News & Commentary

Content posted in September 2012
Page 1 / 2   >   >>
The Plural Of Data Is Not Analytics
Commentary  |  9/30/2012  | 
When it comes to security monitoring, searching and reporting aren’t always enough. The added value comes from analytics: turning data into information
Security Intelligence Starts With Detecting The Weird
News  |  9/28/2012  | 
As companies try to make sense of a greater amount of information on their networks, anomaly detection becomes more difficult but more important as well
Former Goldman Programmer Faces New Charges
News  |  9/28/2012  | 
Sergey Aleynikov charged with stealing highly confidential software that powers high-frequency trading systems.
PNC Bank Hit By Crowdsourced Hacktivist Attacks
News  |  9/28/2012  | 
Financial services website disrupted by DDoS attacks launched to protest anti-Muslim film, following similar attacks against Wells Fargo, U.S. Bank, and Bank of America.
Internet Explorer Blocks More Malware Than Firefox, Chrome, Safari
Quick Hits  |  9/27/2012  | 
NSS Labs browser tests show Google SafeBrowsing API weak link in catching click fraud malware
14 Amazing DARPA Technologies On Tap
Slideshows  |  9/27/2012  | 
Go inside the labs of the Defense Advanced Research Projects Agency for a look at some of the most intriguing technologies they're developing in computing, electronics, communications, and more.
Mozilla Persona Aspires To Kill Passwords
News  |  9/27/2012  | 
Mozilla system promises Web authentication without site-specific passwords. User's browser will generate a cryptographic 'identity assertion' that expires after a few minutes.
Profiling The Cybercriminal And The Cyberspy
News  |  9/27/2012  | 
Insight into key characteristics, behaviors of cybercrime versus cyberespionage attackers can help -- but the threats aren't just from China and Eastern Europe
Slide Show: 10 Free Governance Risk And Compliance Tools
Slideshows  |  9/27/2012  | 
While expensive risk management products can certainly help a GRC program, any organization can get started measuring risk and making more disciplined decisions using these tools and templates
Muslim Hacktivists Take Credit For U.S. Bank Attack
News  |  9/27/2012  | 
A hacktivist group is apparently following through on its vow to attack financial institutions in retaliation for anti-Muslim film.
Deja Vu All Over Again: New Java Vulnerability Found, Bypasses Built-In Security
Quick Hits  |  9/26/2012  | 
Yet another Java bug has been discovered—and this one breaks out of the software's sandbox
100,000 IEEE User Passwords, IDs Exposed On Internet
News  |  9/26/2012  | 
IEEE admits it exposed user IDs and passwords for roughly 100,000 members, but otherwise remains mum
Don't Waste Your Money On Cyber Breach Insurance
News  |  9/26/2012  | 
Special insurance may offer value, but to get it you'll need to avoid common exclusions and stop trying to use a breach policy as a substitute for solid data security practices
Java Vulnerability Affects 1 Billion Plug-ins
News  |  9/26/2012  | 
Another week, another Java vulnerability--only this one affects all versions of Java released in the past eight years.
FTC Wrist Slaps PC Rental Firms For Spying
News  |  9/26/2012  | 
Seven rent-to-own businesses secretly captured webcam images and personal information of late-paying customers, but face no fines or criminal charges.
Vast Cyberespionage Campaign 'Brazen' In Its Approach
News  |  9/25/2012  | 
RSA dissects so-called 'VOHO' attack campaign, which also shares common traits with prior attacks aimed at Google, others
Energy CSOs Meet To Focus On Emerging Technologies, Threats
News  |  9/25/2012  | 
Intelligent metering, industrial-control systems, join customer data protection as top issues at EnergySec Summit
From Pagers To Text Messages: Healthcare's Next Security Challenge
Quick Hits  |  9/25/2012  | 
Survey of hospital IT professionals shows texting to replace paging in next three years
Security Intelligence = Table Stakes
Commentary  |  9/25/2012  | 
Smart security practitioners know they can no longer rely on their vendors to provide the intelligence they need to deal with today's attacks
Twitter Direct Messages Disguise Trojan App Attack
News  |  9/25/2012  | 
Compromised Twitter accounts send fake Facebook videos and Flash updates that trigger drive-by malware exploits.
Researchers Demonstrate Flaws In iPhone 4, 5 In Hacking Contest
Quick Hits  |  9/25/2012  | 
Vulnerability in Apple's Webkit could affect both of company's new phones, researchers say
Watch The Watchers: 'Trusted' Employees Can Do Damage
News  |  9/25/2012  | 
A study of insider attacks within financial firms offers lessons to other companies: identify important data, limit access, and scrutinize trusted users most closely
NIST's Hash Algorithm Refresh Possibly Premature
News  |  9/24/2012  | 
Security expert Bruce Schneier says there's really no need for the upcoming SHA-3 standard
Microsoft IE Patch Fixes Flaw Under Active Attack
News  |  9/24/2012  | 
Microsoft wins praise for quickly addressing five remote-execution security vulnerabilities, one of which is being used now in attacks.
FBI Warns Of Scams Targeting Financial Industry
Quick Hits  |  9/24/2012  | 
Criminals are using phishing e-mails, keystroke loggers, and Remote Access Trojans to steal financial employee login credentials
Obama Cybersecurity Executive Order Nears Completion As Legislative Saga Continues
News  |  9/21/2012  | 
A cybersecurity executive order is nearing completion, but what could this mean for critical infrastructure companies?
