News & Commentary
Content posted in November 2013
|
Android Security: 8 Signs Hackers Own Your Smartphone
Security experts share tips on how to tell if attackers are in control of your Android smartphone.
A Mercenary Approach To Botnets
When does a botnet become valuable to government intelligence agencies?
Automation, Exercises Shorten Response Time To Advanced Attacks
Detecting threats remains a problem, but companies need to improve incident response -- automation can help significantly
NSA Surveillance Fallout Costs IT Industry Billions
Analysts predict US tech companies may lose $180 billion by 2016 due to international concerns about intelligence agencies' spying.
Bitcoin Thefts Surge, DDoS Hackers Take Millions
Cryptographic currency's massive rise in value leads to a corresponding increase in online heists by criminals seeking easy paydays.
Botnet Takedowns Spur Debate Over Effectiveness, Ethics
Attempts to shut down botnets have often failed to cripple the networks, but have led to improved legal strategies, greater public awareness, and stronger links between researchers and law enforcement
Survey: DDos Is Hot, Planning Is Not
Most organizations don't have a game plan in the event of a distributed denial-of-service (DDoS) attack
Presidential Council Calls For Feds And ISPs To Step Up In Cybersecurity
New report to President Obama says feds 'rarely follow' security best practices
Microsoft Office 365 Encrypted Email On Tap
Microsoft Office 365 Message Encryption feature will encrypt all messages by default, though recipients will need an Office 365 or Microsoft Account ID to read the mail.
Dataium Settles Browser History Sniffing Charges
The car buyer tracking firm was accused of using JavaScript to illegally identify websites visited by 181,000 named consumers, and selling harvested information.
NSA Surveillance: First Prism, Now Muscled Out Of Cloud
Companies can no longer discount the risk of losing control of confidential corporate data in the cloud. Government data mining is here to stay, in one invasive form or another.
What IT Can Teach Utilities About Cybersecurity & Smart Grids
Protecting smart grids from cyber attack is a popular conversation in information security circles. But the threats are far worse than generally believed.
Hack Of RacingPost.com Puts Users' Personal Information At Risk
Database breach at RacingPost.com threatens names, addresses, and passwords of customers
Lessons Learned From 4 Major Data Breaches In 2013
Breach stats are declining, but data is still at risk from poorly protected databases, applications, and endpoints
At AppSec USA, A Call For Continuous Monitoring
Speakers, experts at AppSec conference say periodic scanning for application vulnerabilities is no longer enough
CryptoLocker Could Herald Rise Of More Sophisticated Ransomware
A smarter approach to encryption is what separates CryptoLocker from other ransomware -- but that might not last long
LG Admits Smart TVs Spied On Users
LG admits it collected information on consumers' viewing habits, promises firmware update to honor opt-out requests.
Google Settles With State AGs On Privacy
Google agrees to pay $17 million to 37 states to settle claims it circumvented cookie-blocking controls in Apple's Safari browser.
Spamhaus Shows What's Next For Block Listing
The broad, silent acceptance of a recent Spamhaus blocking action is a strong indicator that the rules have changed in the battle over spam and other kinds of email abuse.
Threat Intel To Deliver Some Benefits To Cyberinsurance
About a third of large companies have a cyberinsurance policy, but the industry still has issues measuring risks and gauging threats
Financial Services Industry Proposes Security Controls For Third-Party, Open-Source Software
FS-ISAC addresses potential dangers of insecure software components used by financial firms
Financial Institution Call Centers Targeted By Social Engineers
One in every 2,500 calls to these sites is from a fraudster trying to steal money, new report says
Application Security: We Still Have A Long Way To Go
The past decade shows only trivial progress in improving web app security, according to new vulnerability guidelines in the OWASP Top Ten 2013.
'i2Ninja' Trojan Taps Anonymized Darknet
New malware being sold via underground Russian cybercrime markets uses decentralized, anonymizing P2P system.
Who's The Boss Over Your JBoss Servers?
If you haven't patched a 2011 vulnerability found in more than 21,000 servers connected online, then the answer could be the person who installed a crimeware webshell
Study: Most Application Developers Don't Know Security, But Can Learn
Solid training of app developers can reduce vulnerabilities, Denim Group study says
Healthcare.gov Security Hiccups
Take two aspirin and call me in the morning
Close HealthCare.gov For Security Reasons, Experts Say
Testifying before the House technology committee, four security experts advise would-be HealthCare.gov users to steer clear of the site, pending security improvements.
