Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in November 2013
Page 1 / 3   >   >>
Android Security: 8 Signs Hackers Own Your Smartphone
Slideshows  |  11/29/2013  | 
Security experts share tips on how to tell if attackers are in control of your Android smartphone.
A Mercenary Approach To Botnets
Commentary  |  11/28/2013  | 
When does a botnet become valuable to government intelligence agencies?
Automation, Exercises Shorten Response Time To Advanced Attacks
News  |  11/27/2013  | 
Detecting threats remains a problem, but companies need to improve incident response -- automation can help significantly
NSA Surveillance Fallout Costs IT Industry Billions
News  |  11/27/2013  | 
Analysts predict US tech companies may lose $180 billion by 2016 due to international concerns about intelligence agencies' spying.
Bitcoin Thefts Surge, DDoS Hackers Take Millions
News  |  11/27/2013  | 
Cryptographic currency's massive rise in value leads to a corresponding increase in online heists by criminals seeking easy paydays.
Botnet Takedowns Spur Debate Over Effectiveness, Ethics
News  |  11/26/2013  | 
Attempts to shut down botnets have often failed to cripple the networks, but have led to improved legal strategies, greater public awareness, and stronger links between researchers and law enforcement
Survey: DDos Is Hot, Planning Is Not
Quick Hits  |  11/26/2013  | 
Most organizations don't have a game plan in the event of a distributed denial-of-service (DDoS) attack
Presidential Council Calls For Feds And ISPs To Step Up In Cybersecurity
News  |  11/26/2013  | 
New report to President Obama says feds 'rarely follow' security best practices
Microsoft Office 365 Encrypted Email On Tap
News  |  11/26/2013  | 
Microsoft Office 365 Message Encryption feature will encrypt all messages by default, though recipients will need an Office 365 or Microsoft Account ID to read the mail.
Dataium Settles Browser History Sniffing Charges
News  |  11/26/2013  | 
The car buyer tracking firm was accused of using JavaScript to illegally identify websites visited by 181,000 named consumers, and selling harvested information.
NSA Surveillance: First Prism, Now Muscled Out Of Cloud
Commentary  |  11/26/2013  | 
Companies can no longer discount the risk of losing control of confidential corporate data in the cloud. Government data mining is here to stay, in one invasive form or another.
What IT Can Teach Utilities About Cybersecurity & Smart Grids
Commentary  |  11/26/2013  | 
Protecting smart grids from cyber attack is a popular conversation in information security circles. But the threats are far worse than generally believed.
Hack Of RacingPost.com Puts Users' Personal Information At Risk
Quick Hits  |  11/26/2013  | 
Database breach at RacingPost.com threatens names, addresses, and passwords of customers
Lessons Learned From 4 Major Data Breaches In 2013
News  |  11/25/2013  | 
Breach stats are declining, but data is still at risk from poorly protected databases, applications, and endpoints
At AppSec USA, A Call For Continuous Monitoring
Quick Hits  |  11/25/2013  | 
Speakers, experts at AppSec conference say periodic scanning for application vulnerabilities is no longer enough
CryptoLocker Could Herald Rise Of More Sophisticated Ransomware
News  |  11/22/2013  | 
A smarter approach to encryption is what separates CryptoLocker from other ransomware -- but that might not last long
LG Admits Smart TVs Spied On Users
News  |  11/22/2013  | 
LG admits it collected information on consumers' viewing habits, promises firmware update to honor opt-out requests.
Google Settles With State AGs On Privacy
News  |  11/22/2013  | 
Google agrees to pay $17 million to 37 states to settle claims it circumvented cookie-blocking controls in Apple's Safari browser.
Spamhaus Shows What's Next For Block Listing
Commentary  |  11/22/2013  | 
The broad, silent acceptance of a recent Spamhaus blocking action is a strong indicator that the rules have changed in the battle over spam and other kinds of email abuse.
Threat Intel To Deliver Some Benefits To Cyberinsurance
News  |  11/22/2013  | 
About a third of large companies have a cyberinsurance policy, but the industry still has issues measuring risks and gauging threats
Financial Services Industry Proposes Security Controls For Third-Party, Open-Source Software
News  |  11/21/2013  | 
FS-ISAC addresses potential dangers of insecure software components used by financial firms
Financial Institution Call Centers Targeted By Social Engineers
Quick Hits  |  11/21/2013  | 
One in every 2,500 calls to these sites is from a fraudster trying to steal money, new report says
Application Security: We Still Have A Long Way To Go
Commentary  |  11/21/2013  | 
The past decade shows only trivial progress in improving web app security, according to new vulnerability guidelines in the OWASP Top Ten 2013.
'i2Ninja' Trojan Taps Anonymized Darknet
News  |  11/21/2013  | 
New malware being sold via underground Russian cybercrime markets uses decentralized, anonymizing P2P system.
Who's The Boss Over Your JBoss Servers?
