News & Commentary

Content posted in November 2013
Page 1 / 3   >   >>
Android Security: 8 Signs Hackers Own Your Smartphone
Slideshows  |  11/29/2013  | 
Security experts share tips on how to tell if attackers are in control of your Android smartphone.
A Mercenary Approach To Botnets
Commentary  |  11/28/2013  | 
When does a botnet become valuable to government intelligence agencies?
Automation, Exercises Shorten Response Time To Advanced Attacks
News  |  11/27/2013  | 
Detecting threats remains a problem, but companies need to improve incident response -- automation can help significantly
NSA Surveillance Fallout Costs IT Industry Billions
News  |  11/27/2013  | 
Analysts predict US tech companies may lose $180 billion by 2016 due to international concerns about intelligence agencies' spying.
Bitcoin Thefts Surge, DDoS Hackers Take Millions
News  |  11/27/2013  | 
Cryptographic currency's massive rise in value leads to a corresponding increase in online heists by criminals seeking easy paydays.
Botnet Takedowns Spur Debate Over Effectiveness, Ethics
News  |  11/26/2013  | 
Attempts to shut down botnets have often failed to cripple the networks, but have led to improved legal strategies, greater public awareness, and stronger links between researchers and law enforcement
Survey: DDos Is Hot, Planning Is Not
Quick Hits  |  11/26/2013  | 
Most organizations don't have a game plan in the event of a distributed denial-of-service (DDoS) attack
Presidential Council Calls For Feds And ISPs To Step Up In Cybersecurity
News  |  11/26/2013  | 
New report to President Obama says feds 'rarely follow' security best practices
Microsoft Office 365 Encrypted Email On Tap
News  |  11/26/2013  | 
Microsoft Office 365 Message Encryption feature will encrypt all messages by default, though recipients will need an Office 365 or Microsoft Account ID to read the mail.
Dataium Settles Browser History Sniffing Charges
News  |  11/26/2013  | 
The car buyer tracking firm was accused of using JavaScript to illegally identify websites visited by 181,000 named consumers, and selling harvested information.
NSA Surveillance: First Prism, Now Muscled Out Of Cloud
Commentary  |  11/26/2013  | 
Companies can no longer discount the risk of losing control of confidential corporate data in the cloud. Government data mining is here to stay, in one invasive form or another.
What IT Can Teach Utilities About Cybersecurity & Smart Grids
Commentary  |  11/26/2013  | 
Protecting smart grids from cyber attack is a popular conversation in information security circles. But the threats are far worse than generally believed.
Hack Of RacingPost.com Puts Users' Personal Information At Risk
Quick Hits  |  11/26/2013  | 
Database breach at RacingPost.com threatens names, addresses, and passwords of customers
Lessons Learned From 4 Major Data Breaches In 2013
News  |  11/25/2013  | 
Breach stats are declining, but data is still at risk from poorly protected databases, applications, and endpoints
At AppSec USA, A Call For Continuous Monitoring
Quick Hits  |  11/25/2013  | 
Speakers, experts at AppSec conference say periodic scanning for application vulnerabilities is no longer enough
CryptoLocker Could Herald Rise Of More Sophisticated Ransomware
News  |  11/22/2013  | 
A smarter approach to encryption is what separates CryptoLocker from other ransomware -- but that might not last long
LG Admits Smart TVs Spied On Users
News  |  11/22/2013  | 
LG admits it collected information on consumers' viewing habits, promises firmware update to honor opt-out requests.
Google Settles With State AGs On Privacy
News  |  11/22/2013  | 
Google agrees to pay $17 million to 37 states to settle claims it circumvented cookie-blocking controls in Apple's Safari browser.
Spamhaus Shows What's Next For Block Listing
Commentary  |  11/22/2013  | 
The broad, silent acceptance of a recent Spamhaus blocking action is a strong indicator that the rules have changed in the battle over spam and other kinds of email abuse.
Threat Intel To Deliver Some Benefits To Cyberinsurance
News  |  11/22/2013  | 
About a third of large companies have a cyberinsurance policy, but the industry still has issues measuring risks and gauging threats
Financial Services Industry Proposes Security Controls For Third-Party, Open-Source Software
News  |  11/21/2013  | 
FS-ISAC addresses potential dangers of insecure software components used by financial firms
Financial Institution Call Centers Targeted By Social Engineers
Quick Hits  |  11/21/2013  | 
One in every 2,500 calls to these sites is from a fraudster trying to steal money, new report says
Application Security: We Still Have A Long Way To Go
Commentary  |  11/21/2013  | 
The past decade shows only trivial progress in improving web app security, according to new vulnerability guidelines in the OWASP Top Ten 2013.
'i2Ninja' Trojan Taps Anonymized Darknet
News  |  11/21/2013  | 
New malware being sold via underground Russian cybercrime markets uses decentralized, anonymizing P2P system.
Who's The Boss Over Your JBoss Servers?
News  |  11/21/2013  | 
If you haven't patched a 2011 vulnerability found in more than 21,000 servers connected online, then the answer could be the person who installed a crimeware webshell
Study: Most Application Developers Don't Know Security, But Can Learn
Quick Hits  |  11/21/2013  | 
Solid training of app developers can reduce vulnerabilities, Denim Group study says
Healthcare.gov Security Hiccups
Commentary  |  11/20/2013  | 
Take two aspirin and call me in the morning
Close HealthCare.gov For Security Reasons, Experts Say
News  |  11/20/2013  | 
Testifying before the House technology committee, four security experts advise would-be HealthCare.gov users to steer clear of the site, pending security improvements.
