News & Commentary

Content posted in January 2013
Page 1 / 3   >   >>
The Physical Security Factor With Cloud Providers
News  |  1/31/2013  | 
Anyone with access to your cloud providers' servers has access to your data. Don't think burglars or Ethan Hunt of 'Mission Impossible': think insiders and search warrants
Military-Grade iOS Secure Messaging App Gets User-Friendlier
Quick Hits  |  1/31/2013  | 
Wickr now sends secure and self-destructing PDFs and images
Hacking The Laptop Docking Station
News  |  1/31/2013  | 
Black Hat Europe researcher builds prototype device that could be used to steal corporate data, listen in on voice calls, videoconferences
RSA, IBM Bet On Big Data Analytics To Boost Security
News  |  1/31/2013  | 
RSA and IBM's turning to big data analytics to improve security monitoring mark what some analysts say could be the wave of the future
Mega Repeat: Search Engine Mimics Dotcom's MegaUpload
News  |  1/31/2013  | 
Crowdsourced MegaSearch site indexes all files on Mega, allowing users to share uploaded, encrypted content.
Big Data Security Discussion
Commentary  |  1/31/2013  | 
Answers to common big-data security questions
Did Chinese Hackers Hit NY Times?
News  |  1/31/2013  | 
Some evidence suggests Chinese involvement in recent attack on The New York Times. Meanwhile, Symantec goes into damage-control mode over failure to block hackers.
Firefox Moves To Block Java, Silverlight, Adobe Reader
News  |  1/31/2013  | 
Mozilla's "click to play" move will block all plug-ins from executing without explicit user authorization.
Legitimate Sites Are Most Likely To Serve Up Malware, Cisco Study Says
Quick Hits  |  1/31/2013  | 
About a third of all malware is encountered in the U.S., Cisco annual security study finds
Data Loss Prevention? There's A Service For That
News  |  1/31/2013  | 
Companies have started offering pay-as-you-go services for data loss prevention to reduce the complexity and the upfront costs
Mozilla Boldly Blocks Browser Plug-Ins For Firefox
News  |  1/30/2013  | 
Security experts applaud new effort by browser vendor that helps protect users from silent, drive-by attacks
Going Green With Your Ones And Zeros
Commentary  |  1/30/2013  | 
For better security, use less data
DARPA: Your Tech Will Self-Destruct
News  |  1/30/2013  | 
Defense Advanced Research Projects Agency seeks a new class of electronic devices that can dissolve on command as a way of staying out of enemy hands.
Want Stronger Passwords? Try Bad Grammar
News  |  1/30/2013  | 
Beware passwords built using too many pronouns or verbs, Carnegie Mellon security researchers say. String together nouns instead.
FBI Busts Alleged Skype 'Sextortionist'
News  |  1/30/2013  | 
Man is accused of extorting over 350 women into posing nude on Skype by threatening to post compromising photos of them to Facebook.
Service Providers In The DDoS, APT Bull's Eye
Quick Hits  |  1/29/2013  | 
Combination network and application-level DDoS attacks on the rise against service providers, Arbor Networks report says
Are Your Databases Audit-Ready?
News  |  1/29/2013  | 
Development of policies, configuration management, encryption implementations, access control and monitoring all contribute to databases passing compliance checks
Millions Of Networked Devices In Harm's Way
News  |  1/29/2013  | 
Unplug Universal Plug And Play (UPnP) to protect routers, storage devices, media players from getting hacked over the Internet, Rapid7 says
Bank DDoS Attackers Claim Victory Regarding Film
News  |  1/29/2013  | 
One copy of widely viewed film that attacks the founder of Islam has been excised from YouTube. But who removed it, and will all copies be pulled?
Unplug Universal Plug And Play: Security Warning
News  |  1/29/2013  | 
Tens of millions of devices with UPnP are remotely exploitable, warns Metasploit creator. New tool detects vulnerable devices, which include 6,900 different product versions spanning 1,500 vendors.
iOS 6.1 Fixes 27 Vulnerabilities
News  |  1/29/2013  | 
20 remote code execution errors in the WebKit browser engine, a staple of Apple security updates, are fixed in the new release for iPhones, iPads, and iPod Touches. Some of the bugs fixed are quite old, with one reported in 2011
Anti-Malware Startup Promises New Approach To Detecting, Analyzing Online Attacks
Quick Hits  |  1/29/2013  | 
TaaSERA emerges from stealth, claims simpler, more effective anti-malware defense package
AMD Suit Offers Lessons On Punishing Insider Thieves
News  |  1/28/2013  | 
Theft of 150,000 documents by AMD employees defecting to nVidia and subsequent lawsuit shows value of monitoring and forensics spend
Java Security Feature FAIL: Researcher Bypasses Java Sandbox, Security Settings
News  |  1/28/2013  | 
'High' and 'Very High' Java security settings won't stop attacks, researcher says
HP Disputes Printer Security Vulnerabilities
News  |  1/28/2013  | 
Weaknesses in printer networking software could be used to bypass authentication, deny service and retrieve documents from any user, Spanish researcher says.
6 Steps To Better Customer Data Protection
News  |  1/28/2013  | 
Privacy isn't a concern just for the Googles and Facebooks of the world. Here are six ways small and midsize businesses (SMB) can better protect their customers -- and themselves.
