Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
IBM Corrects Unpatched Vulnerability Numbers After Google Challenge
X-Force Team at IBM revises data on vendors with most unpatched bugs in recent IBM X-Force 2010 Mid-Year Trend and Risk Report
Pushdo Botnet Crippled Via Coordinated Takedown
Security researchers have pushed large parts of the spam maker offline, but it may not decrease overall crimeware levels.
E-mail Causes Most Enterprise Data Loss
Breaches associated with social media, video sharing, blogs are also on the rise, finds Proofpoint study.
Are We Missing the Point?
Recently there has been a lot of talk about nuclear weapons, terrorism, and peace treaties. At the end of the day, the question remains: how do we protect a country and its citizens from attack? If that is really the purpose of the summits and the meetings, why isn't cybersecurity part of the discussion -- more importantly, the insider threat?
25% Of Malware Spread Via USB Drives
Email and peer-to-peer networks also rank as significant venues for malware attacks, which have increased slightly in the U.S. but declined in Europe, according to Panda Security.
Massive 'Fake AV' Attack Launched
Scareware campaign targets consumers' credit card information with bogus offers of free antivirus services, warns Sophos.
IBM Report: Stealthy Attacks, Vulnerability Disclosures Rise
X-Force report says 35 percent of vulnerabilities affecting virtualization servers also affect the hypervisor
Vulnerability Disclosures Increase By 36% In 2010
IBM report finds "escape to hypervisor" attacks a growing virtualization concern.
Microsoft Issues Advisory On New DLL Hijacking Attack
Third-party, Microsoft apps could harbor flaws that let attacker remotely run code on targeted machines
Microsoft Confirms Windows DLL Hijacking Vulnerabilities
Proof-of-concept code for the remote execution attack hits the wild; numerous applications at risk.
Fixed iTunes Flaw Linked To Broad Set Of Vulnerabilities
A Windows DLL hijacking vulnerability is believed to affect dozens of applications, including at least four from Microsoft.
Mobile Devices Threaten Enterprises From Within
Security researchers are focusing increasingly on mobile devices. The result: your next insider attack could come from a smartphone
United Nations Website Contains SQL Injection Flaws Three Years After Hack, Researcher Says
Bug used in infamous 2007 defacement fixed, but additional SQL injection bugs remain
Adobe Patches Zero Day Vulnerabilities
Out-of-cycle updates fix bugs in Reader and Acrobat affecting Windows, Mac, and Unix.
Google Adds Developer Fee To Enhance Extension Security
It's only $5 but Google hopes the fee will limit abuses by malicious developers.
Cameron Diaz Is The Web's Most Dangerous Celebrity
New McAfee report investigates the most trendy noteables for cyber attacks, finds Barack Obama and Sarah Palin are among the safest.
Intel To Purchase McAfee For $7.68 Billion In Cash
Security experts skeptical of hardware-based security strategy
Intel To Buy Out McAfee For $7.68 Billion
The acquisition would allow Intel to offer a wide range of tightly bundled hardware and software security solutions.
Slideshow: Fashion Statements from DEFCON 2010
Tattoos, mohawks, sheep, and 'pimp' necklaces were just some of the scenes from the hacker conference in Las Vegas earlier this month.
Researcher Cracks ReCAPTCHA
Homegrown algorithms for cheating Google's reCAPTCHA released earlier this month
Ferreting Out Rogue Access Points And Wireless Vulnerabilities
To comply with regulations, companies increasingly must scan their wireless networks -- a third of which have rogue APs or other insecurities
Scareware Using Bing Results To Expand Attack
Mass rogue antivirus campaign tricking search engines to return malicious links using results from Microsoft's search engine.
Facebook Clickjacking Attack Spreading Through Share Button
"Funny T-Shirt Fails" scam costs victims a $5 weekly charge on their cell phone bill, finds Sophos.
Firefox Flaw Facilitates Deception
Security companies see risk in a browser bug, but Mozilla's director of Firefox says users are safe.
Spyware Hidden In Android Snake Tap Game
Free app is paired with GPS Spy, software that monitors a targeted device's location.
Passwords Quickly Hacked With PC Graphics Cards
Georgia Tech researchers find that high-end, readily available graphics processing units are powerful enough to easily crack secret codes.
