Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in September 2012
<<   <   Page 2 / 2
Cloud Services Face Different Security Threats
News  |  9/14/2012  | 
Alert Logic study finds that cloud and on-premises customers face about the same number, but different types, of threats.
From Catching A Clue To Catching The Attacker: SIEMs Evolve
News  |  9/14/2012  | 
Security information and event monitoring (SIEM) and log management systems have generally fallen short of detecting attacks in real time. That's changing, say security experts
How Cybercriminals Choose Their Targets
Commentary  |  9/14/2012  | 
Attackers look for companies with poor defenses and a lack of security skills, so no business, not even an SMB, is immune.
10 Cyber Threats Small Businesses Can't Ignore
News  |  9/14/2012  | 
SMBs must be serious about cybersecurity now that they're targets, too.
Survey And Infograph: 65% Of IT Security Professionals Don't Believe Regulation Will Increase Security
News  |  9/13/2012  | 
Results of nCircle 2012 Government Policy Security Trend Study released
Tiny Trojan Targets Turkish Users
Quick Hits  |  9/13/2012  | 
Cybercrime gang tied to various nefarious and malicious activities now employing a powerful mini-Trojan
Microsoft Intercepts 'Nitol' Botnet And 70,000 Malicious Domains
News  |  9/13/2012  | 
Court-ordered sinkhole operation disrupts Chinese DDoS botnet, other malware enterprises
Is 'Virus Expert' Tied To PlugX RAT Malware?
News  |  9/13/2012  | 
Security firm AlienVault believes "whg0001" helped create malware used to attack targets in Japan, South Korea, Taiwan, and Tibet.
5 Frequently Forgotten Factors In Assessing Risk
News  |  9/13/2012  | 
The most common mistakes organizations make when going through the risk assessment process
Symantec Security Has Become Forgotten Child, Critics Say
News  |  9/13/2012  | 
After Symantec leadership change, some channel partners question whether the company will continue emphasizing its storage business over security.
10 Ways Developers Put Databases At Risk
News  |  9/12/2012  | 
Some of the most important database protection methods start with developers who tap into sensitive data stores
The Data-Annihilation Attack Is Back
News  |  9/12/2012  | 
Old-school but painful data-destroying malware attacks in the Middle East a red flag to revisit incident response, recovery
End User Security Awareness Gap Remains Wide, Experts Say
Quick Hits  |  9/12/2012  | 
Enterprise-driven security education programs continue to fall short of the mark
Cisco Releases Cloud IPS, Upgrades Security Products
News  |  9/12/2012  | 
Network equipment vendor's new products and services focus on improving security for mixed physical, virtual, and cloud environments, as well as BYOD.
GoDaddy Outage: Anonymous Attack Or IT Failure?
News  |  9/12/2012  | 
If hacktivists weren't behind the six-hour outage, as GoDaddy's CEO contends, they may still have taken advantage of the situation.
Old Operating Systems Die Harder
Quick Hits  |  9/11/2012  | 
Aging OSes like XP still getting hit big-time with old exploits, new data shows
Shamoon Code 'Amateur' But Effective
News  |  9/11/2012  | 
Researchers drill down into Shamoon targeted malware and conclude it wasn't written by programmers as seasoned as those who created Stuxnet, Duqu, Flame
Security Skills Shortage Creates Opportunities For Enterprises, Professionals
News  |  9/11/2012  | 
Security pros look to cash in on heavy demand for skills; enterprises need to cast a wider net, experts say
FBI's Facial Recognition Program: Better Security Through Biometrics
News  |  9/11/2012  | 
The FBI's facial recognition technology is a boon for law enforcement--and perhaps soon for enterprise and consumer security as well.
A Guide To Network Vulnerability Management
Quick Hits  |  9/11/2012  | 
How do you find the weak spots in your network? Here are some recommendations
Retail Fail: Walmart, Target Fared Worst In Def Con Social Engineering Contest
News  |  9/10/2012  | 
Postmortem details released on high-profile contest that targeted Walmart, Target, AT&T, Verizon, HP, Cisco, Mobil, Shell, FedEx, and UPS
FBI Not Source Of Apple UDID Leak: BlueToad Admits Leak
News  |  9/10/2012  | 
Digital publishing company BlueToad says data breach resulted in leak of millions of UDIDs
Apple Device ID Leak Traced To BlueToad
News  |  9/10/2012  | 
Stolen IDs did not come from FBI, as claimed by AntiSec, but from a Florida-based app publisher that issued an apology and said it is no longer collecting UDID data.
What Identity And Access Management Can Learn From 'Car Talk'
Commentary  |  9/10/2012  | 
Compliance-driven IAM results in the enterprise staring at a Chinese menu of options, and all they can do is point to one that they partially understand
Great, Now We Have To Pee In The Boat
Commentary  |  9/10/2012  | 
Spontaneous reactions can create unintended and costly compliance issues
Mobile Security, Critical Infrastructure Issues Drive Physical, Logical Security Together
News  |  9/9/2012  | 
At opening of (ISC)2 World Congress and ASIS International, the walls between traditional security and cybersecurity come down
Aurora, Other Zero-Day Attacks Linked In 'Elderwood' Study
Quick Hits  |  9/7/2012  | 
Series of sophisticated attacks could be driven by organized crime or a nation state, Symantec says
Enterprises Should Bring Some Security Research In-House
News  |  9/7/2012  | 
Rapid7 researcher pleads case for enterprises to dedicate resources to analyze in-the-wild malware data to prioritize vulnerability mitigation
6 Ways To Strengthen Web App Security
News  |  9/7/2012  | 
Want to keep your Web application from getting hacked? Here's how to get serious about secure apps.