Cupid Concedes January Hack, 42 Million Passwords Stolen
Separately, Github forces some users to reset weak passwords following a rapid attack launched via 40,000 IP addresses.
Mobile App Security: 5 Frequent Woes Persist
HP Fortify study finds five frequent problems that make mobile apps vulnerable, recommends simple-to-implement information security fixes.
Stuxnet's Earlier Version Much More Powerful And Dangerous, New Analysis Finds
ICS/SCADA expert Ralph Langner analyzes how Stuxnet shifted from super-stealthy to simpler, and dispels common misconceptions about the infamous Stuxnet attack on Iran's nuclear facility -- including the belief that only a nation-state could pull off a similar attack in the future
The New Security Architecture
Recent high profile attacks reflect a new reality in which perimeter-based security models are increasingly less effective in protecting key corporate assets and information.
5 Considerations For Post-Breach Security Analytics
Preparing collection mechanisms ahead of time, preserving chain of custody on forensics data, and performing focused analysis all key in inspecting security data after a compromise
SMBs Unsure And At Risk, Survey Finds
New study highlights uncertainty among small to midsize businesses on cyberattacks, threats
iPhone Photo Leads To Cybercrime Arrest
The FBI uses an iPhone photo to nab six members of a cybercrime ring accused of stealing $45 million via ATMs.
Glut In Stolen Identities Forces Price Cut In Cyberunderground
New report unearths what cybercriminals are charging for stolen identities and hacking services, such as DDoS and doxing
Understanding IT Risk Management In 4 Steps X 3
A risk management matrix combines the probability of harm and the severity of harm. In IT terms that means authentication, context, and process.
Anonymous Conducting Breach Campaign On Government Systems, FBI Report Says
Hacktivist group Anonymous has stolen sensitive data in a year-long campaign against government computers, FBI says
Enterprises Should Practice For Cloud Security Breaches
With cloud services collecting more data from businesses, firms should prepare for potential breaches that involve their providers
iOS Mobile Point-of-Sale Fail
Trendy 'i' mobile payment systems often rolled out with major security flaws, researcher says
Doomsday Prepping Your Business
Security and compliance are your guides to survival
vBulletin.com Hacked, Customer Data Stolen
"Inj3ct0r Team" hackers claim they employed vBulletin zero-day bug to take down both vBulletin.com and MacRumors, offer to sell related exploit.
FBI Blames Federal Hacks On Anonymous Campaign
A British suspect is accused of attacking numerous government agencies, including the U.S. Army and NASA.
Authentication + Mobile Phone = Password Killer
Can the smartphone free us from the drudgery of the much-despised password? There's good reason to hope.
BYOD: 'We Have Met the Enemy & He Is Us'
As smartphone adoption continues at an unrelenting pace, the issues surrounding BYOD will become an even more challenging mobile security management issue.
Startup Firm Attacks Mobile Security Problem With Network-Based Offering
Startup vendor Mojave Networks tackles mobile security via networks, rather than devices
Kelihos Botnet Thrives, Despite Takedowns
Fast flux infrastructure and Windows XP infections continue to keep the botnet alive.
Facebook Forces Some Users To Reset Passwords
Facebook is asking users whose passwords might have been exposed on other sites to change their passwords to access the social network.
Modeling Users And Monitoring Credentials Prevents Breaches
Attackers quickly grab usernames and passwords to leverage an initial compromise into full-blown network access, but companies that monitor user authentication can head off attacks
|
White Papers
Video
0 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Shhh! They're watching...
And you have a laptop?
Latest Comment: Shhh! They're watching...
And you have a laptop?
Current Issue
Flash Poll
![[Strategic Security Report] Navigating the Threat Intelligence Maze](https://dsimg.ubm-us.net/asset/393933/543593/DR_ThreatConnect_Report.png)
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-10000
PUBLISHED: 2018-05-24
PUBLISHED: 2018-05-24
PUBLISHED: 2018-05-24
PUBLISHED: 2018-05-24
PUBLISHED: 2018-05-24
From DHS/US-CERT's National Vulnerability Database CVE-2018-10000
PUBLISHED: 2018-05-24
In MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file.
CVE-2018-10001PUBLISHED: 2018-05-24
OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID (DataPath IDentifier) in the features_reply message are inherently trusted by the controller. that can result in Denial of Service, Unauthorized Access, Network Instabil...
CVE-2018-10001PUBLISHED: 2018-05-24
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed ...
CVE-2018-10003PUBLISHED: 2018-05-24
curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerab...
CVE-2018-10003PUBLISHED: 2018-05-24
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been...
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This