News & Commentary

Content posted in March 2013
Page 1 / 3   >   >>
Got Attitude?
Commentary  |  3/31/2013  | 
Attack attitude: Does China really not care about attribution?
Advanced Persistent Threats: Not-So-Advanced Methods After All
Quick Hits  |  3/29/2013  | 
Cybercriminals are taking a more systematic approach with their attack techniques, new IBM report finds
NSA Director: Information-Sharing Critical To U.S. Cybersecurity
News  |  3/29/2013  | 
NSA Director and U.S. Cyber Command chief Gen. Keith Alexander discusses challenges to protecting U.S. interests in cyberspace
Should Cloud Providers Secure Their Outbound Traffic?
News  |  3/29/2013  | 
As attackers focus on using hosted or virtual servers to power their denial-of-service attacks, calls for a cleaner cloud may become louder
Enterprises Less Confident They Can Stop Targeted Attacks On Their Servers
Quick Hits  |  3/28/2013  | 
New survey shows state of server security so-so
Spamhaus DDoS Attacks: What Business Should Learn
Commentary  |  3/28/2013  | 
What should your company take away from this week's attacks? Lock down unsecured DNS repeaters being exploited by attackers and prep DDoS response plans.
Who Supplies CyberBunker?
Commentary  |  3/28/2013  | 
The hosting company behind CyberBunker, the company allegedly behind the DDOS attacks on Spamhaus, connects to the Internet through other providers. Perhaps the only way to pressure those responsible for the attacks is to put pressure on the upstream providers
5 Steps To Strengthen Information Risk Profiles
News  |  3/28/2013  | 
Make sure you include the right employees and business processes when developing risk management strategy.
Air Force Seeks Stronger Spacecraft Cybersecurity
News  |  3/28/2013  | 
Air Force is looking for cutting-edge research into improved security for spacecraft IT, according to newly released procurement documents.
DDoS Attack Doesn't Spell Internet Doom: 7 Facts
News  |  3/28/2013  | 
Despite a record-setting DDoS attack against anti-spam group Spamhaus, the Internet remains alive and well. Let's break down the key facts.
DDoS Spam Feud Backfires: 'Bulletproof' CyberBunker Busted
News  |  3/28/2013  | 
Stophaus.com campaign and anarchic, allegedly pro-spam Dutch hosting provider have apparently been disrupted via ongoing DDoS attacks.
BlackBerry Balance: The Real Reason To Buy It
Commentary  |  3/28/2013  | 
BlackBerry Z10 is a good phone, but it doesn't get really cool until you use it as both your work and personal phone. BlackBerry 10 has a series of features the company calls "BlackBerry Balance," to make both roles work well and to protect each from the other
Too Scared To Scan
News  |  3/27/2013  | 
Fear of business disruption and downtime often leaves enterprises hesitant to scan the critical applications that hackers are most likely to target in their quest for exploitable vulnerabilities
Web Application Attacks Dominate
Quick Hits  |  3/27/2013  | 
But cloud no less secure than the enterprise, new attack data shows
Misconfigured, Open DNS Servers Used In Record-Breaking DDoS Attack
News  |  3/27/2013  | 
Biggest-ever distributed denial-of-service attack originally aimed at Spamhaus escalates and hits other corners of the Net
Tougher Computer Crime Penalties Sought By U.S. Legislators
News  |  3/27/2013  | 
Draft version of Computer Fraud and Abuse Act includes amendments largely recycled from 2011 DOJ proposals -- and running counter to leading legal experts' demands to narrow anti-hacking laws, critics say.
Bank DDoS Attacks Resume: Wells Fargo Confirms Disruptions
News  |  3/27/2013  | 
Muslim hacktivists continue third wave of takedowns, submit invoice protesting "Innocence of Muslims" video that mocks founder of Islam.
Healthcare Security Improving But Still Needs Treatment
News  |  3/27/2013  | 
First quarter year-over-year data breach numbers declined in 2013, but data security black eyes still a symptom of healthcare's need for improved database security
Follow The Dumb Security Money
Commentary  |  3/26/2013  | 
When security companies raise big funding rounds and spend big bucks at security conferences, be afraid -- very afraid
The Scope Of The Java Problem
Quick Hits  |  3/26/2013  | 
New Websense data highlights why Java is attackers' favorite target: most end users run outdated versions of the app
Honeypot Stings Attackers With Counterattacks
News  |  3/26/2013  | 
Researchers test the controversial concept of hacking back and gathering intelligence on attackers
Congress Curtails Government IT Purchases From China
News  |  3/26/2013  | 
Continuing resolution bars some government agencies from buying IT equipment from Chinese-owned or -subsidized companies without FBI or other approval.
Malware Developers Hijack Chromium Framework
News  |  3/26/2013  | 
Google Chromium project responds by switching to another download site and promising to put new techniques in place to block automated downloads.
