Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in October 2013
Page 1 / 3   >   >>
Once-A-Year Risk Assessments Aren't Enough
News  |  10/31/2013  | 
Why experts believe most organizations aren't assessing IT risks often enough
Simple Security Is A Better Bet
Commentary  |  10/31/2013  | 
Complex security programs are little better than no security
Q&A: FedRAMP Director Discusses Cloud Security Innovation
Commentary  |  10/31/2013  | 
Maria Roat, FedRAMP director, speaks with former Transportation Department CIO Nitin Pradhan on the federal government's approach to security assessment, authorization, and continuous monitoring for cloud products and services.
Silent Circle, Lavabit Team On New Secure Email Protocol
Quick Hits  |  10/31/2013  | 
Dark Mail Alliance aims to create open-source email protocol and architecture for the industry in wake of NSA spying revelations
Shortage Of Women Hurting IT Security Industry, Study Finds
Quick Hits  |  10/31/2013  | 
(ISC)2 survey indicates that women have the skills and attitudes most needed in infosec
Looking For A Security Job? You Don't Need To Be Bo Derek
Commentary  |  10/30/2013  | 
7 tips to convince a hiring manager that you're a perfect fit.
Naming And Shaming Unlikely To Work For Cyberespionage
News  |  10/30/2013  | 
Why a whistleblower's evidence of widespread surveillance by the NSA has caused the U.S. government to react, but Mandiant's revelations about Chinese espionage fail to curb that nation's efforts
Social Engineers Pwn The 'Human Network' In Major Firms
News  |  10/30/2013  | 
Apple, General Motors, Home Depot, Johnson & Johnson, Chevron, Boeing, and other major corporations easily fall to social engineers in recent contest, new report shows
NSA Reportedly Taps Google, Yahoo Data Centers
News  |  10/30/2013  | 
National Security Agency can intercept traffic from Google's and Yahoo's data centers outside the U.S., according to documents from Edward Snowden.
MongoHQ To Customers: Change Database Passwords
News  |  10/30/2013  | 
Following security breach, MongoDB hosting firm advises customers to change database passwords as it locks down systems and bolsters security defenses.
Software Security Maturity Plods Along
News  |  10/30/2013  | 
Building Security In Maturity Model (BSIMM) project releases fifth annual study results
Study: Cyber Monday Attacks Cost Enterprises Up To $3.4M Per Hour
Quick Hits  |  10/30/2013  | 
Holiday shopping season is popular time for launch of sophisticated attacks, RSA study says
Vanishing IT Security Boundaries Reappearing Disguised As Identity
Commentary  |  10/30/2013  | 
It's that time of year, when nothing is as it seems. If cloud and mobile are haunting your dreams, consider some open protocol treats.
Attackers Crib Exploit Code, But Net Benefit For Defenders
News  |  10/29/2013  | 
Researcher finds that the top 20 crime packs copy exploit code from security researchers and sophisticated attackers, but doing away with public disclosure is no solution
Think Hackers Are IT's Biggest Threat? Guess Again
Commentary  |  10/29/2013  | 
More than one third of all data security breaches at government agencies are caused accidentally by internal employees.
Quick Guide To Flash Storage Latency Wars
Commentary  |  10/29/2013  | 
Because latency is the key performance differentiator in server-side flash, SSD, PCIe and memory bus flash storage vendors are competing on speed.
Google Captcha Dumps Distorted Text Images
News  |  10/29/2013  | 
Tired of reading those wavy words? Changes to Google's reCaptcha system -- which doubles as quality control for its book and newspaper scanning projects -- prioritize bot-busting puzzles based on numbers.
Microsoft Software, Overall Operating System Vulnerability Disclosures Rise
News  |  10/29/2013  | 
Windows XP machines six times more likely to be infected by malware than newer versions of the OS, according to new Microsoft Security Intelligence Report (SIR)
Syrian Hackers Attack Obama's Website
News  |  10/29/2013  | 
Pro-Syrian regime hackers gain ability to redirect Twitter and Facebook short links because staff failed to use Google two-factor authentication.
New 'Whistleblower' Portal Lets User Report Incidents Anonymously
Quick Hits  |  10/29/2013  | 
GRC Vendor LockPath offers whistleblower portal to let users anonymously report complaints, security violations
Slide Show: 10 Free Network Defense Tools
Slideshows  |  10/28/2013  | 
Affordably protect the perimeter and beyond with these handy network security utilities and toolkits
Centrify Launches Partner Program
News  |  10/28/2013  | 
Centrify Alliance Partner Program members can now more formally engage with Centrify and leverage its cloud and mobile identity solutions
Failure To Deploy: Aided And Abetted By Shelfware
Commentary  |  10/28/2013  | 
It takes more than technology acquisition to protect against the insider threat -- just ask the NSA
BYOD Network & Security at GITEX 2013, Dubai
BYOD Network & Security at GITEX 2013, Dubai
Dark Reading Videos  |  10/28/2013  | 
Asfar Zaidi of Huawei Enterprise talks about the latest BYOD solutions in the industry.
Dutch Banking Malware Gang Busted: Bitcoin's Role
News  |  10/28/2013  | 
Dutch police arrest four men on charges of using TorRAT banking malware to steal an estimated $1.4 million from consumers. They allegedly laundered the funds using the cryptographic currency known as Bitcoins.
LinkedIn Defends 'Intro' Email Security
News  |  10/28/2013  | 
LinkedIn responds to user and security expert concerns about new email feature, cites measures it took to make LinkedIn Intro safe.
