Slideshows
4 Slideshows
Slide Show: 10 Ways Attackers Automate Malware ProductionPeeking into the attackers' toolbox to see how they automate malware production and flood the internet with millions of unique malware applications |
Slide Show: 8 Egregious Examples Of Insider ThreatsReal-world case studies from the CERT Insider Threat Center |
Slide Show: 10 Password Database FailsEvernote's most recent password breach is the same refrain from a song the industry has been singing for a while -- check out some of the worst password cache compromises |
|||
10 Free SMB Security ToolsThis slide show features an assortment of solutions that SMBs can use to minimize their security spend |
Slide Show: 10 Security-Service Startups To Remember In 2012With the security services market growing by more than 23 percent per year, it's no wonder that 2012 had its share of startup launches and young companies taking off |
Slide Show: Top 10 Malware Advances In 2012Blackhole's business model, Flashback's Mac fetish, ransomware's resurgence with Reveton, and Gauss' ability to guard against analysis among the game-changers this year |
|||
Slide Show: 2012 Pastebin PinupsSome of the most embarrassing dumps of leaked databases, exposed corporate IP and breached customer records in 2012 |
Slide Show: The Vulnerability 'Usual Suspects' Of 2012Here's the list of applications, companies, and targets that dominated vulnerability and exploit headlines in 2012 |
Slide Show: 10 Free Governance Risk And Compliance ToolsWhile expensive risk management products can certainly help a GRC program, any organization can get started measuring risk and making more disciplined decisions using these tools and templates |
|||
Slide Show: Memorable Moments From Black Hat 2012A look at some of the demos, hacks, awards, and parties at this year's Black Hat USA 2012 convention |
Slide Show: 10 Free Database Security ToolsWhile many database protection suites are an expensive proposition, there are a number of free tools available to organizations seeking cost-effective ways to begin securing their databases |
Slide Show: 10 SQL Injection Tools For Database PwnageBlack hat hackers and pen testers alike use these tools to dump data, perform privilege escalations, and effectively take over sensitive databases |
|||
Slide Show: The (Not-So) Elite Eight In Higher Ed Breach MadnessBasketball has March Madness, but higher ed IT should be competing to stay out of the brackets for last year's worst breaches |
Slide Show: 10 Movie Scenes Of Authentication Worth RewatchingFrom the prophetic to the downright silly, these scenes are sure to entertain any security pro |
Slide Show: Top 10 Holiday Phishing ScamsThe following scams demonstrate the ways attackers are crafting their messages during the holidays |
|||
Ten Big Breaches In 2011No one was immune: not social networks, not financial institutions, and not even security firms |
Slide Show: 10 Tips And Best Practices For Becoming A Data Security DetectiveTips from security insiders on gathering and analyzing security intelligence and identifying new threats, as well as APT attacks |
Slide Show: Sights And Sounds Of Black Hat USA 2011Zombies, robots, 'war-flying' drones, PWN phones -- and scary, real-world SCADA hacks were among the mix of lighthearted and deadly serious demonstrations and presentations at this year's Black Hat USA in Las Vegas |
|||
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- Endpoint Security: End user security requires layers of tools and training as employees use more devices and apps.
- Security Isn't A Piece Of Cake: It's time we rethink the conventional wisdom about security layering.
- BYOD Is Here To Stay: Trying to keep employees' devices off the network is futile.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3927
Unspecified vulnerability in the client library in Siemens COMOS 9.2 before 9.2.0.6.10 and 10.0 before 10.0.3.0.4 allows local users to obtain unintended write access to the database by leveraging read access.
CVE-2013-3647
The WebView class in the Cybozu Live application before 2.0.1 for Android allows attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. NOTE: this vulnerability exists because of a CVE-2012-4009 regression.
CVE-2013-3646
The Cybozu Live application before 2.0.1 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. NOTE: this vulnerability exists because of a CVE-2012-4008 regression.
CVE-2013-3644
Unspecified vulnerability in JustSystems Ichitaro 2006 through 2013; Ichitaro Pro through 2; Ichitaro Government 6, 7, and 2006 through 2010; Ichitaro Portable with oreplug; Ichitaro Viewer; and Ichitaro JUST School through 2010 allows remote attackers to execute arbitrary code via a crafted document.
CVE-2013-4616 (iphone_os)
The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack that leverages the insufficient number of possible passphrases.