News & Commentary

Content posted in September 2012
Page 1 / 2   >   >>
The Plural Of Data Is Not Analytics
Commentary  |  9/30/2012  | 
When it comes to security monitoring, searching and reporting aren’t always enough. The added value comes from analytics: turning data into information
Security Intelligence Starts With Detecting The Weird
News  |  9/28/2012  | 
As companies try to make sense of a greater amount of information on their networks, anomaly detection becomes more difficult but more important as well
Former Goldman Programmer Faces New Charges
News  |  9/28/2012  | 
Sergey Aleynikov charged with stealing highly confidential software that powers high-frequency trading systems.
PNC Bank Hit By Crowdsourced Hacktivist Attacks
News  |  9/28/2012  | 
Financial services website disrupted by DDoS attacks launched to protest anti-Muslim film, following similar attacks against Wells Fargo, U.S. Bank, and Bank of America.
Internet Explorer Blocks More Malware Than Firefox, Chrome, Safari
Quick Hits  |  9/27/2012  | 
NSS Labs browser tests show Google SafeBrowsing API weak link in catching click fraud malware
14 Amazing DARPA Technologies On Tap
Slideshows  |  9/27/2012  | 
Go inside the labs of the Defense Advanced Research Projects Agency for a look at some of the most intriguing technologies they're developing in computing, electronics, communications, and more.
Mozilla Persona Aspires To Kill Passwords
News  |  9/27/2012  | 
Mozilla system promises Web authentication without site-specific passwords. User's browser will generate a cryptographic 'identity assertion' that expires after a few minutes.
Profiling The Cybercriminal And The Cyberspy
News  |  9/27/2012  | 
Insight into key characteristics, behaviors of cybercrime versus cyberespionage attackers can help -- but the threats aren't just from China and Eastern Europe
Slide Show: 10 Free Governance Risk And Compliance Tools
Slideshows  |  9/27/2012  | 
While expensive risk management products can certainly help a GRC program, any organization can get started measuring risk and making more disciplined decisions using these tools and templates
Muslim Hacktivists Take Credit For U.S. Bank Attack
News  |  9/27/2012  | 
A hacktivist group is apparently following through on its vow to attack financial institutions in retaliation for anti-Muslim film.
Deja Vu All Over Again: New Java Vulnerability Found, Bypasses Built-In Security
Quick Hits  |  9/26/2012  | 
Yet another Java bug has been discovered—and this one breaks out of the software's sandbox
100,000 IEEE User Passwords, IDs Exposed On Internet
News  |  9/26/2012  | 
IEEE admits it exposed user IDs and passwords for roughly 100,000 members, but otherwise remains mum
Don't Waste Your Money On Cyber Breach Insurance
News  |  9/26/2012  | 
Special insurance may offer value, but to get it you'll need to avoid common exclusions and stop trying to use a breach policy as a substitute for solid data security practices
Java Vulnerability Affects 1 Billion Plug-ins
News  |  9/26/2012  | 
Another week, another Java vulnerability--only this one affects all versions of Java released in the past eight years.
FTC Wrist Slaps PC Rental Firms For Spying
News  |  9/26/2012  | 
Seven rent-to-own businesses secretly captured webcam images and personal information of late-paying customers, but face no fines or criminal charges.
Vast Cyberespionage Campaign 'Brazen' In Its Approach
News  |  9/25/2012  | 
RSA dissects so-called 'VOHO' attack campaign, which also shares common traits with prior attacks aimed at Google, others
Energy CSOs Meet To Focus On Emerging Technologies, Threats
News  |  9/25/2012  | 
Intelligent metering, industrial-control systems, join customer data protection as top issues at EnergySec Summit
From Pagers To Text Messages: Healthcare's Next Security Challenge
Quick Hits  |  9/25/2012  | 
Survey of hospital IT professionals shows texting to replace paging in next three years
Security Intelligence = Table Stakes
Commentary  |  9/25/2012  | 
Smart security practitioners know they can no longer rely on their vendors to provide the intelligence they need to deal with today's attacks
Twitter Direct Messages Disguise Trojan App Attack
News  |  9/25/2012  | 
Compromised Twitter accounts send fake Facebook videos and Flash updates that trigger drive-by malware exploits.
Researchers Demonstrate Flaws In iPhone 4, 5 In Hacking Contest
Quick Hits  |  9/25/2012  | 
Vulnerability in Apple's Webkit could affect both of company's new phones, researchers say
Watch The Watchers: 'Trusted' Employees Can Do Damage
News  |  9/25/2012  | 
A study of insider attacks within financial firms offers lessons to other companies: identify important data, limit access, and scrutinize trusted users most closely
NIST's Hash Algorithm Refresh Possibly Premature
News  |  9/24/2012  | 
Security expert Bruce Schneier says there's really no need for the upcoming SHA-3 standard
Microsoft IE Patch Fixes Flaw Under Active Attack
News  |  9/24/2012  | 
Microsoft wins praise for quickly addressing five remote-execution security vulnerabilities, one of which is being used now in attacks.
FBI Warns Of Scams Targeting Financial Industry
Quick Hits  |  9/24/2012  | 
Criminals are using phishing e-mails, keystroke loggers, and Remote Access Trojans to steal financial employee login credentials
Obama Cybersecurity Executive Order Nears Completion As Legislative Saga Continues
News  |  9/21/2012  | 
A cybersecurity executive order is nearing completion, but what could this mean for critical infrastructure companies?
NIST Funds Trusted Identity Pilot Programs
News  |  9/21/2012  | 
National Institute of Standards and Technology programs are intended to create a trustworthy online environment for consumers and businesses, and for institutional transactions.
