Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in October 2013
<<   <   Page 3 / 3
Technology Or Education? Tackling Phishing Requires Both
News  |  10/7/2013  | 
Neither technology nor awareness services can solve the phishing threat, but using both can significantly reduce attackers' success
Evasion Techniques And Sneaky DBAs
Commentary  |  10/7/2013  | 
Why should DBAs introduce security measures that make their jobs harder for the nebulous benefit of better security?
Hacking The Adobe Breach
News  |  10/7/2013  | 
Financially motivated attackers could abuse stolen source code for broader attacks
Sidestepping SDN Security Woes
News  |  10/7/2013  | 
SDN does hold potential security upsides, but organizations should also look out for pitfalls
Infrastructure Cybersecurity: Carrots And Sticks
News  |  10/7/2013  | 
As lawmakers and private industry leaders wrangle over how to best protect our nation's critical infrastructure from cyberattack, existing anti-terror legislation could offer a promising start.
Avira Launches Free Security App And Free 5GM Cloud Storage Account For iPhone, iPad And iPod
News  |  10/7/2013  | 
Avira Mobile Security scans iOS devices for malicious processes
5 Obamacare Health Site Security Warnings
News  |  10/7/2013  | 
Early shakedowns of the health insurance exchange websites show they are vulnerable to cross-site request forgery, clickjacking and cookie attacks, among other risks.
Distributing Malware Through Future App Stores
Commentary  |  10/7/2013  | 
Difficult times ahead for app markets as professional malware developers ramp their evasion techniques
Developing A System For Identifying And Prioritizing Risk
News  |  10/7/2013  | 
Discussing COBIT 5 for Risk guide with ISACA
Firms, Researchers Seek Better Ways To Detect Evasive Threats
News  |  10/4/2013  | 
As defenders increasing use dynamic analysis and sandboxes, attackers have adopted a number of evasion techniques forcing security firms and researchers to adapt
Lavabit Owner Fined For Resisting FBI Demands
News  |  10/4/2013  | 
Unsealed court documents reveal new details in encrypted email service provider's role in protecting identity of whistleblower Edward Snowden.
Operation Payback: Feds Charge 13 On Anonymous Attacks
News  |  10/4/2013  | 
Men accused of launching DDoS attacks against MPAA, RIAA, Visa, MasterCard and other organizations perceived to be hostile to piracy sites and WikiLeaks.
Adobe Customer Security Compromised: 7 Facts
News  |  10/4/2013  | 
Could stolen ColdFusion and Acrobat source code spawn a new generation of zero-day attacks?
At Interop, Plethora Of New Services Leaves Questions About Risk
News  |  10/4/2013  | 
GRC tools may offer security, risk answers as enterprises rely more heavily on service providers
5 Lessons From Real-World Attacks
News  |  10/3/2013  | 
Tales from the trenches show that even small organizations are in the bull's eye
Adobe Hacked: Source Code, Customer Data Stolen
Quick Hits  |  10/3/2013  | 
Adobe Acrobat, ColdFusion source code pilfered, information on nearly 3 million customers exposed
Next-Gen Spam: Quality Over Quantity
Commentary  |  10/3/2013  | 
The industry has been remarkably innovative in developing business models to extract money from the unwary.
Shutdown Heightens Cybersecurity Risks, Feds Warn
News  |  10/3/2013  | 
Federal officials say shutdown is invitation to hackers and puts nation at risk.
NSA Discloses Cellphone Location Tracking Tests
News  |  10/3/2013  | 
National Security Agency director tells Congress that the 2010 mass surveillance pilot program has been discontinued -- at least for the moment.
Stratfor Hacker: FBI Entrapment Shaped My Case
Commentary  |  10/3/2013  | 
Hacker Jeremy Hammond asks for leniency before sentencing, citing the role of FBI informant Sabu in his case. How far can the FBI go with suspected computer criminals?
