Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
New DoS Attack Is a Killer
Things are a-brewin' in Sweden. Sweden is not just home of the infamous bikini team, it is also the home of Outpost 24, an equally sexy software-as-a-service network scanning service, and the employer of my friend Robert E. Lee and his colleague Jack C. Louis. These guys are the inventors of UnicornScan, a user-land TCP stack turned into a port scanner. Never heard of it? Use Nmap exclusively? Well if you run Linux, I suggest checking
Study: Routine Misbehavior by End Users Can Lead to Major Data Leaks
Many end users don't understand the risks associated with breaking company security policies, report says
Attackers Mix Online, Offline Exploits to Mask Financial Fraud
Cybercriminals split the attack cycle into pieces that may appear unrelated in order to evade detection
Microsoft, Washington State Launch Legal Assault On Scareware
The lawsuit against Registry Cleaner XP is trying to halt pop-up ads that look like Windows system messages and falsely claim that a critical system error has occurred.
CSRF Flaws Found on Major Websites
Princeton University researchers reveal four sites with cross-site request forgery flaws and unveil tools to protect against these attacks
Yahoo! Japan Auctions Compromised, Report Says
Thieves may have accessed Web auction site as many as 1.5 million times since May
Theft at RAF Facility Endangers Personal Data of 50,000
Data on British air force hard drives wasn't encrypted; old facility 'wasn't that secure,' reports say
'Clickjacking' Attack Prompts Warning To Disable Browser Plug-Ins
The flaw affects Apple Safari, Google Chrome, Microsoft Internet Explorer, Mozilla Firefox, and Opera and could trick a user into clicking on content from another page.
Portrait Of A Computer Forensic Examiner
While data can be recovered from any computer, expert Ives Potrafka believes that corporate IT departments have far less control over what happens on PCs used for work.
Adobe PDF Reader Vulnerable, U.S. CERT Warns
The government's standard precautionary advice: Don't open files from sources you don't trust, and keep your antivirus software and patches up to date.
Survey: Virtually No Security in Enterprises' Virtual Systems
Enterprise survey shows few companies have secured their virtual environments
New ID Theft Service Crawls the Web on Consumers' Behalf
For $15, Affinion penetrates hacker chat rooms and warns users when their data is for sale
Tiger Team Member Attacks Developers, Not Apps
Expert shows how he can get into a Web app without touching the application itself
Sarah Palin E-Mail Hacking Grand Jury Returns No Indictment
A Tennessee Democratic state representative's son was linked last week to involvement in the breach of the Republican vice presidential candidate's Yahoo Mail account.
Shadowserver to Build 'Sinkhole' Server to Find Errant Bots
New initiative will emulate IRC, HTTP botnet traffic
Many PC Users Remain Unaware of Security, Privacy
More than a tenth of users don't know whether they have an antivirus, firewall; majority don't know what privacy settings they're using
For US Enterprises, Computer Crime Starts at Home
Despite perceptions about overseas hackers, attacks increasingly emanate from domestic sources, studies say
Phony Pop-Up Warning Messages Dupe Most Users
New research from NC State University shows how even savvy users fall for malicious system error messages
Man Indicted for Hacking & Blackmailing Luxury Automaker
Sixty-year-old hacker threatened Maserati North America with exposing his theft of customer data from carmaker's Website
'Profiler' Hacks Global Hacker Culture
Former notorious Italian hacker releases initial results of research identifying different types of hackers and their behaviors on and offline
US-Based Malware Network Shuts Down
Network that served large numbers of hackers is no longer in service, observers say
Employees Still Flouting Security Policies, Study Says
Three in 10 enterprises say their business' security is being compromised by personal use of corporate systems
Only 35% Of Oracle Users Continuously Monitor For Suspicious Activity
A recent Unisphere survey found 20% of respondents anticipated some kind of data security breach over the coming year.
