News & Commentary

Content posted in December 2013
Page 1 / 3   >   >>
Sticking It To The ATM
Commentary  |  12/31/2013  | 
The folly of not preemptively disabling 'boot from USB' on an ATM
Windows Crash Reports Open To Hijacking
Quick Hits  |  12/31/2013  | 
Attackers -- and the NSA -- can glean valuable intel from unencrypted transmissions
4 Trends In Vulnerabilities That Will Continue In 2014
News  |  12/31/2013  | 
Bounty programs will continue to expand, more researchers will focus on embedded devices and libraries, and security software will find itself under more scrutiny
Slide Show: 8 Effective Data Visualization Methods For Security Teams
Slideshows  |  12/31/2013  | 
Getting the most out of security analytics data sets, large or small, by visualizing the information
Attackers Wage Network Time Protocol-Based DDoS Attacks
Quick Hits  |  12/30/2013  | 
Yet another protocol being abused for flooding targets with unwanted traffic
Commentary  |  12/30/2013  | 
NSA's Q-branch upgrades Omega laser watch with Huawei backdoors
NSA Elite Hacking Team Operations Exposed
News  |  12/30/2013  | 
Treasure trove of tools created and used by NSA hackers for planting backdoors via Cisco, Juniper, Apple products unveiled in latest document leaks
Security, Privacy & The Democratization Of Data
Commentary  |  12/30/2013  | 
Data gathering and profiling capabilities that today are only available to nation states will eventually be at the disposal of everyone. What then?
Researchers Reveal Snapchat Security Issues
News  |  12/27/2013  | 
Security researchers release proof-of-concept code for issues they say they disclosed months ago to Snapchat
PINs Stolen In Target Breach
Quick Hits  |  12/27/2013  | 
Target now says customers' encrypted PINs were compromised in the massive credit- and debit-card breach that began Thanksgiving eve
9 Notorious Hackers Of 2013
Slideshows  |  12/27/2013  | 
This year's hacking hall of shame includes members of Anonymous and the Blackhole cybercrime gang, plus state-sponsored groups.
The Coolest Hacks Of 2013
News  |  12/27/2013  | 
Take a look back at security researchers' most extreme, creative, and just plain bizarre hacks this year.
Survey: U.S. Citizens More Worried About ID Theft Than Privacy
Quick Hits  |  12/27/2013  | 
Despite NSA scare, U.S. voters are five times more concerned about hacking than tracking, CCIA study says
Lessons From 5 Advanced Attacks Of 2013
News  |  12/26/2013  | 
From Cryptolocker to the destructive attacks on Korean firms to the massive flood that made Spamhaus inaccessible, attackers delivered some hard lessons in 2013
Target's Christmas Data Breach
Commentary  |  12/26/2013  | 
Why, oh, why would Target be storing debit card PINs?
2013: The Year Of Security Certification Bashing
Commentary  |  12/26/2013  | 
As security professionals argued among themselves about how useless certifications are, organizations that needed security services had no place to turn for good advice.
Study: Mobile Devices Escalating Endpoint Security Risks
Quick Hits  |  12/26/2013  | 
State of the Endpoint study says 75 percent of security pros consider mobile to be the greatest endpoint threat in 2014
RSA Denies Trading Security For NSA Payout
Quick Hits  |  12/23/2013  | 
EMC security subsidiary accused of accepting $10 million from the NSA to purposefully use encryption for which the intelligence agency enjoyed backdoor access
Slide Show: The Coolest Hacks Of 2013
Slideshows  |  12/23/2013  | 
A look back at some of the year's most extreme, creative, and -- in some cases -- just plain bizarre hacks by security researchers
RSA Denies Trading Security For NSA Payout
News  |  12/23/2013  | 
EMC security subsidiary accused of accepting $10 million from the NSA to purposefully use encryption for which the intelligence agency enjoyed backdoor access.
Database Risks Increase As Patch Frequency Decreases
News  |  12/23/2013  | 
Department of Energy breach report offers stark lesson in patch management's relationship with database risk postures
eGestalt To Launch New Risk Management Module For Its Aegify IT Security & Compliance Solution
News  |  12/23/2013  | 
Aegify Risk Manager enables complete work flow automation to comprehensively address and manage business security, compliance, and risk needs
Fraudulent Bot Traffic Surpasses Human Traffic In U.S., Study Says
Quick Hits  |  12/23/2013  | 
More than 50 percent of Web activity in U.S. is suspected to be fraudulent, Solve Media report says
Mobility & Cloud: A Double Whammy For Securing Data
Commentary  |  12/23/2013  | 
In 2014, legacy security solutions like firewalls and intrusion detection systems will no longer be sufficient to protect corporate data against BYOD and cybercrime.
Target Breach Should Spur POS Security, PCI 3.0 Awareness
News  |  12/22/2013  | 
Advanced skimming attack against Target's whole network of point-of-sale devices will likely keep momentum moving forward for improving payment application security
Target Breach: 10 Facts
News  |  12/21/2013  | 
Experts advise consumers not to panic as suspicion falls on point-of-sale terminals used to scan credit cards.
