Info on Cybersecurity Attacks & Risks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  2/22/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.