Cupid Concedes January Hack, 42 Million Passwords Stolen
News  |  11/20/2013  | 
Separately, Github forces some users to reset weak passwords following a rapid attack launched via 40,000 IP addresses.
Mobile App Security: 5 Frequent Woes Persist
News  |  11/20/2013  | 
HP Fortify study finds five frequent problems that make mobile apps vulnerable, recommends simple-to-implement information security fixes.
Stuxnet's Earlier Version Much More Powerful And Dangerous, New Analysis Finds
News  |  11/20/2013  | 
ICS/SCADA expert Ralph Langner analyzes how Stuxnet shifted from super-stealthy to simpler, and dispels common misconceptions about the infamous Stuxnet attack on Iran's nuclear facility -- including the belief that only a nation-state could pull off a similar attack in the future
The New Security Architecture
Commentary  |  11/20/2013  | 
Recent high profile attacks reflect a new reality in which perimeter-based security models are increasingly less effective in protecting key corporate assets and information.
5 Considerations For Post-Breach Security Analytics
News  |  11/19/2013  | 
Preparing collection mechanisms ahead of time, preserving chain of custody on forensics data, and performing focused analysis all key in inspecting security data after a compromise
SMBs Unsure And At Risk, Survey Finds
Quick Hits  |  11/19/2013  | 
New study highlights uncertainty among small to midsize businesses on cyberattacks, threats
iPhone Photo Leads To Cybercrime Arrest
News  |  11/19/2013  | 
The FBI uses an iPhone photo to nab six members of a cybercrime ring accused of stealing $45 million via ATMs.
Glut In Stolen Identities Forces Price Cut In Cyberunderground
News  |  11/19/2013  | 
New report unearths what cybercriminals are charging for stolen identities and hacking services, such as DDoS and doxing
Understanding IT Risk Management In 4 Steps X 3
Commentary  |  11/19/2013  | 
A risk management matrix combines the probability of harm and the severity of harm. In IT terms that means authentication, context, and process.
Anonymous Conducting Breach Campaign On Government Systems, FBI Report Says
Quick Hits  |  11/19/2013  | 
Hacktivist group Anonymous has stolen sensitive data in a year-long campaign against government computers, FBI says
Enterprises Should Practice For Cloud Security Breaches
News  |  11/18/2013  | 
With cloud services collecting more data from businesses, firms should prepare for potential breaches that involve their providers
iOS Mobile Point-of-Sale Fail
News  |  11/18/2013  | 
Trendy 'i' mobile payment systems often rolled out with major security flaws, researcher says
Doomsday Prepping Your Business
Commentary  |  11/18/2013  | 
Security and compliance are your guides to survival
vBulletin.com Hacked, Customer Data Stolen
News  |  11/18/2013  | 
"Inj3ct0r Team" hackers claim they employed vBulletin zero-day bug to take down both vBulletin.com and MacRumors, offer to sell related exploit.
FBI Blames Federal Hacks On Anonymous Campaign
News  |  11/18/2013  | 
A British suspect is accused of attacking numerous government agencies, including the U.S. Army and NASA.
Authentication + Mobile Phone = Password Killer
Commentary  |  11/18/2013  | 
Can the smartphone free us from the drudgery of the much-despised password? There's good reason to hope.
BYOD: 'We Have Met the Enemy & He Is Us'
Commentary  |  11/18/2013  | 
As smartphone adoption continues at an unrelenting pace, the issues surrounding BYOD will become an even more challenging mobile security management issue.
Startup Firm Attacks Mobile Security Problem With Network-Based Offering
Quick Hits  |  11/18/2013  | 
Startup vendor Mojave Networks tackles mobile security via networks, rather than devices
Kelihos Botnet Thrives, Despite Takedowns
News  |  11/17/2013  | 
Fast flux infrastructure and Windows XP infections continue to keep the botnet alive.
Facebook Forces Some Users To Reset Passwords
News  |  11/17/2013  | 
Facebook is asking users whose passwords might have been exposed on other sites to change their passwords to access the social network.
Modeling Users And Monitoring Credentials Prevents Breaches
News  |  11/15/2013  | 
Attackers quickly grab usernames and passwords to leverage an initial compromise into full-blown network access, but companies that monitor user authentication can head off attacks
Page 1 / 3   >   >>


New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Cracking 2FA: How It's Done and How to Stay Safe
Kelly Sheridan, Staff Editor, Dark Reading,  5/17/2018
What Israel's Elite Defense Force Unit 8200 Can Teach Security about Diversity
Lital Asher-Dotan, Senior Director, Security Research and Content, Cybereason,  5/21/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Shhh!  They're watching... And you have a laptop?  
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10000
PUBLISHED: 2018-05-24
In MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file.
CVE-2018-10001
PUBLISHED: 2018-05-24
OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID (DataPath IDentifier) in the features_reply message are inherently trusted by the controller. that can result in Denial of Service, Unauthorized Access, Network Instabil...
CVE-2018-10001
PUBLISHED: 2018-05-24
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed ...
CVE-2018-10003
PUBLISHED: 2018-05-24
curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerab...
CVE-2018-10003
PUBLISHED: 2018-05-24
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been...