Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in November 2013
<<   <   Page 2 / 3   >   >>
4 Lessons From MongoHQ Data Breach
News  |  11/15/2013  | 
Security experts urge companies to implement two-factor authentication, VPNs, and graduated permission levels to better protect customer data from hackers.
Microsoft May Encrypt All Server-To-Server Communications
News  |  11/15/2013  | 
Microsoft admits it doesn't encrypt all server-to-server communications, opening the way for the NSA and others to access the data flow.
Obamacare Website Suffers Few Hack Attacks
News  |  11/15/2013  | 
Affordable Care Act site has faced a relatively low volume of attacks, compared with other federal websites.
Online Extortion: The Ethics Of Unpublishing
News  |  11/15/2013  | 
What are the ethical limits on the Internet, the land where anything goes? What happens when people invent new schemes for making money and then take them too far?
Avoid The Bermuda Triangle of Cloud Security
Commentary  |  11/15/2013  | 
As cloud services permeate the enterprise, security still inhabits the unknown. Can enterprises venture into cloud-based security without traversing a Bermuda triangle of doubt?
LinkedIn Lesson: Detail Security First, Feature Fest Second
Commentary  |  11/15/2013  | 
Memo to businesses with an information security trust deficit: Prove how you're going to keep our data secure.
Secure Your Network From Modern Hazards
Commentary  |  11/15/2013  | 
Traditional security measures don't stand a chance in a data-centric world. But within the crisis lie opportunities for IT security pros.
Higher Ed Must Lock Down Data Security
Commentary  |  11/15/2013  | 
Higher education rivals only the healthcare industry in housing personally identifiable data. Consider these tactics for smart planning.
Finding SQL Injection Attacks In Unexpected Quarters
News  |  11/15/2013  | 
Injection by Google bot and through modern mobile and Web apps will require adjustments
IT Security Faces Big Data Skills and Resource Gap
News  |  11/15/2013  | 
In the near future, IT security teams will not be complete without at least one data scientist among its ranks.
Mobile Protoype Encrypts Data First, Ships To Cloud Later
News  |  11/15/2013  | 
'CloudCapsule' can be used with Dropbox and Google Drive. It locks down files prior to their storage in the cloud for accessing them without a proxy.
Schneier: Time To Make NSA Eavesdropping Expensive
News  |  11/15/2013  | 
NSA surveillance piggybacks on corporate capabilities through cooperation, bribery, threats and compulsion, says security evangelist Bruce Schneier.
What The Carna Botnet Also Found
News  |  11/14/2013  | 
Researcher at Black Hat Brazil to present new data and analysis of the controversial Internet Census project
NSA Leaks Bolster IETF Work On Internet Security
Quick Hits  |  11/14/2013  | 
The Internet Engineering Task Force's efforts to add security to the Internet's protocols have been reinvigorated by fallout from revelations of controversial NSA spying programs
Mobile Pwn2Own Hacking Contest Claims Nexus 4 Among Victims
News  |  11/14/2013  | 
Security researchers received thousands of dollars in cash prizes at this year's Mobile Pwn2Own contest
Barracuda Web Application Firewall Now In AWS Marketplace
News  |  11/14/2013  | 
Firewall provides security for deployment of applications on the AWS cloud
MacRumors Hacker Promises Stolen Passwords Are Safe
News  |  11/14/2013  | 
Hacker grabbed 860,000 passwords for fun, but promises not to leak or use them to harm people.
Research Into BIOS Attacks Underscores Their Danger
News  |  11/14/2013  | 
The jury is out on BadBIOS, but malware for motherboards and other hardware is both possible and, with the rise of the Internet of Things, likely
Study: Many Consumers Still Untrained On Privacy Risks
Quick Hits  |  11/14/2013  | 
Most consumers have not had security training, fail to stay up to date on privacy policies, Harris survey finds
DDoS Attack: Preparing For The Inevitable
Commentary  |  11/14/2013  | 
DDoS mitigation is a challenging undertaking. Here are four steps to help you plan for the worst.
Secunia CEO Launches New Channel Strategy
News  |  11/13/2013  | 
Secunia has already signed agreements with distribution partners in nine different countries
How Did Snowden Do It?
News  |  11/13/2013  | 
Experts piece together clues to paint possible scenarios for how the NSA contractor accessed, downloaded, and leaked secret agency documents on its spying operations
Facebook Forces Some Users To Reset Passwords
News  |  11/13/2013  | 
Facebook is asking users whose passwords may have been exposed on others sites to change passwords to access the social website.
Services Offer Visibility Into Cloud Blind Spot
News  |  11/13/2013  | 
With employees using hundreds of cloud services, companies need a greater ability to monitor the services for anomalous activities
The Emergence of DDoS-as-a-Service
Commentary  |  11/13/2013  | 
"Legitimized" services increase DDoS threats and lend credence to the notion that information security is as much about corporate health as it is self-defense.
