FOLLOW US
Errant Google Domain Traced To CA's Mistakes
Jan 04, 2013 |
Certificated authority Turktrust details internal errors that led to phony digital certificates
Phony Google Digital Certificate Blocked By Browser Vendors
Jan 03, 2013 |
Google, Microsoft, and Mozilla are each addressing the problem with security updates to protect users
'Dementia' Wipes Out Attacker Footprints In Memory
Jan 03, 2013 |
New tool exposes weak links in forensic tools that inspect Windows memory for attack intelligence
New IE Zero-Day Attack Bypasses Key Microsoft Security Measures
Jan 02, 2013 |
Microsoft releases temporary browser fix for new flaw being exploited in targeted attacks
Global Scans Reveal Internet's Insecurities In 2012
Dec 28, 2012 |
Researchers and attackers catalog vulnerable systems connected to the Internet, from videoconferencing systems set to auto-answer, to open point-of-sale servers, to poorly configured database systems
Better Integrate IT Risk Management With Enterprise Risk Activities
Dec 27, 2012 |
Not only will IT security risks be given greater attention, risk management could affect better business performance as a result
Better Integrate IT Risk Management With Enterprise Risk Activities
Not only will IT security risks be given greater attention, risk management could affect better business performance as a result
Tech Insight: Using Penetration Tests To Gauge Real Risk
A quality pen test can ferret out the real risk that vulnerabilities pose to a company and its data
Windows 8 Security Stresses Exploit Prevention
A look at some of the key security features in the Microsoft's new OS
Study Finds More Than 10,000 ID Fraud Rings In the U.S.
Georgia, South Carolina, and Florida are among the hotspots for identity theft
Build Roadblock For Attacks Through Rule Of Least Privilege
Attack against Coke shows once again why organizations need to better control their privileged accounts
7 Costly IAM Mistakes
Blunders that lead to costly identity and access management failures
Cybercrime Inc.: The Business Of The Digital Black Market
Report by security vendor Fortinet examines the structure of the cyber underworld
Data-Destruction Attack Targeted 'Few' Select Iranian Computers
'Simplistic' data-destroying malware found on small number of targeted computers in Iran
Survey: Threat Intelligence Reports Play Key Role In Security Strategies
Turns out enterprises really do read and take heed of security threat intelligence reports
CSOs Say: 'Court' Your Middle Managers, Too
Security for Business Innovation Council (SBIC) members warn of 'disruptive' technologies for 2013 that will test enterprise security
OpenDNS Goes Mobile
New service an alternative to the VPN
Survey: Consumers Plan Risky Business This Holiday Season
Many consumers will use mobile devices to shop -- without worrying much about privacy or app security
(ISC)2 Election Puts New Blood On Its Board Of Directors
The security certification group has faced criticism from its members regarding the CISSP certification
What An Executive Order On Cybersecurity May Mean For Enterprises
While officials say an executive order could set voluntary security standards, companies worry that it can result in a checklist approach to security
OCR Reorganizes Breach Data; Reports 21M Medical Records Exposed Since 2009
Revamped HITECH breach data shows six breaches involving more than a million records
Survey: IT Less Stressed About Cloud Security
Four out of five IT pros say they are using public cloud services, CloudPassage data finds
New Hack Abuses Cloud-Based Browsers
Researchers show how attackers could anonymously pilfer free cloud computing power -- for cracking passwords, denial-of-service attacks, or other nefarious activities
Researchers Develop Cross-VM Side-Channel Attack
A new attack vector shows that isolation in public clouds is not a perfect answer for security, researcher says
'Dementia' Wipes Out Attacker Footprints In Memory
New tool exposes weak links in forensic tools that inspect Windows memory for attack intelligence
New IE Zero-Day Attack Bypasses Key Microsoft Security Measures
Microsoft releases temporary browser fix for new flaw being exploited in targeted attacks
The 5 Coolest Hacks Of 2012
Nothing was sacred -- the nation's airspace, home power meters, videoconferences, and, in an ironic twist, popular cybercrime tools
Global Scans Reveal Internet's Insecurities In 2012
Researchers and attackers catalog vulnerable systems connected to the Internet, from videoconferencing systems set to auto-answer, to open point-of-sale servers, to poorly configured database systems
Application Monitoring For Security Professionals
Keeping an eye on applications can help your organization avoid data breaches. Here are some tips on how to do it right
U.S. Creates System To Look For 'Future Crimes'
In March, the United States granted counterterrorism officials the ability to hold data on Americans for up to five years. Now, the controversy surrounding the data-analysis program has come to light
Errant Google Domain Traced To CA's Mistakes
Certificated authority Turktrust details internal errors that led to phony digital certificates
Phony Google Digital Certificate Blocked By Browser Vendors
Google, Microsoft, and Mozilla are each addressing the problem with security updates to protect users
'Eurograbber' Lets Attackers Steal 36 Million Euros From Banks, Customers
Cybercriminals combine new Trojan with SMS malware to crack online banking systems
Securing SMB Online Transactions
Giving consumers the assurances they need to know they're securely sending their private information to your business
Stepping Up SMB Security
When your company is the third-party vendor, improved security practices, transparency and independent reviews to prove your claims can go a long way toward winning enterprises embattled by attacks and the burden of compliance
SMB Retailers Should Remember PCI This Black Friday
PCI Council suggests hiring a certified pro to help avoid common SMB PCI pitfalls
Is Vulnerability Management Broken?
