News & Commentary

Content posted in December 2013
Page 1 / 3   >   >>
Sticking It To The ATM
Commentary  |  12/31/2013  | 
The folly of not preemptively disabling 'boot from USB' on an ATM
Windows Crash Reports Open To Hijacking
Quick Hits  |  12/31/2013  | 
Attackers -- and the NSA -- can glean valuable intel from unencrypted transmissions
4 Trends In Vulnerabilities That Will Continue In 2014
News  |  12/31/2013  | 
Bounty programs will continue to expand, more researchers will focus on embedded devices and libraries, and security software will find itself under more scrutiny
Slide Show: 8 Effective Data Visualization Methods For Security Teams
Slideshows  |  12/31/2013  | 
Getting the most out of security analytics data sets, large or small, by visualizing the information
Attackers Wage Network Time Protocol-Based DDoS Attacks
Quick Hits  |  12/30/2013  | 
Yet another protocol being abused for flooding targets with unwanted traffic
NSA's TAO
Commentary  |  12/30/2013  | 
NSA's Q-branch upgrades Omega laser watch with Huawei backdoors
NSA Elite Hacking Team Operations Exposed
News  |  12/30/2013  | 
Treasure trove of tools created and used by NSA hackers for planting backdoors via Cisco, Juniper, Apple products unveiled in latest document leaks
Security, Privacy & The Democratization Of Data
Commentary  |  12/30/2013  | 
Data gathering and profiling capabilities that today are only available to nation states will eventually be at the disposal of everyone. What then?
Researchers Reveal Snapchat Security Issues
News  |  12/27/2013  | 
Security researchers release proof-of-concept code for issues they say they disclosed months ago to Snapchat
PINs Stolen In Target Breach
Quick Hits  |  12/27/2013  | 
Target now says customers' encrypted PINs were compromised in the massive credit- and debit-card breach that began Thanksgiving eve
9 Notorious Hackers Of 2013
Slideshows  |  12/27/2013  | 
This year's hacking hall of shame includes members of Anonymous and the Blackhole cybercrime gang, plus state-sponsored groups.
The Coolest Hacks Of 2013
News  |  12/27/2013  | 
Take a look back at security researchers' most extreme, creative, and just plain bizarre hacks this year.
Survey: U.S. Citizens More Worried About ID Theft Than Privacy
Quick Hits  |  12/27/2013  | 
Despite NSA scare, U.S. voters are five times more concerned about hacking than tracking, CCIA study says
Lessons From 5 Advanced Attacks Of 2013
News  |  12/26/2013  | 
From Cryptolocker to the destructive attacks on Korean firms to the massive flood that made Spamhaus inaccessible, attackers delivered some hard lessons in 2013
Target's Christmas Data Breach
Commentary  |  12/26/2013  | 
Why, oh, why would Target be storing debit card PINs?
2013: The Year Of Security Certification Bashing
Commentary  |  12/26/2013  | 
As security professionals argued among themselves about how useless certifications are, organizations that needed security services had no place to turn for good advice.
Study: Mobile Devices Escalating Endpoint Security Risks
Quick Hits  |  12/26/2013  | 
State of the Endpoint study says 75 percent of security pros consider mobile to be the greatest endpoint threat in 2014
RSA Denies Trading Security For NSA Payout
Quick Hits  |  12/23/2013  | 
EMC security subsidiary accused of accepting $10 million from the NSA to purposefully use encryption for which the intelligence agency enjoyed backdoor access
Slide Show: The Coolest Hacks Of 2013
Slideshows  |  12/23/2013  | 
A look back at some of the year's most extreme, creative, and -- in some cases -- just plain bizarre hacks by security researchers
RSA Denies Trading Security For NSA Payout
News  |  12/23/2013  | 
EMC security subsidiary accused of accepting $10 million from the NSA to purposefully use encryption for which the intelligence agency enjoyed backdoor access.
Database Risks Increase As Patch Frequency Decreases
News  |  12/23/2013  | 
Department of Energy breach report offers stark lesson in patch management's relationship with database risk postures
eGestalt To Launch New Risk Management Module For Its Aegify IT Security & Compliance Solution
News  |  12/23/2013  | 
Aegify Risk Manager enables complete work flow automation to comprehensively address and manage business security, compliance, and risk needs
Fraudulent Bot Traffic Surpasses Human Traffic In U.S., Study Says
Quick Hits  |  12/23/2013  | 
More than 50 percent of Web activity in U.S. is suspected to be fraudulent, Solve Media report says
Mobility & Cloud: A Double Whammy For Securing Data
Commentary  |  12/23/2013  | 
In 2014, legacy security solutions like firewalls and intrusion detection systems will no longer be sufficient to protect corporate data against BYOD and cybercrime.
Target Breach Should Spur POS Security, PCI 3.0 Awareness
News  |  12/22/2013  | 
Advanced skimming attack against Target's whole network of point-of-sale devices will likely keep momentum moving forward for improving payment application security
Target Breach: 10 Facts
News  |  12/21/2013  | 
Experts advise consumers not to panic as suspicion falls on point-of-sale terminals used to scan credit cards.
