Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in March 2013
Page 1 / 3   >   >>
Got Attitude?
Commentary  |  3/31/2013  | 
Attack attitude: Does China really not care about attribution?
Advanced Persistent Threats: Not-So-Advanced Methods After All
Quick Hits  |  3/29/2013  | 
Cybercriminals are taking a more systematic approach with their attack techniques, new IBM report finds
NSA Director: Information-Sharing Critical To U.S. Cybersecurity
News  |  3/29/2013  | 
NSA Director and U.S. Cyber Command chief Gen. Keith Alexander discusses challenges to protecting U.S. interests in cyberspace
Should Cloud Providers Secure Their Outbound Traffic?
News  |  3/29/2013  | 
As attackers focus on using hosted or virtual servers to power their denial-of-service attacks, calls for a cleaner cloud may become louder
Enterprises Less Confident They Can Stop Targeted Attacks On Their Servers
Quick Hits  |  3/28/2013  | 
New survey shows state of server security so-so
Spamhaus DDoS Attacks: What Business Should Learn
Commentary  |  3/28/2013  | 
What should your company take away from this week's attacks? Lock down unsecured DNS repeaters being exploited by attackers and prep DDoS response plans.
Who Supplies CyberBunker?
Commentary  |  3/28/2013  | 
The hosting company behind CyberBunker, the company allegedly behind the DDOS attacks on Spamhaus, connects to the Internet through other providers. Perhaps the only way to pressure those responsible for the attacks is to put pressure on the upstream providers
5 Steps To Strengthen Information Risk Profiles
News  |  3/28/2013  | 
Make sure you include the right employees and business processes when developing risk management strategy.
Air Force Seeks Stronger Spacecraft Cybersecurity
News  |  3/28/2013  | 
Air Force is looking for cutting-edge research into improved security for spacecraft IT, according to newly released procurement documents.
DDoS Attack Doesn't Spell Internet Doom: 7 Facts
News  |  3/28/2013  | 
Despite a record-setting DDoS attack against anti-spam group Spamhaus, the Internet remains alive and well. Let's break down the key facts.
DDoS Spam Feud Backfires: 'Bulletproof' CyberBunker Busted
News  |  3/28/2013  | 
Stophaus.com campaign and anarchic, allegedly pro-spam Dutch hosting provider have apparently been disrupted via ongoing DDoS attacks.
BlackBerry Balance: The Real Reason To Buy It
Commentary  |  3/28/2013  | 
BlackBerry Z10 is a good phone, but it doesn't get really cool until you use it as both your work and personal phone. BlackBerry 10 has a series of features the company calls "BlackBerry Balance," to make both roles work well and to protect each from the other
Too Scared To Scan
News  |  3/27/2013  | 
Fear of business disruption and downtime often leaves enterprises hesitant to scan the critical applications that hackers are most likely to target in their quest for exploitable vulnerabilities
Web Application Attacks Dominate
Quick Hits  |  3/27/2013  | 
But cloud no less secure than the enterprise, new attack data shows
Misconfigured, Open DNS Servers Used In Record-Breaking DDoS Attack
News  |  3/27/2013  | 
Biggest-ever distributed denial-of-service attack originally aimed at Spamhaus escalates and hits other corners of the Net
Tougher Computer Crime Penalties Sought By U.S. Legislators
News  |  3/27/2013  | 
Draft version of Computer Fraud and Abuse Act includes amendments largely recycled from 2011 DOJ proposals -- and running counter to leading legal experts' demands to narrow anti-hacking laws, critics say.
Bank DDoS Attacks Resume: Wells Fargo Confirms Disruptions
News  |  3/27/2013  | 
Muslim hacktivists continue third wave of takedowns, submit invoice protesting "Innocence of Muslims" video that mocks founder of Islam.
Healthcare Security Improving But Still Needs Treatment
News  |  3/27/2013  | 
First quarter year-over-year data breach numbers declined in 2013, but data security black eyes still a symptom of healthcare's need for improved database security
Follow The Dumb Security Money
Commentary  |  3/26/2013  | 
When security companies raise big funding rounds and spend big bucks at security conferences, be afraid -- very afraid
The Scope Of The Java Problem
Quick Hits  |  3/26/2013  | 
New Websense data highlights why Java is attackers' favorite target: most end users run outdated versions of the app
Honeypot Stings Attackers With Counterattacks
News  |  3/26/2013  | 
Researchers test the controversial concept of hacking back and gathering intelligence on attackers
Congress Curtails Government IT Purchases From China
News  |  3/26/2013  | 
Continuing resolution bars some government agencies from buying IT equipment from Chinese-owned or -subsidized companies without FBI or other approval.
Malware Developers Hijack Chromium Framework
News  |  3/26/2013  | 
Google Chromium project responds by switching to another download site and promising to put new techniques in place to block automated downloads.