NIST Funds Trusted Identity Pilot Programs
News  |  9/21/2012  | 
National Institute of Standards and Technology programs are intended to create a trustworthy online environment for consumers and businesses, and for institutional transactions.
Microsoft Patches IE Bug
News  |  9/21/2012  | 
Microsoft plans to issue a patch Friday to deal with the latest in a barrage of zero-day exploits for Internet Explorer.
Launching An IAM Project: Where To Start
Commentary  |  9/21/2012  | 
How to think architecture-centric, not audit-centric, in identity and access
Bashing The Hash: IBM X-Force On Password Follies
News  |  9/20/2012  | 
IBM X-Force Mid-Year Report highlights dangers of authentication and IAM mistakes
RSA Report Offers A Blueprint For Next-Generation SIEM
Quick Hits  |  9/20/2012  | 
New report co-authored by RSA, CSC, Terremark, and Verizon calls for a "big data"-driven early warning system
Want Better Security? Get Windows 8
News  |  9/20/2012  | 
The new OS and Internet Explorer 10 protect applications and limit the fallout of exploits.
Multiple Targeted IE Attacks Underway, Microsoft To Release Patch Tomorrow
News  |  9/20/2012  | 
Microsoft today issued an interim Fix-it tool to protect Internet Explorer browsers from a zero-day vulnerability that has spawned attacks by traditional cyberespionage players out of China
A Look At Encrypted Query Processing
Commentary  |  9/20/2012  | 
Stupid encryption tricks, only without a funny YouTube video
IBM Predicts Rise In OS X Exploits, Touts Sandboxing
News  |  9/20/2012  | 
IBM's X-Force Trend and Risk Report says browser exploits and BYOD continue to pose challenges, warns that OS X attacks are getting more sophisticated.
Medical Data Breach Highlights Need For Encryption
News  |  9/20/2012  | 
Massachusetts Eye and Ear Infirmary could have avoided a $1.5 million fine with an adequate risk analysis and relatively inexpensive encryption measures, say IT experts.
A Guide To Security And Enterprise Directories
Quick Hits  |  9/20/2012  | 
Enterprise Directories, such as Microsoft's Active Directory, can be a boon to the security effort. Here are some ways to take advantage of them
DBAs And Developers Need To Better Segment Data Access
News  |  9/19/2012  | 
DMZs aren't just for network administrators
Attack Easily Cracks Oracle Database Passwords
News  |  9/19/2012  | 
Oracle's software update for the flaw doesn't protect all versions of the database
Bank Of America Website Slows After Islamic Hacker Threats
News  |  9/19/2012  | 
Group protesting anti-Islam film claims credit for website service interruptions that hit Bank of America Tuesday afternoon.
Real-World Developers Still Not Coding Securely
News  |  9/18/2012  | 
Though secure development lifecycle advocates have shown the cost benefits of catching vulnerabilities before apps go live, organizations still don't embed security into development
Malwarebytes Goes Enterprise
Quick Hits  |  9/18/2012  | 
Free tool for rooting out new malware now has an enterprise-grade sibling
Cyber Warfare Still Poses Legal Questions
News  |  9/18/2012  | 
A body of accepted international law on cyber warfare slowly is emerging, but more needs to be done to address new world of aggression, civilian and military officials said Tuesday.
Mikko's Malware Odyssey
News  |  9/18/2012  | 
Security guru Mikko Hypponen talks malware evolution, factory-automation vulnerabilities, Space Invaders, and jamming to Justin Bieber
New SUSE Powered Virtual Appliances From Centrify Secure Linux Servers On Premise And In The Cloud
News  |  9/18/2012  | 
Centrify Express, the free version of Centrify Suite 2012, is now preinstalled with SUSE Linux Enterprise Server
Microsoft Warns Of IE 9 Security Bug
News  |  9/18/2012  | 
Microsoft promises fix for zero-day exploit that puts users of IE 9, and earlier IE versions, at risk upon visiting a malicious website.
New TDSS/TDL4 Malware Infects 46 Of Fortune 500
Quick Hits  |  9/18/2012  | 
New Domain Generation Algorithm-based malware claims at least 250,000 victims
Services Can Help Identify Mobile Risks
News  |  9/17/2012  | 
While mobile device management (MDM) services can help a company manage its employees phones and tablets, figuring out whether the devices are up-to-date is also critical
Cyber-Spying Flame Attackers Operated On 'Need To Know' Basis
News  |  9/17/2012  | 
Complex malware dates back to 2006, with at least four individuals authoring and operating the malware operation itself -- which continues to evolve
Report: Security Infrastructure Market To Grow 8.4 Percent
Quick Hits  |  9/17/2012  | 
Security spending on security expected to rise to $60 billion this year despite slow economy
Page 1 / 2   >   >>


One in Three SOC Analysts Now Job-Hunting
Kelly Jackson Higgins, Executive Editor at Dark Reading,  2/12/2018
Encrypted Attacks Continue to Dog Perimeter Defenses
Ericka Chickowski, Contributing Writer, Dark Reading,  2/14/2018
Can Android for Work Redefine Enterprise Mobile Security?
Satish Shetty, CEO, Codeproof Technologies,  2/13/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: One agent too many was installed on Bob's desktop.
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.