News & Commentary

Content posted in November 2013
Page 1 / 3   >   >>
Android Security: 8 Signs Hackers Own Your Smartphone
Slideshows  |  11/29/2013  | 
Security experts share tips on how to tell if attackers are in control of your Android smartphone.
A Mercenary Approach To Botnets
Commentary  |  11/28/2013  | 
When does a botnet become valuable to government intelligence agencies?
Automation, Exercises Shorten Response Time To Advanced Attacks
News  |  11/27/2013  | 
Detecting threats remains a problem, but companies need to improve incident response -- automation can help significantly
NSA Surveillance Fallout Costs IT Industry Billions
News  |  11/27/2013  | 
Analysts predict US tech companies may lose $180 billion by 2016 due to international concerns about intelligence agencies' spying.
Bitcoin Thefts Surge, DDoS Hackers Take Millions
News  |  11/27/2013  | 
Cryptographic currency's massive rise in value leads to a corresponding increase in online heists by criminals seeking easy paydays.
Botnet Takedowns Spur Debate Over Effectiveness, Ethics
News  |  11/26/2013  | 
Attempts to shut down botnets have often failed to cripple the networks, but have led to improved legal strategies, greater public awareness, and stronger links between researchers and law enforcement
Survey: DDos Is Hot, Planning Is Not
Quick Hits  |  11/26/2013  | 
Most organizations don't have a game plan in the event of a distributed denial-of-service (DDoS) attack
Presidential Council Calls For Feds And ISPs To Step Up In Cybersecurity
News  |  11/26/2013  | 
New report to President Obama says feds 'rarely follow' security best practices
Microsoft Office 365 Encrypted Email On Tap
News  |  11/26/2013  | 
Microsoft Office 365 Message Encryption feature will encrypt all messages by default, though recipients will need an Office 365 or Microsoft Account ID to read the mail.
Dataium Settles Browser History Sniffing Charges
News  |  11/26/2013  | 
The car buyer tracking firm was accused of using JavaScript to illegally identify websites visited by 181,000 named consumers, and selling harvested information.
NSA Surveillance: First Prism, Now Muscled Out Of Cloud
Commentary  |  11/26/2013  | 
Companies can no longer discount the risk of losing control of confidential corporate data in the cloud. Government data mining is here to stay, in one invasive form or another.
What IT Can Teach Utilities About Cybersecurity & Smart Grids
Commentary  |  11/26/2013  | 
Protecting smart grids from cyber attack is a popular conversation in information security circles. But the threats are far worse than generally believed.
Hack Of RacingPost.com Puts Users' Personal Information At Risk
Quick Hits  |  11/26/2013  | 
Database breach at RacingPost.com threatens names, addresses, and passwords of customers
Lessons Learned From 4 Major Data Breaches In 2013
News  |  11/25/2013  | 
Breach stats are declining, but data is still at risk from poorly protected databases, applications, and endpoints
At AppSec USA, A Call For Continuous Monitoring
Quick Hits  |  11/25/2013  | 
Speakers, experts at AppSec conference say periodic scanning for application vulnerabilities is no longer enough
CryptoLocker Could Herald Rise Of More Sophisticated Ransomware
News  |  11/22/2013  | 
A smarter approach to encryption is what separates CryptoLocker from other ransomware -- but that might not last long
LG Admits Smart TVs Spied On Users
News  |  11/22/2013  | 
LG admits it collected information on consumers' viewing habits, promises firmware update to honor opt-out requests.
Google Settles With State AGs On Privacy
News  |  11/22/2013  | 
Google agrees to pay $17 million to 37 states to settle claims it circumvented cookie-blocking controls in Apple's Safari browser.
Spamhaus Shows What's Next For Block Listing
Commentary  |  11/22/2013  | 
The broad, silent acceptance of a recent Spamhaus blocking action is a strong indicator that the rules have changed in the battle over spam and other kinds of email abuse.
Threat Intel To Deliver Some Benefits To Cyberinsurance
News  |  11/22/2013  | 
About a third of large companies have a cyberinsurance policy, but the industry still has issues measuring risks and gauging threats
Financial Services Industry Proposes Security Controls For Third-Party, Open-Source Software
News  |  11/21/2013  | 
FS-ISAC addresses potential dangers of insecure software components used by financial firms
Financial Institution Call Centers Targeted By Social Engineers
Quick Hits  |  11/21/2013  | 
One in every 2,500 calls to these sites is from a fraudster trying to steal money, new report says
Application Security: We Still Have A Long Way To Go
Commentary  |  11/21/2013  | 
The past decade shows only trivial progress in improving web app security, according to new vulnerability guidelines in the OWASP Top Ten 2013.
'i2Ninja' Trojan Taps Anonymized Darknet
News  |  11/21/2013  | 
New malware being sold via underground Russian cybercrime markets uses decentralized, anonymizing P2P system.
Who's The Boss Over Your JBoss Servers?