Botnet Operator Comes Clean About Casino Scam
Busted GhostMarket.net member posted on an underground forum how he stole nearly $30,000 with credit card fraud.
Advanced Persistent Threat: The Insider Threat
APT is the buzzword everyone is using. Companies are concerned about it, the government is being compromised by it, and consultants are using it in every presentation they give. But people fail to realize that the vulnerabilities these threats compromises are the insider -- not the malicious insider, but the accidental insider who clicks on the wrong link.
Strategic Security Survey: Global Threat, Local Pain
Highlights of exclusive InformationWeek Analytics research as it appears in "Global Threat, Local Pain," our report assessing whether the high-profile infiltration of corporate networks worldwide (Google China leaps to mind) is forcing execs to reconsider their security strategies and pony up related resources.
A Peek At The Next Version Of PCI
Clarifications but no big changes -- and that's what concerns some security experts
Symantec Finds 92% Of All E-Mail Is Spam
Report also says phishing is down despite the rise of a new Live-Chat based attack that tries to trick people into giving up personal details.
Hackers Deflate Auto Tire-Pressure Sensors
Monitors in fast-moving cars can be damaged using spoofed wireless signals, leading to security, privacy, and safety threats.
Facebook Privacy Flaw Identified
Despite its struggle to simplify its privacy controls, Facebook still has some work to do.
New Mobile Security Threat: Fingerprint Oil
Oily residue left on touchscreen mobile devices may help an attacker deduce password
Touchscreen Smudges Pose Security Risk
Residual fingerprint oils on smartphones, ATMs, and other devices may reveal passwords and other confidential data, find security researchers.
Malware Peaks, McAfee Calls For Security Industry To Go On The Offense
New report shows 10 million new pieces of malware in the first half of 2010
Microsoft Issues Biggest Security Patch Yet
IT administrators have plenty of work to do if they want to close up the holes in their systems.
Microsoft Investigating Color Management Bug In Windows 7
Vulnerability could provide an attacker with kernel-level access, but Microsoft's Patch Tuesday won't have a fix.
Microsoft Investigates New Zero Day Reported In Windows Kernel
Windows 7 and Vista also contain this new heap-overflow vulnerability, according to security researcher reports
Web Browser Privacy Settings Flawed
Private and anonymous settings in Firefox, Internet Explorer, and others can expose more details than users expect, security researchers find.
SonicWall Names Top 2010 Cybercrime Threats
Web-based attacks and threats to corporate cloud computing spiked spiked dramatically in the first half of 2010 according to a report from the firewall vendor.
Stuxnet 'Zero Day' Worm Not New
Symantec finds earlier variants of the Windows shortcut vulnerability, as well as evidence of significant resources behind its development.
Most IT Pros Circumvent File Transfer Security Policies
Survey finds 69% of IT managers regularly send highly sensitive information -- payroll, customer, or financial data -- via unsecured e-mail, finds Ipswitch study.
Slideshow: Barnaby Jack Hits The Jackpot With ATM Hack
Barnaby Jack, director of research at IOActive, last week at Black Hat USA in Las Vegas demonstrated attacks that would allow a criminal to compromise ATMs in order to steal cash, copy customers' ATM card data, or learn master passwords of the machines
Researchers Throw Down Vulnerability-Disclosure Gauntlet
TippingPoint's Zero Day Initiative (ZDI) program institutes deadline of six months for vendors to fix bugs -- or else the bugs get published
Cyveillance Finds AV Vendors Detect Less Than 19 Percent Of Malware
Further testing reveals that even after 30 days, detection rates averaged only 61.7%
Holy Zeus! Popular Botnet Rules As New Exploits Come Online
Trusteer, AVG identify new botnets with different features, both built on Zeus technology
Advocates Propose Child ID Theft Prevention Database
Database, to be shared with credit reporting agencies, would verify if a social security number belongs to a minor.
iPhone Jailbreak Worries Security Experts
Security firms are expressing concern that the first Web-based "jailbreak" for the iOS devices relies on two security vulnerabilities.
Researcher Reads RFID Tag From Hundreds Of Feet Away
Demonstration raises privacy and security concerns with RFID EPC Class 1 Generation 2 used in some passport cards, inventory tags, and driver's licenses
|
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at RiskIn this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Tweet This
17 Comments