Small Suppliers Must Beef Up Security
News  |  3/26/2013  | 
Attacks on small- and midsized businesses are on the rise, particularly against those firms supplying--and thus having access to--larger companies
Don't Make Users A Security Punching Bag
News  |  3/25/2013  | 
Security blame game makes it easy to point the finger at 'dumb' users, but the delivery mechanisms of today's undetectable Web malware will get past even the savviest and most educated users
Arguments Against Security Awareness Are Shortsighted
Commentary  |  3/25/2013  | 
A counterpoint to Bruce Schneier's recent post on security awareness training for users
Mission Impossible: 4 Reasons Compliance Is Impossible
Commentary  |  3/25/2013  | 
Compliance, like security, is not a constant
Putting Out Fires With Gasoline
Commentary  |  3/25/2013  | 
Spending for security and identity products is going up, but here is a sobering thought that should give you pause--our solutions may be part of the problem
How South Korean Bank Malware Spread
News  |  3/25/2013  | 
Attackers used stolen usernames and passwords for legitimate AhnLab Patch Manager accounts, set wiper software for staggered deletes to maximize damage.
Apple Patches Password Reset Vulnerability
Quick Hits  |  3/25/2013  | 
Bug wouldn't have been blocked by Apple's new two-factor iTunes authentication due to system's three-day waiting period
Apple Patches Password Reset Vulnerability
News  |  3/25/2013  | 
Bug wouldn't have been blocked by Apple's new two-factor iTunes authentication due to system's three-day waiting period.
Database Security Restart
Commentary  |  3/25/2013  | 
How to restart your database security program
Monitoring The Nomads In Your Network
News  |  3/22/2013  | 
As more employees bring their own devices into the network, tracking the nomadic technology can be difficult. From basic to sophisticated, options abound, say experts
Data Can Be Recovered From South Korea Data-Wiping Attacks
Quick Hits  |  3/22/2013  | 
Researchers confirm data-destroying malware that hit South Korean media and banks doesn't completely erase data
Who Owns Application Security, Patching In Your Business?
News  |  3/22/2013  | 
Too many organizations lack a formal security plan, leaving applications vulnerable to exploits, warns SANS Institute.
How TeamSpy Turned Legitimate TeamViewer App Into Cyberespionage Tool
News  |  3/22/2013  | 
Attackers abused TeamViewer's functionality as part of their effort to go undetected for years
South Korea Changes Story On Bank Hacks
News  |  3/22/2013  | 
South Korean officials now say there's no evidence that the March 20 attack against banks and television stations was launched from a Chinese IP address.
Microsoft Reports On Patriot Act Data Requests
News  |  3/22/2013  | 
Following Google's lead, Microsoft releases statistics on government requests for user information.
When Active Directory And LDAP Aren't Enough
News  |  3/22/2013  | 
Cloud and mobile pose problems to most enterprise's centerpiece identity and access management technology
NASA Tightens Security In Response To Insider Threat
Quick Hits  |  3/21/2013  | 
NASA shuts down database and tightens restrictions on remote access following the arrest of a Chinese contractor on suspicion of intellectual property theft
South Korea Attackers Set Time Bomb For Data-Destroying Malware
News  |  3/21/2013  | 
Spearphishing email discovered as a possible initial attack vector, malicious Android mobile clue found
NASA Tightens Security In Response To Insider Threat
News  |  3/21/2013  | 
NASA shuts down database and tightens restrictions on remote access following the arrest of a Chinese contractor on suspicion of intellectual property theft.
Hackers Eavesdrop Using Legitimate Remote Control Software
News  |  3/21/2013  | 
For a decade, "TeamSpy" cyber espionage campaign has used TeamViewer software already installed on PCs to eavesdrop on communications and steal data from targets in Eastern Europe.
South Korea Bank Hacks: 7 Key Facts
News  |  3/21/2013  | 
Data-wiping attacks on Windows and Linux computers may have just focused on random targets to cause chaos, security researchers say.
Monitoring And Reporting IT Security Risk In Your Organization
Quick Hits  |  3/21/2013  | 
To implement a risk-based approach to security, you must be able to gauge and report risk. Here are some tips on how to do it right
Genesco Lawsuit Could Shake PCI Compliance Regime To Its Core
News  |  3/21/2013  | 
If courts were to reverse $13 million in fines levied by Visa against the retailer, it could take a lot of wind out of PCI's sails
New Metric Would Score The Impact, Threat Of DDoS To An Enterprise
News  |  3/21/2013  | 
Taking a page from the metrics used to rank tornadoes and software vulnerabilities, attack-mitigation firms look to find a better measure of denial-of-service attacks than bandwidth and duration
'Loud' Data-Annihilation Cyberattacks Hit South Korean Banks, Media Outlets
News  |  3/20/2013  | 
Malware that wiped hard drives of infected machines and attached drives may have been built using GonDad exploit kit
Cisco Reports Some IOS Passwords Weakly Hashed
Commentary  |  3/20/2013  | 
Type 4 plain-text user passwords on Cisco IOS and Cisco IOS XE devices are hashed not according to spec, but with no salt and just one SHA-256 iteration. Working around the problem can be clumsy
South Korean Banks Lose Data In Malware Attack
News  |  3/20/2013  | 
Computer networks at banks and television stations in South Korea froze after targeted malware deleted data from numerous PCs. Was North Korea involved?
Page 1 / 3   >   >>


13 Russians Indicted for Massive Operation to Sway US Election
Kelly Sheridan, Associate Editor, Dark Reading,  2/16/2018
From DevOps to DevSecOps: Structuring Communication for Better Security
Robert Hawk, Privacy & Security Lead at xMatters,  2/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.