Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Lizamoon SQL Injection: Dead From The Get-Go
The latest round of headline-grabbing SQL injection attacks aren't new, and they aren't very effective; in fact, Lizamoon might as well be called the little injection that couldn't
Trend Micro Nukes Zeus Botnet Server
PayPal, eBay, and the customers of at least 15 banks were targeted by the eliminated botnet.
Microsoft Blames Poor Development Practices For Security Risks
Windows and Internet Explorer are at greater risk of attacks because developers don't use mitigation technologies built into the software, said Microsoft.
NASA Servers At High Risk Of Cyber Attack
Auditors were able to pull encryption keys, passwords, and user account information over the Internet from systems that help control spacecraft and process critical data.
Comodo Reports Two More Registration Authorities Hacked
The digital certificate issuer has deactivated the affected accounts and begun to implement security and validation reforms.
BP Loses Laptop With Gulf Claimant Data
The missing computer, containing personally identifiable information on 13,000 people, was password-protected, but not encrypted.
'Cree.py' Social Engineering Tool Pinpoints A Person's Physical Location
Free tool automates process of pulling geolocation, other information on 'targets'
Rustock Takedown Cut Spam By 33%
Bagel and other botnets seem to be picking up the slack, according to Symantec.
Iranian Claims Credit For Comodo Hack
Mozilla apologizes for not publicizing the attack more quickly and criticizes Comodo's security.
Netgear Intros Gateway Security Appliance For SMBs
The ProSecure UTM150 unified threat management appliance polices Web traffic to help protect company networks against employee-introduced risks from social media or malicious links.
Microsoft Wins A Botnet Battle
The Rustok botnet was estimated to be one million PCs strong, underlining the dangers that malware can cause to businesses and consumers.
Dark Reading Report: How Malware Authors Battle To Evade Detection
A look at the new, ingenious ways bad guys use to frustrate analysts and evade automated security tools
Social Engineering 'Capture The Flag' Contest Returns To DefCon
Changes to this year's contest include some volunteer, high-profile target companies
Gmail, Hotmail Pose Government Security Risk
Australian auditor recommends blocking Webmail on government networks to prevent insider and external threats.
Iran Fingered For Fraudulent Comodo SSL Certificates
Gmail, Hotmail, and Skype are among the domains affected by fraudulently obtained digital certificates, said Comodo.
SCADA Attack Code Released For 35 Vulnerabilities
Systems from Siemens, Iconics, 7-Technologies, and DATAC have security holes in their supervisory control and data acquisition software, leading the Industrial Control Systems Cyber Emergency Response Team to issue security warnings.
Federal Cyber Attacks Rose 39% In 2010
While total incidents reported to US-CERT were down, government networks experienced more attacks than in 2009, according to a Congressional report.
Schwartz On Security: Advanced Threats Persist And Annoy
APTs are today's normal threat, and companies such as RSA must do better, even as the odds against them keep increasing.
ICS-CERT Issues Warnings On Vulnerabilities In Siemens, Other SCADA Products
Researcher discloses 34 vulnerabilities, releases proof-of-concept attack code for four process control server software product lines
Feds Bust Stock 'Pump And Dump' Botnet Scheme
Authorities said a group used hacking, spam, and malware to artificially inflate securities prices and then sell shares at a profit.
Adobe Patches Critical Security Flaw
With attackers actively exploiting the bug to remotely execute code, Adobe recommends that all Flash, Reader, and Acrobat users upgrade immediately.
Hospital Hacker 'GhostExodus' Sentenced To 9 Years
Contract security guard installed malware on sensitive hospital systems to attack the Anonymous hacking collective.
A Deep Dive Into The Latest Threats
New series of blogs will examine what the latest malware or attack really means to your organization and what to do -- or not -- about it
SecurID Customers Advised To Prepare For Worst Case
EMC's RSA hasn't detailed exactly what was stolen, so security experts advise the authentication system's customers to implement a more layered network defense.