Update Now! A Holiday Carol
Commentary  |  12/20/2013  | 
In the spirit of the holidays, a cautionary tale set to the tune of a classic Christmas song
Tech Insight: 'Tis The Season To Be Hacked
News  |  12/20/2013  | 
Holiday and 'busy' seasons bring lax employee security practices and increased chances attacks will go unnoticed
Target Confirms Massive Breach Affects 40 Million Customers
News  |  12/20/2013  | 
Target says data breach issue 'has been resolved,' but customers are up in arms
7 Reasons Why Bitcoin Attacks Will Continue
Quick Hits  |  12/20/2013  | 
Cryptographic currency's rising value makes it an appealing target for cybercrime gangs and crimeware toolkit developers
Yes, In The Internet Of Everything, Things Will Have Passwords
Commentary  |  12/20/2013  | 
Things would have no problem remembering passwords like "[email protected]" But even for things, passwords are less than ideal.
Using NetFlow Data For More Robust Network Security
News  |  12/19/2013  | 
NetFlow can prove a powerful tool for spotting dangerous traffic patterns
7 Reasons Why Bitcoin Attacks Will Continue
News  |  12/19/2013  | 
Cryptographic currency's rising value makes it an appealing target for cybercrime gangs and crimeware toolkit developers.
Target Confirms Hackers Stole 40 Million Credit Cards
News  |  12/19/2013  | 
Hackers' 19-day heist scoops up all ingredients required to make counterfeit cards.
Secure Code Starts With Measuring What Developers Know
Commentary  |  12/19/2013  | 
I recently discovered Ive been teaching blindly about application security. I assumed that I know what students need to learn. Nothing could be further from the truth.
Washington Post Servers Infiltrated, Employee Credentials Stolen
Quick Hits  |  12/18/2013  | 
Newspaper suffers second major breach in three years, Chinese espionage suspected
Intelligence Panel: NSA Should Stop Bulk Storage Of Telephone Metadata
News  |  12/18/2013  | 
Leaks about NSA surveillance during the past year have raised concerns about the agency's practices, but a review panel's recommendations may change the game
Bitcoin Hit By Gameover Malware, Chinese Crackdown
News  |  12/18/2013  | 
China gets tough with exchanges trading Bitcoins, while new malware variant targets Bitcoin customers.
My 5 Wishes For Security In 2014
Commentary  |  12/18/2013  | 
Security skeptic Dave Piscitello tells why his end-of-year InfoSec predictions are like a fine wine.
Android AV Improves But Still Can't Nuke Malware
News  |  12/18/2013  | 
Google doesn't let Android antivirus app makers automatically quarantine and zap malware. Until then it's up to users to stay on their toes to prevent infectio
'ChewBacca' Malware Taps Tor Network
News  |  12/18/2013  | 
Malicious Trojan sporting a Star Wars theme uses Tor anonymizing network to disguise its command-and-control communications.
Cybersecurity Accelerator Set To Fast-Track A New Round Of Startups
Quick Hits  |  12/18/2013  | 
Mach37 accelerator opens a new season of business and funding assistance for cybersecurity startups
5 Ways Cloud Services Can Soothe Security Fears In 2014
News  |  12/17/2013  | 
Companies need cloud providers to delineate responsibilities for the security of data, provide better security information, and encrypt data everywhere
Android AV Improves But Still Can't Nuke Malware
News  |  12/17/2013  | 
Google doesn't let Android antivirus app makers automatically quarantine and zap malware. Until then it's up to users to stay on their toes to prevent infection.
Advanced Power Botnet: Firefox Users, Beware
Quick Hits  |  12/17/2013  | 
Malicious Firefox plugin scans websites for exploitable SQL injection vulnerabilities
Is Mob-Busting RICO Overkill For Combating Cybercrime?
Commentary  |  12/17/2013  | 
The milestone conviction of 22-year-old David Camez for his participation in a Russian-run "carder" forum raises legitimate questions about the role of RICO in taking down cybercrime.
Moving Beyond SIEM For Strong Security Analytics
News  |  12/16/2013  | 
SIEM still a useful tool for infosec, but many argue it shouldn't be the main platform for analytics programs
How To Safely Retire Mobile Devices
News  |  12/16/2013  | 
Once employees bring their new iPads, Androids, to work after Christmas, their older mobile devices must be decommissioned to protect company data
Advanced Power Botnet: Firefox Users, Beware
News  |  12/16/2013  | 
Malicious Firefox plugin scans websites for exploitable SQL injection vulnerabilities.
The State of IT Security: Its Broken
Commentary  |  12/16/2013  | 
Its time to move past the hyperbole of next-gen security and look to new approaches that show enterprises how to understand and assess their unique risks.
Page 1 / 3   >   >>

High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
Making the Case for a Cybersecurity Moon Shot
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  2/19/2019
Register for Dark Reading Newsletters
White Papers
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-02-21
A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime Infrastructure (PI) could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the Secure Sockets Layer (SSL) tunnel established between ISE and PI. The vulnerability is due to...
PUBLISHED: 2019-02-21
MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 1 of 2).
PUBLISHED: 2019-02-21
MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 2 of 2).
PUBLISHED: 2019-02-21
The web interface on FASTGate Fastweb devices with firmware through 0.00.47_FW_200_Askey 2017-05-17 (software through 1.0.1b) exposed a CGI binary that is vulnerable to a command injection vulnerability that can be exploited to achieve remote code execution with root privileges. No authentication is...
PUBLISHED: 2019-02-21
Loop with Unreachable Exit Condition ('Infinite Loop') in McAfee GetSusp (GetSusp) and earlier allows attackers to DoS a manual GetSusp scan via while scanning a specifically crafted file . GetSusp is a free standalone McAfee tool that runs on several versions of Microsoft Windows.