News & Commentary
Content posted in February 2013
|
SCADA 'Sandbox' Tests Real-World Impact Of Cyberattacks On Critical Infrastructure
New testbeds would help operators test software patches as well
China Targets U.S. In Hacking Blame Game
Responding to allegations that China regularly hacks U.S.
businesses, Chinese government officials claim that 63% of cyber attacks on their military systems in 2012 came from the U.S.
MiniDuke Espionage Malware Uses Twitter To Infect PCs
Online espionage campaign sends malicious PDF documents to victims, and the infected PCs use Twitter to install malware that can copy and delete files.
Anonymous: 10 Things We've Learned In 2013
The Anonymous hacker group continues to seek equal measures of revenge, justice and reform -- preferably through chaotic means -- for perceived wrongdoings.
The Best Way To Spend Your Security Budget
One SQL injection attack can bring in big bucks. It's a no-brainer that you should make this problem top priority
Pentagon Unveils Secure Mobile Device Plan
Military releases a new plan to accelerate the adoption of mobile devices and apps for both classified and unclassified use
China's Cyberespionage Will Continue Unabated, Say Experts
The U.S. government will be slow to act against aggressors who attack through the Internet, predict policy and China experts at RSA
Solera Networks Achieves Third-Party Validation For Big Data Security Intelligence And Analytics
Testing and benchmarking conducted on Solera DeepSee platform
Flash Patch, Take Three: Adobe Issues New Fix
With attackers actively targeting zero-day flaws in Flash Reader, Adobe has released its third emergency Flash update this month.
SMS Spam Delivers More Malware, Scams
Threats are now often disguised as gift offers, product giveaways, and payment protection insurance.
Segmentation Can Increase Risks If Firewalls Aren't Managed Well
The multiplication of internal firewalls to comply with regulations and minimize risk to critical databases and applications has created a rat's nest of firewall configuration issues
2 More Java Zero-Day Vulnerabilities Emerge
While Oracle investigates reports that two bugs in Java 7 could allow attackers to remotely bypass the sandbox and compromise a system, security experts reiterate: If you don't need Java, turn it off
Stuxnet, The Prequel: Earlier Version Of Cyberweapon Discovered
Symantec finds 'missing link' in infamous Stuxnet malware that sabotages another piece of equipment in Iranian nuclear facility--attackers became more aggressive as campaign ensued
2 More Java Zero-Day Vulnerabilities Emerge
While Oracle investigates reports that two bugs in Java 7 could allow attackers to remotely bypass the sandbox and compromise a system, security experts reiterate: If you don't need Java, turn it off.
Cloud Security Falls Short ... But Could Be Great
A combination of immature security tools, weak partnerships, and a lack of strong commitment to security leaves cloud service firms short of providing strong protections
RSA, Juniper Team Up In Threat Intelligence-Sharing
Intelligence-sharing among vendors -- and about attacks on vendors -- key to thwarting today's attacks, officials say
Google Security Vulnerability Allowed Two-Step Verification Bypass
Researchers at Duo Security detailed an attack that could have allowed a hacker to hijack a user's Google account
Smartphones, Foolish Security Choices
One quarter of smartphone users store "intimate" images on their mobile devices, says security vendor AVG.
Skyhigh Networks Debuts Platform To Discover, Analyze, And Control Cloud Services
Skyhigh Networks Cloud Services Manager gives enterprises control over access to cloud services
Same As It Ever Was
Trade shows, booth babes, and hype aside -- who are you, and what can you do? That is the question. Enter XACML and ABAC
Microsoft Hacked: Joins Apple, Facebook, Twitter
Microsoft's OS X users compromised by watering-hole attack launched from a third-party iOS development site.
IT Security Understaffing Worries CISOs
More than two-thirds of execs say current staffing levels pose risks to company safety, according to new study.
Businesses Feel Impact Of IT Security Skill Shortage, Study Finds
(ISC)2 workforce study shows lack of cybersecurity personnel, resources affects bottom line
CounterTack Announces Sentinel
CounterTack Sentinel product applies Deep System Inspection technology to monitoring production systems
OPSEC Lessons From The Courtroom Sidebar
Jury duty leads to interesting observations on courtroom technology and operational security practices
Don't Blame China For Security Hacks, Blame Yourself
Focus on the sorry state of your information security defenses before worrying about the Chinese, Russians, hacktivists or cybercrime gangs.
