Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in September 2011
<<   <   Page 2 / 4   >   >>
Consumers Primed For Online Shopping Despite Fraud Concerns
Quick Hits  |  9/21/2011  | 
Nearly half of consumers say they already have fallen victim to cybercrime
Adobe Preps Zero-Day Flash Patch
News  |  9/21/2011  | 
Vulnerability is being actively exploited in the wild, has already been patched in Chrome.
Most Users Respect, Follow Company Security Policies
Quick Hits  |  9/20/2011  | 
Eighteen- to 29-year-old users most likely to bypass security policies for computers, mobile devices, Webroot survey says
Federal IT Top Worries: Complex Attacks, Inside Threats
News  |  9/20/2011  | 
Government IT professionals also say that long waits for approvals are hindering their ability to secure networks, according to a new study.
DigiNotar Hacked Out Of Business
News  |  9/20/2011  | 
Doomed certificate authority files for bankruptcy, and industry looks for answers on preventing more CA hacks
Trusted Computing: Still Waiting For The Big Dance
News  |  9/20/2011  | 
Technology now built into more than 500 million PCs, but most enterprises still don't use it
Apple Lion Vulnerable To Password Hack
News  |  9/20/2011  | 
Flaw in Mac OS X 10.7 allows logged-in attacker to change password without knowing previous one.
HHS: Patient Data Breaches Have More Than Doubled
News  |  9/20/2011  | 
Better adherence to federal breach disclosure policies may explain the severe uptick in notifications in 2010, Department of Health and Human Services tells Congress.
HTTPS Vulnerable To Crypto Attack
News  |  9/20/2011  | 
Security researchers have built a tool that exploits weaknesses in the SSL and TLS encryption protocol, used by millions of websites to secure communications.
D-Link Unveils 32TB Storage Arrays For SMBs
News  |  9/20/2011  | 
The company's iSCSI arrays aren't just for the smallest shops anymore.
Exec Share Lessons Learned From Recent Cyberattack
News  |  9/20/2011  | 
CIO of Pacific Northwest National Laboratory speaks openly about a a pair of summer attacks
8 Techniques To Block SQL Attacks
News  |  9/20/2011  | 
SQL injection attacks hit Web applications 71 times per hour on average, but can peak at 1,300 unique attacks per hour or more. Consider this security advice to stop SQL attacks.
(ISC)2 Launches New Foundation For Security Education
Quick Hits  |  9/19/2011  | 
Charitable initiative will offer user education, youth programs
UBS Rogue Trader Incident Stirs Access Management Speculation
News  |  9/19/2011  | 
Details are still sparse, but UBS rogue trader incident sets off identity and access management debate
APT Attackers Hit Japan's Biggest Defense Contractor
News  |  9/19/2011  | 
Targeted attack against Mitsubishi Heavy Industries demonstrates how APTs aren't just going after U.S. companies
7 Lessons: Surviving A Zero-Day Attack
Commentary  |  9/19/2011  | 
Pacific Northwest National Laboratory CIO Jerry Johnson takes you inside the cyber attack that he faced down--and shares his security lessons learned.
Segregating DBA And Admin Duties
Commentary  |  9/19/2011  | 
Keeping platform admins out of your database
Security Certification: Change Is On Horizon, But Hiring Is Still The End Game
News  |  9/17/2011  | 
While some security pros grouse, well-known certifications still rule in hiring circles
Intel Demonstrates Potential Password-Killers
Commentary  |  9/16/2011  | 
Intel presented two possible ways it plans to make passwords obsolete
HHS Unveils Personal Health Record Privacy Notice
News  |  9/16/2011  | 
The template will help consumers learn more about PHR security and data management practices, much like nutrition labels do for foods.
Tech Insight: A Practitioner's Guide To Authentication
News  |  9/16/2011  | 
How to craft a strong enough yet manageable authentication strategy
Energy Department Sets Roadmap For Secure Infrastructure
News  |  9/16/2011  | 
Agency outlines strategies for developing energy-delivery systems that are resilient even in the face of cyberattack.
Medicare Smartcards Aim To Thwart Fraud, Waste
News  |  9/16/2011  | 
Bipartisan legislation would issue digital ID cards to 48 million Medicare enrollees, save $30 billion a year, say sponsors.
HIPAA Pain: How To Cope
News  |  9/16/2011  | 
Although providers worry about hugh fines for leaking patient data, keeping this information secure isn't that hard--but it soon will be.
Cyberespionage Attackers Buying Crimeware-Infected Machines
Quick Hits  |  9/16/2011  | 
Some APT actors are forgoing the zero-day by buying infected bots, machines from mainstream cybercriminals, FireEye CEO and CTO says
SMBs Need Denial-Of-Service Action Plan
News  |  9/16/2011  | 
Once you've been attacked, you need to respond quickly. These five expert tips will help small and midsize businesses prepare.
FTC Proposes New Rules On Child Data Collection
News  |  9/16/2011  | 
Federal Trade Commission wants to regulate many more types of personal information for websites, mobile games, and online services that knowingly interact with children under the age of 13.