Some argue that it is time to rethink the vulnerability management hamster wheel
Top Mobile Vulnerabilities And Exploits Of 2012
Spoofing, banking attacks, authentication flaws, and more top the list of 2012's biggest mobile security headaches
DARPA Looks For Backdoors, Malware In Tech Products
In the wake of concerns about Huawei and ZTE equipment security, defense research agency seeks help identifying backdoors and malicious capabilities in software and firmware
SSNs, Salary Information Exposed In Breach Of Army Servers
'Unknown' attackers access databases of information on 36,000 people
Don't Throw Away Your DAM Money
Make the most out of database activity monitoring through better tuning
Making Database Security Your No. 1 2013 Resolution
How database-centric practices would change your security strategy and risk profile in the coming year
How To Get Your MSSP In Line With Expectations
Managed security service providers can help your organization save time and money -- if you know the right way to work with them
Protecting Data In The Cloud Without Making It Unusable
Encrypting data in the cloud is an important security step, but without the proper handling, it can make processing the data -- from searching to number crunching -- much more difficult
Free Browser Scan Service Debuts
New Rapid7 offering provides baseline view of state of end user browser security
Of Mayans And Malicious Macros
New attack poses as PowerPoint presentation on the end of the world
Five Significant Insider Attacks Of 2012
From the recent theft of counterterrorism data from Switzerland's intelligence agency to remotely wiretapping boardroom videoconferencing systems, a number of attacks had an inside component
Tech Insight: 5 Myths Of Software Security
Why do vulnerabilities keep cropping up in software? Here are five reasons -- and what developers can do about them
CipherCloud Expands Management Team
Prolexic Releases Threat Advisory To Detail Massive DDoS Threat From itsoknoproblembro
PandaLabs Reveals Most Unique Viruses Of 2012 In Its Annual Virus Yearbook
Cybersecurity -- A Vital New Year's Resolution For Business And Consumers
Sophos Unveils Thirteen IT Security Trends For 2013
ESET: Mobile Malware, Botnets, Attacks On The Cloud And Data Breaches Expected To Grow
Verisign Reports 246MM Domain Names At End Of Q3 2012
Voltage Partners With PerspecSys To Improve Cloud Data Protection
Trustonic Provides New Standard Of Trust And Security For Connected Device
New Automated Risk-Based Payment Fraud Prevention Application
EXODUS INTELLIGENCE
Bypassing Microsoft�s Internet Explorer 0day 'Fix It' Patch For CVE-2012-4792
JANUARY 04, 2013
| Researchers were able to bypass Microsoft's Fix It solution for the new zero-day flaw in IE and compromise a fully patched system with a variation of the exploit
CHRISTIAN SCIENCE MONITOR
Secret US Cybersecurity Program To Protect Power Grid Confirmed
JANUARY 04, 2013
| The National Security Agency is spearheading a program to develop technology to protect the power grid from cyberattack � and this has privacy rights groups concerned
THREAT POST
Adobe To Patch Reader, Acrobat; Warns Of Coldfusion Exploit
JANUARY 04, 2013
| Newly found bugs in Adobe Reader and Acrobat are not being exploited, but Adobe is working on a fix for a bug in ColdFusion that is being used in attacks
HELP NET SECURITY
Microsoft To Release Seven Advisories On Tuesday
JANUARY 04, 2013
| Among the patches coming from Microsoft next week is a server patch that fixes a worm-able bug
MCAFEE BLOG
Losing A Mobile Phone Doesn't Have To Stink
JANUARY 04, 2013
| Password-protect, back-up data, don't store app logins, record your serial number, and run antivirus that tracks lost phones
SOFTPEDIA
HeartBeat: Advanced Persistent Threat Aimed At South Korean Government
JANUARY 04, 2013
| APT campaign studied by Trend Micro has been going after the South Korean government and related organizations since at least 2009
INFOSECURITY MAGAZINE
Dissection Of 'Itsoknoproblembro,' The Ddos Tool That Shook The Banking World
JANUARY 04, 2013
| A look at the DDoS attacks targeting U.S. banks that at one time peaked at 70 Gbps
NAKED SECURITY BLOG
How A Regular IT Guy Helped Catch A Botnet Cybercriminal
JANUARY 04, 2013
| Sophos customer who saved a copy of the IRCBot and helped identify the damage of the malware helped authorities catch a bad guy behind a botnet
A look at the 25 most popular stories ever posted on the pages of Dark Reading.
