Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in September 2012
<<   <   Page 2 / 2
Cloud Services Face Different Security Threats
News  |  9/14/2012  | 
Alert Logic study finds that cloud and on-premises customers face about the same number, but different types, of threats.
From Catching A Clue To Catching The Attacker: SIEMs Evolve
News  |  9/14/2012  | 
Security information and event monitoring (SIEM) and log management systems have generally fallen short of detecting attacks in real time. That's changing, say security experts
How Cybercriminals Choose Their Targets
Commentary  |  9/14/2012  | 
Attackers look for companies with poor defenses and a lack of security skills, so no business, not even an SMB, is immune.
10 Cyber Threats Small Businesses Can't Ignore
News  |  9/14/2012  | 
SMBs must be serious about cybersecurity now that they're targets, too.
Survey And Infograph: 65% Of IT Security Professionals Don't Believe Regulation Will Increase Security
News  |  9/13/2012  | 
Results of nCircle 2012 Government Policy Security Trend Study released
Tiny Trojan Targets Turkish Users
Quick Hits  |  9/13/2012  | 
Cybercrime gang tied to various nefarious and malicious activities now employing a powerful mini-Trojan
Microsoft Intercepts 'Nitol' Botnet And 70,000 Malicious Domains
News  |  9/13/2012  | 
Court-ordered sinkhole operation disrupts Chinese DDoS botnet, other malware enterprises
Is 'Virus Expert' Tied To PlugX RAT Malware?
News  |  9/13/2012  | 
Security firm AlienVault believes "whg0001" helped create malware used to attack targets in Japan, South Korea, Taiwan, and Tibet.
5 Frequently Forgotten Factors In Assessing Risk
News  |  9/13/2012  | 
The most common mistakes organizations make when going through the risk assessment process
Symantec Security Has Become Forgotten Child, Critics Say
News  |  9/13/2012  | 
After Symantec leadership change, some channel partners question whether the company will continue emphasizing its storage business over security.
10 Ways Developers Put Databases At Risk
News  |  9/12/2012  | 
Some of the most important database protection methods start with developers who tap into sensitive data stores
The Data-Annihilation Attack Is Back
News  |  9/12/2012  | 
Old-school but painful data-destroying malware attacks in the Middle East a red flag to revisit incident response, recovery
End User Security Awareness Gap Remains Wide, Experts Say
Quick Hits  |  9/12/2012  | 
Enterprise-driven security education programs continue to fall short of the mark
Cisco Releases Cloud IPS, Upgrades Security Products
News  |  9/12/2012  | 
Network equipment vendor's new products and services focus on improving security for mixed physical, virtual, and cloud environments, as well as BYOD.
GoDaddy Outage: Anonymous Attack Or IT Failure?
News  |  9/12/2012  | 
If hacktivists weren't behind the six-hour outage, as GoDaddy's CEO contends, they may still have taken advantage of the situation.
Old Operating Systems Die Harder
Quick Hits  |  9/11/2012  | 
Aging OSes like XP still getting hit big-time with old exploits, new data shows
Shamoon Code 'Amateur' But Effective
News  |  9/11/2012  | 
Researchers drill down into Shamoon targeted malware and conclude it wasn't written by programmers as seasoned as those who created Stuxnet, Duqu, Flame
Security Skills Shortage Creates Opportunities For Enterprises, Professionals
News  |  9/11/2012  | 
Security pros look to cash in on heavy demand for skills; enterprises need to cast a wider net, experts say
FBI's Facial Recognition Program: Better Security Through Biometrics
News  |  9/11/2012  | 
The FBI's facial recognition technology is a boon for law enforcement--and perhaps soon for enterprise and consumer security as well.
A Guide To Network Vulnerability Management
Quick Hits  |  9/11/2012  | 
How do you find the weak spots in your network? Here are some recommendations
Retail Fail: Walmart, Target Fared Worst In Def Con Social Engineering Contest
News  |  9/10/2012  | 
Postmortem details released on high-profile contest that targeted Walmart, Target, AT&T, Verizon, HP, Cisco, Mobil, Shell, FedEx, and UPS
FBI Not Source Of Apple UDID Leak: BlueToad Admits Leak
News  |  9/10/2012  | 
Digital publishing company BlueToad says data breach resulted in leak of millions of UDIDs
Apple Device ID Leak Traced To BlueToad
News  |  9/10/2012  | 
Stolen IDs did not come from FBI, as claimed by AntiSec, but from a Florida-based app publisher that issued an apology and said it is no longer collecting UDID data.
