Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
'APT' Among Top Three Security Worries In 2011
nCircle survey finds wider understanding of risks, less financial support for security projects
A Tale Of Two Hacks
The similarities and differences in the Lockheed and RSA attacks
DOD Says Cyber Attacks May Mean War
The Pentagon's forthcoming cyber strategy will formalize the possibility of a physical response to a virtual attack, according to published reports.
Product Watch: New Service Aims To Improved Botnet Detection Among Service Providers
Damballa CSP 1.6 automates subscriber notification and remediation of botnet infections
35 Million Google Profiles Captured In Database
A security researcher was able to collect information from Google Profiles and save millions of files in a SQL database in about a month.
DNS Filtering Legislation Would Derail DNSSEC, Experts Contend
Senate bill that aims to protect copyright infringement online could backfire security-wise, according to a who's who of Internet infrastructure and security experts
DHS Advances Einstein Cybersecurity Deployment
The Department of Homeland Security plans to hire IT experts who can support Einstein and other security technologies.
Cookiejacking Attack Steals Website Access Credentials
All Internet Explorer users on all versions of Windows are at risk from zero-day attack that can steal any website cookie, allowing an attacker to impersonate their victim.
Google Fixes Authentication Flaw
Vulnerability leaves Android smartphones open to sidejacking
Freebie Black Hole Exploit Kit Limited By Encoding
Obfuscated and encoded code prevents easy customization and creation of new versions
Apple Promises MacDefender Fix
The impact of rogue security software attacks like MacDefender has prompted Apple to issue advice about the malware and to commit to issuing a software fix.
Attackers Step Away From Mainstream, Target Lesser-Known Apps
Attackers Step Away From Mainstream, Target Lesser-Known Apps.
Scareware Is Evolving
That's right -- scareware is still proving an effective way for threat actors to make quick cash on the Internet
Siemens To Issue Patches For SCADA Products 'In Next Few Weeks'
Says attacks would only affect plants without IT security systems
Researcher Challenges Siemens' Public Reaction To New SCADA Flaws
Initial solution suggested by Siemens to remedy the critical vulnerabilities failed.
Audio Captchas Easy To Defeat
Security researchers have designed automated software that regularly defeats most audio challenge-and-response systems on websites.
LinkedIn Faces Cookie Vulnerabilities
The social networking site is set to reduce the length of time before cookies expire and add HTTPS across its site.
Qakbot Malware Infections Spike
Worm that targets financial information infected 1,500 Massachusetts state PCs, potentially exposing 250,000 residents' personal details.
Researcher Challenges Siemens' Public Reaction To New SCADA Flaws
Initial solution suggested by Siemens to remedy the critical vulnerabilities failed
Sony Data Breach Cleanup To Cost $171 Million
If identify theft or credit card fraud takes place, the company said its actual costs could rise substantially.
Hacker Exposes NASA Security Hole
A Goddard Space Flight Center FTP server was breached by a Romanian whitehat hacker known as TinKode, who cracked a European Space Agency network a month ago.
Researchers Decide Not To Give SCADA Vulnerability Talk
Last-minute change in plans spurred by Siemens, government officials
Microsoft Claims IE9 Stops Most Social Engineering Threats
Application reputation feature in the browser blocks more than 20 million malware infections per month by white-listing applications from approved publishers, the software maker says.
Schwartz On Security: Developers Battle Piracy Channels
Business Software Alliance report finds widespread software piracy, but experts say market pressures are to blame.
Cybercriminals Target Online Banking Culture In Latin America
Botnets and malware creation are on the rise in the region, which also could host first big wave of smartphone malware writers
Reduce Your Android Security Risks
Threats against Google's mobile platform have increased 400% in the last year, but common sense will protect users against many of the attacks.
SMBs At Risk For Financial Fraud
Small and midsize businesses are at greater risk than consumers and need to improve identification and response, according to Javelin Strategy & Research.
Success, Failure And The Advanced Threat
You can't judge the sophistication of an attack by its success or failure
Sony Strengthens Security, Restores Some PlayStation Services
Online services get stronger encryption, more firewalls, and an early detection system to try to prevent future attacks; users are required to update gaming console's firmware and password before going online.
Adobe Adds Flash Privacy Controls
Flash Player and Google Chrome get patches against attacks currently seen in the wild.
Microsoft: Cybercrime Falling Into Two Distinct Camps
New Microsoft Security Intelligence Report outlines 'marketing campaign' strategies being employed by one group, and related rise in phishing and rogue antivirus software.
Graphics Cards Face Internet-Borne Threats
The WebGL 3-D graphics specification implemented in Firefox and Chrome, and included in Safari, is subject to denial of service attacks.
Schwartz On Security: Sony Must Do More
Forget free ID theft monitoring. Sony should release its police reports, so that 101 million people can obtain a free credit freeze to proactively battle ID thieves.
McAfee, Intel Launch Cloud Security Platform
The security service uses data loss prevention policies to stop leakage of sensitive data via mobile devices, end users, social networks, and private cloud applications.
Microsoft: Cybercrime Falling Into Two Distinct Camps
New Microsoft Security Intelligence Report outlines 'marketing campaign' strategies being employed by one group, and related rise in phishing and rogue antivirus software
Java Bot Software Could Signal New Vector For Malware Authors
Flexible programming language offers some advantages for cybercriminals, researchers say.
Google, VUPEN Spar Over Chrome Hack
If bypass of Chrome's sandbox indeed used a new Flash vulnerability in the browser, then it's both a Flash bug and a Chrome hack, says security researcher Dan Kaminksy
Facebook Patches Access Token Leak
Users should change their passwords to mitigate threats posed by the accidental leak of perhaps millions of account identity details.
Microsoft Patches Critical Windows Vulnerability
The software maker also tweaked its exploitability index, which predicts the likelihood that vulnerabilities will soon be compromised.
Zeus Trojan's Source Code Leaked In The Wild
'Open source' Zeus could result in widespread infections
Hackers Subvert Google Chrome Sandbox
Vulnerability research firm Vupen said it's found a way to execute arbitrary code in the browser.
DDoS Attacks Evolve And Spread
Nearly two-thirds of organizations have been DDoS'ed in the past year--even smaller organizations, new VeriSign report finds.
OpenID Warns Of Serious Bug
Facebook, Google, and Yahoo are among the millions of websites that use the single sign-on technology.
Tech Insight: Spear Phishing A Tough Catch
But there are technical and training strategies that can help lessen the chances that users will fall for these socially engineered email-based attacks
Disabling Features Make Some Microsoft Bugs Unexploitable
eEye study finds that disabling two well-known features in Microsoft products would prevent attackers from exploiting 12 percent of vulnerabilities
Sony Brings In Forensic Experts On Data Breaches
Data Forte, Guidance Software, and Protiviti will investigate who hacked into Sony's servers and how they cracked the company's defenses.
Bin Laden Death Triggers Cyber Scams
Homeland Security warns about rogueware and phishing attacks masquerading as news about the Al Qaeda leader.
Apache Web Server Under Stealth Attack
Malicious code uses Apache's own filter capabilities to transform the server module into a malware platform.
Apple Macs Targetted By Crimeware Toolkit
The OSX operating system now faces botnet software as well as a fake antivirus campaign launched via Google image searches on Osama Bin Laden.
Sony Reports 24.5 Million More Accounts Hacked
After a second breach, the company suspends all Sony Online Entertainment multiplayer games as the number of compromised user accounts exceeds 100 million.
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
