News & Commentary

Content posted in March 2013
Page 1 / 3   >   >>
Got Attitude?
Commentary  |  3/31/2013  | 
Attack attitude: Does China really not care about attribution?
Advanced Persistent Threats: Not-So-Advanced Methods After All
Quick Hits  |  3/29/2013  | 
Cybercriminals are taking a more systematic approach with their attack techniques, new IBM report finds
NSA Director: Information-Sharing Critical To U.S. Cybersecurity
News  |  3/29/2013  | 
NSA Director and U.S. Cyber Command chief Gen. Keith Alexander discusses challenges to protecting U.S. interests in cyberspace
Should Cloud Providers Secure Their Outbound Traffic?
News  |  3/29/2013  | 
As attackers focus on using hosted or virtual servers to power their denial-of-service attacks, calls for a cleaner cloud may become louder
Enterprises Less Confident They Can Stop Targeted Attacks On Their Servers
Quick Hits  |  3/28/2013  | 
New survey shows state of server security so-so
Spamhaus DDoS Attacks: What Business Should Learn
Commentary  |  3/28/2013  | 
What should your company take away from this week's attacks? Lock down unsecured DNS repeaters being exploited by attackers and prep DDoS response plans.
Who Supplies CyberBunker?
Commentary  |  3/28/2013  | 
The hosting company behind CyberBunker, the company allegedly behind the DDOS attacks on Spamhaus, connects to the Internet through other providers. Perhaps the only way to pressure those responsible for the attacks is to put pressure on the upstream providers
5 Steps To Strengthen Information Risk Profiles
News  |  3/28/2013  | 
Make sure you include the right employees and business processes when developing risk management strategy.
Air Force Seeks Stronger Spacecraft Cybersecurity
News  |  3/28/2013  | 
Air Force is looking for cutting-edge research into improved security for spacecraft IT, according to newly released procurement documents.
DDoS Attack Doesn't Spell Internet Doom: 7 Facts
News  |  3/28/2013  | 
Despite a record-setting DDoS attack against anti-spam group Spamhaus, the Internet remains alive and well. Let's break down the key facts.
DDoS Spam Feud Backfires: 'Bulletproof' CyberBunker Busted
News  |  3/28/2013  | 
Stophaus.com campaign and anarchic, allegedly pro-spam Dutch hosting provider have apparently been disrupted via ongoing DDoS attacks.
BlackBerry Balance: The Real Reason To Buy It
Commentary  |  3/28/2013  | 
BlackBerry Z10 is a good phone, but it doesn't get really cool until you use it as both your work and personal phone. BlackBerry 10 has a series of features the company calls "BlackBerry Balance," to make both roles work well and to protect each from the other
Too Scared To Scan
News  |  3/27/2013  | 
Fear of business disruption and downtime often leaves enterprises hesitant to scan the critical applications that hackers are most likely to target in their quest for exploitable vulnerabilities
Web Application Attacks Dominate
Quick Hits  |  3/27/2013  | 
But cloud no less secure than the enterprise, new attack data shows
Misconfigured, Open DNS Servers Used In Record-Breaking DDoS Attack
News  |  3/27/2013  | 
Biggest-ever distributed denial-of-service attack originally aimed at Spamhaus escalates and hits other corners of the Net
Tougher Computer Crime Penalties Sought By U.S. Legislators
News  |  3/27/2013  | 
Draft version of Computer Fraud and Abuse Act includes amendments largely recycled from 2011 DOJ proposals -- and running counter to leading legal experts' demands to narrow anti-hacking laws, critics say.
Bank DDoS Attacks Resume: Wells Fargo Confirms Disruptions
News  |  3/27/2013  | 
Muslim hacktivists continue third wave of takedowns, submit invoice protesting "Innocence of Muslims" video that mocks founder of Islam.
Healthcare Security Improving But Still Needs Treatment
News  |  3/27/2013  | 
First quarter year-over-year data breach numbers declined in 2013, but data security black eyes still a symptom of healthcare's need for improved database security
Follow The Dumb Security Money
Commentary  |  3/26/2013  | 
When security companies raise big funding rounds and spend big bucks at security conferences, be afraid -- very afraid
The Scope Of The Java Problem
Quick Hits  |  3/26/2013  | 
New Websense data highlights why Java is attackers' favorite target: most end users run outdated versions of the app
Honeypot Stings Attackers With Counterattacks
News  |  3/26/2013  | 
Researchers test the controversial concept of hacking back and gathering intelligence on attackers
Congress Curtails Government IT Purchases From China
News  |  3/26/2013  | 
Continuing resolution bars some government agencies from buying IT equipment from Chinese-owned or -subsidized companies without FBI or other approval.
Malware Developers Hijack Chromium Framework
News  |  3/26/2013  | 
Google Chromium project responds by switching to another download site and promising to put new techniques in place to block automated downloads.