Sarah Palin E-Mail Hacker Tied To Tennessee Democrat
Department of Justice investigators have declined to comment on the status of the Palin e-mail investigation.
Experts: US Is Not Prepared to Handle Cyber Attacks
In Congressional testimony, authorities on cyber defense say neither government agencies nor private companies are ready for what may come
Research: Porn Is Losing Its Steam
Separate reports both say lurid material no longer rules Web traffic trends
Palin's 'Hacker' Tells How He Did It
Hacker claiming to have broken into Republican VP candidate Sarah Palin's Yahoo email account reportedly used low-tech research and a little social engineering
Porn Operators Hijack Pages on AARP Website
Multi-pronged attack shows weakness in custom content management systems, researcher says
Hacking Tool Lets You Target Your Own End Users
New open-source attack platform that performs email-based Web attacks debuts next week at OWASP conference
Zero-Day Exploit Code For Apple iTunes, QuickTime Posted
The vulnerability in Apple's newly patched software is said to crash any browser with the QuickTime plug-in.
Free 'Trojan-Proof' Password Tool Released for Windows
Beta virtual keyboard software aims to ward off password-sniffing Trojans, malware
Antivirus Vendors Push Toward Cloud Computing
Key elements of software now being delivered on a software-as-a-service basis
House Passes Identity Theft & Restitution Act
Senate to consider bill that addresses data theft, use of keyloggers and spyware
Microsoft to Share Its Secure Development Blueprint, Threat Modeling Tool
Customers, third-party developers can use Microsoft's model for writing more secure software - for free
Disclosure of Major New Web 'Clickjacking' Threat Gets Deferred
Web security researchers bow to Adobe request for time to patch before releasing proof of concept of newly discovered, massive 'clickjacking' attack
DHS Report Says Leave Laptops At Home
The federal agency said anyone who brings their computer or cell phone out of the country is risking privacy and data security violations.
Hackers Deface CERN's 'Big Bang' Particle Accelerator Site
As scientists began testing CERN's Large Hadron Collider last week, hackers made a mockery of the European lab's network security.
Snort Turns 10, Sourcefire Goes Virtual
IDS/IPS vendor joins the ranks of VMWare partners, gears up for commercial rollout of next-generation Snort
Lost Computer Exposes Data of 22,000 at Intuit
Software company's loss was one of many resulting from burglary at HR outsourcing firm
Report: Unauthorized Apps Run Rampant on Many Enterprise Networks
Detailed analysis of traffic on 60 enterprise networks finds broad usage of software that isn't sanctioned by IT
Study: Hotel Networks Put Corporate Users at Risk
The Center for Hospitality Research's survey and hack confirms worries of weak security on hotel networks
CookieMonster Can Steal HTTPS Cookies
The Python-based tool actively gathers insecure SSL information and records that as well as normal HTTP cookies to Firefox-compatible cookie files.
Enterprises Struggle to Identify Sources of Risk
Security remains top priority, but businesses wrestle with business case, BT study says
New 'On/Off Switch' Protects RFID Cards From Hacks
Technology would let cardholders activate RFID transmission only when card goes through a reader
Online Death Certificates Dropped Amid ID Theft Fears
Large Arizona county no longer posts public-record death certificates on its Website
Flying Phish Hooks Schools of Employees
Penetration test proves many workers can still be easily fooled
IBM Unveils Hardware-Based Encryption Tool
System x Vault protects data when a server's hard drive is disposed or stolen, without affecting server performance.
Home Security Gets A Web Makeover
Forget the closet control panel, today's Internet- and smartphone-enabled home security systems allow browser-based management, SMS updates, live video feeds, and money-saving DIY options.
Most Companies Believe Their Sensitive Data Is at Risk
Enterprises recognize the threat of data theft, Finjan research study says
'Password Recovery' Services May Be Hackers for Hire
Services that promise to help you find your lost passwords may make their living by cracking the passwords of others, IBM researcher says
|
Improving Enterprise Cybersecurity With XDREnterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