What Identity And Access Management Can Learn From 'Car Talk'
Commentary  |  9/10/2012  | 
Compliance-driven IAM results in the enterprise staring at a Chinese menu of options, and all they can do is point to one that they partially understand
Great, Now We Have To Pee In The Boat
Commentary  |  9/10/2012  | 
Spontaneous reactions can create unintended and costly compliance issues
Mobile Security, Critical Infrastructure Issues Drive Physical, Logical Security Together
News  |  9/9/2012  | 
At opening of (ISC)2 World Congress and ASIS International, the walls between traditional security and cybersecurity come down
Aurora, Other Zero-Day Attacks Linked In 'Elderwood' Study
Quick Hits  |  9/7/2012  | 
Series of sophisticated attacks could be driven by organized crime or a nation state, Symantec says
Enterprises Should Bring Some Security Research In-House
News  |  9/7/2012  | 
Rapid7 researcher pleads case for enterprises to dedicate resources to analyze in-the-wild malware data to prioritize vulnerability mitigation
6 Ways To Strengthen Web App Security
News  |  9/7/2012  | 
Want to keep your Web application from getting hacked? Here's how to get serious about secure apps.
Microsoft Warns Of Looming Digital Certificate Deadline
News  |  9/7/2012  | 
To improve Windows security, a Microsoft security update soon will block access to RSA digital certificates that have a key length of less than 1,024 bits.
Google Aurora Attackers Still On Loose, Symantec Says
News  |  9/7/2012  | 
Gang that attacked Google in 2009 has continued operating, stealing sensitive data via zero-day attacks and compromising target companies' business partners.
Fixing The Patch Problem
News  |  9/7/2012  | 
Many companies are patching systems more slowly than in the past. Using a service that packages fixes can speed updates and give businesses a better chance of closing security holes
What The IPS Saw
News  |  9/6/2012  | 
Analysis of HP TippingPoint intrusion prevention system alerts from the past five years reveals how attackers pump out exploits in wake of patches, and how old threats never die
Toll Fraud Tops Mobile Malware Threats
Quick Hits  |  9/6/2012  | 
Some parts of the world at higher risk of mobile attacks than others, Lookout report shows
Java Still Not Safe, Security Experts Say
News  |  9/6/2012  | 
Oracle needs to fix holes faster, say some security experts. Leave Java disabled for now, because Oracle's emergency patch is insufficient.
Global Cost Of Cybercrime: $110 Billion
Quick Hits  |  9/6/2012  | 
Cybercrime cost U.S. consumers $20.7 billion in the past 12 months; cost per victim is down, Symantec says
Fluke DSW Win Shouldn't Erase Breach Insurance Needs
News  |  9/5/2012  | 
Retailer wins in its fight to claim $6.8 million breach costs on a traditional crime policy, but others might not be as lucky
U.S. Secret Service Probes Extortion Attempt Claiming Theft Of Romney's Tax Returns
News  |  9/5/2012  | 
Security experts say scammers' claims sound fishy, Price Waterhouse Coopers says 'no evidence' of breach
Sony Allegedly Hacked By NullCrew
News  |  9/5/2012  | 
Hacktivist group NullCrew claims to have hit Sony and posted online information gleaned from its systems
Web Application Security Is An Ongoing Commitment Due To Highly Dynamic Hacking Risks, Says Frost & Sullivan
News  |  9/5/2012  | 
Recent whitepaper gives an overview of the likely victims and outlines solutions for organizations to protect themselves
Oracle Emergency Java Patch Opens Fresh Trouble
News  |  9/5/2012  | 
Oracle's emergency patch fixes flaws being used in active attacks, but opens the door to a previously undisclosed vulnerability.
Flash First: Your Next Storage Strategy?
Commentary  |  9/5/2012  | 
As flash storage costs decline, its performance advantages over hard drives become even more appealing.
How To Handle A Data Breach: 5 Tips For SMBs
News  |  9/5/2012  | 
AntiSec's' Apple UDID dump points out why small and midsize businesses should revisit their plans for handling a customer data breach.
FBI, AntiSec Spar On Apple IDs
News  |  9/5/2012  | 
FBI denies laptop data breach, but some security experts believe agency may have suffered a phishing attack.
When Bad IAM Kills
News  |  9/4/2012  | 
How health care's urgent need for single sign-on could drive better identity and access management practices across all industries
McAfee: Close To 100K New Malware Samples Per Day In Q2
Quick Hits  |  9/4/2012  | 
Biggest bump in four years in number of new malware samples found by security vendor
Anonymous Dumps More Than One Million Apple iPhone, iPad Device IDs
News  |  9/4/2012  | 
'AntiSec' operatives claim to have hacked an FBI agent's computer, grabbing 12 million-plus Apple iOS UDIDs -- but there's no reason to panic, experts say
AntiSec Hackers Post 1 Million Apple Device IDs
News  |  9/4/2012  | 
Hacker group says it got data off FBI laptop and released the file to call attention to the government's alleged possession of that information.
Talking 'Bout My Reputation
Commentary  |  9/1/2012  | 
When good security monitoring means not believing everything you're told
<<   <   Page 2 / 2


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27180
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail (aka WorldClient). It can be exploited via a GET request. It allows performing any action with the privileges of the attacked user.
CVE-2021-27181
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the application. Having the va...
CVE-2021-27182
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail (aka WorldClient). It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user.
CVE-2021-27183
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location of the filesystem, or he may be able to modify existing files. This vulnerability may directly lead...
CVE-2021-29449
PUBLISHED: 2021-04-14
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details.