Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management

News & Commentary

Content posted in February 2013
Page 1 / 3   >   >>
SCADA 'Sandbox' Tests Real-World Impact Of Cyberattacks On Critical Infrastructure
News  |  2/28/2013  | 
New testbeds would help operators test software patches as well
Sharpening Endpoint Security
News  |  2/28/2013  | 
China Targets U.S. In Hacking Blame Game
News  |  2/28/2013  | 
Responding to allegations that China regularly hacks U.S. businesses, Chinese government officials claim that 63% of cyber attacks on their military systems in 2012 came from the U.S.
MiniDuke Espionage Malware Uses Twitter To Infect PCs
News  |  2/28/2013  | 
Online espionage campaign sends malicious PDF documents to victims, and the infected PCs use Twitter to install malware that can copy and delete files.
Anonymous: 10 Things We've Learned In 2013
Slideshows  |  2/28/2013  | 
The Anonymous hacker group continues to seek equal measures of revenge, justice and reform -- preferably through chaotic means -- for perceived wrongdoings.
The Best Way To Spend Your Security Budget
Commentary  |  2/28/2013  | 
One SQL injection attack can bring in big bucks. It's a no-brainer that you should make this problem top priority
Pentagon Unveils Secure Mobile Device Plan
Quick Hits  |  2/28/2013  | 
Military releases a new plan to accelerate the adoption of mobile devices and apps for both classified and unclassified use
China's Cyberespionage Will Continue Unabated, Say Experts
News  |  2/27/2013  | 
The U.S. government will be slow to act against aggressors who attack through the Internet, predict policy and China experts at RSA
Solera Networks Achieves Third-Party Validation For Big Data Security Intelligence And Analytics
News  |  2/27/2013  | 
Testing and benchmarking conducted on Solera DeepSee platform
Flash Patch, Take Three: Adobe Issues New Fix
News  |  2/27/2013  | 
With attackers actively targeting zero-day flaws in Flash Reader, Adobe has released its third emergency Flash update this month.
SMS Spam Delivers More Malware, Scams
News  |  2/27/2013  | 
Threats are now often disguised as gift offers, product giveaways, and payment protection insurance.
Segmentation Can Increase Risks If Firewalls Aren't Managed Well
News  |  2/27/2013  | 
The multiplication of internal firewalls to comply with regulations and minimize risk to critical databases and applications has created a rat's nest of firewall configuration issues
2 More Java Zero-Day Vulnerabilities Emerge
Quick Hits  |  2/27/2013  | 
While Oracle investigates reports that two bugs in Java 7 could allow attackers to remotely bypass the sandbox and compromise a system, security experts reiterate: If you don't need Java, turn it off
Stuxnet, The Prequel: Earlier Version Of Cyberweapon Discovered
News  |  2/26/2013  | 
Symantec finds 'missing link' in infamous Stuxnet malware that sabotages another piece of equipment in Iranian nuclear facility--attackers became more aggressive as campaign ensued
2 More Java Zero-Day Vulnerabilities Emerge
News  |  2/26/2013  | 
While Oracle investigates reports that two bugs in Java 7 could allow attackers to remotely bypass the sandbox and compromise a system, security experts reiterate: If you don't need Java, turn it off.
Cloud Security Falls Short ... But Could Be Great
News  |  2/26/2013  | 
A combination of immature security tools, weak partnerships, and a lack of strong commitment to security leaves cloud service firms short of providing strong protections
RSA, Juniper Team Up In Threat Intelligence-Sharing
News  |  2/25/2013  | 
Intelligence-sharing among vendors -- and about attacks on vendors -- key to thwarting today's attacks, officials say
Google Security Vulnerability Allowed Two-Step Verification Bypass
News  |  2/25/2013  | 
Researchers at Duo Security detailed an attack that could have allowed a hacker to hijack a user's Google account
Smartphones, Foolish Security Choices
News  |  2/25/2013  | 
One quarter of smartphone users store "intimate" images on their mobile devices, says security vendor AVG.
Skyhigh Networks Debuts Platform To Discover, Analyze, And Control Cloud Services
News  |  2/25/2013  | 
Skyhigh Networks Cloud Services Manager gives enterprises control over access to cloud services
Same As It Ever Was
Commentary  |  2/25/2013  | 
Trade shows, booth babes, and hype aside -- who are you, and what can you do? That is the question. Enter XACML and ABAC
Microsoft Hacked: Joins Apple, Facebook, Twitter
News  |  2/25/2013  | 
Microsoft's OS X users compromised by watering-hole attack launched from a third-party iOS development site.
IT Security Understaffing Worries CISOs
News  |  2/25/2013  | 
More than two-thirds of execs say current staffing levels pose risks to company safety, according to new study.
Businesses Feel Impact Of IT Security Skill Shortage, Study Finds
Quick Hits  |  2/25/2013  | 
(ISC)2 workforce study shows lack of cybersecurity personnel, resources affects bottom line
CounterTack Announces Sentinel
News  |  2/25/2013  | 
CounterTack Sentinel product applies Deep System Inspection technology to monitoring production systems
OPSEC Lessons From The Courtroom Sidebar
Commentary  |  2/25/2013  | 
Jury duty leads to interesting observations on courtroom technology and operational security practices
Don't Blame China For Security Hacks, Blame Yourself
Commentary  |  2/25/2013  | 
Focus on the sorry state of your information security defenses before worrying about the Chinese, Russians, hacktivists or cybercrime gangs.
Investors Value A Company's Cybersecurity Record
News  |  2/25/2013  | 
New HBGary report says majority of U.S. investors steer clear of investing in companies that have suffered multiple data breaches -- and they worry more about theft of customer data than intellectual property