Small Suppliers Must Beef Up Security
News  |  3/26/2013  | 
Attacks on small- and midsized businesses are on the rise, particularly against those firms supplying--and thus having access to--larger companies
Don't Make Users A Security Punching Bag
News  |  3/25/2013  | 
Security blame game makes it easy to point the finger at 'dumb' users, but the delivery mechanisms of today's undetectable Web malware will get past even the savviest and most educated users
Arguments Against Security Awareness Are Shortsighted
Commentary  |  3/25/2013  | 
A counterpoint to Bruce Schneier's recent post on security awareness training for users
Mission Impossible: 4 Reasons Compliance Is Impossible
Commentary  |  3/25/2013  | 
Compliance, like security, is not a constant
Putting Out Fires With Gasoline
Commentary  |  3/25/2013  | 
Spending for security and identity products is going up, but here is a sobering thought that should give you pause--our solutions may be part of the problem
How South Korean Bank Malware Spread
News  |  3/25/2013  | 
Attackers used stolen usernames and passwords for legitimate AhnLab Patch Manager accounts, set wiper software for staggered deletes to maximize damage.
Apple Patches Password Reset Vulnerability
Quick Hits  |  3/25/2013  | 
Bug wouldn't have been blocked by Apple's new two-factor iTunes authentication due to system's three-day waiting period
Apple Patches Password Reset Vulnerability
News  |  3/25/2013  | 
Bug wouldn't have been blocked by Apple's new two-factor iTunes authentication due to system's three-day waiting period.
Database Security Restart
Commentary  |  3/25/2013  | 
How to restart your database security program
Monitoring The Nomads In Your Network
News  |  3/22/2013  | 
As more employees bring their own devices into the network, tracking the nomadic technology can be difficult. From basic to sophisticated, options abound, say experts
Data Can Be Recovered From South Korea Data-Wiping Attacks
Quick Hits  |  3/22/2013  | 
Researchers confirm data-destroying malware that hit South Korean media and banks doesn't completely erase data
Who Owns Application Security, Patching In Your Business?
News  |  3/22/2013  | 
Too many organizations lack a formal security plan, leaving applications vulnerable to exploits, warns SANS Institute.
How TeamSpy Turned Legitimate TeamViewer App Into Cyberespionage Tool
News  |  3/22/2013  | 
Attackers abused TeamViewer's functionality as part of their effort to go undetected for years
South Korea Changes Story On Bank Hacks
News  |  3/22/2013  | 
South Korean officials now say there's no evidence that the March 20 attack against banks and television stations was launched from a Chinese IP address.
Microsoft Reports On Patriot Act Data Requests
News  |  3/22/2013  | 
Following Google's lead, Microsoft releases statistics on government requests for user information.
When Active Directory And LDAP Aren't Enough
News  |  3/22/2013  | 
Cloud and mobile pose problems to most enterprise's centerpiece identity and access management technology
NASA Tightens Security In Response To Insider Threat
Quick Hits  |  3/21/2013  | 
NASA shuts down database and tightens restrictions on remote access following the arrest of a Chinese contractor on suspicion of intellectual property theft
South Korea Attackers Set Time Bomb For Data-Destroying Malware
News  |  3/21/2013  | 
Spearphishing email discovered as a possible initial attack vector, malicious Android mobile clue found
NASA Tightens Security In Response To Insider Threat
News  |  3/21/2013  | 
NASA shuts down database and tightens restrictions on remote access following the arrest of a Chinese contractor on suspicion of intellectual property theft.
Hackers Eavesdrop Using Legitimate Remote Control Software
News  |  3/21/2013  | 
For a decade, "TeamSpy" cyber espionage campaign has used TeamViewer software already installed on PCs to eavesdrop on communications and steal data from targets in Eastern Europe.
South Korea Bank Hacks: 7 Key Facts
News  |  3/21/2013  | 
Data-wiping attacks on Windows and Linux computers may have just focused on random targets to cause chaos, security researchers say.
Monitoring And Reporting IT Security Risk In Your Organization
Quick Hits  |  3/21/2013  | 
To implement a risk-based approach to security, you must be able to gauge and report risk. Here are some tips on how to do it right
Genesco Lawsuit Could Shake PCI Compliance Regime To Its Core
News  |  3/21/2013  | 
If courts were to reverse $13 million in fines levied by Visa against the retailer, it could take a lot of wind out of PCI's sails
New Metric Would Score The Impact, Threat Of DDoS To An Enterprise
News  |  3/21/2013  | 
Taking a page from the metrics used to rank tornadoes and software vulnerabilities, attack-mitigation firms look to find a better measure of denial-of-service attacks than bandwidth and duration
'Loud' Data-Annihilation Cyberattacks Hit South Korean Banks, Media Outlets
News  |  3/20/2013  | 
Malware that wiped hard drives of infected machines and attached drives may have been built using GonDad exploit kit
Cisco Reports Some IOS Passwords Weakly Hashed
Commentary  |  3/20/2013  | 
Type 4 plain-text user passwords on Cisco IOS and Cisco IOS XE devices are hashed not according to spec, but with no salt and just one SHA-256 iteration. Working around the problem can be clumsy
South Korean Banks Lose Data In Malware Attack
News  |  3/20/2013  | 
Computer networks at banks and television stations in South Korea froze after targeted malware deleted data from numerous PCs. Was North Korea involved?
Page 1 / 3   >   >>


6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
6 Reasons Why Employees Violate Security Policies
Ericka Chickowski, Contributing Writer, Dark Reading,  10/16/2018
Getting Up to Speed with "Always-On SSL"
Tim Callan, Senior Fellow, Comodo CA,  10/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: Too funny!
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.