Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in September 2011
Page 1 / 4   >   >>
Database Security Market To Grow 20 Percent Through 2014
News  |  9/30/2011  | 
Mobility, data volume, and difficulty patching still lead challenges in protecting databases
Microsoft: Kelihos Ring Sold 'Botnet-As-A-Service'
News  |  9/30/2011  | 
Software maker files suit against alleged organizer of a virus that turned more than 40,000 computers into 'zombie' PCs.
Mobile Security Exploits To Double
News  |  9/30/2011  | 
Many of the threats involve mobile operating systems with easy-to-exploit vulnerabilities that can lead to arbitrary code execution.
Study: Mobile Exploit Releases On Track To Double This Year
Quick Hits  |  9/30/2011  | 
Critical vulnerabilities could triple by the end of 2011, IBM X-Force study says
More Than One-Fourth of Google Chrome Extensions Contain Vulnerabilities
News  |  9/30/2011  | 
Extensions contain one or more vulnerabilities that could be exploited via the Web or unsecured Wi-Fi hotspots
TRICARE, SAIC Report Loss Of Data On 4.9 Million
News  |  9/29/2011  | 
Loss of backup tapes puts personal data of military personnel at risk
No Passwords, PINs For Most Smartphone And Tablet Users
Quick Hits  |  9/29/2011  | 
Most smartphones, tablets are personal devices being used at work, survey says
Businesses Backsliding On PCI Compliance
News  |  9/29/2011  | 
Most merchants that achieve compliance then fall out of it the next year, according to new Verizon data
Amazon Silk Browser Prompts Privacy Worries
News  |  9/29/2011  | 
The fast Web surfing Amazon promises on its Kindle Fire tablet involves a record of what you visit on the Net.
Top Google Chrome Extensions Leak Data
News  |  9/29/2011  | 
Study of 100 extensions found that 27% leave users vulnerable to Web or Wi-Fi attack.
Medicare Tests Alternative To Fraud-Fighting Smart Card
News  |  9/29/2011  | 
Magnetic stripe cards and conventional credit-card terminals may be a less costly way to go.
New BSIMM3 Guide Provides New Data On Secure Software Development
Quick Hits  |  9/29/2011  | 
Revised guide offers "measuring stick" for software security
In-House Malware Analysis: Why You Need It, How To Do It
News  |  9/29/2011  | 
In-depth malware analysis can be part of a comprehensive vulnerability management strategy. Here's how to get started
Get VM Backups Right
News  |  9/28/2011  | 
Protect disk files and data to keep virtual machines humming.
CIA Invests In Semantic Search, Wireless Networking
News  |  9/28/2011  | 
In-Q-Tel is partnering with NetBase and Connectify to make semantic search and virtual VPN technology available to the U.S. intelligence community.
Social Engineering Attacks Pose As Corporate Copiers
News  |  9/28/2011  | 
Malware disguised as communications from in-house copiers and scanners with document emailing capabilities is on the rise, researchers say.
iPhone App Can Fly Unmanned Aircraft
News  |  9/28/2011  | 
Boeing, MIT test technology to control mini-drones that may eventually be used by the U.S. military.
Supercookie Crackdown Sought By Lawmakers
News  |  9/28/2011  | 
FTC urged to investigate new persistent tracking technique, per its mandate to stop unfair and deceptive business practices.
Microsoft Claims Another Botnet Takedown
Quick Hits  |  9/28/2011  | 
After finishing off Rustock, software giant says it has neutralized Kelihos
Outdated Browsers Leave Many Enterprises Vulnerable To Attack
News  |  9/27/2011  | 
Despite efforts to get users to update browsers, the search for better security only begins with a patch
Why Cisco Didn't Fight Consumer IT
News  |  9/27/2011  | 
At the Mobilize conference, Cisco's Tom Gillis shares his company's experience with consumer IT: Resistance is futile.
LulzSec Suspect Learns Even HideMyAss.com Has Limits
News  |  9/27/2011  | 
After suspect's arrest, British HideMyAss VPN service said that its terms of service don't extend to illegal activities.
MySQL Malware Hack Cost Just $3,000
News  |  9/27/2011  | 
Oracle-owned site was hacked with Java to automatically begin downloading Blackhole malware onto Windows PCs.
Should ISPs Monitor Users' PCs To Stop Botnets?
News  |  9/27/2011  | 
Homeland Security's proposed code of conduct for notifying users when their PCs are infected by malware raises privacy concerns.
