fromErik Ribsskog eribsskog@gmail.com
to!enquiries
ccTAYLORG@unhcr.org
bccemail@techwebnewsletters.com
dateFri, Oct 14, 2011 at 3:22 PM
subjectReport of crime/Fwd: New Microsoft Data Puts Zero-Day Threat Into Perspective
mailed-bygmail.com
Images from this sender are always displayed. Don’t display from now on.
hide details 3:22 PM (0 minutes ago)
Hi,
Someone have registered me on a newsletter.
Regards,
Erik Ribsskog
PS.
I send this to the IPCC since I have a Police Complaint-case and an appeal against the PSD. I also send this to the UN, since the IPCC have made a case I had against the Merseyside Police disappear, and I’ve applied to be a refugee, in the UK.
———- Forwarded message ———-
From: Dark Reading Weekly
Date: Thu, Oct 13, 2011 at 6:42 PM
Subject: New Microsoft Data Puts Zero-Day Threat Into Perspective
To: erib.sskog@gmail.com
If you are unable to see the message below, click here to view.
Dark Reading Weekly: Issue Highlights
• NEWS: New Microsoft Data Puts Zero-Day Threat Into Perspective
• KEYHOLE: Many Security Pros In The Dark About Their Own Environments, Study Says
• BLOG: Advanced Threats And Scenario-Based Pentesting
• ANALYTIC REPORT: Secure Software Development Life Cycles: Reducing Risk Throughout The App Dev Process
• WHITEPAPER: Continuous Compliance For Smartphones And Tablets
• NEWS FEED: Qualys And Risk I/O Partner
• TECH CENTER: New Microsoft Data Puts Zero-Day Threat Into Perspective
• DEEP INSPECTION: Physical, Logical Security Worlds Continue Slow Convergence
• BEST OF THE WEB: RSA Blames Breach On Two Hacker Clans Working For Unnamed Government (WIRED)
• BUGS: bloofoxcms
Manage Subscription | Contact Dark Reading | Newsletter Contact
FOLLOW US JOIN US
Thursday, October 13, 2011 KEYHOLE | BLOG | NEWS FEED | TECH CENTERS | DEEP INSPECTION | BEST OF THE WEB | BUGS
THE LATEST SECURITY NEWS ANALYSIS:
New Microsoft Data Puts Zero-Day Threat Into Perspective
Report on infected Windows machines worldwide also highlights slack patching practices
Sony Falls Under Attack Again As Hackers Crack 93,000 User IDs
“Only a fraction” of broken accounts show activity before gaming giant locks users out
More Exploits For Sale Means Better Security
Selling exploits can help companies test their systems, but is there room for an independent market?
Compliance Outside Corporate Walls
Getting third parties that touch regulated data to comply can be as important as your own internal compliance efforts
MORE NEWS
KEYHOLE:
Many Security Pros In The Dark About Their Own Environments, Study Says
It’s 9 a.m. Do you know how many Internet-facing servers you have? Many IT pros don’t, according to a new RedSeal survey
Study: IT Execs Worried About Insider Threat
Annual Amplitude/VanDyke survey also shows that attackers are targeting SMBs more frequently
Security Innovation Network Chooses Top 16 Emerging Companies
Young security vendors recognized for ‘potentially disruptive’ technologies
MORE KEYHOLE
BLOGS:
Advanced Threats And Scenario-Based Pentesting
Posted by Tom Parker
Why your pen-test efforts probably aren’t preparing you for the worst
DerbyCon Fosters Community — Videos Available Online
Posted by John H. Sawyer
DerbyCon’s successful first year reminds us of what the security community is all about: sharing and learning from others, promoting new ideas, and advancing the art of security
iTunes Fraud Generates New Publicity, But Who Is Responsible For Online Fraud?
Posted by Chester Wisniewski, SophosLabs
Consumers should take steps to proactively protect themselves against an attack
Eavesdropping Trojans Used In Cell Phone Spying Case
Posted by Gadi Evron
Israeli case a reminder of all types of social engineering threats
MORE BLOGS
ANALYTIC REPORTS & WHITEPAPERS:
FEATURED REPORTS
Secure Software Development Life Cycles: Reducing Risk Throughout The App Dev Process
The application layer has long topped the attacker hit list, and we continue to hear about data breaches exploiting software vulnerabilities. Yet secure application development remains a low priority in most enterprises. In this report, we provide a blueprint for making security an integral part of the software development life cycle.
DOWNLOAD NOW (Registration Required)
Want Stronger Security? Partner With Compliance Pros
Security professionals often view compliance as a burden, but it doesn’t have to be that way. By embracing government and industry requirements and by working with the teams responsible for enforcing them, the security organization can use compliance to strengthen company defenses and help fund critical security initiatives. In this report, we show the security team how to partner with the compliance pros.
DOWNLOAD NOW (Registration Required)
MORE ANALYTICS
FEATURED WHITEPAPERS
Continuous Compliance For Smartphones And Tablets
The foundation of Mobile Device Management (MDM) begins with the ability to set basic policies, view data about your devices, and take manual action if a device does not meet certain parameters. Learn how to define and implement continuous compliance rules for Apple iOS and Android devices to deal with specific events, contextual changes, and mobile security threats.
