Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Defense Intelligence Agency Fixes Risky Web Site Code
The presence of a call to execute JavaScript code that resides on a Statcounter.com server in Ireland provided a weak link in the security chain that could have been exploited.
Antivirus 'Scareware' is Lucrative
Rogue antivirus software circulating on the Web potentially making top distributors millions of dollars a year
Trojan Caught Stealing Data From Hundreds of Thousands
Sinowal has been capturing data for almost three years without leaving a trace, RSA says
Bono's Bikini Teens Perplex Facebook's Privacy
An American fashion student and her British friend's pose with the U2 front man call into question what kinds of rules should be standard on the social network.
Hack Turns Application Code Against Itself
New attack uses application flaws to force good code to go rogue
New Malware Technique Bypasses Traditional Defenses
Two UC San Diego students have demonstrated a way to turn good computer code into malicious instructions using a technique called "return-oriented programming."
Internet Apps & Social Networking Office Boom Linked to Breaches
New study finds that nearly all organizations have employees using Internet apps at work, and 60% use social networking at the office
E-Voting Complaints Heat Up With Early Voting
Some people also have complained that the touch screens are overly sensitive and do not separate the choices enough for voters to be sure they're activating the right selection.
FTC Pushes Back 'Red Flag' Deadline
Companies have another six months to develop identity theft prevention programs
Tech Insight: Digital Forensics & Incident Response Go Live
New tools, methods emerge for leveraging forensic data and memory analysis in the wake of an attack
Microsoft Releases Emergency Patch For Windows Vulnerability
The out-of-band security update addresses a critical flaw that could allow a remote attacker to take over Windows computers without any user interaction.
Microsoft To Issue Emergency Security Patch On Thursday
The out-of-band bulletin will address a vulnerability (or more than one) that is rated "critical" for Windows 2000, Windows Server 2003, and Windows XP.
Halloween Hack Haunts Web Searches
Legitimate Halloween costume sites infected with rogue antivirus program
Startup Promises to Monitor, Block Text Messaging
TextGuard says it can reduce the likelihood of data leaks from a wide variety of mobile devices
7 Fantastic Internet Hoaxes
Despite our increasing technological sophistication, we can't help falling for e-mail about Bigfoot, giant mutant cats, doomed tourists, and deadly butt spiders.
Compliance Costs Increasing, Study Says
Despite progress in compliance projects, most companies spent more in the past year than they did the year before
'Block the Vote' Tactics Go Online This Election
Electronic Privacy Information Center predicts potential for spoofed Websites, fake VOIP call blasts, phishing, and DOS - to suppress voters
Computer Keyboards Betray Users' Keystrokes To Radio Eavesdroppers
Swiss security researchers demonstrate that even wired keyboards emanate signals that can reveal a user's keystrokes.
Report: Energy Companies Are Top Target of Web-Borne Malware
ScanSafe questions whether jump indicates that sensitive industries are under organized attack
Microsoft Blue Hat: Researcher Demos No-Hack Attack
Wealth of available online data on individuals, businesses can be used in targeted attacks
Hackers Steal Money From French President Sarkozy's Bank Account
An investigation is under way and the bank in question could face sanctions if it's found to be responsible, French officials said.
Google Told To Reveal Gmail 'Spybox' Account Info In CTO Espionage Case
A former iMerge partner is accused of installing a backdoor server in the company's hosting center to send proprietary and financial information to his Gmail account.
Making ID & Access Management More Accessible
New tools automate, simplify the access certification process
When Dates Attack
Dating 'alert' sites allow women to put an 'ex' on trial without rebuttal
ANSI Launches Guide to Help Calculate Cyber Security Risk
Standards body advocates multi-disciplinary approach to security breach planning
Adobe Flash Player Fix Stops 'Clickjacking'
Adobe recommends users upgrade to Flash Player version 10.0.12.36 to avoid bugs that could lead to an attack over Internet Explorer, Firefox, Safari, Opera, or Chrome Web browsers.
'Human Error' Exposes Personal Information of 3,300 in Indianapolis
Spreadsheet sat on city Web server for at least 11 days
SSL VPN Secures iPhone, Extranet Sessions
Silicon Valley startup gets more mileage out of its VPN
Inspector General Report: Two IRS Applications Leave Taxpayer Data at Risk
IRS knowingly rolled out systems that contained security vulnerabilities
Report: Paper Ballots More Secure, Accurate Than E-Voting
Fortify Software gives tips for ensuring your vote is actually counted and uncompromised by hackers
Cellphone Botnets, Blackmailing VOIP & a Healthy Cybercrime Economy
New report from Georgia Tech Information Security Center highlights the top threats for '09 and beyond
Test Shows Shortcomings of Antivirus Programs
Symantec is leader in very weak field of AV products, Secunia study says
Users Know Security Policy & Break It Anyway, Study Says
Many users feel they need to work around company security rules, according to RSA research
Microsoft's Patch Tuesday Vital For Windows Server 2000 Users
While it's the Active Directory vulnerability that is rated "critical," fixes for Windows Server 2008 and Windows Vista show the newer operating systems are not immune from attacks.
Intellectual Property Bill Becomes Law: Critics Say It Goes Too Far
New law gives authorities more leeway to prosecute thieves who steal sensitive data for piracy or espionage
Feds Shut Down Major Spam Operation
Herbal King gang sent billions of spam messages pushing prescription drugs and phony male-enhancement products
Report: Profiting From Patch Tuesday
New McAfee research shows by the numbers how attackers could manipulate the stock market
Stolen eBay Account Booty Found
Over 5,000 pilfered accounts - mostly from newly registered, less active eBay user accounts
World Bank Besieged By Hackers, Or Not
According to a media report, the World Bank has experienced at least six major intrusions, two from the same IP address in China, since the summer of 2007.
Microsoft, Apple Address Security Issues
Microsoft's upcoming Patch Tuesday will address 11 flaws in software like Active Directory and IE, while Apple is fixing 40 vulnerabilities in its latest update.
World Bank Hacked, Sensitive Data Exposed
Hacked Web servers, a stolen administrative account, and lot of unanswered questions
UK Ministry of Defense Loses Hard Drive Containing Data on 700,000
Officials still not sure whether drive was stolen or misplaced
Metasploit Hacking Tool Now Open for Licensing
New Metasploit 3.2 adds new features including DNS, WiFi hacking
Study: 80% of Organizations Suffer Breaches, Most From the Inside
Breaches originate mainly from mobile devices, the network, mainframe, and paper
Clickjacking Attack Lets Web Sites See, Hear You
The technique can be used to hijack a computer's Webcam and microphone to create a malicious surveillance platform.
Sarah Palin E-mail Hack Suspect Indicted
A Tennessee Democratic state representative's son faces a maximum of five years in prison, a $250,000 fine, and three years of supervised release if convicted.
Financial Crisis Leaves Bank Branches Open to Social Engineering, Targeted Attacks
Social engineer gained access to branch manager's office while he was out - with no questions asked
Palin Hacker Indicted
Son of Tennessee Democrat goes before grand jury
ISC2 To Offer Certification For Software Lifecycle Security
The designation aims to reduce application vulnerabilities by encouraging use of best practices for safeguarding security in software development, deployment, and disposal.
Details of Clickjacking Attack Revealed With Online Spying Demo
Adobe releases Flash Player workaround to defend against clickjacking attack
|
Improving Enterprise Cybersecurity With XDREnterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