Chinese APT Campaigns May Be More Connected Than Previously Thought
News  |  11/12/2013  | 
Researchers discover malware 'arms dealer' layer that supports multiple cyberespionage attacks
Report: Social Media Gets Abused
Quick Hits  |  11/12/2013  | 
New data culled from real-world branded social media accounts shows cybercriminals' obsession with going social
New IE Vulnerability Found In The Wild; Sophisticated Web Exploit Follows
Quick Hits  |  11/12/2013  | 
New advanced persistent threat leverages IE browser flaw, FireEye researchers say
Tech Insight: Viral Arms Race Brings New, Better Evasion
News  |  11/11/2013  | 
New malware advances focus on evading security researchers and automated analysis sandboxes
Data Center Servers Exposed
News  |  11/11/2013  | 
Popular server firmware contains multiple zero-day vulnerabilities, but fixes are fraught with trade-offs
New Version Of PCI Compliance Guidelines Released
Quick Hits  |  11/11/2013  | 
PCI 3.0 changes focus on compliance as a business-as-usual process, rather than a snapshot
Criminals Exploit Microsoft Office Zero-Day Flaw
News  |  11/8/2013  | 
At least two sets of attackers have been using malicious Office documents to exploit the graphics processing vulnerability.
Hackers Threaten Destruction Of Obamacare Website
News  |  11/8/2013  | 
DDoS tool targets the federal Affordable Care Act website. But will it work?
From Event Gatherers To Network Hunters
News  |  11/8/2013  | 
Passive, wait-for-an-event defenses are no longer enough -- companies need to move to a more proactive strategy of hunting down the bad actors in their network, say experts
Survey Exposes The Dirty Little Secret Of Undisclosed Breaches
Quick Hits  |  11/7/2013  | 
Nearly 70 percent of U.S. security pros say complexity and volume of malware attacks hinder their defenses
New Bucks For Bugs Program Focuses On Open-Source Software, Internet Infrastructure
News  |  11/7/2013  | 
Microsoft and Facebook co-sponsor community bug bounty program that pays researchers for flaws found in popular open-source software, Internet protocols
WhatsApp Security To Be Spotlighted At Black Hat Regional Conference
News  |  11/7/2013  | 
A researcher offers up a way to increase security for users of the WhatsApp messenger service
ColdFusion Hacks Point To Unpatched Systems
News  |  11/7/2013  | 
Several highly publicized hacks have been traced to unpatched ColdFusion vulnerabilities, collectively leading to one million records being stolen.
Protecting Your Enterprise From DNS Threats
Quick Hits  |  11/7/2013  | 
Attacks via the Internet's Domain Name System may seem out of your reach, but there are ways to prevent them
Schneier: Make Wide-Scale Surveillance Too Expensive
News  |  11/6/2013  | 
Lessons from NSA revelations hit at heart of the 'fundamental issue of the information age,' says Bruce Schneier
Prototype Encrypts Data Before Shipping It To The Cloud
News  |  11/6/2013  | 
'CloudCapsule' shields file contents from the OS, malware, and the cloud provider
Windows XP Security Apocalypse: Prepare To Be Pwned
Commentary  |  11/6/2013  | 
Patching XP makes Microsoft no money. But millions of unpatched and easy-to-exploit systems equal cybercrime payday.
IT Security From The Eyes Of Data Scientists
News  |  11/5/2013  | 
Enterprises will increasingly employ data science experts to help drive security analytics and risk mitigation
Custom Features Incur Security Flaws In Popular Android Smartphones
News  |  11/5/2013  | 
Researchers find vulnerabilities in preloaded customized apps and features
Military Needs Better Battleground Biometrics
Commentary  |  11/5/2013  | 
Industry advances in biometrics need to be made available to military engaged in irregular warfare where clumsy security technology prevails.
Microsoft Warns Of Zero-Day Attacks Exploiting TIFF
Quick Hits  |  11/5/2013  | 
'Fix it' released for protection until patch is prepared
Don't Be A Hacker's Puppet
Commentary  |  11/5/2013  | 
Even if your company is not a primary target, hackers may be using you to get to the big fish. Here's how to protect your servers without breaking the bank.
New Tool Promises To Stop In-Memory Attacks
Quick Hits  |  11/5/2013  | 
Triumfant releases Memory Process Scanner to prevent advanced volatile threats
Dark-Side Services Continue To Grow And Prosper
News  |  11/4/2013  | 
Criminals have expanded use of the cloud-service model to make their illegal enterprises more efficient and accessible
Data Privacy Scare On HealthCare.gov
Commentary  |  11/4/2013  | 
When the inside threat is your own system
<<   <   Page 2 / 3   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27706
PUBLISHED: 2021-04-14
Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/&quot;IPMacBindIndex &quot;request. This occurs because the &quot;formIPMacBindDel&quot; function directly passes the parameter &quot;IPMacBind...
CVE-2021-27707
PUBLISHED: 2021-04-14
Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/&quot;portMappingIndex &quot;request. This occurs because the &quot;formDelPortMapping&quot; function directly passes the parameter &quot;portMappingIn...
CVE-2021-28098
PUBLISHED: 2021-04-14
An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerability is present in the logging function. SecureConnector runs with administrative privileges and writes logs entries to a file in %PROGRAMDATA%\ForeScout SecureConnector\ that has full permissions for...
CVE-2021-30493
PUBLISHED: 2021-04-14
Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the ChromaBroadcast subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log information. In other wor...
CVE-2021-30494
PUBLISHED: 2021-04-14
Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the Razer Chroma SDK subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log information. In other wo...