Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in October 2013
<<   <   Page 2 / 3   >   >>
Understanding Severity And Criticality In Threat Reporting
Quick Hits  |  10/21/2013  | 
How do you prioritize newly disclosed threats and vulnerabilities? Here are some tips
Next Generation Of SIEMs? Ease Of Use, Analyze More Data
News  |  10/18/2013  | 
Companies looking for better SIEM tools do not require more technology, but systems that can quickly become operational and useful
Huawei Proposes Independent Cybersecurity Testing Labs
News  |  10/18/2013  | 
Independent bodies would be funded by vendors, customers and government agencies, and validate products' performance, security and overall trustworthiness.
10 Pitfalls Of IT Risk Assessment
News  |  10/17/2013  | 
Avoid these assessment mistakes to make better long-term security decisions
SANS Announces Results of its Inaugural Health Care Information Security Survey
News  |  10/17/2013  | 
Concerns over negligent insiders were primary among 65 percent of respondents
Universities Schooled By Malware: Higher Ed Networks 300 Percent More Infected
Quick Hits  |  10/17/2013  | 
New data shows higher-education networks harbor massively more malware than enterprises and government nets
DDoS Attack Used 'Headless' Browsers In 150-Hour Siege
News  |  10/17/2013  | 
Distributed denial-of-service attack employed a browser app toolkit to simulate Web visitors accessing the victim's website
Forget Captcha, Try Inkblots
News  |  10/17/2013  | 
Researchers propose using an inkblot-matching scheme, dubbed Gotcha, to defeat dictionary-based hacks of the Captcha system.
User-Selected Passwords Still Getting Cracked
News  |  10/16/2013  | 
Educating people about good password selection has largely failed as graphics-processor-enabled cracking crunches through billions of possibilities every second
DDoS Attacks Grow Shorter But Pack More Punch
News  |  10/16/2013  | 
DDoS attack sizes are rising even as the duration of the attacks grows shorter, according to Arbor Networks
'Project SHINE' Illuminates Sad State Of SCADA/ICS Security On The Net
News  |  10/16/2013  | 
One million ICS/SCADA devices -- and counting -- found exposed on the public Internet, researchers say
Oracle Issues Massive Security Patch For Java, Databases
News  |  10/16/2013  | 
Oracle's quarterly update includes 127 security patches, including fixes for remotely exploitable Java flaws.
Capturing The Flag, SQLi-Style
News  |  10/15/2013  | 
Black Hat SQL injection workshop instructor develops real-world SQL injection sandbox simulator, invites public for capture the flag event later this month
Windows XP Holdouts Hold On
Quick Hits  |  10/15/2013  | 
New data shows nearly half of XP machines still alive and well among 1 million machines managed by one vendor
Adobe Source Code Theft Unlikely To Cause Spike In Exploits
News  |  10/15/2013  | 
Access to the firm's code for Acrobat, ColdFusion, and Publisher products will make flaws easer to find, but experts disagree whether exploitation will also be easier
The Reality Of Freshly Minted Software Engineers
Commentary  |  10/15/2013  | 
Why do recent computer science graduates need to be retrained when they hit the commercial world?
NSA Harvests Personal Contact Lists, Too
News  |  10/15/2013  | 
Surveillance agency's bid to connect the dots leads to its annually harvesting 250 million global webmail and IM account contact and buddy lists.
Verizon Enhances Cloud-Based Identity Platform
News  |  10/15/2013  | 
Universal Identity Services 2.0 comes with an updated mobile app, QR code-enabled access, and a simplified end-user interface.
Anonymous Targets Alleged Rapists In Maryville, Mo.
News  |  10/15/2013  | 
Hacktivists launch "#OpMaryville," charge that justice wasn't served and rape case should be reopened.
Rejiggering IT Security Budgets For Better Perimeter And Systems Control
News  |  10/14/2013  | 
Put the 'boring' blocking and tackling tools before shiny new expenses
The Long Shadow Of Saudi Aramco
News  |  10/14/2013  | 
New threats, realities of targeted attacks forcing oil and gas companies to rethink and drill down on security
D-Link Router Vulnerable To Authentication Bypass
News  |  10/14/2013  | 
Multiple D-Link, Planex and Virgin Mobile routers have a firmware vulnerability that attackers could exploit to directly access and alter the devices.
NSA Hack Attacks: Good Value For Money?
Quick Hits  |  10/14/2013  | 
Leaked operations manual reveals NSA attack techniques that are not significantly better than common cybercrime capabilities, despite their high cost to government
LinkedIn Preps 'Block User' Capability
News  |  10/14/2013  | 
Feature will help end online stalkers' pursuit of victims.