News  |  11/21/2013  | 
If you haven't patched a 2011 vulnerability found in more than 21,000 servers connected online, then the answer could be the person who installed a crimeware webshell
Study: Most Application Developers Don't Know Security, But Can Learn
Quick Hits  |  11/21/2013  | 
Solid training of app developers can reduce vulnerabilities, Denim Group study says
Healthcare.gov Security Hiccups
Commentary  |  11/20/2013  | 
Take two aspirin and call me in the morning
Close HealthCare.gov For Security Reasons, Experts Say
News  |  11/20/2013  | 
Testifying before the House technology committee, four security experts advise would-be HealthCare.gov users to steer clear of the site, pending security improvements.
Cupid Concedes January Hack, 42 Million Passwords Stolen
News  |  11/20/2013  | 
Separately, Github forces some users to reset weak passwords following a rapid attack launched via 40,000 IP addresses.
Mobile App Security: 5 Frequent Woes Persist
News  |  11/20/2013  | 
HP Fortify study finds five frequent problems that make mobile apps vulnerable, recommends simple-to-implement information security fixes.
Stuxnet's Earlier Version Much More Powerful And Dangerous, New Analysis Finds
News  |  11/20/2013  | 
ICS/SCADA expert Ralph Langner analyzes how Stuxnet shifted from super-stealthy to simpler, and dispels common misconceptions about the infamous Stuxnet attack on Iran's nuclear facility -- including the belief that only a nation-state could pull off a similar attack in the future
The New Security Architecture
Commentary  |  11/20/2013  | 
Recent high profile attacks reflect a new reality in which perimeter-based security models are increasingly less effective in protecting key corporate assets and information.
5 Considerations For Post-Breach Security Analytics
News  |  11/19/2013  | 
Preparing collection mechanisms ahead of time, preserving chain of custody on forensics data, and performing focused analysis all key in inspecting security data after a compromise
SMBs Unsure And At Risk, Survey Finds
Quick Hits  |  11/19/2013  | 
New study highlights uncertainty among small to midsize businesses on cyberattacks, threats
iPhone Photo Leads To Cybercrime Arrest
News  |  11/19/2013  | 
The FBI uses an iPhone photo to nab six members of a cybercrime ring accused of stealing $45 million via ATMs.
Glut In Stolen Identities Forces Price Cut In Cyberunderground
News  |  11/19/2013  | 
New report unearths what cybercriminals are charging for stolen identities and hacking services, such as DDoS and doxing
Understanding IT Risk Management In 4 Steps X 3
Commentary  |  11/19/2013  | 
A risk management matrix combines the probability of harm and the severity of harm. In IT terms that means authentication, context, and process.
Anonymous Conducting Breach Campaign On Government Systems, FBI Report Says
Quick Hits  |  11/19/2013  | 
Hacktivist group Anonymous has stolen sensitive data in a year-long campaign against government computers, FBI says
Enterprises Should Practice For Cloud Security Breaches
News  |  11/18/2013  | 
With cloud services collecting more data from businesses, firms should prepare for potential breaches that involve their providers
iOS Mobile Point-of-Sale Fail
News  |  11/18/2013  | 
Trendy 'i' mobile payment systems often rolled out with major security flaws, researcher says
Doomsday Prepping Your Business
Commentary  |  11/18/2013  | 
Security and compliance are your guides to survival
vBulletin.com Hacked, Customer Data Stolen
News  |  11/18/2013  | 
"Inj3ct0r Team" hackers claim they employed vBulletin zero-day bug to take down both vBulletin.com and MacRumors, offer to sell related exploit.
FBI Blames Federal Hacks On Anonymous Campaign
News  |  11/18/2013  | 
A British suspect is accused of attacking numerous government agencies, including the U.S. Army and NASA.
Authentication + Mobile Phone = Password Killer
Commentary  |  11/18/2013  | 
Can the smartphone free us from the drudgery of the much-despised password? There's good reason to hope.
BYOD: 'We Have Met the Enemy & He Is Us'
Commentary  |  11/18/2013  | 
As smartphone adoption continues at an unrelenting pace, the issues surrounding BYOD will become an even more challenging mobile security management issue.
Startup Firm Attacks Mobile Security Problem With Network-Based Offering
Quick Hits  |  11/18/2013  | 
Startup vendor Mojave Networks tackles mobile security via networks, rather than devices
Facebook Forces Some Users To Reset Passwords
News  |  11/17/2013  | 
Facebook is asking users whose passwords might have been exposed on other sites to change their passwords to access the social network.
Kelihos Botnet Thrives, Despite Takedowns
News  |  11/17/2013  | 
Fast flux infrastructure and Windows XP infections continue to keep the botnet alive.
Modeling Users And Monitoring Credentials Prevents Breaches
News  |  11/15/2013  | 
Attackers quickly grab usernames and passwords to leverage an initial compromise into full-blown network access, but companies that monitor user authentication can head off attacks
Page 1 / 3   >   >>


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15504
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
CVE-2018-15505
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 a...
CVE-2018-15492
PUBLISHED: 2018-08-18
A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.
CVE-2018-15494
PUBLISHED: 2018-08-18
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
CVE-2018-15495
PUBLISHED: 2018-08-18
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.