Combatting Advanced Threats In 2013 Through Basics
Commentary  |  1/28/2013  | 
Focus on fixing the problems of a past generation before focusing on the next
Java Security Work Remains, Bug Hunter Says
News  |  1/28/2013  | 
Proof-of-concept attack can be used to run arbitrary Java apps, despite Oracle's recent security fix.
Google Faces Safari Privacy Claim In U.K.
News  |  1/28/2013  | 
Google is attempting to have similar claims dismissed in the U.S. for lack of harm.
Security No-Man's Land
Commentary  |  1/28/2013  | 
As the industry descends on the RSA Conference to discuss the latest and greatest in security, the underserved midmarket continues to struggle with basic blocking and tackling. The industry machinery is not built to solve that problem
Anonymous Plays Games With U.S. Sites
News  |  1/28/2013  | 
Protesting over death of Internet activist Aaron Swartz, Anonymous defaces U.S. government websites to hide a free game of Asteroids.
Sony Fined Nearly $400,000 For 2011 Database Breach
Quick Hits  |  1/27/2013  | 
British government levies record penalty for a data compromise at Sony
'Red October' Response Shows Importance Of Threat Indicators
News  |  1/25/2013  | 
Researchers provide indicators of compromise for Red October that helps companies check for infections
Anonymous DDoS Attackers In Britain Sentenced
News  |  1/25/2013  | 
Two men receive jail time for botnet attacks on PayPal, MasterCard, Visa and the British anti-piracy lobby as part of Operation Payback.
The Three Worst Words In The English Language: Can't We Just?
Commentary  |  1/25/2013  | 
The road to poor identity and access management architecture is paved with "can't we justs." It's 2013: Find a way
Avoiding IAM's Biggest Blunder
News  |  1/24/2013  | 
Leaving orphan accounts enabled due to poor deprovisioning processes leaves organizations open to fraud and makes it impossible to prove chain of custody
Bugs Found In Baked-In Barracuda Backdoors
Quick Hits  |  1/24/2013  | 
Barracuda releases update, special support 'tunnels' for customers contained flaws that could open the door to attackers
SCADA Security 2.0
News  |  1/24/2013  | 
Siemens will consider whether to offer a bug bounty program as security experts look at new approaches to tackling SCADA security woes
Microsoft Finds People Want More Privacy Control
News  |  1/24/2013  | 
Almost half of U.S. adults feel they can't control how online companies collect personal information.
China Accused Of Java, IE Zero Day Attacks
News  |  1/24/2013  | 
Human rights groups have been victims of "watering hole" attacks using recently discovered -- and patched -- flaws in Java and Internet Explorer, security researcher says.
Sony Slapped With $390,000 U.K. Data Breach Fine
News  |  1/24/2013  | 
U.K. data privacy czar levies huge penalty on the consumer electronics giant over its 2011 PlayStation Network security breach.
Twitter Flaw Exposes Direct Messages To Third-Party Applications
Quick Hits  |  1/24/2013  | 
Applications can view Twitter DMs even without users' permission, researcher says
Supply Chain Uncertainties Complicate Security
News  |  1/23/2013  | 
Los Alamos National Laboratory's move to oust Chinese hardware without any evidence of backdoors highlights how supply-chain insecurities are difficult to manage
What Antivirus Shortcomings Mean For SMBs
News  |  1/23/2013  | 
Accepting the risks that come with relying solely on AV not only puts data at risk, but also could kill future earning potential
New BYOD Threat: Email That Self-Destructs
News  |  1/23/2013  | 
Employees who bring apps like Wickr to work could bypass enterprise security systems.
Alleged Gozi Trojan Creator Among Three Charged by Authorities
News  |  1/23/2013  | 
Three people are facing decades behind bars if convicted of having roles in the malware's spread
Is Mobile Device Management The Answer?
Commentary  |  1/23/2013  | 
MDM software is being considered by healthcare IT execs concerned about security.
'Mega' Insecure: Kim Dotcom Defends Rebooted Megaupload Security
News  |  1/23/2013  | 
Proof-of-concept attack against site's encryption leads to questions over its actual security and privacy protections.
RIM Launches BlackBerry Enterprise Service 10
News  |  1/23/2013  | 
RIM's new mobility management platform will help companies manage BlackBerry 10 devices, as well as those powered by iOS and Android, in an effort to regain relevance in the BYOD market.
You Still Stink At Patching Databases
News  |  1/23/2013  | 
Only about a fifth of organizations patch their databases within three months, and that number is unlikely to get better anytime soon, experts say
Page 1 / 3   >   >>


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15572
PUBLISHED: 2018-08-20
The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.
CVE-2018-15573
PUBLISHED: 2018-08-20
** DISPUTED ** An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata parameter and a pathname in the lf...
CVE-2018-15574
PUBLISHED: 2018-08-20
** DISPUTED ** An issue was discovered in the license editor in Reprise License Manager (RLM) through 12.2BL2. It is a cross-site scripting vulnerability in the /goform/edit_lf_get_data lf parameter via GET or POST. NOTE: the vendor has stated "We do not consider this a vulnerability."
CVE-2018-15570
PUBLISHED: 2018-08-20
In waimai Super Cms 20150505, there is stored XSS via the /admin.php/Foodcat/editsave fcname parameter.
CVE-2018-15564
PUBLISHED: 2018-08-20
An issue was discovered in daveismyname simple-cms through 2014-03-11. There is a CSRF vulnerability that can delete any page via admin/?delpage=8.