News  |  11/21/2013  | 
If you haven't patched a 2011 vulnerability found in more than 21,000 servers connected online, then the answer could be the person who installed a crimeware webshell
Study: Most Application Developers Don't Know Security, But Can Learn
Quick Hits  |  11/21/2013  | 
Solid training of app developers can reduce vulnerabilities, Denim Group study says
Healthcare.gov Security Hiccups
Commentary  |  11/20/2013  | 
Take two aspirin and call me in the morning
Close HealthCare.gov For Security Reasons, Experts Say
News  |  11/20/2013  | 
Testifying before the House technology committee, four security experts advise would-be HealthCare.gov users to steer clear of the site, pending security improvements.
Cupid Concedes January Hack, 42 Million Passwords Stolen
News  |  11/20/2013  | 
Separately, Github forces some users to reset weak passwords following a rapid attack launched via 40,000 IP addresses.
Mobile App Security: 5 Frequent Woes Persist
News  |  11/20/2013  | 
HP Fortify study finds five frequent problems that make mobile apps vulnerable, recommends simple-to-implement information security fixes.
Stuxnet's Earlier Version Much More Powerful And Dangerous, New Analysis Finds
News  |  11/20/2013  | 
ICS/SCADA expert Ralph Langner analyzes how Stuxnet shifted from super-stealthy to simpler, and dispels common misconceptions about the infamous Stuxnet attack on Iran's nuclear facility -- including the belief that only a nation-state could pull off a similar attack in the future
The New Security Architecture
Commentary  |  11/20/2013  | 
Recent high profile attacks reflect a new reality in which perimeter-based security models are increasingly less effective in protecting key corporate assets and information.
5 Considerations For Post-Breach Security Analytics
News  |  11/19/2013  | 
Preparing collection mechanisms ahead of time, preserving chain of custody on forensics data, and performing focused analysis all key in inspecting security data after a compromise
SMBs Unsure And At Risk, Survey Finds
Quick Hits  |  11/19/2013  | 
New study highlights uncertainty among small to midsize businesses on cyberattacks, threats
iPhone Photo Leads To Cybercrime Arrest
News  |  11/19/2013  | 
The FBI uses an iPhone photo to nab six members of a cybercrime ring accused of stealing $45 million via ATMs.
Glut In Stolen Identities Forces Price Cut In Cyberunderground
News  |  11/19/2013  | 
New report unearths what cybercriminals are charging for stolen identities and hacking services, such as DDoS and doxing
Understanding IT Risk Management In 4 Steps X 3
Commentary  |  11/19/2013  | 
A risk management matrix combines the probability of harm and the severity of harm. In IT terms that means authentication, context, and process.
Anonymous Conducting Breach Campaign On Government Systems, FBI Report Says
Quick Hits  |  11/19/2013  | 
Hacktivist group Anonymous has stolen sensitive data in a year-long campaign against government computers, FBI says
Enterprises Should Practice For Cloud Security Breaches
News  |  11/18/2013  | 
With cloud services collecting more data from businesses, firms should prepare for potential breaches that involve their providers
iOS Mobile Point-of-Sale Fail
News  |  11/18/2013  | 
Trendy 'i' mobile payment systems often rolled out with major security flaws, researcher says
Doomsday Prepping Your Business
Commentary  |  11/18/2013  | 
Security and compliance are your guides to survival
vBulletin.com Hacked, Customer Data Stolen
News  |  11/18/2013  | 
"Inj3ct0r Team" hackers claim they employed vBulletin zero-day bug to take down both vBulletin.com and MacRumors, offer to sell related exploit.
FBI Blames Federal Hacks On Anonymous Campaign
News  |  11/18/2013  | 
A British suspect is accused of attacking numerous government agencies, including the U.S. Army and NASA.
Authentication + Mobile Phone = Password Killer
Commentary  |  11/18/2013  | 
Can the smartphone free us from the drudgery of the much-despised password? There's good reason to hope.
BYOD: 'We Have Met the Enemy & He Is Us'
Commentary  |  11/18/2013  | 
As smartphone adoption continues at an unrelenting pace, the issues surrounding BYOD will become an even more challenging mobile security management issue.
Startup Firm Attacks Mobile Security Problem With Network-Based Offering
Quick Hits  |  11/18/2013  | 
Startup vendor Mojave Networks tackles mobile security via networks, rather than devices
Kelihos Botnet Thrives, Despite Takedowns
News  |  11/17/2013  | 
Fast flux infrastructure and Windows XP infections continue to keep the botnet alive.
Facebook Forces Some Users To Reset Passwords
News  |  11/17/2013  | 
Facebook is asking users whose passwords might have been exposed on other sites to change their passwords to access the social network.
Modeling Users And Monitoring Credentials Prevents Breaches
News  |  11/15/2013  | 
Attackers quickly grab usernames and passwords to leverage an initial compromise into full-blown network access, but companies that monitor user authentication can head off attacks
Page 1 / 3   >   >>

Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.