Breach At PHP.net Causes Site To Serve Malware
Quick Hits  |  10/27/2013  | 
Popular PHP.net developer site distributed malware after experiencing server security breaches
Tech Insight: Enterprise Security's Overlooked Factor -- The End User's Age
News  |  10/26/2013  | 
Depending on their age, end users' attitudes toward security may differ significantly. Here's how
Identity Management In The Cloud
News  |  10/25/2013  | 
Managing and securing user identities in the cloud is getting complicated.
Chinese Antivirus Firm NQ Called 'Massive Fraud'
News  |  10/25/2013  | 
Mobile anti-malware software developer NQ Mobile denies charges that it inflates its market share and makes spyware.
Researchers Flag Security Flaws In New LinkedIn Offering
Quick Hits  |  10/25/2013  | 
LinkedIn's new "Intro" tool could be a security nightmare waiting to happen, researchers warn
To Determine Threat Level, Context Matters
News  |  10/24/2013  | 
Computers communicating with the Amazon cloud, users logging in after hours, and the risk posed by Java; without context, evaluating threats is nearly impossible
WhiteHat Security Releases Web Browser To Fight Off Ads, Tracking
News  |  10/24/2013  | 
WhiteHat's Aviator browser promises better privacy online
Experian Breach Fallout: ID Theft Nightmares Continue
Commentary  |  10/24/2013  | 
Data brokers amassing gigantic data stores of people's valuable personal information are too big to not fail. Why are consumers getting stuck with the mess?
Browser Fingerprinting: 9 Facts
News  |  10/24/2013  | 
Tracking technology that can identify individual identities and devices is improving faster than consumers might realize, warn privacy researchers.
LinkedIn Intro Service Triggers Security, Privacy Fears
News  |  10/24/2013  | 
LinkedIn wants to scans your emails to add more information about the sender, raising the hackles of security and privacy advocates.
Catching Mobile Malware In The Corporate Network
News  |  10/23/2013  | 
As more malicious mobile apps arrive, security firms roll out different methods of detecting the malware inside business networks
Malicious Mobile Tracking Made Easy
News  |  10/23/2013  | 
Black Hat Sao Paulo speaker discusses Snoopy, a distributed mobile tracking network that can profile users online and in the real world
NIST Releases Preliminary Cybersecurity Framework
News  |  10/23/2013  | 
Proposal offers private and public-sector organizations a common language for understanding and managing cybersecurity risk.
Using Risk Assessment To Prioritize Security Tasks And Processes
Quick Hits  |  10/23/2013  | 
Prioritizing security tasks based on real risk measurements can be tough. Here's some advice to get you started
Visualizing Security Analytics That Don't Stink
News  |  10/22/2013  | 
Data visualizations can make or break efforts in data-driven security
Google Project Shield Promises DDoS Attack Prevention
News  |  10/22/2013  | 
Project Shield service is designed to keep static websites for human rights, election and news groups online, but it might presage a commercial Google DDoS defense service.
Dept. Of Energy Breach: Bigger Than We Realized
News  |  10/22/2013  | 
DOE says July data breach affected more than double the number of people in initial estimates. CIO tasks an independent investigator to probe breach and agency's technology infrastructure.
Generation Y Users Say They Will Break Corporate BYOD Rules
Quick Hits  |  10/22/2013  | 
Majority of users ages 21 to 32 say they would flout company policies restricting the use of personal devices
Catching Malware With DNS As A Service
News  |  10/21/2013  | 
A cloud provider used to be the low-cost option for domain-name system (DNS) services, but the ability to act as a security proxy has convinced many that cloud is better
How To Avoid Breaches Where You Least Expect Them
News  |  10/21/2013  | 
Vulnerabilities and threats could lurk in the most mundane of systems
Aviator Browser Blocks Ads, Cookies By Default
News  |  10/21/2013  | 
Google Chrome, Microsoft Internet Explorer and Mozilla Firefox betray privacy for ad revenue, claims WhiteHat Security, maker of new privacy-first Aviator browser.
Experian Sold Data To Vietnamese ID Theft Ring
News  |  10/21/2013  | 
Fake private investigation firm tricked data broker into divulging numerous Americans' names, social security numbers, birthdates and bank account numbers.
Is Your DNS Server A Weapon?
Commentary  |  10/21/2013  | 
As we improve our defenses against distributed-denial-of-service (DDoS) attacks, the bad guys adapt and step up their game, too. Here's how to use your domain name servers to ward off hackers.
Agiliance-Former CIA CISO Offer Cybersecurity Evals
News  |  10/21/2013  | 
Online Cyber Stress Test uses the Agilance RiskVision cloud platform to evaluate an organization's preparedness against cyber-risks
Page 1 / 3   >   >>

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
How Enterprises Are Assessing Cybersecurity Risk in Today's Environment
The adoption of cloud services spurred by the COVID-19 pandemic has resulted in pressure on cyber-risk professionals to focus on vulnerabilities and new exposures that stem from pandemic-driven changes. Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-01-23
xhtml_translate_entity in xhtml.c in epub2txt (aka epub2txt2) through 2.02 allows a stack-based buffer overflow via a crafted EPUB document.
PUBLISHED: 2022-01-23
Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 1.0.34.
PUBLISHED: 2022-01-22
Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.
PUBLISHED: 2022-01-22
An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.
PUBLISHED: 2022-01-22
An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.