Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Lesson From Pwn2Own: Focus On Exploitability
Talented programmers can create attack code quickly, suggesting that firms need to focus on patching easily exploitable -- not just exploited -- flaws
How To Choose Endpoint Protection
Don't fret about malware detection. Focus on user interactions, performance, and management.
Malware To Increasingly Abuse DNS?
Many companies do not scrutinize their domain-name service traffic, leaving an opening for malware to communicate using the protocol
Risk And Regulatory Overload
New study finds organizations worried about risk and compliance, but struggling to manage it all
LulzSec Reborn Claims Military Dating Site Hack
Hacktivists exposed details of 170,000 people on militarysingles.com, as the LulzSec reboot appears to be gaining steam.
Command Injection Attacks, Automated Password Guessing On The Rise
Spam, vulnerabilities, exploit code all on the decline, IBM X-Force report says
Google Chrome Extensions: 6 Security Facts
Malicious Chrome extensions, once they have a toehold on your computer, can wreak havoc via your browser. Understand the security implications.
Microsoft Leads Zeus Botnet Server Shutdown
Microsoft, U.S. Marshals, and financial industry agents raid two Zeus botnet servers farms that stole more than $100 million and infected 13 million PCs with malware.
Choosing The Right Vulnerability Scanner For Your Organization
Vulnerability scanning plays a key role in both security administration and compliance. But which tools are right for you? Here are some tips on how to decide
Fake Caller ID Attacks On The Rise
"Vishing" attacks increased by 52 percent in the second half of last year
'Anonymous' Legacy: Hacktivists Stole More Data Than Organized Crime In 2011 Breaches Worldwide
New Verizon Data Breach Intelligence Report finds 58 percent of all data stolen was the result of hacktivist attacks -- but, overall, traditional cybercriminals executed the largest number of actual breaches
When Hackers Want Much More Than Money
Insider attack data breaches are down in 2011, but hacktivist attacks, with motives beyond money, are up, reports Verizon 2012 Data Breach Investigations Report.
Duqu Alive And Well: New Variant Found In Iran
Researchers at Symantec dissect part of new, retooled version of the reconnaissance-gathering malware
LulzSec Announces April Fool's End To Retirement
LulzSec hacktivists use YouTube video to announce they'll reboot on April 1, despite arrest of six alleged core members.
New Malware Puts Nasty Spin On Remote Control
Georbot Trojan steals remote-desktop configuration files to
provide surreptitious access to targeted PCs, including recording audio and video.
Russian Police Arrest Eight In Bank Malware Scheme
Notorious cybercriminal gang used the Carberp and RDP-door Trojans to snare victims
Simple Settings That Could Curtail Some Attacks
Free tool created by eEye Digital Security checks health of key configurations that can reduce risk
Web Services' Single Sign Ons Contain Big Flaws
Microsoft Research report shows how risky single sign on can be without good integration and better support from Web service providers such as Google and Facebook.
Duqu Code Written By Seasoned Programmers, Researchers Find
Another clue about Duqu solved that further confirms a highly sophisticated and well-backed operation, but the attackers are still not unmasked
Who Leaked PoC Windows Exploit Code?
Accusations are flying
Microsoft Slams Windows Exploit Code Disclosure
Leaked proof-of-concept exploit code would give attackers remote-control access to an unpatched Windows PC.
The End Of Vulnerabilities?
On a global scale, bugs are never going away, but in specific products, early evidence reveals that companies are having success in weeding out flaws
Typemock Introduces Isolator V7
New software cuts bug fix time by pinpointing the bug in the actual code
Malicious Proxies May Become Standard Fare
DNSChanger shows that funneling infected network traffic to central servers can enable massive fraud, but the technique has significant weaknesses, as well
Dell Acquires Security Specialist SonicWall
SonicWall's Unified Threat Management systems will let Dell compete more effectively with the likes of Juniper and Check Point.
Use Google To Spot Network Security Holes
The bad guys use search engines to seek out weak spots. Here's how to beat them to the punch.
How To Use Google To Find Vulnerabilities In Your IT Environment
The bad guys use search engines to seek out weak spots. Here's how to beat them to the punch
4 More Application Security Strategies For SMBs
Don't have the time, staff, or budget to go all-in on application security? Read this expert's take on how and what to prioritize.