Update Now! A Holiday Carol
Commentary  |  12/20/2013  | 
In the spirit of the holidays, a cautionary tale set to the tune of a classic Christmas song
Tech Insight: 'Tis The Season To Be Hacked
News  |  12/20/2013  | 
Holiday and 'busy' seasons bring lax employee security practices and increased chances attacks will go unnoticed
Target Confirms Massive Breach Affects 40 Million Customers
News  |  12/20/2013  | 
Target says data breach issue 'has been resolved,' but customers are up in arms
7 Reasons Why Bitcoin Attacks Will Continue
Quick Hits  |  12/20/2013  | 
Cryptographic currency's rising value makes it an appealing target for cybercrime gangs and crimeware toolkit developers
Yes, In The Internet Of Everything, Things Will Have Passwords
Commentary  |  12/20/2013  | 
Things would have no problem remembering passwords like "[email protected]" But even for things, passwords are less than ideal.
Using NetFlow Data For More Robust Network Security
News  |  12/19/2013  | 
NetFlow can prove a powerful tool for spotting dangerous traffic patterns
7 Reasons Why Bitcoin Attacks Will Continue
News  |  12/19/2013  | 
Cryptographic currency's rising value makes it an appealing target for cybercrime gangs and crimeware toolkit developers.
Target Confirms Hackers Stole 40 Million Credit Cards
News  |  12/19/2013  | 
Hackers' 19-day heist scoops up all ingredients required to make counterfeit cards.
Secure Code Starts With Measuring What Developers Know
Commentary  |  12/19/2013  | 
I recently discovered Ive been teaching blindly about application security. I assumed that I know what students need to learn. Nothing could be further from the truth.
Washington Post Servers Infiltrated, Employee Credentials Stolen
Quick Hits  |  12/18/2013  | 
Newspaper suffers second major breach in three years, Chinese espionage suspected
Intelligence Panel: NSA Should Stop Bulk Storage Of Telephone Metadata
News  |  12/18/2013  | 
Leaks about NSA surveillance during the past year have raised concerns about the agency's practices, but a review panel's recommendations may change the game
Bitcoin Hit By Gameover Malware, Chinese Crackdown
News  |  12/18/2013  | 
China gets tough with exchanges trading Bitcoins, while new malware variant targets Bitcoin customers.
My 5 Wishes For Security In 2014
Commentary  |  12/18/2013  | 
Security skeptic Dave Piscitello tells why his end-of-year InfoSec predictions are like a fine wine.
Android AV Improves But Still Can't Nuke Malware
News  |  12/18/2013  | 
Google doesn't let Android antivirus app makers automatically quarantine and zap malware. Until then it's up to users to stay on their toes to prevent infectio
'ChewBacca' Malware Taps Tor Network
News  |  12/18/2013  | 
Malicious Trojan sporting a Star Wars theme uses Tor anonymizing network to disguise its command-and-control communications.
Cybersecurity Accelerator Set To Fast-Track A New Round Of Startups
Quick Hits  |  12/18/2013  | 
Mach37 accelerator opens a new season of business and funding assistance for cybersecurity startups
5 Ways Cloud Services Can Soothe Security Fears In 2014
News  |  12/17/2013  | 
Companies need cloud providers to delineate responsibilities for the security of data, provide better security information, and encrypt data everywhere
Android AV Improves But Still Can't Nuke Malware
News  |  12/17/2013  | 
Google doesn't let Android antivirus app makers automatically quarantine and zap malware. Until then it's up to users to stay on their toes to prevent infection.
Advanced Power Botnet: Firefox Users, Beware
Quick Hits  |  12/17/2013  | 
Malicious Firefox plugin scans websites for exploitable SQL injection vulnerabilities
Is Mob-Busting RICO Overkill For Combating Cybercrime?
Commentary  |  12/17/2013  | 
The milestone conviction of 22-year-old David Camez for his participation in a Russian-run "carder" forum raises legitimate questions about the role of RICO in taking down cybercrime.
Moving Beyond SIEM For Strong Security Analytics
News  |  12/16/2013  | 
SIEM still a useful tool for infosec, but many argue it shouldn't be the main platform for analytics programs
How To Safely Retire Mobile Devices
News  |  12/16/2013  | 
Once employees bring their new iPads, Androids, to work after Christmas, their older mobile devices must be decommissioned to protect company data
Advanced Power Botnet: Firefox Users, Beware
News  |  12/16/2013  | 
Malicious Firefox plugin scans websites for exploitable SQL injection vulnerabilities.
The State of IT Security: Its Broken
Commentary  |  12/16/2013  | 
Its time to move past the hyperbole of next-gen security and look to new approaches that show enterprises how to understand and assess their unique risks.
Page 1 / 3   >   >>


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-2765
PUBLISHED: 2018-08-20
pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks.
CVE-2018-15594
PUBLISHED: 2018-08-20
arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests.
CVE-2018-15572
PUBLISHED: 2018-08-20
The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.
CVE-2018-15573
PUBLISHED: 2018-08-20
** DISPUTED ** An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata parameter and a pathname in the lf...
CVE-2018-15574
PUBLISHED: 2018-08-20
** DISPUTED ** An issue was discovered in the license editor in Reprise License Manager (RLM) through 12.2BL2. It is a cross-site scripting vulnerability in the /goform/edit_lf_get_data lf parameter via GET or POST. NOTE: the vendor has stated "We do not consider this a vulnerability."