News & Commentary

Content posted in October 2013
Page 1 / 3   >   >>
Once-A-Year Risk Assessments Aren't Enough
News  |  10/31/2013  | 
Why experts believe most organizations aren't assessing IT risks often enough
Simple Security Is A Better Bet
Commentary  |  10/31/2013  | 
Complex security programs are little better than no security
Q&A: FedRAMP Director Discusses Cloud Security Innovation
Commentary  |  10/31/2013  | 
Maria Roat, FedRAMP director, speaks with former Transportation Department CIO Nitin Pradhan on the federal government's approach to security assessment, authorization, and continuous monitoring for cloud products and services.
Silent Circle, Lavabit Team On New Secure Email Protocol
Quick Hits  |  10/31/2013  | 
Dark Mail Alliance aims to create open-source email protocol and architecture for the industry in wake of NSA spying revelations
Shortage Of Women Hurting IT Security Industry, Study Finds
Quick Hits  |  10/31/2013  | 
(ISC)2 survey indicates that women have the skills and attitudes most needed in infosec
Looking For A Security Job? You Don't Need To Be Bo Derek
Commentary  |  10/30/2013  | 
7 tips to convince a hiring manager that you're a perfect fit.
Naming And Shaming Unlikely To Work For Cyberespionage
News  |  10/30/2013  | 
Why a whistleblower's evidence of widespread surveillance by the NSA has caused the U.S. government to react, but Mandiant's revelations about Chinese espionage fail to curb that nation's efforts
Social Engineers Pwn The 'Human Network' In Major Firms
News  |  10/30/2013  | 
Apple, General Motors, Home Depot, Johnson & Johnson, Chevron, Boeing, and other major corporations easily fall to social engineers in recent contest, new report shows
NSA Reportedly Taps Google, Yahoo Data Centers
News  |  10/30/2013  | 
National Security Agency can intercept traffic from Google's and Yahoo's data centers outside the U.S., according to documents from Edward Snowden.
MongoHQ To Customers: Change Database Passwords
News  |  10/30/2013  | 
Following security breach, MongoDB hosting firm advises customers to change database passwords as it locks down systems and bolsters security defenses.
Software Security Maturity Plods Along
News  |  10/30/2013  | 
Building Security In Maturity Model (BSIMM) project releases fifth annual study results
Study: Cyber Monday Attacks Cost Enterprises Up To $3.4M Per Hour
Quick Hits  |  10/30/2013  | 
Holiday shopping season is popular time for launch of sophisticated attacks, RSA study says
Vanishing IT Security Boundaries Reappearing Disguised As Identity
Commentary  |  10/30/2013  | 
It's that time of year, when nothing is as it seems. If cloud and mobile are haunting your dreams, consider some open protocol treats.
Attackers Crib Exploit Code, But Net Benefit For Defenders
News  |  10/29/2013  | 
Researcher finds that the top 20 crime packs copy exploit code from security researchers and sophisticated attackers, but doing away with public disclosure is no solution
Think Hackers Are IT's Biggest Threat? Guess Again
Commentary  |  10/29/2013  | 
More than one third of all data security breaches at government agencies are caused accidentally by internal employees.
Quick Guide To Flash Storage Latency Wars
Commentary  |  10/29/2013  | 
Because latency is the key performance differentiator in server-side flash, SSD, PCIe and memory bus flash storage vendors are competing on speed.
Google Captcha Dumps Distorted Text Images
News  |  10/29/2013  | 
Tired of reading those wavy words? Changes to Google's reCaptcha system -- which doubles as quality control for its book and newspaper scanning projects -- prioritize bot-busting puzzles based on numbers.
Microsoft Software, Overall Operating System Vulnerability Disclosures Rise
News  |  10/29/2013  | 
Windows XP machines six times more likely to be infected by malware than newer versions of the OS, according to new Microsoft Security Intelligence Report (SIR)
Syrian Hackers Attack Obama's Website
News  |  10/29/2013  | 
Pro-Syrian regime hackers gain ability to redirect Twitter and Facebook short links because staff failed to use Google two-factor authentication.
New 'Whistleblower' Portal Lets User Report Incidents Anonymously
Quick Hits  |  10/29/2013  | 
GRC Vendor LockPath offers whistleblower portal to let users anonymously report complaints, security violations
Slide Show: 10 Free Network Defense Tools
Slideshows  |  10/28/2013  | 
Affordably protect the perimeter and beyond with these handy network security utilities and toolkits
Centrify Launches Partner Program
News  |  10/28/2013  | 
Centrify Alliance Partner Program members can now more formally engage with Centrify and leverage its cloud and mobile identity solutions
Failure To Deploy: Aided And Abetted By Shelfware
Commentary  |  10/28/2013  | 
It takes more than technology acquisition to protect against the insider threat -- just ask the NSA
BYOD Network & Security at GITEX 2013, Dubai
BYOD Network & Security at GITEX 2013, Dubai
Dark Reading Videos  |  10/28/2013  | 
Asfar Zaidi of Huawei Enterprise talks about the latest BYOD solutions in the industry.
Dutch Banking Malware Gang Busted: Bitcoin's Role
News  |  10/28/2013  | 
Dutch police arrest four men on charges of using TorRAT banking malware to steal an estimated $1.4 million from consumers. They allegedly laundered the funds using the cryptographic currency known as Bitcoins.