Microsoft Patches IE Bug
News  |  9/21/2012  | 
Microsoft plans to issue a patch Friday to deal with the latest in a barrage of zero-day exploits for Internet Explorer.
Launching An IAM Project: Where To Start
Commentary  |  9/21/2012  | 
How to think architecture-centric, not audit-centric, in identity and access
Bashing The Hash: IBM X-Force On Password Follies
News  |  9/20/2012  | 
IBM X-Force Mid-Year Report highlights dangers of authentication and IAM mistakes
RSA Report Offers A Blueprint For Next-Generation SIEM
Quick Hits  |  9/20/2012  | 
New report co-authored by RSA, CSC, Terremark, and Verizon calls for a "big data"-driven early warning system
Want Better Security? Get Windows 8
News  |  9/20/2012  | 
The new OS and Internet Explorer 10 protect applications and limit the fallout of exploits.
Multiple Targeted IE Attacks Underway, Microsoft To Release Patch Tomorrow
News  |  9/20/2012  | 
Microsoft today issued an interim Fix-it tool to protect Internet Explorer browsers from a zero-day vulnerability that has spawned attacks by traditional cyberespionage players out of China
A Look At Encrypted Query Processing
Commentary  |  9/20/2012  | 
Stupid encryption tricks, only without a funny YouTube video
IBM Predicts Rise In OS X Exploits, Touts Sandboxing
News  |  9/20/2012  | 
IBM's X-Force Trend and Risk Report says browser exploits and BYOD continue to pose challenges, warns that OS X attacks are getting more sophisticated.
Medical Data Breach Highlights Need For Encryption
News  |  9/20/2012  | 
Massachusetts Eye and Ear Infirmary could have avoided a $1.5 million fine with an adequate risk analysis and relatively inexpensive encryption measures, say IT experts.
A Guide To Security And Enterprise Directories
Quick Hits  |  9/20/2012  | 
Enterprise Directories, such as Microsoft's Active Directory, can be a boon to the security effort. Here are some ways to take advantage of them
DBAs And Developers Need To Better Segment Data Access
News  |  9/19/2012  | 
DMZs aren't just for network administrators
Attack Easily Cracks Oracle Database Passwords
News  |  9/19/2012  | 
Oracle's software update for the flaw doesn't protect all versions of the database
Bank Of America Website Slows After Islamic Hacker Threats
News  |  9/19/2012  | 
Group protesting anti-Islam film claims credit for website service interruptions that hit Bank of America Tuesday afternoon.
Real-World Developers Still Not Coding Securely
News  |  9/18/2012  | 
Though secure development lifecycle advocates have shown the cost benefits of catching vulnerabilities before apps go live, organizations still don't embed security into development
Malwarebytes Goes Enterprise
Quick Hits  |  9/18/2012  | 
Free tool for rooting out new malware now has an enterprise-grade sibling
Cyber Warfare Still Poses Legal Questions
News  |  9/18/2012  | 
A body of accepted international law on cyber warfare slowly is emerging, but more needs to be done to address new world of aggression, civilian and military officials said Tuesday.
Mikko's Malware Odyssey
News  |  9/18/2012  | 
Security guru Mikko Hypponen talks malware evolution, factory-automation vulnerabilities, Space Invaders, and jamming to Justin Bieber
New SUSE Powered Virtual Appliances From Centrify Secure Linux Servers On Premise And In The Cloud
News  |  9/18/2012  | 
Centrify Express, the free version of Centrify Suite 2012, is now preinstalled with SUSE Linux Enterprise Server
Microsoft Warns Of IE 9 Security Bug
News  |  9/18/2012  | 
Microsoft promises fix for zero-day exploit that puts users of IE 9, and earlier IE versions, at risk upon visiting a malicious website.
New TDSS/TDL4 Malware Infects 46 Of Fortune 500
Quick Hits  |  9/18/2012  | 
New Domain Generation Algorithm-based malware claims at least 250,000 victims
Services Can Help Identify Mobile Risks
News  |  9/17/2012  | 
While mobile device management (MDM) services can help a company manage its employees phones and tablets, figuring out whether the devices are up-to-date is also critical
Cyber-Spying Flame Attackers Operated On 'Need To Know' Basis
News  |  9/17/2012  | 
Complex malware dates back to 2006, with at least four individuals authoring and operating the malware operation itself -- which continues to evolve
Report: Security Infrastructure Market To Grow 8.4 Percent
Quick Hits  |  9/17/2012  | 
Security spending on security expected to rise to $60 billion this year despite slow economy
Page 1 / 2   >   >>


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15572
PUBLISHED: 2018-08-20
The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.
CVE-2018-15573
PUBLISHED: 2018-08-20
** DISPUTED ** An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata parameter and a pathname in the lf...
CVE-2018-15574
PUBLISHED: 2018-08-20
** DISPUTED ** An issue was discovered in the license editor in Reprise License Manager (RLM) through 12.2BL2. It is a cross-site scripting vulnerability in the /goform/edit_lf_get_data lf parameter via GET or POST. NOTE: the vendor has stated "We do not consider this a vulnerability."
CVE-2018-15570
PUBLISHED: 2018-08-20
In waimai Super Cms 20150505, there is stored XSS via the /admin.php/Foodcat/editsave fcname parameter.
CVE-2018-15564
PUBLISHED: 2018-08-20
An issue was discovered in daveismyname simple-cms through 2014-03-11. There is a CSRF vulnerability that can delete any page via admin/?delpage=8.