Eavesdropping Trojans Used In Cell Phone Spying Case
Commentary  |  9/26/2011  | 
Israeli case a reminder of all types of social engineering threats
MySQL Site Compromised To Serve Up BlackHole Exploits
Quick Hits  |  9/26/2011  | 
Researchers still analyzing attackers' end game
Physical, Logical Security Worlds Continue Slow Convergence
News  |  9/26/2011  | 
'Guards, gates, and guns' organizations say cybersecurity has become a top priority
The Best Spies Money Can Buy
News  |  9/26/2011  | 
Security firms have found evidence that espionage agents are buying time on leased botnets: Will cybercriminals services lead to more efficient spying?
White House, Facebook, MTV Fight Cyberbullying
News  |  9/26/2011  | 
President Obama's CTO and cybersecurity coordinator have launched an effort to protect young people from harmful behavior on the Web.
QSAs Share What Drives Improved PCI Practices
News  |  9/26/2011  | 
As organizations shift attitudes and overcome misconceptions, PCI compliance and security improve
Homeland Security Revamps Cyber Arm
News  |  9/26/2011  | 
National Protection and Programs Directorate will add a new deputy undersecretary for cybersecurity and shift other non-cybersecurity responsibilities onto another official.
Integrated Security Reduces Health IT Data Breaches
News  |  9/26/2011  | 
PricewaterhouseCoopers finds fewer breaches in healthcare organizations that have integrated privacy and security compliance efforts.
Corporate Espionage's New Friend: Embedded Web Servers
News  |  9/26/2011  | 
Many types of Web-connected photocopiers, scanners, and VoIP servers have no default passwords or other security enabled to stop remote eavesdropping.
FBI Arrests Two Suspected LulzSec, Anonymous Members
Quick Hits  |  9/25/2011  | 
Feds look to crack down on AntiSec players
Identity Federation Versus PKI
Commentary  |  9/24/2011  | 
Neither technology alone offers the ultimate user authentication infrastructure
New FFIEC Authentication Guidance Calls For Layers
Commentary  |  9/24/2011  | 
Increased threats and weaknesses in certain accepted authentication mechanisms, FFIEC warns
Sound Database Security Starts With Segmentation
News  |  9/23/2011  | 
Segmenting the network and segregating data by importance is key, experts say
Feds Seek Advice To Battle Botnets
News  |  9/23/2011  | 
Homeland Security and Commerce Departments want to develop voluntary, standard practices that will protect and mitigate attacks on the private sector.
Adobe Flash Player 11 Promises Security Improvements
News  |  9/23/2011  | 
Flash Player upgrade will add SSL and better crypto features, while Android version gets the ability to nuke Flash cookies.
Wardriving Burglars Hacked Business Wi-Fi Networks
News  |  9/23/2011  | 
Three men are indicted for using a tricked-out Mercedes with specialized antennas and network-cracking tools to steal financial data via businesses' wireless networks.
FBI Busts Suspected LulzSec Hacker In Sony Breach
News  |  9/23/2011  | 
Authorities have charged three men as part of ongoing investigations into LulzSec and Anonymous attacks against government servers and Sony websites.
Exclusive Research: Why Identity Management Is Critical Right Now
News  |  9/22/2011  | 
Breached partners, mobility, SaaS, consumerization. If you don't know exactly who's doing what on your network, you're cruising for data loss.
'Lurid' APT-Type Attacks Target Former USSR Region
News  |  9/22/2011  | 
Researchers uncover a year-long-plus cyberespionage campaign
Smartphone Attacks Under Way
Quick Hits  |  9/22/2011  | 
New data finds more than half of U.S. smartphone users hit with at least one security incident in the past 12 months
Web App Attacks Rise, Disclosed Bugs Decline
News  |  9/22/2011  | 
Mismatch between vulnerability disclosures and actual number of new vulnerabilities strengthens case for using Web application firewalls and virtual patching.
Apple's Lion OS At Risk To Password Vulnerability
News  |  9/21/2011  | 
Apple OS X 10.7 flaw would enable hacker to change a pair of passwords
A Call To Disarm Black Hat Hackers In China
News  |  9/21/2011  | 
Two infamous Chinese hackers issue a 'convention' document rallying hackers to disavow illegal hacking activities
NIST Releases Federal Risk Assessment Guide
News  |  9/21/2011  | 
Federal technology standards body issues new guidelines for evaluating cyber security vulnerabilities.
Identity Federation: Waiting On Access Control
Commentary  |  9/21/2011  | 
Separate authentication by websites will remain the reality until access control is done right in Web apps
Social Engineering Attacks Cost Companies
News  |  9/21/2011  | 
Half of businesses have experienced more than 25 successful social engineering attacks in the past two years, with some having to spend up to $100,000 per incident in cleanup costs.
Page 1 / 4   >   >>


Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7227
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.