Small Suppliers Must Beef Up Security
News  |  3/26/2013  | 
Attacks on small- and midsized businesses are on the rise, particularly against those firms supplying--and thus having access to--larger companies
Don't Make Users A Security Punching Bag
News  |  3/25/2013  | 
Security blame game makes it easy to point the finger at 'dumb' users, but the delivery mechanisms of today's undetectable Web malware will get past even the savviest and most educated users
Arguments Against Security Awareness Are Shortsighted
Commentary  |  3/25/2013  | 
A counterpoint to Bruce Schneier's recent post on security awareness training for users
Mission Impossible: 4 Reasons Compliance Is Impossible
Commentary  |  3/25/2013  | 
Compliance, like security, is not a constant
Putting Out Fires With Gasoline
Commentary  |  3/25/2013  | 
Spending for security and identity products is going up, but here is a sobering thought that should give you pause--our solutions may be part of the problem
How South Korean Bank Malware Spread
News  |  3/25/2013  | 
Attackers used stolen usernames and passwords for legitimate AhnLab Patch Manager accounts, set wiper software for staggered deletes to maximize damage.
Apple Patches Password Reset Vulnerability
Quick Hits  |  3/25/2013  | 
Bug wouldn't have been blocked by Apple's new two-factor iTunes authentication due to system's three-day waiting period
Apple Patches Password Reset Vulnerability
News  |  3/25/2013  | 
Bug wouldn't have been blocked by Apple's new two-factor iTunes authentication due to system's three-day waiting period.
Database Security Restart
Commentary  |  3/25/2013  | 
How to restart your database security program
Monitoring The Nomads In Your Network
News  |  3/22/2013  | 
As more employees bring their own devices into the network, tracking the nomadic technology can be difficult. From basic to sophisticated, options abound, say experts
Data Can Be Recovered From South Korea Data-Wiping Attacks
Quick Hits  |  3/22/2013  | 
Researchers confirm data-destroying malware that hit South Korean media and banks doesn't completely erase data
Who Owns Application Security, Patching In Your Business?
News  |  3/22/2013  | 
Too many organizations lack a formal security plan, leaving applications vulnerable to exploits, warns SANS Institute.
How TeamSpy Turned Legitimate TeamViewer App Into Cyberespionage Tool
News  |  3/22/2013  | 
Attackers abused TeamViewer's functionality as part of their effort to go undetected for years
South Korea Changes Story On Bank Hacks
News  |  3/22/2013  | 
South Korean officials now say there's no evidence that the March 20 attack against banks and television stations was launched from a Chinese IP address.
Microsoft Reports On Patriot Act Data Requests
News  |  3/22/2013  | 
Following Google's lead, Microsoft releases statistics on government requests for user information.
When Active Directory And LDAP Aren't Enough
News  |  3/22/2013  | 
Cloud and mobile pose problems to most enterprise's centerpiece identity and access management technology
NASA Tightens Security In Response To Insider Threat
Quick Hits  |  3/21/2013  | 
NASA shuts down database and tightens restrictions on remote access following the arrest of a Chinese contractor on suspicion of intellectual property theft
South Korea Attackers Set Time Bomb For Data-Destroying Malware
News  |  3/21/2013  | 
Spearphishing email discovered as a possible initial attack vector, malicious Android mobile clue found
NASA Tightens Security In Response To Insider Threat
News  |  3/21/2013  | 
NASA shuts down database and tightens restrictions on remote access following the arrest of a Chinese contractor on suspicion of intellectual property theft.
Hackers Eavesdrop Using Legitimate Remote Control Software
News  |  3/21/2013  | 
For a decade, "TeamSpy" cyber espionage campaign has used TeamViewer software already installed on PCs to eavesdrop on communications and steal data from targets in Eastern Europe.
South Korea Bank Hacks: 7 Key Facts
News  |  3/21/2013  | 
Data-wiping attacks on Windows and Linux computers may have just focused on random targets to cause chaos, security researchers say.
Monitoring And Reporting IT Security Risk In Your Organization
Quick Hits  |  3/21/2013  | 
To implement a risk-based approach to security, you must be able to gauge and report risk. Here are some tips on how to do it right
Genesco Lawsuit Could Shake PCI Compliance Regime To Its Core
News  |  3/21/2013  | 
If courts were to reverse $13 million in fines levied by Visa against the retailer, it could take a lot of wind out of PCI's sails
New Metric Would Score The Impact, Threat Of DDoS To An Enterprise
News  |  3/21/2013  | 
Taking a page from the metrics used to rank tornadoes and software vulnerabilities, attack-mitigation firms look to find a better measure of denial-of-service attacks than bandwidth and duration
'Loud' Data-Annihilation Cyberattacks Hit South Korean Banks, Media Outlets
News  |  3/20/2013  | 
Malware that wiped hard drives of infected machines and attached drives may have been built using GonDad exploit kit
Cisco Reports Some IOS Passwords Weakly Hashed
Commentary  |  3/20/2013  | 
Type 4 plain-text user passwords on Cisco IOS and Cisco IOS XE devices are hashed not according to spec, but with no salt and just one SHA-256 iteration. Working around the problem can be clumsy
South Korean Banks Lose Data In Malware Attack
News  |  3/20/2013  | 
Computer networks at banks and television stations in South Korea froze after targeted malware deleted data from numerous PCs. Was North Korea involved?
Page 1 / 3   >   >>


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32606
PUBLISHED: 2021-05-11
In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. (This does not affect earlier versions that lack CAN ISOTP SF_BROADCAST support.)
CVE-2021-3504
PUBLISHED: 2021-05-11
A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to...
CVE-2021-20309
PUBLISHED: 2021-05-11
A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to ...
CVE-2021-20310
PUBLISHED: 2021-05-11
A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this...
CVE-2021-20311
PUBLISHED: 2021-05-11
A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from t...