Microsoft Warns Of Looming Digital Certificate Deadline
News  |  9/7/2012  | 
To improve Windows security, a Microsoft security update soon will block access to RSA digital certificates that have a key length of less than 1,024 bits.
Google Aurora Attackers Still On Loose, Symantec Says
News  |  9/7/2012  | 
Gang that attacked Google in 2009 has continued operating, stealing sensitive data via zero-day attacks and compromising target companies' business partners.
Fixing The Patch Problem
News  |  9/7/2012  | 
Many companies are patching systems more slowly than in the past. Using a service that packages fixes can speed updates and give businesses a better chance of closing security holes
What The IPS Saw
News  |  9/6/2012  | 
Analysis of HP TippingPoint intrusion prevention system alerts from the past five years reveals how attackers pump out exploits in wake of patches, and how old threats never die
Toll Fraud Tops Mobile Malware Threats
Quick Hits  |  9/6/2012  | 
Some parts of the world at higher risk of mobile attacks than others, Lookout report shows
Java Still Not Safe, Security Experts Say
News  |  9/6/2012  | 
Oracle needs to fix holes faster, say some security experts. Leave Java disabled for now, because Oracle's emergency patch is insufficient.
Global Cost Of Cybercrime: $110 Billion
Quick Hits  |  9/6/2012  | 
Cybercrime cost U.S. consumers $20.7 billion in the past 12 months; cost per victim is down, Symantec says
Fluke DSW Win Shouldn't Erase Breach Insurance Needs
News  |  9/5/2012  | 
Retailer wins in its fight to claim $6.8 million breach costs on a traditional crime policy, but others might not be as lucky
U.S. Secret Service Probes Extortion Attempt Claiming Theft Of Romney's Tax Returns
News  |  9/5/2012  | 
Security experts say scammers' claims sound fishy, Price Waterhouse Coopers says 'no evidence' of breach
Sony Allegedly Hacked By NullCrew
News  |  9/5/2012  | 
Hacktivist group NullCrew claims to have hit Sony and posted online information gleaned from its systems
Web Application Security Is An Ongoing Commitment Due To Highly Dynamic Hacking Risks, Says Frost & Sullivan
News  |  9/5/2012  | 
Recent whitepaper gives an overview of the likely victims and outlines solutions for organizations to protect themselves
Oracle Emergency Java Patch Opens Fresh Trouble
News  |  9/5/2012  | 
Oracle's emergency patch fixes flaws being used in active attacks, but opens the door to a previously undisclosed vulnerability.
Flash First: Your Next Storage Strategy?
Commentary  |  9/5/2012  | 
As flash storage costs decline, its performance advantages over hard drives become even more appealing.
How To Handle A Data Breach: 5 Tips For SMBs
News  |  9/5/2012  | 
AntiSec's' Apple UDID dump points out why small and midsize businesses should revisit their plans for handling a customer data breach.
FBI, AntiSec Spar On Apple IDs
News  |  9/5/2012  | 
FBI denies laptop data breach, but some security experts believe agency may have suffered a phishing attack.
When Bad IAM Kills
News  |  9/4/2012  | 
How health care's urgent need for single sign-on could drive better identity and access management practices across all industries
McAfee: Close To 100K New Malware Samples Per Day In Q2
Quick Hits  |  9/4/2012  | 
Biggest bump in four years in number of new malware samples found by security vendor
Anonymous Dumps More Than One Million Apple iPhone, iPad Device IDs
News  |  9/4/2012  | 
'AntiSec' operatives claim to have hacked an FBI agent's computer, grabbing 12 million-plus Apple iOS UDIDs -- but there's no reason to panic, experts say
AntiSec Hackers Post 1 Million Apple Device IDs
News  |  9/4/2012  | 
Hacker group says it got data off FBI laptop and released the file to call attention to the government's alleged possession of that information.
Talking 'Bout My Reputation
Commentary  |  9/1/2012  | 
When good security monitoring means not believing everything you're told
<<   <   Page 2 / 2


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Data Breaches Affect the Enterprise
Data breaches continue to cause negative outcomes for companies worldwide. However, many organizations report that major impacts have declined significantly compared with a year ago, suggesting that many have gotten better at containing breach fallout. Download Dark Reading's Report "How Data Breaches Affect the Enterprise" to delve more into this timely topic.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-36328
PUBLISHED: 2021-11-30
Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions and retrieve sensitive information from the database.
CVE-2021-36329
PUBLISHED: 2021-11-30
Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information.
CVE-2021-36330
PUBLISHED: 2021-11-30
Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to reuse old session artifacts to impersonate a legitimate user.
CVE-2021-41256
PUBLISHED: 2021-11-30
nextcloud news-android is an Android client for the Nextcloud news/feed reader app. In affected versions the Nextcloud News for Android app has a security issue by which a malicious application installed on the same device can send it an arbitrary Intent that gets reflected back, unintentionally giv...
CVE-2021-36326
PUBLISHED: 2021-11-30
Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the User Interface (UI). A remote unauthenticated attacker could potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted format...