Investors Value A Company's Cybersecurity Record
New HBGary report says majority of U.S. investors steer clear of investing in companies that have suffered multiple data breaches -- and they worry more about theft of customer data than intellectual property
You're A Piece Of Conference Meat
Every year folks get hacked off about seeing booth babes at big industry shows. Yet it seems too many don't understand why these ladies are there and how to disrupt these marketing tactics
Hack On Zendesk Affects Twitter, Pinterest, Tumblr Users
Customer service software provider Zendesk concedes breach, says its social networking customers' data may have been compromised
More Improvements To SIEM Than Big Data
For big companies looking to spend big budgets, the Big Data pitch for security information and event management (SIEM) systems is a good fit. But other improvements are on the way
Move Over, APTs -- The RAM-Based Advanced Volatile Threat Is Spinning Up Fast
By attacking random access memory, AVT creators make their exploits less persistent -- and harder to detect
Getting The Most Out Of A GRC Platform
While industry talk centers around developing integrated governance, risk, and compliance strategies, most organizations still don't use GRC platforms multidimensionally
Hacktivists Prep For International Open Data Day
On Saturday, International Open Data Day, cities around the world will host hackathons in an attempt to reveal useful applications of government data.
Twitter, Tumblr, Pinterest Users Hit In Zendesk Breach
Zendesk, which runs a help desk service and hosts customer service portals, alerts users that hackers accessed email addresses and personal data.
NBC Websites Hacked To Serve Citadel Financial Malware
RedKit exploit kit launched drive-by malware attacks from NBC websites, targeted vulnerabilities in Java and Adobe Reader.
Is Single Sign-On A Security Tool?
SSO has largely been delegated in the eyes of infosec pros as a tool of convenience, but a survey shows IT increasingly viewing it as a security lever
How Best To Break The News To Users That They're A Bot
Georgia Tech researchers study data from DNSChanger botnet to discern the best way for ISPs to clean up bot infections
White House Cracks Down On Cyberespionage
The Obama administration's new strategy to fight intellectual property theft addresses China's prolific hacking of U.S. interests -- but can it really stop the bleeding?
China Denies U.S. Hacking Accusations: 6 Facts
Mandiant report says that an elite Chinese military hacking unit is responsible for launching APT attacks against U.S. businesses. Chinese government cries foul.
BK Hack Triggers Twitter Password Smackdown
"Operation Whopper" takeover of Burger King and Jeep Twitter accounts, and spoof hacks by MTV and BET, trigger Twitter's "friendly reminder" to use strong passwords.
Identity Fraud Hits Three-Year High; More Than $21 Billion Lost
More than 12.6 million U.S. victims experienced ID fraud in past year, Javelin study says
PCI Council Offers Clarity On Cloud, Mobile Issues
Two new documents released by the council offer guidance on merchant responsibility for cardholder data stored in the cloud, as well as data processed through mobile point-of-sale devices
The Road To Hell Is Authenticated By Facebook
OAuth allows us to log into many sites using familiar credentials, from Twitter, Facebook, Google or Microsoft. The main author of the original OAuth 1.0 spec says these giants took it and made OAuth 2.0 a monstrous, complex, and insecure mess that has already brought us significant vulnerabilities
Adobe Fixes Sandbox Flaw Used In Attacks
Sandbox will continue to evolve with tighter security, Adobe says
U.S. Trade Secret Strategy Targets Hackers
Amidst new reports of theft of intellectual property by Chinese hackers, the White House on Wednesday released a new strategy to fight trade secret theft.
Oxford University Briefly Blocks Google Docs
Increase in phishing attacks prompts Oxford University to take "temporary, extreme action."
Attribution Delivers Questionable Security Value
Sure, politicians have some fodder for their diplomatic cannons, but do companies gain much from identifying their attackers? Experts debate the merits of attribution
Apple, Facebook Twitter Attacks: 6 Key Facts
FBI investigates how hackers compromised an iOS developer website to exploit Java plug-in vulnerabilities and breach major social networking and technology companies.
Dark Reading Launches New Tech Center On Application Security
New Dark Reading subsite will offer news, analysis, and commentary on application security issues
|
White Papers
Video
3 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I want to tell an NSA joke but I feel like they've heard them all before.
Latest Comment: I want to tell an NSA joke but I feel like they've heard them all before.
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-17948
PUBLISHED: 2018-11-20
PUBLISHED: 2018-11-20
PUBLISHED: 2018-11-20
PUBLISHED: 2018-11-20
PUBLISHED: 2018-11-20
From DHS/US-CERT's National Vulnerability Database CVE-2018-17948
PUBLISHED: 2018-11-20
An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3.
CVE-2018-1779PUBLISHED: 2018-11-20
IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated attacker to cause a denial of service due to not setting limits on JSON payload size. IBM X-Force ID: 148802.
CVE-2018-19367PUBLISHED: 2018-11-20
Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case.
CVE-2018-19335PUBLISHED: 2018-11-20
Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug reports.
CVE-2018-19334PUBLISHED: 2018-11-20
Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axis) can be used to obtain sensitive information about the content of bug reports.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This