LinkedIn Defends 'Intro' Email Security
News  |  10/28/2013  | 
LinkedIn responds to user and security expert concerns about new email feature, cites measures it took to make LinkedIn Intro safe.
Breach At PHP.net Causes Site To Serve Malware
Quick Hits  |  10/27/2013  | 
Popular PHP.net developer site distributed malware after experiencing server security breaches
Tech Insight: Enterprise Security's Overlooked Factor -- The End User's Age
News  |  10/26/2013  | 
Depending on their age, end users' attitudes toward security may differ significantly. Here's how
Identity Management In The Cloud
News  |  10/25/2013  | 
Managing and securing user identities in the cloud is getting complicated.
Chinese Antivirus Firm NQ Called 'Massive Fraud'
News  |  10/25/2013  | 
Mobile anti-malware software developer NQ Mobile denies charges that it inflates its market share and makes spyware.
Researchers Flag Security Flaws In New LinkedIn Offering
Quick Hits  |  10/25/2013  | 
LinkedIn's new "Intro" tool could be a security nightmare waiting to happen, researchers warn
To Determine Threat Level, Context Matters
News  |  10/24/2013  | 
Computers communicating with the Amazon cloud, users logging in after hours, and the risk posed by Java; without context, evaluating threats is nearly impossible
WhiteHat Security Releases Web Browser To Fight Off Ads, Tracking
News  |  10/24/2013  | 
WhiteHat's Aviator browser promises better privacy online
Experian Breach Fallout: ID Theft Nightmares Continue
Commentary  |  10/24/2013  | 
Data brokers amassing gigantic data stores of people's valuable personal information are too big to not fail. Why are consumers getting stuck with the mess?
Browser Fingerprinting: 9 Facts
News  |  10/24/2013  | 
Tracking technology that can identify individual identities and devices is improving faster than consumers might realize, warn privacy researchers.
LinkedIn Intro Service Triggers Security, Privacy Fears
News  |  10/24/2013  | 
LinkedIn wants to scans your emails to add more information about the sender, raising the hackles of security and privacy advocates.
Catching Mobile Malware In The Corporate Network
News  |  10/23/2013  | 
As more malicious mobile apps arrive, security firms roll out different methods of detecting the malware inside business networks
Malicious Mobile Tracking Made Easy
News  |  10/23/2013  | 
Black Hat Sao Paulo speaker discusses Snoopy, a distributed mobile tracking network that can profile users online and in the real world
NIST Releases Preliminary Cybersecurity Framework
News  |  10/23/2013  | 
Proposal offers private and public-sector organizations a common language for understanding and managing cybersecurity risk.
Using Risk Assessment To Prioritize Security Tasks And Processes
Quick Hits  |  10/23/2013  | 
Prioritizing security tasks based on real risk measurements can be tough. Here's some advice to get you started
Visualizing Security Analytics That Don't Stink
News  |  10/22/2013  | 
Data visualizations can make or break efforts in data-driven security
Google Project Shield Promises DDoS Attack Prevention
News  |  10/22/2013  | 
Project Shield service is designed to keep static websites for human rights, election and news groups online, but it might presage a commercial Google DDoS defense service.
Dept. Of Energy Breach: Bigger Than We Realized
News  |  10/22/2013  | 
DOE says July data breach affected more than double the number of people in initial estimates. CIO tasks an independent investigator to probe breach and agency's technology infrastructure.
Generation Y Users Say They Will Break Corporate BYOD Rules
Quick Hits  |  10/22/2013  | 
Majority of users ages 21 to 32 say they would flout company policies restricting the use of personal devices
Catching Malware With DNS As A Service
News  |  10/21/2013  | 
A cloud provider used to be the low-cost option for domain-name system (DNS) services, but the ability to act as a security proxy has convinced many that cloud is better
How To Avoid Breaches Where You Least Expect Them
News  |  10/21/2013  | 
Vulnerabilities and threats could lurk in the most mundane of systems
Aviator Browser Blocks Ads, Cookies By Default
News  |  10/21/2013  | 
Google Chrome, Microsoft Internet Explorer and Mozilla Firefox betray privacy for ad revenue, claims WhiteHat Security, maker of new privacy-first Aviator browser.
Experian Sold Data To Vietnamese ID Theft Ring
News  |  10/21/2013  | 
Fake private investigation firm tricked data broker into divulging numerous Americans' names, social security numbers, birthdates and bank account numbers.
Is Your DNS Server A Weapon?
Commentary  |  10/21/2013  | 
As we improve our defenses against distributed-denial-of-service (DDoS) attacks, the bad guys adapt and step up their game, too. Here's how to use your domain name servers to ward off hackers.
Agiliance-Former CIA CISO Offer Cybersecurity Evals
News  |  10/21/2013  | 
Online Cyber Stress Test uses the Agilance RiskVision cloud platform to evaluate an organization's preparedness against cyber-risks
Page 1 / 3   >   >>


13 Russians Indicted for Massive Operation to Sway US Election
Kelly Sheridan, Associate Editor, Dark Reading,  2/16/2018
From DevOps to DevSecOps: Structuring Communication for Better Security
Robert Hawk, Privacy & Security Lead at xMatters,  2/15/2018
Facebook Aims to Make Security More Social
Kelly Sheridan, Associate Editor, Dark Reading,  2/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.