You're A Piece Of Conference Meat
Commentary  |  2/24/2013  | 
Every year folks get hacked off about seeing booth babes at big industry shows. Yet it seems too many don't understand why these ladies are there and how to disrupt these marketing tactics
Hack On Zendesk Affects Twitter, Pinterest, Tumblr Users
Quick Hits  |  2/22/2013  | 
Customer service software provider Zendesk concedes breach, says its social networking customers' data may have been compromised
More Improvements To SIEM Than Big Data
News  |  2/22/2013  | 
For big companies looking to spend big budgets, the Big Data pitch for security information and event management (SIEM) systems is a good fit. But other improvements are on the way
Move Over, APTs -- The RAM-Based Advanced Volatile Threat Is Spinning Up Fast
News  |  2/22/2013  | 
By attacking random access memory, AVT creators make their exploits less persistent -- and harder to detect
Getting The Most Out Of A GRC Platform
News  |  2/22/2013  | 
While industry talk centers around developing integrated governance, risk, and compliance strategies, most organizations still don't use GRC platforms multidimensionally
Hacktivists Prep For International Open Data Day
News  |  2/22/2013  | 
On Saturday, International Open Data Day, cities around the world will host hackathons in an attempt to reveal useful applications of government data.
Twitter, Tumblr, Pinterest Users Hit In Zendesk Breach
News  |  2/22/2013  | 
Zendesk, which runs a help desk service and hosts customer service portals, alerts users that hackers accessed email addresses and personal data.
NBC Websites Hacked To Serve Citadel Financial Malware
News  |  2/22/2013  | 
RedKit exploit kit launched drive-by malware attacks from NBC websites, targeted vulnerabilities in Java and Adobe Reader.
Is Single Sign-On A Security Tool?
News  |  2/21/2013  | 
SSO has largely been delegated in the eyes of infosec pros as a tool of convenience, but a survey shows IT increasingly viewing it as a security lever
How Best To Break The News To Users That They're A Bot
Quick Hits  |  2/21/2013  | 
Georgia Tech researchers study data from DNSChanger botnet to discern the best way for ISPs to clean up bot infections
White House Cracks Down On Cyberespionage
News  |  2/21/2013  | 
The Obama administration's new strategy to fight intellectual property theft addresses China's prolific hacking of U.S. interests -- but can it really stop the bleeding?
China Denies U.S. Hacking Accusations: 6 Facts
News  |  2/21/2013  | 
Mandiant report says that an elite Chinese military hacking unit is responsible for launching APT attacks against U.S. businesses. Chinese government cries foul.
BK Hack Triggers Twitter Password Smackdown
News  |  2/21/2013  | 
"Operation Whopper" takeover of Burger King and Jeep Twitter accounts, and spoof hacks by MTV and BET, trigger Twitter's "friendly reminder" to use strong passwords.
Identity Fraud Hits Three-Year High; More Than $21 Billion Lost
Quick Hits  |  2/21/2013  | 
More than 12.6 million U.S. victims experienced ID fraud in past year, Javelin study says
PCI Council Offers Clarity On Cloud, Mobile Issues
News  |  2/21/2013  | 
Two new documents released by the council offer guidance on merchant responsibility for cardholder data stored in the cloud, as well as data processed through mobile point-of-sale devices
The Road To Hell Is Authenticated By Facebook
Commentary  |  2/20/2013  | 
OAuth allows us to log into many sites using familiar credentials, from Twitter, Facebook, Google or Microsoft. The main author of the original OAuth 1.0 spec says these giants took it and made OAuth 2.0 a monstrous, complex, and insecure mess that has already brought us significant vulnerabilities
Adobe Fixes Sandbox Flaw Used In Attacks
News  |  2/20/2013  | 
Sandbox will continue to evolve with tighter security, Adobe says
U.S. Trade Secret Strategy Targets Hackers
News  |  2/20/2013  | 
Amidst new reports of theft of intellectual property by Chinese hackers, the White House on Wednesday released a new strategy to fight trade secret theft.
Oxford University Briefly Blocks Google Docs
News  |  2/20/2013  | 
Increase in phishing attacks prompts Oxford University to take "temporary, extreme action."
Attribution Delivers Questionable Security Value
News  |  2/20/2013  | 
Sure, politicians have some fodder for their diplomatic cannons, but do companies gain much from identifying their attackers? Experts debate the merits of attribution
Apple, Facebook Twitter Attacks: 6 Key Facts
News  |  2/20/2013  | 
FBI investigates how hackers compromised an iOS developer website to exploit Java plug-in vulnerabilities and breach major social networking and technology companies.
Dark Reading Launches New Tech Center On Application Security
Commentary  |  2/20/2013  | 
New Dark Reading subsite will offer news, analysis, and commentary on application security issues
Page 1 / 3   >   >>


Windows 10 Migration: Getting It Right
Kevin Alexandra, Principal Solutions Engineer at BeyondTrust,  5/15/2019
Baltimore Ransomware Attack Takes Strange Twist
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/14/2019
When Older Windows Systems Won't Die
Kelly Sheridan, Staff Editor, Dark Reading,  5/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12184
PUBLISHED: 2019-05-19
There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME element, a different vulnerability than CVE-2019-12136.
CVE-2019-12173
PUBLISHED: 2019-05-18
MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138.
CVE-2019-12172
PUBLISHED: 2019-05-17
Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137.
CVE-2019-12168
PUBLISHED: 2019-05-17
Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell (aka Administration > Commands) screen.
CVE-2019-12170
PUBLISHED: 2019-05-17
ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PH...