- Security Pros With Written Career Plans Make More Money
- 'Robin Sage' Profile Duped Military Intelligence, IT Security Pros
- Criminals Hide Payment-Card Skimmers Inside Gas Station Pumps
- Anatomy Of A Targeted, Persistent Attack
- Security's Top 4 Social Engineers Of All Time
- Six Messy Database Breaches So Far In 2010
- Kaminsky Issues Developer Tool To Kill Injection Bugs
- Spear-Phishing Attacks Out Of China Targeted Source Code, Intellectual Property
- Slideshow: Fashion Statements From Defcon 2010
- Turkish Hackers Take Out Top Porn Site
- Attack Unmasks User Behind The Browser
- Five Ways To (Physically) Hack A Data Center
- New IM Worm Spreading Fast
- Facebook's Security Team Frustrates Cybercriminals
- 'Aurora' Exploit Retooled To Bypass Internet Explorer's DEP Security
- U.S. Fails Test In Simulated Cyberattack
- Six Healthcare Data Breaches That Might Make Security Pros Sick
- Secure USB Flaw Exposed
- Suspected Child Porn Hub Taken Offline
- Why Employees Break Security Policy (And What You Can Do About It)
- N.J. Supreme Court Rules Employers Can't Always Read Personal Email
- Social Engineering, The USB Way
- Antivirus Rarely Catches Zbot Zeus Trojan
- 7 Steps For Protecting Your Organization From 'Aurora'
- Busted Alleged Russian Spies Used Steganography To Conceal Communications
Take The Value of Information Security Certifications Survey
Just what value information security certifications really provide the security professional is a widely debated topic. Information Security Leaders, an independent security career website, wants to hear from you, the information security pro, on whether these certifications are meaningless or valuable to your career. Take the anonymous survey on how security pros feel about this topic here. You can also receive the final results via email.
Free Vulnerability Management Trial
Qualys is offering a free 14-day trial of its vulnerability management solution, which helps enterprises identify, fix, and report on network security threats.
Free Security Tools from Sophos
Scan for security risks, threats, rootkits and unauthorized applications.
Info-Tech Research Group
A specialist in small and medium-sized businesses, Info-Tech offers a different perspective than research houses that focus on the Fortune 1000.
������� �����
Sponsored Resource Center
Current Issue
In this issue:
- Holes In BYOD: Time to patch your security policy to address people bringing their own mobile devices to work.
- Five Tips For Better BYOD Security: Letting employees use their own devices for work doesn't have to be complicated.
- Mobile Device Security On The Road: Metasploit creator HD Moore has five practical tips for business travelers.
- Are You At Home Or At Work? Smartphones and tablets have erased the line between home and work, raising security issues.
In this special issue:
- Digital Certificates: Recent breaches have tarnished this Web security technology. Here are five ways to keep it going.
- Newer Technology Isn't Necessarily Better: There's a lot of pressure to keep up with the latest in security technology, but that doesn't mean some older tech isn't worth another look.
Video
Evil Bytes
BY John H. Sawyer
Black Hat, BSides, Def Con: Defenders, Take Note
July 24, 2012
11:53 AM -- Summer security conferences include defense-related topics on top of the usual offensive fare
SophosLabs Insights
BY David Schwartzberg, Senior Security Engineer
Sophos
Advisory: As New Year Approaches, Android Malware Detection Growing
December 31, 2012
04:52 PM -- As 2012 comes to a close, cybercriminals are taking advantage of your Android app purchases with mobile malware. Be on high alert after you install new Android apps from third-party markets and Google's
Hacked Off
BY Mike Rothman
The Only Security Prediction That Matters
December 26, 2012
04:59 PM -- In this silly season of year-end predictions, we need to collectively revisit the only prediction that will matter next year
Security Views
BY Wendy Nather
You Keep Using That Word ...
January 04, 2013
03:40 PM -- When monitoring doesn't mean what you think it does
Dark Dominion
BY Tim Wilson
Dark Reading Launches Tech Centers On Risk, Identity Management
July 16, 2012
02:06 PM -- New Dark Reading subsites focus on risk measurement and strategy, identity and access management
Featured Resources
Security Whitepapers
- What is SaaS, and Should SMBs Consider Using It?
- The Compliance Trap: Compliance for compliance's sake is not a best practice in protecting cardholder data
- Secure Managed Web Hosting Saves 960.gs from Malicious Hackers
- Access Governance as a Business Service: An Integrated Strategy for Automation with ITSM
- Business Driven Access Management and Governance: Simplifying the Delivery and Governance of Access Throughout
14th Annual CSI SurveySecurity pros generally happy with products; not so much with awareness programs
MORE
|
Published:2010-11-03
Severity:High
Description:Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method.
Published:2010-11-03
Severity:High
Description:Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information.
Published:2010-11-03
Severity:Medium
Description:Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.
Published:2010-11-03
Severity:High
Description:Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.
Published:2010-11-03
Severity:Medium
Description:SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033.