Slideshows
1 Slideshows
Slide Show: 8 Egregious Examples Of Insider ThreatsReal-world case studies from the CERT Insider Threat Center |
Slide Show: 10 Password Database FailsEvernote's most recent password breach is the same refrain from a song the industry has been singing for a while -- check out some of the worst password cache compromises |
10 Free SMB Security ToolsThis slide show features an assortment of solutions that SMBs can use to minimize their security spend |
|||
Slide Show: 10 Security-Service Startups To Remember In 2012With the security services market growing by more than 23 percent per year, it's no wonder that 2012 had its share of startup launches and young companies taking off |
Slide Show: Top 10 Malware Advances In 2012Blackhole's business model, Flashback's Mac fetish, ransomware's resurgence with Reveton, and Gauss' ability to guard against analysis among the game-changers this year |
Slide Show: 2012 Pastebin PinupsSome of the most embarrassing dumps of leaked databases, exposed corporate IP and breached customer records in 2012 |
|||
Slide Show: The Vulnerability 'Usual Suspects' Of 2012Here's the list of applications, companies, and targets that dominated vulnerability and exploit headlines in 2012 |
Slide Show: 10 Free Governance Risk And Compliance ToolsWhile expensive risk management products can certainly help a GRC program, any organization can get started measuring risk and making more disciplined decisions using these tools and templates |
Slide Show: Memorable Moments From Black Hat 2012A look at some of the demos, hacks, awards, and parties at this year's Black Hat USA 2012 convention |
|||
Slide Show: 10 Free Database Security ToolsWhile many database protection suites are an expensive proposition, there are a number of free tools available to organizations seeking cost-effective ways to begin securing their databases |
Slide Show: 10 SQL Injection Tools For Database PwnageBlack hat hackers and pen testers alike use these tools to dump data, perform privilege escalations, and effectively take over sensitive databases |
Slide Show: The (Not-So) Elite Eight In Higher Ed Breach MadnessBasketball has March Madness, but higher ed IT should be competing to stay out of the brackets for last year's worst breaches |
|||
Slide Show: 10 Movie Scenes Of Authentication Worth RewatchingFrom the prophetic to the downright silly, these scenes are sure to entertain any security pro |
Slide Show: Top 10 Holiday Phishing ScamsThe following scams demonstrate the ways attackers are crafting their messages during the holidays |
Ten Big Breaches In 2011No one was immune: not social networks, not financial institutions, and not even security firms |
|||
Slide Show: 10 Tips And Best Practices For Becoming A Data Security DetectiveTips from security insiders on gathering and analyzing security intelligence and identifying new threats, as well as APT attacks |
Slide Show: Sights And Sounds Of Black Hat USA 2011Zombies, robots, 'war-flying' drones, PWN phones -- and scary, real-world SCADA hacks were among the mix of lighthearted and deadly serious demonstrations and presentations at this year's Black Hat USA in Las Vegas |
Slide Show: DDoS With The Slow HTTP POST AttackResearchers demonstrate attack that picks on inherent flaw in HTTP |
|||
Free Research and Reports
Whitepapers
- Three Principles to Improve Data Security and Compliance
- Aligning IT with strategic business goals: A proactive approach to managing IT risk to your business
- Connecting the Dots: Are You Seeing the Complete Big Data Picture?
- How crowdsourced testing has changed the game for innovative software companies
- Ensuring Your Apps Work in the Real World
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3562
Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3561
Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector.
CVE-2013-3560
The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3559
epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet.
CVE-2013-3558
The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.