RSA SecurID Customers Fear Fallout From Targeted Attack On Security Firm
Uncertainty about what the attackers actually took leaves many customers unsure about next steps.
Microsoft, Feds Knock Rustock Botnet Offline
Authorities confiscated equipment from seven Internet hosting facilities used by the botnet, which was responsible for much of the Viagra email spam on the Internet
Microsoft, Feds Knock Rustock Botnet Offline
Authorities confiscated equipment from seven Internet hosting facilities used by the botnet, which was responsible for much of the Viagra email spam on the Internet.
Navy To Build System For Identifying Security Threats
Modus Operandi has been selected to develop a system that fuses information from a variety of sources to more quickly and efficiently gauge possible threats.
GAO Says IRS Data Security Problems Persist
The General Accountability Office reported that the Internal Revenue Service is still exposing taxpayer and financial information to insider-threat risks, despite making some access-control improvements.
Google Patches Chrome Zero-Day Flash Vulnerability
The release of Chrome 10.0.648.134 for Windows, Mac, Linux, and Chrome Frame makes the browser the first software to be protected against the Flash vulnerability now being actively exploited.
Report: New Malware Increased By 26 Percent In Past Year
Average of 73,000 new samples created daily in 2011, PandaLabs reports
Denial Of Service Attacks Increased Sharply In 2010
DDoS attacks surpass SQL injection to become most prevalent attack vector, security vendor Trustwave reports.
Apple Web App Slowdown Prompts Conspiracy Theories
Some developers fear Apple is deliberately crippling Web apps, but others attribute the issue to technical and security problems.
Adobe Warns Of Active Flash Attack
The critical, zero-day vulnerability affects most recent versions of Flash, Reader, and Acrobat, although apparently not Reader X on Windows.
Google Issues Microsoft IE Warning
Activists using Microsoft Internet Explorer to access Google services are being targeted through an MHTML vulnerability.
Dark Reading Launches New Tech Center On Advanced Threats
New subsite will offer more in-depth news coverage, analysis on next-generation threats
iPhone, BlackBerry Hacked At Pwn2Own Contest
Android and Windows 7 Phone remain untested at the competition.
Symantec Finds Fake Google Security Tool
The phony version of the Android Market Security Tool was found by Symantec on China-based, third-party Web sites that are not sanctioned by Google.
M86 Launches SMB Security Suite
Packaged for organizations with up to 500 seats, M86's new Web and email security software runs on Windows Server or in virtualized environments.
Safari, IE Defeated, Chrome, Firefox Survive
Apple and Microsoft get "pwned" again at CanSecWest's Pwn2Own hacking competition.
The Truth About Malvertising
We tend to think of malvertising as short lived, one-oft attacks that somehow managed to momentarily breach the ad network's defenses. The reality is, malvertising is more norm than anomaly and can easily persist on major ad networks for months, even years, at a time.
Microsoft Fixes Four Flaws
This month's patch cycle may leave IT admins with some extra time on their hands.
Social Network Users Could Be A Click Away From Infection, Researchers Say
Most social nets don't screen out malware in URLs or ads, Dasient researchers find
Google Targets Android Malware Using Kill Switch
Additional steps are being taken to make the Android Market more secure, Google insists.
Security Tips For Virtualization
Spinning up VMs is easy--too easy, in fact. Fortunately, keeping virtual servers safe doesn't have to be expensive.
Security Tips For Virtualization
Spinning up VMs is easy--too easy, in fact. Fortunately, keeping virtual servers safe doesn't have to be expensive.
Hypervisor Security: Don't Trust, Verify
Combating vulnerabilities (and passing audits) is a matter of starting from the root and working up.
Search Engine Malware Doubled In 2010, Report Says
Spam down, Twitter crime rate up by 20 percent, according to Barracuda research
Google Removes Malicious Android Apps
More than 50 apps in the Android Market have been identified as malicious, prompting Google to take steps to remove them.
|
2020: The Year in SecurityDownload this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Tweet This
0 Comments
