News & Commentary

Content posted in February 2013
Page 1 / 3   >   >>
SCADA 'Sandbox' Tests Real-World Impact Of Cyberattacks On Critical Infrastructure
News  |  2/28/2013  | 
New testbeds would help operators test software patches as well
Sharpening Endpoint Security
News  |  2/28/2013  | 
China Targets U.S. In Hacking Blame Game
News  |  2/28/2013  | 
Responding to allegations that China regularly hacks U.S. businesses, Chinese government officials claim that 63% of cyber attacks on their military systems in 2012 came from the U.S.
MiniDuke Espionage Malware Uses Twitter To Infect PCs
News  |  2/28/2013  | 
Online espionage campaign sends malicious PDF documents to victims, and the infected PCs use Twitter to install malware that can copy and delete files.
Anonymous: 10 Things We've Learned In 2013
Slideshows  |  2/28/2013  | 
The Anonymous hacker group continues to seek equal measures of revenge, justice and reform -- preferably through chaotic means -- for perceived wrongdoings.
The Best Way To Spend Your Security Budget
Commentary  |  2/28/2013  | 
One SQL injection attack can bring in big bucks. It's a no-brainer that you should make this problem top priority
Pentagon Unveils Secure Mobile Device Plan
Quick Hits  |  2/28/2013  | 
Military releases a new plan to accelerate the adoption of mobile devices and apps for both classified and unclassified use
China's Cyberespionage Will Continue Unabated, Say Experts
News  |  2/27/2013  | 
The U.S. government will be slow to act against aggressors who attack through the Internet, predict policy and China experts at RSA
Solera Networks Achieves Third-Party Validation For Big Data Security Intelligence And Analytics
News  |  2/27/2013  | 
Testing and benchmarking conducted on Solera DeepSee platform
Flash Patch, Take Three: Adobe Issues New Fix
News  |  2/27/2013  | 
With attackers actively targeting zero-day flaws in Flash Reader, Adobe has released its third emergency Flash update this month.
SMS Spam Delivers More Malware, Scams
News  |  2/27/2013  | 
Threats are now often disguised as gift offers, product giveaways, and payment protection insurance.
Segmentation Can Increase Risks If Firewalls Aren't Managed Well
News  |  2/27/2013  | 
The multiplication of internal firewalls to comply with regulations and minimize risk to critical databases and applications has created a rat's nest of firewall configuration issues
2 More Java Zero-Day Vulnerabilities Emerge
Quick Hits  |  2/27/2013  | 
While Oracle investigates reports that two bugs in Java 7 could allow attackers to remotely bypass the sandbox and compromise a system, security experts reiterate: If you don't need Java, turn it off
Stuxnet, The Prequel: Earlier Version Of Cyberweapon Discovered
News  |  2/26/2013  | 
Symantec finds 'missing link' in infamous Stuxnet malware that sabotages another piece of equipment in Iranian nuclear facility--attackers became more aggressive as campaign ensued
2 More Java Zero-Day Vulnerabilities Emerge
News  |  2/26/2013  | 
While Oracle investigates reports that two bugs in Java 7 could allow attackers to remotely bypass the sandbox and compromise a system, security experts reiterate: If you don't need Java, turn it off.
Cloud Security Falls Short ... But Could Be Great
News  |  2/26/2013  | 
A combination of immature security tools, weak partnerships, and a lack of strong commitment to security leaves cloud service firms short of providing strong protections
RSA, Juniper Team Up In Threat Intelligence-Sharing
News  |  2/25/2013  | 
Intelligence-sharing among vendors -- and about attacks on vendors -- key to thwarting today's attacks, officials say
Google Security Vulnerability Allowed Two-Step Verification Bypass
News  |  2/25/2013  | 
Researchers at Duo Security detailed an attack that could have allowed a hacker to hijack a user's Google account
Smartphones, Foolish Security Choices
News  |  2/25/2013  | 
One quarter of smartphone users store "intimate" images on their mobile devices, says security vendor AVG.
Skyhigh Networks Debuts Platform To Discover, Analyze, And Control Cloud Services
News  |  2/25/2013  | 
Skyhigh Networks Cloud Services Manager gives enterprises control over access to cloud services
Same As It Ever Was
Commentary  |  2/25/2013  | 
Trade shows, booth babes, and hype aside -- who are you, and what can you do? That is the question. Enter XACML and ABAC
Microsoft Hacked: Joins Apple, Facebook, Twitter
News  |  2/25/2013  | 
Microsoft's OS X users compromised by watering-hole attack launched from a third-party iOS development site.
IT Security Understaffing Worries CISOs
News  |  2/25/2013  | 
More than two-thirds of execs say current staffing levels pose risks to company safety, according to new study.
Businesses Feel Impact Of IT Security Skill Shortage, Study Finds
Quick Hits  |  2/25/2013  | 
(ISC)2 workforce study shows lack of cybersecurity personnel, resources affects bottom line
CounterTack Announces Sentinel
News  |  2/25/2013  | 
CounterTack Sentinel product applies Deep System Inspection technology to monitoring production systems
OPSEC Lessons From The Courtroom Sidebar
Commentary  |  2/25/2013  | 
Jury duty leads to interesting observations on courtroom technology and operational security practices
Don't Blame China For Security Hacks, Blame Yourself
Commentary  |  2/25/2013  | 
Focus on the sorry state of your information security defenses before worrying about the Chinese, Russians, hacktivists or cybercrime gangs.