Flaw In Chrome May Leave Users' Personal Information At Risk
Quick Hits  |  10/13/2013  | 
Vulnerability in Chrome browser could enable attackers to collect data from history files, Identity Finder says
We're All The APT
Commentary  |  10/12/2013  | 
XKeyscore, FoxAcid: APT lines are blurring
Researchers Highlight Security Vulnerabilities In Ship-Tracking System
News  |  10/11/2013  | 
At the Hack in the Box conference, a group of researchers will demonstrate how attackers could fool a system meant to help ships avoid collisions
Google Ads Will Feature You
News  |  10/11/2013  | 
A change in the company's terms of service will put your name and picture in ads shown to your friends.
NSA Hack Attacks: Good Value For Money?
News  |  10/11/2013  | 
Leaked operations manual reveals NSA attack techniques that are not significantly better than common cybercrime capabilities, despite their high cost to government.
GoDaddy Cancels Lavabit's Crypto Key
News  |  10/11/2013  | 
Lavabit owner fights court order demanding he turn over the keys to his encrypted email service to aid the FBI's Snowden investigation.
Cyberthreats Grow More Ominous: Former NSA Chief
News  |  10/11/2013  | 
Microsoft's Craig Mundie, former NSA and CIA chief Gen. Michael Hayden and other experts say cybersecurity attacks are getting more dangerous.
Security Ratings Proliferate As Firms Seek Better Intel
News  |  10/10/2013  | 
Scoring services seek to measure the security of almost every step of the business supply chain, from suppliers and transactions to applications and services
Don't Let 'Spooks' Get Your Cloud Data
Commentary  |  10/10/2013  | 
Lesson from National Cyber Security Awareness Month: Keys are the key, and keep it simple.
Big Data Detectives
News  |  10/10/2013  | 
Could big data be the key to identifying sophisticated threats? Security experts are on the case.
'Spaf' On Security
News  |  10/10/2013  | 
Internet security pioneer Eugene Spafford talks about why security has struggled even after its first big wake-up call 25 years ago, the Morris worm
Google To Reward Fixes For Open Source Software
News  |  10/10/2013  | 
Google expands its bug bounty program, plans to pay programmers who help patch the open-source projects it cares about.
Advertisers Evade 'Do Not Track' With Supercookies
News  |  10/10/2013  | 
Many popular sites use JavaScript and Flash font probes to track users and their browsing habits across multiple devices, researchers say.
NSA Lawsuit Proceeding, Despite Government Shutdown
News  |  10/10/2013  | 
Privacy groups successfully argued that if federal furloughs haven't stopped NSA's call-tracking programs, then related lawsuits shouldn't be delayed.
Google Offers New Bounty Program For Securing Open-Source Software
Quick Hits  |  10/10/2013  | 
New patch rewards program aims to help lock down popular open-source code
Creating And Maintaining A Custom Threat Profile
Quick Hits  |  10/10/2013  | 
Threat intelligence is only useful if it's tailored to your specific organization. Here are some tips on how to customize
Top 15 Indicators Of Compromise
News  |  10/9/2013  | 
Unusual account behaviors, strange network patterns, unexplained configuration changes, and odd files on systems can all point to a potential breach
Legal Fears Put Mobile Backups In Spotlight
News  |  10/9/2013  | 
Users regularly put their most important mobile data in the cloud via with file-sharing and backups, but that's risky to the business
Internet Explorer Zero-Day Times Two
News  |  10/9/2013  | 
Yet another Microsoft IE bug covered in Tuesday's big patch was already being used in the wild in targeted APT-style attacks
Microsoft Patches Two Internet Explorer Bugs
News  |  10/9/2013  | 
Microsoft and Adobe this week release a slew of fixes, including patches for zero-day vulnerabilities and remote code execution flaws.
LulzSec Hackers Evade Irish Jail Time
News  |  10/9/2013  | 
In Ireland's first-ever successful computer crime prosecution, two hackers with ties to LulzSec and Anonymous get probation and fines -- but so far no extradition to face charges in the U.S.
Embrace Your Inner Risk Adviser
Quick Hits  |  10/8/2013  | 
Bridging the gap between security and IT and the business side requires teamwork on building a risk profile
Too Much Security Data Or Not Enough?
News  |  10/8/2013  | 
Addressing the paradox of security analytics challenges
'Blackhole' Activity Dips Amid Reports Of Bust
News  |  10/8/2013  | 
Reports point to possible arrest of Blackhole crimeware author, but changing of the guard is already under way as other kits gain a foothold
NSA Data Center Damaged By Electrical 'Meltdowns'
News  |  10/8/2013  | 
Chronic electrical surges at the NSA's new Utah data center have destroyed $1 million worth of machinery.
Monitoring Security In Cloud Environments
Quick Hits  |  10/8/2013  | 
Using cloud networks can cause the loss of security visibility. Here are some tips for getting it back
<<   <   Page 2 / 3   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24028
PUBLISHED: 2021-04-14
An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.
CVE-2021-29370
PUBLISHED: 2021-04-13
A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website.
CVE-2021-3460
PUBLISHED: 2021-04-13
The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.
CVE-2021-3462
PUBLISHED: 2021-04-13
A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.
CVE-2021-3463
PUBLISHED: 2021-04-13
A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error.