FOLLOW US
Pair Of Fines Levied On Breached Companies Show Real Costs of Database Hacks
Apr 22,2010 |
Fidelity National Information Services subsidiary, Davidson & Company each penalized hundreds of thousands of dollars by regulatory agencies
New Policy Revamps Agencies' Approach To FISMA Compliance
Apr 22,2010 |
Guidance takes a 'three-tiered approach'
Health Insurer Notifies More Than 409,000 Of Potential Breach
Apr 21,2010 |
Sensitive medical records found on previously leased digital copier, company says
New Hack Pinpoints Cell Phone User's Location, Personal And Business Relationships
Apr 21,2010 |
Researchers demonstrate a technique that exploits the cell phone infrastructure to compromise cell user's privacy
Product Watch: Microsoft Scraps Forefont Protection Manager Product
Apr 21,2010 |
Software giant says it's aligning security management with systems and application management
Why Employees Break Security Policy (And What You Can Do About It)
Apr 20,2010 |
Companies that monitor network behavior say many employees still break rules in order to get their jobs done
More Than One-Third Of Network Devices Show Vulnerabilities, Study Says
Average device shows more than 40 configuration violations, according to research
Report: Targeted Attacks Evolve, New Malware Variants Spike By 100 Percent
New Symantec Global Internet Threat Report shows evolution of targeted attacks, prevalence of Web-borne attacks, increase in malware variants in 2009
OWASP Issues Top 10 Web Application Security Risks List
Final version of Top 10, published today, focuses on actual risks versus vulnerabilities
Pair Of Fines Levied On Breached Companies Show Real Costs of Database Hacks
Fidelity National Information Services subsidiary, Davidson & Company each penalized hundreds of thousands of dollars by regulatory agencies
Health Insurer Notifies More Than 409,000 Of Potential Breach
Sensitive medical records found on previously leased digital copier, company says
New Hack Pinpoints Cell Phone User's Location, Personal And Business Relationships
Researchers demonstrate a technique that exploits the cell phone infrastructure to compromise cell user's privacy
Politically Motivated Attacks Could Force Enterprises To Reshape Defenses
Targeted attacks could happen to any organization for myriad reasons, report says
Product Watch: RSA Launches CyberCrime Intelligence Service For Businesses
RSA's Anti-Fraud Command Center says 88 percent of Fortune 500 firms have been touched by infected machines, and 60 percent had email account information stolen
Companies Look To Managed Services To Close Security Gaps
Small and midsize businesses look to outsourcing as threats become more complex
Product Watch: Microsoft Scraps Forefont Protection Manager Product
Software giant says it's aligning security management with systems and application management
Why Employees Break Security Policy (And What You Can Do About It)
Companies that monitor network behavior say many employees still break rules in order to get their jobs done
Google Scolded By Privacy Officials
Buzz, the company's social networking arm for Gmail, continues to elicit criticism
First Public Demo Of Sub-$2K Mobile Phone Interception Posted Online
Panda Security Study: Small And Midsize Businesses In The Fog About Online Fraud
70% Of IT Security Pros Favor A Federal Data Breach Law
Survey: Facebook Users Connect From Work, But Avoid The Boss
VeriSign Collaborates For Trust In the Cloud
Generation Y Highly Susceptible To Threats Due To Risky Behavior Online
Citibank Survey: Small Businesses Not Leveraging Online Tools
Veracode Launches Application Intelligence Service
New Partner Program From Symantec Hosted Services
Former AirDefense CEO Mike Potts Joins Lancope As President And CEO
THE WASHINGTON POST
Google Hackers Duped System Administrators To Penetrate Networks, Experts Say
APRIL 21, 2010
| Experts say today's attacks often begin with a seemingly innocuous link or attachment that contains malware
FEDERAL COMPUTER WEEK
HHS Publishes Online List Of Patient Data Breaches
APRIL 21, 2010
| The Department of Health and Human Services is now publishing a list online of breaches of private patient health care data -- the list currently shows more than 60 such events
IT PRO NEWS
New Zeus Trojan Targets Firefox Online Banking Users
APRIL 21, 2010
| A new version of the Zeus Trojan can exploit the Firefox browser to carry out fraud against online banking users, even if the financial institutions are using strong layers of protection
COMPUTERWORLD
Drug-Dealing Spammers Hack Gmail Accounts
APRIL 21, 2010
| Google is investigating reports of hacked Gmail accounts being used for spamming
H ONLINE
Google Closes Vulnerabilities In Chrome 4 For Windows
APRIL 21, 2010
| Google has issued a security update for Chrome for Windows that addresses four high-risk vulnerabilities its browser
BUSINESSWEEK
Ex-Societe Generale Trader Accused of Stealing Code
APRIL 21, 2010
| Samarth Agrawal was charged by the U.S. with stealing the company's computer code for high-frequency trading -- he was arrested today
ROGER HALBHEER ON SECURITY
Detailed Analysis Of An Attack -- Do We Need An International Incident Sharing Database?
APRIL 21, 2010
| A look at how a common set of rules could be set up for collaboration on data breaches
MERCED SUN-STAR
District Says Teacher Hacked Into E-Mails
APRIL 21, 2010
| Fresno Unified School District say a Bullard High School teacher allegedly hacked into the private e-mail accounts of the principal, administrators, and other teachers, as well as into confidential student files
A look at the 25 most popular stories ever posted on the pages of Dark Reading.