10 Best Ways To Stop Insider Attacks
Consider the smartest ways that companies can detect, block, and investigate insiders with malicious motives. The advice comes from CERT and the Secret Service, after a review of hundreds of attacks.
Facebook Social Engineering Attack Strikes NATO
Top military commander in NATO targeted by attackers wielding fake Facebook pages. Some security watchers ask if Chinese culprits were involved.
Doman Generation Algorithms Quietly On The Rise, Researcher Says
Thought to be dead, DGAs are increasingly being used for botnet command and control, Damballa says
IE Falls In Pwn2Own
Vupen Security said it will publicly detail only one of two bugs involved. Meanwhile, Google has already patched the Chrome bug exploited in the Pwnium contest.
Hacker Sabu Worked Nonstop As Government Informer
Fascinating details continue to emerge about Hector Xavier Monsegur, aka LulzSec and Anonymous leader Sabu. Court documents show he worked around the clock to help
investigators.
Malware Advancing Faster Than Companies Can Analyze It
Only 17 percent catch malware targeting their organizations, new survey by Forrest Anderson Research and commissioned by Norman ASA finds
Feds Simulate Crippling Cybersecurity Attack On NYC Electricity
Senators and agencies participate in exercise, which simulated how the government might respond in the event of a cyberattack on New York's electricity supply during a summer heat wave.
Security Holes Common In Customer-Facing Bank Apps
CRASH Report reveals that banks fall behind in making their customer-facing applications structurally sound and secure.
Google Chrome Falls Twice In Hacking Contest
VUPEN Security hacks Google Chrome, Safari, and Internet Explorer to take early lead in Pwn2Own contest.
Facebook: DDoS Attack Didn't Cause European Outage
Facebook said technical issues caused downtime that made site temporarily inaccessible in parts of Europe.
Anonymous Hackers' Helper: IT Security Neglect
Despite successful FBI arrests of members of LulzSec and Anonymous, hacktivist attacks will continue so long as easy-to-exploit weaknesses persist. How much are our security practices to blame?
What's Next For Anonymous After Sabu Arrest?
Members of the hacktivist collective have defaced websites, and taunted LulzSec leader Sabu for turning informer. But will he have company?
LulzSec's Sabu Was Identity Thief, Not Robin Hood
Federal indictment accuses Sabu of crossing a clear line between political expression and criminal activity.
LulzSec Sabu Arrest: Don't Relax Yet, IT
LulzSec mastermind arrested, but security experts warn this is no time to let down your guard for this type of threat.
LulzSec Leader Sabu Unmasked, Aids FBI Hacker Sweep
Feds arrest alleged members of LulzSec, Anonymous, and AntiSec, charge them with attacks on Sony, PBS, Stratfor, and other sites.
As Congress Debates Critical Infrastructure Security, Danger Grows
Security experts warn that new tools make it easier than ever to attack critical infrastructure control systems, as Congress debates legislative action.
Chrome Shines Bright In Controversial Security Fight
Major browsers have all made solid strides in security in the past few years, but Chrome's sandbox makes Google's browser a harder target, researchers say at RSA.
Chrome Shines Bright In Controversial Security Fight
The major browsers have all made solid strides in security in the past few years, but Chrome's sandbox makes Google's browser a harder target, researchers say
4 BYOD Security Strategies For Small Business
Whether or not your company embraces the bring-your-own-device approach, don't ignore the data integrity and retention implications of all the personal smartphones and tablets showing up in the workplace.
Security On A Shoestring
A study of 15 vulnerability remediation projects finds only one third of time is actually spent fixing flaws. Here's how to use that extra time more efficiently.
Qualys Pumps $500,000 Into Net Security Collaborative
Trustworthy Internet Movement aims to accelerate progress against tough problems like botnets, cloud security, announced Qualys CEO in RSA keynote.
Fixing Vulnerabilities On A Shoestring
A study of 15 vulnerability remediation projects finds only a third of time is actually spent fixing flaws. More on the costs and how to reduce them
|
Special Report: Computing's New NormalThis special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Tweet This
0 Comments