Investors Value A Company's Cybersecurity Record
News  |  2/25/2013  | 
New HBGary report says majority of U.S. investors steer clear of investing in companies that have suffered multiple data breaches -- and they worry more about theft of customer data than intellectual property
You're A Piece Of Conference Meat
Commentary  |  2/24/2013  | 
Every year folks get hacked off about seeing booth babes at big industry shows. Yet it seems too many don't understand why these ladies are there and how to disrupt these marketing tactics
Hack On Zendesk Affects Twitter, Pinterest, Tumblr Users
Quick Hits  |  2/22/2013  | 
Customer service software provider Zendesk concedes breach, says its social networking customers' data may have been compromised
More Improvements To SIEM Than Big Data
News  |  2/22/2013  | 
For big companies looking to spend big budgets, the Big Data pitch for security information and event management (SIEM) systems is a good fit. But other improvements are on the way
Move Over, APTs -- The RAM-Based Advanced Volatile Threat Is Spinning Up Fast
News  |  2/22/2013  | 
By attacking random access memory, AVT creators make their exploits less persistent -- and harder to detect
Getting The Most Out Of A GRC Platform
News  |  2/22/2013  | 
While industry talk centers around developing integrated governance, risk, and compliance strategies, most organizations still don't use GRC platforms multidimensionally
Hacktivists Prep For International Open Data Day
News  |  2/22/2013  | 
On Saturday, International Open Data Day, cities around the world will host hackathons in an attempt to reveal useful applications of government data.
Twitter, Tumblr, Pinterest Users Hit In Zendesk Breach
News  |  2/22/2013  | 
Zendesk, which runs a help desk service and hosts customer service portals, alerts users that hackers accessed email addresses and personal data.
NBC Websites Hacked To Serve Citadel Financial Malware
News  |  2/22/2013  | 
RedKit exploit kit launched drive-by malware attacks from NBC websites, targeted vulnerabilities in Java and Adobe Reader.
Is Single Sign-On A Security Tool?
News  |  2/21/2013  | 
SSO has largely been delegated in the eyes of infosec pros as a tool of convenience, but a survey shows IT increasingly viewing it as a security lever
How Best To Break The News To Users That They're A Bot
Quick Hits  |  2/21/2013  | 
Georgia Tech researchers study data from DNSChanger botnet to discern the best way for ISPs to clean up bot infections
White House Cracks Down On Cyberespionage
News  |  2/21/2013  | 
The Obama administration's new strategy to fight intellectual property theft addresses China's prolific hacking of U.S. interests -- but can it really stop the bleeding?
China Denies U.S. Hacking Accusations: 6 Facts
News  |  2/21/2013  | 
Mandiant report says that an elite Chinese military hacking unit is responsible for launching APT attacks against U.S. businesses. Chinese government cries foul.
BK Hack Triggers Twitter Password Smackdown
News  |  2/21/2013  | 
"Operation Whopper" takeover of Burger King and Jeep Twitter accounts, and spoof hacks by MTV and BET, trigger Twitter's "friendly reminder" to use strong passwords.
Identity Fraud Hits Three-Year High; More Than $21 Billion Lost
Quick Hits  |  2/21/2013  | 
More than 12.6 million U.S. victims experienced ID fraud in past year, Javelin study says
PCI Council Offers Clarity On Cloud, Mobile Issues
News  |  2/21/2013  | 
Two new documents released by the council offer guidance on merchant responsibility for cardholder data stored in the cloud, as well as data processed through mobile point-of-sale devices
The Road To Hell Is Authenticated By Facebook
Commentary  |  2/20/2013  | 
OAuth allows us to log into many sites using familiar credentials, from Twitter, Facebook, Google or Microsoft. The main author of the original OAuth 1.0 spec says these giants took it and made OAuth 2.0 a monstrous, complex, and insecure mess that has already brought us significant vulnerabilities
Adobe Fixes Sandbox Flaw Used In Attacks
News  |  2/20/2013  | 
Sandbox will continue to evolve with tighter security, Adobe says
U.S. Trade Secret Strategy Targets Hackers
News  |  2/20/2013  | 
Amidst new reports of theft of intellectual property by Chinese hackers, the White House on Wednesday released a new strategy to fight trade secret theft.
Oxford University Briefly Blocks Google Docs
News  |  2/20/2013  | 
Increase in phishing attacks prompts Oxford University to take "temporary, extreme action."
Attribution Delivers Questionable Security Value
News  |  2/20/2013  | 
Sure, politicians have some fodder for their diplomatic cannons, but do companies gain much from identifying their attackers? Experts debate the merits of attribution
Apple, Facebook Twitter Attacks: 6 Key Facts
News  |  2/20/2013  | 
FBI investigates how hackers compromised an iOS developer website to exploit Java plug-in vulnerabilities and breach major social networking and technology companies.
Dark Reading Launches New Tech Center On Application Security
Commentary  |  2/20/2013  | 
New Dark Reading subsite will offer news, analysis, and commentary on application security issues
Page 1 / 3   >   >>


New Bluetooth Hack Affects Millions of Vehicles
Dark Reading Staff 11/16/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17948
PUBLISHED: 2018-11-20
An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3.
CVE-2018-1779
PUBLISHED: 2018-11-20
IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated attacker to cause a denial of service due to not setting limits on JSON payload size. IBM X-Force ID: 148802.
CVE-2018-19367
PUBLISHED: 2018-11-20
Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case.
CVE-2018-19335
PUBLISHED: 2018-11-20
Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug reports.
CVE-2018-19334
PUBLISHED: 2018-11-20
Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axis) can be used to obtain sensitive information about the content of bug reports.