Attacks On Volatile Memory Can Be Detected, Researchers Say
News  |  10/3/2013  | 
In-memory attacks create processing delays that give hackers away, Triumfant research says
CISO Shares Strategies For Surviving The Inevitability Of Attacks
News  |  10/3/2013  | 
Loop in application, network teams to help spot threats and attacks before they do harm
Identifying And Discouraging Determined Attackers
Quick Hits  |  10/3/2013  | 
Enterprises are finding ways to identify targeted attackers and give them fits. Here's how
CISO Shares Strategies For Surviving The Inevitability Of Attacks
News  |  10/3/2013  | 
Looping in application and network teams can help spot threats and attacks before they do harm.
Securing More Vulnerabilities By Patching Less
News  |  10/2/2013  | 
Companies need to focus on not just fixing known vulnerabilities, but closing potential attack vectors
Silk Road Founder Arrested
News  |  10/2/2013  | 
Infamous online black market alleged to have generated $1.2 billion in sales of illegal products and services since 2011.
Google Wiretapping Lawsuits Can Proceed, Judges Say
News  |  10/2/2013  | 
Lawsuits allege that Google's automated scans of Gmail content for advertising purposes and its Street View Wi-Fi data collection violate wiretap laws.
Online Health Exchanges: How Secure?
News  |  10/2/2013  | 
Is the data hub created by Obamacare a hacker's dream?
WordPress Attacks: Time To Wake Up
Commentary  |  10/1/2013  | 
The latest WordPress hacks highlight our continued laziness when implementing online security, a problem made worse by free, easy-to-use sites.
Security Skills For 2023
Commentary  |  10/1/2013  | 
Align your career with these top security trends
5 Reasons Every Company Should Have A Honeypot
News  |  10/1/2013  | 
A staple of the computer-security toolbox for more than two decades, honeypots can provide companies with unique benefits
Cyberattack Attribution Requires Mix Of Data, Intelligence Sources As False Flag Operations Proliferate
News  |  10/1/2013  | 
A new report from FireEye outlines some clues that can be used to identify the source of a targeted attack, but false flags make attribution difficult
When Your DDoS Defense Service Fails
Quick Hits  |  10/1/2013  | 
Startup launches 'SWAT' backup DDoS defense service
Make The Most Of National Cyber Security Awareness Month
Commentary  |  10/1/2013  | 
NCSAM is a catalyst to get extra attention for your security programs
Researchers Unite To #ScanAllTheThings
News  |  10/1/2013  | 
'Project Sonar' community project launched for sharing Internet-scanning data, tools, and analysis
Penetration Testing With Honest-To-Goodness Malware
Commentary  |  10/1/2013  | 
When did penetration-testing methodologies stop replicating the vectors attackers make?
John McAfee Wants To Shield You From NSA
News  |  10/1/2013  | 
Eccentric antivirus company founder pitches $100 gadget meant to help you evade all forms of electronic surveillance.
WordPress Site Hacks Continue
News  |  10/1/2013  | 
70% of WordPress sites are running outdated software and are vulnerable to hackers launching DDoS attacks. Recent examples hit MIT, NEA and Penn State servers.
$5.4M In Cybersecurity Grants Awarded To University Of Arizona Researchers
News  |  10/1/2013  | 
Grants from the National Science Foundation for projects that will address cybersecurity research and education challenges facing U.S. and international community
Anatomy Of A SQL Injection Attack
Quick Hits  |  10/1/2013  | 
SQL injection has plagued databases for years. Here's a look at how the attacks work -- and what you can do about them
<<   <   Page 3 / 3


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27706
PUBLISHED: 2021-04-14
Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/&quot;IPMacBindIndex &quot;request. This occurs because the &quot;formIPMacBindDel&quot; function directly passes the parameter &quot;IPMacBind...
CVE-2021-27707
PUBLISHED: 2021-04-14
Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/&quot;portMappingIndex &quot;request. This occurs because the &quot;formDelPortMapping&quot; function directly passes the parameter &quot;portMappingIn...
CVE-2021-28098
PUBLISHED: 2021-04-14
An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerability is present in the logging function. SecureConnector runs with administrative privileges and writes logs entries to a file in %PROGRAMDATA%\ForeScout SecureConnector\ that has full permissions for...
CVE-2021-30493
PUBLISHED: 2021-04-14
Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the ChromaBroadcast subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log information. In other wor...
CVE-2021-30494
PUBLISHED: 2021-04-14
Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the Razer Chroma SDK subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log information. In other wo...