News & Commentary

Content posted in December 2013
Page 1 / 3   >   >>
Sticking It To The ATM
Commentary  |  12/31/2013  | 
The folly of not preemptively disabling 'boot from USB' on an ATM
Windows Crash Reports Open To Hijacking
Quick Hits  |  12/31/2013  | 
Attackers -- and the NSA -- can glean valuable intel from unencrypted transmissions
4 Trends In Vulnerabilities That Will Continue In 2014
News  |  12/31/2013  | 
Bounty programs will continue to expand, more researchers will focus on embedded devices and libraries, and security software will find itself under more scrutiny
Slide Show: 8 Effective Data Visualization Methods For Security Teams
Slideshows  |  12/31/2013  | 
Getting the most out of security analytics data sets, large or small, by visualizing the information
Attackers Wage Network Time Protocol-Based DDoS Attacks
Quick Hits  |  12/30/2013  | 
Yet another protocol being abused for flooding targets with unwanted traffic
NSA's TAO
Commentary  |  12/30/2013  | 
NSA's Q-branch upgrades Omega laser watch with Huawei backdoors
NSA Elite Hacking Team Operations Exposed
News  |  12/30/2013  | 
Treasure trove of tools created and used by NSA hackers for planting backdoors via Cisco, Juniper, Apple products unveiled in latest document leaks
Security, Privacy & The Democratization Of Data
Commentary  |  12/30/2013  | 
Data gathering and profiling capabilities that today are only available to nation states will eventually be at the disposal of everyone. What then?
Researchers Reveal Snapchat Security Issues
News  |  12/27/2013  | 
Security researchers release proof-of-concept code for issues they say they disclosed months ago to Snapchat
PINs Stolen In Target Breach
Quick Hits  |  12/27/2013  | 
Target now says customers' encrypted PINs were compromised in the massive credit- and debit-card breach that began Thanksgiving eve
9 Notorious Hackers Of 2013
Slideshows  |  12/27/2013  | 
This year's hacking hall of shame includes members of Anonymous and the Blackhole cybercrime gang, plus state-sponsored groups.
The Coolest Hacks Of 2013
News  |  12/27/2013  | 
Take a look back at security researchers' most extreme, creative, and just plain bizarre hacks this year.
Survey: U.S. Citizens More Worried About ID Theft Than Privacy
Quick Hits  |  12/27/2013  | 
Despite NSA scare, U.S. voters are five times more concerned about hacking than tracking, CCIA study says
Lessons From 5 Advanced Attacks Of 2013
News  |  12/26/2013  | 
From Cryptolocker to the destructive attacks on Korean firms to the massive flood that made Spamhaus inaccessible, attackers delivered some hard lessons in 2013
Target's Christmas Data Breach
Commentary  |  12/26/2013  | 
Why, oh, why would Target be storing debit card PINs?
2013: The Year Of Security Certification Bashing
Commentary  |  12/26/2013  | 
As security professionals argued among themselves about how useless certifications are, organizations that needed security services had no place to turn for good advice.
Study: Mobile Devices Escalating Endpoint Security Risks
Quick Hits  |  12/26/2013  | 
State of the Endpoint study says 75 percent of security pros consider mobile to be the greatest endpoint threat in 2014
RSA Denies Trading Security For NSA Payout
Quick Hits  |  12/23/2013  | 
EMC security subsidiary accused of accepting $10 million from the NSA to purposefully use encryption for which the intelligence agency enjoyed backdoor access
Slide Show: The Coolest Hacks Of 2013
Slideshows  |  12/23/2013  | 
A look back at some of the year's most extreme, creative, and -- in some cases -- just plain bizarre hacks by security researchers
RSA Denies Trading Security For NSA Payout
News  |  12/23/2013  | 
EMC security subsidiary accused of accepting $10 million from the NSA to purposefully use encryption for which the intelligence agency enjoyed backdoor access.
Database Risks Increase As Patch Frequency Decreases
News  |  12/23/2013  | 
Department of Energy breach report offers stark lesson in patch management's relationship with database risk postures
eGestalt To Launch New Risk Management Module For Its Aegify IT Security & Compliance Solution
News  |  12/23/2013  | 
Aegify Risk Manager enables complete work flow automation to comprehensively address and manage business security, compliance, and risk needs
Fraudulent Bot Traffic Surpasses Human Traffic In U.S., Study Says
Quick Hits  |  12/23/2013  | 
More than 50 percent of Web activity in U.S. is suspected to be fraudulent, Solve Media report says
Mobility & Cloud: A Double Whammy For Securing Data
Commentary  |  12/23/2013  | 
In 2014, legacy security solutions like firewalls and intrusion detection systems will no longer be sufficient to protect corporate data against BYOD and cybercrime.
Target Breach Should Spur POS Security, PCI 3.0 Awareness
News  |  12/22/2013  | 
Advanced skimming attack against Target's whole network of point-of-sale devices will likely keep momentum moving forward for improving payment application security
Target Breach: 10 Facts
News  |  12/21/2013  | 
Experts advise consumers not to panic as suspicion falls on point-of-sale terminals used to scan credit cards.