DOWNLOAD NOW (Registration Required)
MORE WHITEPAPERS
NEWS FEED:
Qualys And Risk I/O Partner
Private Tunnel: Protect Yourself Against The BEAST
Trend Micro Teams With HyTrust To Enable Cloud Security And Control
New Diebold Innovation Helps Consumers Secure Their Bank Cards And Accounts
Georgia Tech Forecasts Cyber Threats For 2012
MORE NEWS FEED
TECH CENTERS:
From The Advanced Threats Tech Center:
New Microsoft Data Puts Zero-Day Threat Into Perspective
Report on infected Windows machines worldwide also highlights slack patching practices
From The Authentication Tech Center:
Sony Falls Under Attack Again As Hackers Crack 93,000 User IDs
“Only a fraction” of broken accounts show activity before gaming giant locks users out
From The Cloud Security Tech Center
Survey: Organizations Are Cloud-Conflicted
Symantec survey finds less than 20 percent of organizations worldwide have fully implemented cloud services
From The Compliance Tech Center
Compliance Outside Corporate Walls
Getting third parties that touch regulated data to comply can be as important as your own internal compliance efforts
From The Database Security Tech Center:
Five Worst Practices In Database Encryption
Poor encryption deployments risk too much critical information within databases
From The Insider Threat Tech Center:
Study: IT Execs Worried About Insider Threat
Annual Amplitude/VanDyke survey also shows that attackers are targeting SMBs more frequently
From The Security Monitoring Tech Center:
Many Security Pros In The Dark About Their Own Environments, Study Says
It’s 9 a.m. Do you know how many Internet-facing servers you have? Many IT pros don’t, according to a new RedSeal survey
From The Security Services Tech Center:
Startup To Launch New Brand Of SaaS For Post-Incident Response
‘Data loss management’ firm officially launches this week
From The SMB Security Tech Center:
Yet Another Bank Sued By A Small Business For Fraudulent Hacker Transfers
According to Village View, Professional Business Bank says bank responsible for $465K loss to hackers, plus fees and damages suffered in online account breach
From The Vulnerability Management Tech Center:
More Exploits For Sale Means Better Security
Selling exploits can help companies test their systems, but is there room for an independent market?
DEEP INSPECTION:
Physical, Logical Security Worlds Continue Slow Convergence
‘Guards, gates, and guns’ organizations say cybersecurity has become a top priority
MORE DEEP INSPECTION
BEST OF THE WEB:
RSA Blames Breach On Two Hacker Clans Working For Unnamed Government (WIRED)
RSA President Tom Heiser says two separate hacker groups were behind the attack on his company and says it was likely a ‘nation-state sponsored attack’
BlackBerry Outages Spread To The U.S. (THE WASHINGTON POST)
Research in Motion says its BlackBerry network problems have spread from Europe, Asia, Latin America, and Africa to the United States and the rest of North America
WineHQ Database Hacked, Passwords Stolen (ZDNET BLOG)
Attackers infiltrated its database and pilfered usernames and passwords
MORE BEST OF THE WEB
BUGS: ENTERPRISE VULNERABILITIES:
Vulnerability: bloofoxcms
Published: 2011-10-07
Severity: High
Description: SQL injection vulnerability in index.php in BloofoxCMS 0.3.5 allows remote attackers to execute arbitrary SQL commands via the gender parameter.
Vulnerability: smartftp
Published: 2011-10-07
Severity: High
Description: Unspecified vulnerability in SmartFTP before 4.0 Build 1142 allows attackers to have an unknown impact via a long filename.
Vulnerability: pilot_cart
Published: 2011-10-07
Severity: High
Description: SQL injection vulnerability in newsroom.asp in ASPilot Pilot Cart 7.3 allows remote attackers to execute arbitrary SQL commands via the specific parameter.
WEBCASTS:
Becoming A Security Detective: Gathering And Analyzing Security Intelligence In The Enterprise
Oct. 20: In this all-day virtual event, experts will offer detailed insight about how to collect security intelligence in the enterprise, and how to analyze and study it in order to efficiently identify new threats, as well as low-and-slow attacks, such as advanced persistent threats. More Information & Registration
Broken State Of Backup
Oct. 20: Data protection industry analysts agree that “backup is broken.” They identify key areas where current backup models are failing. Join us on this webinar to find out what those areas are and learn about a simple, integrated and proven data protection solution that resolves all of the issues highlighted by key industry observers. More Information & Registration
MORE WEBCASTS
RESOURCES AND EVENTS:
Scanning Reality: Limits Of Automated Vulnerability Scanners
Network-based vulnerability scanners and Web application scanning tools can be invaluable in identifying exploitable flaws in network devices and Internet-facing software, but they may have weaknesses as well. In this Dark Reading Vulnerability Management Tech Center report, we discuss three critical areas in which scanners fall short — and how to pick up your security program where they leave off.
Download Now (Registration Required)
SecTor 2011
Oct. 18-19: Now entering its 5th year, SecTor brings together experts from around the world to share their latest research and techniques. The conference provides an opportunity for IT professionals and managers to connect with their peers and learn from their mentors.
Register Now
Hacker Halter USA 2011
Oct. 21-27, Miami: Hacker Halted USA 2011 is a comprehensive hacker conference covering a broad topic area to provide IT professionals a platform to understand and discuss today’s information security environment. Hacker Halted covers real information security issues, discusses solutions that fit into global security attacks scenarios, and sheds light on how to deal with increasing threats, compliance, as well as regulatory issues.
Register Now
This e-mail was sent to erib.sskog@gmail.com
Dark Reading Weekly Newsletter
— Published By Dark Reading
600 Community Drive
Manhasset, NY 11030
UNSUBSCRIBE | SUBSCRIBE
Keep Getting This Newsletter
Don’t let future editions of Dark Reading Weekly go missing.
Take a moment to add the newsletter’s address to your anti-spam white list:
email@techwebnewsletters.com
If you’re not sure how to do that, ask your administrator or ISP.
Or check your anti-spam utility’s documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2011 | United Business Media LLC | Privacy Statement | Terms Of Service
Contact Dark Reading | Newsletter Contact