- Four Threats for '09 That You've Probably Never Heard Of (Or Thought About)
- PHPBB Password Analysis
- New Phishing Attack Targets Online Banking Sessions With Phony Popups
- IDC Report: Most Insider Leaks Happen By Accident
- Tech Insight: SQL Injection Demystified
- Researchers Build Anonymous, Browser-Based 'Darknet'
- Test Results: 2009 Anti-Malware Suites Better at Sniffing Out Threats
- Researchers Hack Faces In Biometric Facial Authentication Systems
- The 6 Worst Cloud Security Mistakes
- Hacking The Router Patching Conundrum
- Turkish Hackers Take Out Top Porn Site
- Social Engineering, the USB Way
- Weaponizing Apple's iPod Touch
- Defcon: New Hack Hijacks Application Updates Via WiFi
- How Hackers Will Crack Your Password
- Widespread Confickr/Downadup Worm Hard To Kill
- Drive-By 'War Cloning' Attack Hacks Electronic Passports, Driver's Licenses
- The Seven Deadliest Social Networking Hacks
- 'Mafiaboy': Cloud Computing Will Cause Internet Security Meltdown
- Researchers Take Over Dangerous Botnet
- New Trojan Attack Masquerades As CNN News Report On Gaza
- 6 Tips For Doing More Security With Less
- Heartland Struggles To Measure Extent Of Massive Security Breach
- Visa Tests Credit Card With Random Number Generator
- Researchers To Unleash Backbone-Hacking Tools At Black Hat Europe
Free Vulnerability Management Trial
Qualys is offering a free 14-day trial of its vulnerability management solution, which helps enterprises identify, fix, and report on network security threats.
Free Security Tools from Sophos
Scan for security risks, threats, rootkits and unauthorized applications.
Info-Tech Research Group
A specialist in small and medium-sized businesses, Info-Tech offers a different perspective than research houses that focus on the Fortune 1000.
Video
Evil Bytes
BY John H. Sawyer
CSRF Attacks Get New PoC Creation Tool
April 21, 2010
02:06 PM -- Cross site request forgery (CSRF) is a powerful attack that can have devastating consequences. It's not a new attack, but new tools are released every year because Web developers don't always write secure code that can prevent these attacks. Often, CSRF vulnerabilities go undetected because automated scanners have difficulty detecting them.
SophosLabs Insights
BY Graham Cluley
Facebook Users Revolt Over Privacy Changes
April 7, 2010
09:08 AM -- If there's one thing likely to stir Facebook users into action, it's news that their privacy might be being further eroded by the social network.
Hacked Off
BY Gadi Evron
New Full Disclosure, Website Vulnerabilities Database
April 16, 2010
05:26 AM -- The biggest news in security circles in the past day or so is the new full disclosure site, Vulnerable Sites DB database.
Security Views
BY Adrian Lane
PCI: Data Token Alternatives
April 20, 2010
05:05 PM -- When a merchant cannot -- or will not -- replace credit card numbers with tokens provided by its payment processor, how does it secure it database to be PCI-compliant?
Dark Dominion
BY Kelly Jackson Higgins
Share -- Or Keep Getting Pwned
April 2, 2010
01:42 PM -- Forget the bad guys: Sometimes it seems like the security industry doesn't trust itself. There's too much internal hoarding of intelligence for privacy or competitive reasons and too little sharing of information among researchers, victims, and law enforcement about real attacks. All this does is give the cybercriminals an edge.
CS Island
BY Robert Richardson
Will Cyber Shockwave Make Some Waves?
February 17, 2010
10:11 PM -- With March Madness coming up, I recently spent the morning in some rather distinguished company simulating the effect of a March Madness smartphone app that turned out (within the confines of the simulation) to be malware.
Featured Resources
Security Whitepapers
- Patch Authority Ultimate
- Protecting Email: Comparison of Leading Email Management Systems
- SAFE AND SOUND: Ensuring complete protection for your company�s email communication - Wisconsin
- SAFE AND SOUND: Ensuring complete protection for your company�s email communication - Washington
- SAFE AND SOUND: Ensuring complete protection for your company�s email communication - Nevada
- eBay: How the World.s Online Marketplace Secures itself
14th Annual CSI SurveySecurity pros generally happy with products; not so much with awareness programs
MORE
|
Published:2010-04-12
Severity:Medium
Description:The cifs_create function in fs/cifs/dir.c in the Linux kernel 2.6.33.2 and earlier allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a NULL nameidata (aka nd) field in a POSIX file-creation request to a server that supports UNIX extensions.
Published:2010-04-12
Severity:High
Description:Director Agent 6.1 before 6.1.2.3 in IBM Systems Director on AIX and Linux uses incorrect permissions for the (1) diruninstall and (2) opt/ibm/director/bin/wcitinst scripts, which allows local users to gain privileges by executing these scripts.
Published:2010-04-12
Severity:High
Description:Unspecified vulnerability in the login process in IBM WebSphere Portal 6.0.1.1, and 6.1.0.x before 6.1.0.3 Cumulative Fix 03, has unknown impact and remote attack vectors.
Published:2010-04-12
Severity:High
Description:Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted video chunks that use HexTile encoding.
Published:2010-04-12
Severity:High
Description:vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted HexTile-encoded video chunks that trigger heap-based buffer overflows, related to "integer truncation errors."