Update Now! A Holiday Carol
Commentary  |  12/20/2013  | 
In the spirit of the holidays, a cautionary tale set to the tune of a classic Christmas song
Tech Insight: 'Tis The Season To Be Hacked
News  |  12/20/2013  | 
Holiday and 'busy' seasons bring lax employee security practices and increased chances attacks will go unnoticed
Target Confirms Massive Breach Affects 40 Million Customers
News  |  12/20/2013  | 
Target says data breach issue 'has been resolved,' but customers are up in arms
7 Reasons Why Bitcoin Attacks Will Continue
Quick Hits  |  12/20/2013  | 
Cryptographic currency's rising value makes it an appealing target for cybercrime gangs and crimeware toolkit developers
Yes, In The Internet Of Everything, Things Will Have Passwords
Commentary  |  12/20/2013  | 
Things would have no problem remembering passwords like "[email protected]" But even for things, passwords are less than ideal.
Using NetFlow Data For More Robust Network Security
News  |  12/19/2013  | 
NetFlow can prove a powerful tool for spotting dangerous traffic patterns
7 Reasons Why Bitcoin Attacks Will Continue
News  |  12/19/2013  | 
Cryptographic currency's rising value makes it an appealing target for cybercrime gangs and crimeware toolkit developers.
Target Confirms Hackers Stole 40 Million Credit Cards
News  |  12/19/2013  | 
Hackers' 19-day heist scoops up all ingredients required to make counterfeit cards.
Secure Code Starts With Measuring What Developers Know
Commentary  |  12/19/2013  | 
I recently discovered Ive been teaching blindly about application security. I assumed that I know what students need to learn. Nothing could be further from the truth.
Washington Post Servers Infiltrated, Employee Credentials Stolen
Quick Hits  |  12/18/2013  | 
Newspaper suffers second major breach in three years, Chinese espionage suspected
Intelligence Panel: NSA Should Stop Bulk Storage Of Telephone Metadata
News  |  12/18/2013  | 
Leaks about NSA surveillance during the past year have raised concerns about the agency's practices, but a review panel's recommendations may change the game
Bitcoin Hit By Gameover Malware, Chinese Crackdown
News  |  12/18/2013  | 
China gets tough with exchanges trading Bitcoins, while new malware variant targets Bitcoin customers.
My 5 Wishes For Security In 2014
Commentary  |  12/18/2013  | 
Security skeptic Dave Piscitello tells why his end-of-year InfoSec predictions are like a fine wine.
Android AV Improves But Still Can't Nuke Malware
News  |  12/18/2013  | 
Google doesn't let Android antivirus app makers automatically quarantine and zap malware. Until then it's up to users to stay on their toes to prevent infectio
'ChewBacca' Malware Taps Tor Network
News  |  12/18/2013  | 
Malicious Trojan sporting a Star Wars theme uses Tor anonymizing network to disguise its command-and-control communications.
Cybersecurity Accelerator Set To Fast-Track A New Round Of Startups
Quick Hits  |  12/18/2013  | 
Mach37 accelerator opens a new season of business and funding assistance for cybersecurity startups
5 Ways Cloud Services Can Soothe Security Fears In 2014
News  |  12/17/2013  | 
Companies need cloud providers to delineate responsibilities for the security of data, provide better security information, and encrypt data everywhere
Android AV Improves But Still Can't Nuke Malware
News  |  12/17/2013  | 
Google doesn't let Android antivirus app makers automatically quarantine and zap malware. Until then it's up to users to stay on their toes to prevent infection.
Advanced Power Botnet: Firefox Users, Beware
Quick Hits  |  12/17/2013  | 
Malicious Firefox plugin scans websites for exploitable SQL injection vulnerabilities
Is Mob-Busting RICO Overkill For Combating Cybercrime?
Commentary  |  12/17/2013  | 
The milestone conviction of 22-year-old David Camez for his participation in a Russian-run "carder" forum raises legitimate questions about the role of RICO in taking down cybercrime.
Moving Beyond SIEM For Strong Security Analytics
News  |  12/16/2013  | 
SIEM still a useful tool for infosec, but many argue it shouldn't be the main platform for analytics programs
How To Safely Retire Mobile Devices
News  |  12/16/2013  | 
Once employees bring their new iPads, Androids, to work after Christmas, their older mobile devices must be decommissioned to protect company data
Advanced Power Botnet: Firefox Users, Beware
News  |  12/16/2013  | 
Malicious Firefox plugin scans websites for exploitable SQL injection vulnerabilities.
The State of IT Security: Its Broken
Commentary  |  12/16/2013  | 
Its time to move past the hyperbole of next-gen security and look to new approaches that show enterprises how to understand and assess their unique risks.
Page 1 / 3   >   >>


13 Russians Indicted for Massive Operation to Sway US Election
Kelly Sheridan, Associate Editor, Dark Reading,  2/16/2018
Facebook Aims to Make Security More Social
Kelly Sheridan, Associate Editor, Dark Reading,  2/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.