DHS Outlines New Monthly FISMA Compliance Requirements
News  |  9/16/2011  | 
CyberScope represents a major shift in the way federal agencies report FISMA
0-Day SCADA Exploits Released, Publicly Exposed Servers At Risk
Commentary  |  9/16/2011  | 
Italian researcher releases 0-day SCADA exploits leaving companies vulnerable to exploit; Emerging Threats project releases update to help detect attacks
Free 'HoneySink' Tool Captures Botnet Traffic
News  |  9/15/2011  | 
First open-source 'sinkhole' tool released by Honeynet Project
McAfee DeepSafe Promises Better PC Security
News  |  9/15/2011  | 
Taking advantage of features in Intel chips, DeepSafe technology uses virtual memory to spot and block otherwise stealthy rootkit infections.
7 Ways You Give Thieves Dibs On Your Database
News  |  9/15/2011  | 
Bad database security habits make life easy for hackers and malicious insiders.
Data Breach Avoidance Requires Copy Cops?
Commentary  |  9/15/2011  | 
A U.S. senator proposes more data breach regulation, but experts say IT should be thinking data control. As one CSO recently put it, "The problem is not securing a copy of the data; it's securing data against copying."
Microsoft Still Spots Lots Of Zeus Infections
Quick Hits  |  9/15/2011  | 
Rumors of Zeus' merger into SpyEye might have been exaggerated -- for now, anyway
How SMBs Can Minimize Denial-of-Service Risks
News  |  9/15/2011  | 
As the holiday shopping season looms, SMBs can't afford to have their websites taken down. Consider this expert advice.
UBS Discloses $2 Billion In Unauthorized Trades
News  |  9/15/2011  | 
Three years after unauthorized trading at Societe Generale, incident suggests that banks have more governance, risk, and compliance work to do.
FISMA Mandates Monthly Security Reports For Agencies
News  |  9/15/2011  | 
Move from annual reports to consistent CyberScope submissions expected to lighten agencies' compliance burden, tighten federal cybersecurity.
5 Steps To Secure Mobile Devices
News  |  9/15/2011  | 
Security experts offer five essential tips
First SpyEye Attack On Android Spotted In The Wild
Quick Hits  |  9/15/2011  | 
Banking Trojan pretends to be an additional security measure offered by the user's bank
Windows 8 To Come With AV Baked In
News  |  9/14/2011  | 
Microsoft will knit its Microsoft Security Essentials into the next-generation Windows OS
Seven Ways You Give Thieves Dibs On Your Database
News  |  9/14/2011  | 
Bad database security habits make life easy for hackers and malicious insiders
Social Engineering Leads APT Attack Vectors
News  |  9/14/2011  | 
Combat advanced persistent threats with more adaptive user training and by acknowledging that networks today exist in a state of constant compromise, say experts.
Microsoft, Adobe Patch Vulnerabilities
News  |  9/14/2011  | 
Microsoft patches 15 important vulnerabilities, Adobe update fixes critical Reader and Acrobat vulnerabilities, and multiple vendors block more DigiNotar-related certificates.
Americans Want Uncle Sam's Help With Cybercrime Protection
Quick Hits  |  9/13/2011  | 
New Eset/Harris Interactive poll finds most U.S. online adults feel vulnerable to a cyberattack
Managing The Risk Of Flaws In Third-Party Software
News  |  9/13/2011  | 
Companies need to focus on finding and resolving vulnerabilities in software libraries on which their own products rely, experts say
GAO: Technology Gaps Jeopardize U.S. Visa Entry System
News  |  9/13/2011  | 
Incomplete biometric identification is among the gaps the DHS needs to fill to secure the US-VISIT foreign visitors system.
CIA Fights Back Against 'Visual Eavesdroppers'
News  |  9/13/2011  | 
Invests in technology from Oculis Labs that protects sensitive and classified data
CSOs, Execs Call For Better Intelligence-Sharing Among APT Victims
News  |  9/13/2011  | 
Executives at a recent RSA-sponsored summit share their findings about the nature of the APT-type attack
SaaS Startup Simplifies Post-Breach Compliance
News  |  9/13/2011  | 
Co3 pulls together best practices for data loss reporting, minimizing errors in what's usually a manual process.
CIA Protects PCs From Prying Eyes
News  |  9/13/2011  | 
In-Q-Tel is investing in technology from Oculis that prevents visual eavesdroppers from seeing information on computer screens.
<<   <   Page 2 / 4   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-16060
PUBLISHED: 2021-10-15
Mitsubishi Electric SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI.
CVE-2018-16061
PUBLISHED: 2021-10-15
Mitsubishi Electric SmartRTU devices allow XSS via the username parameter or PATH_INFO to login.php.
CVE-2021-27561
PUBLISHED: 2021-10-15
Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.
CVE-2020-4951
PUBLISHED: 2021-10-15
IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information.
CVE-2021-28021
PUBLISHED: 2021-10-15
Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file.