News & Commentary

Content posted in March 2014
Page 1 / 3   >   >>
Community & A Virtual Handshake
Commentary  |  3/31/2014  | 
A secret handshake means you are part of a shared experience. That's what the Dark Reading community is all about.
Bit Errors & the Internet of Things
Commentary  |  3/31/2014  | 
Internet traffic, misdirected to malicious bitsquatted domains, has plagued computer security for years. The consequences will be even worse for the IoT.
Top Advice for CISOs
Top Advice for CISOs
Dark Reading Videos  |  3/31/2014  | 
Some of the soft skills are the hardest ones for CISOs to deploy.
'Thingularity' Triggers Security Warnings
News  |  3/28/2014  | 
The Internet of Things is creating 50 billion Internet-connected devices. Who is going to keep them updated and secure?
Incident Response Now Shaping Security Operations
News  |  3/28/2014  | 
How an organization reacts to hackers infiltrating its network is becoming the key to damage control for data -- and the corporate image.
Hackers Cash In On ATMs
News  |  3/28/2014  | 
Malware uses text messages and other techniques to infect ATMs and ultimately allow criminals to steal cash.
Flying Naked: Why Most Web Apps Leave You Defenseless
Commentary  |  3/28/2014  | 
Even the best-funded and "mature" corporate AppSec programs aren't testing all their web applications and services. That leaves many applications with no real security in place.
Richard Clarke: Snowden Should Be in Prison
Richard Clarke: Snowden Should Be in Prison
Dark Reading Videos  |  3/28/2014  | 
Former White House cybersecurity advisor says Edward Snowden has jeopardized the United States' national security.
Attacks Rise On Network 'Blind' Spot
News  |  3/27/2014  | 
Interop speaker says DDoS attacks are not the only forms of abuse on the Domain Name Server.
Android Apps Hide Crypto-Currency Mining Malware
News  |  3/27/2014  | 
Apps downloaded by millions from Google Play and Spanish software forums include hidden altcoin-mining software. But criminals aren't getting rich quickly.
MACH37 Funds Six New Security Startups
Quick Hits  |  3/27/2014  | 
The cyberaccelerator MACH37 begins work with six emerging cybersecurity firms.
Welcome To The New Dark Reading
Welcome To The New Dark Reading
Dark Reading Videos  |  3/27/2014  | 
Check out Dark Reading's Tim Wilson and Kelly Jackson Higgins talking about the reason behind the re-launch.
A Cyber History Of The Ukraine Conflict
Commentary  |  3/27/2014  | 
The CTO for the US Cyber Consequences Unit offers a brief lesson in Russian geopolitics and related cyber flare-ups, and explains why we should be concerned.
Welcome To The New Dark Reading Information Security Community
Commentary  |  3/27/2014  | 
InformationWeek and Dark Reading join forces with security professionals to launch an interactive online community.
Richard Clarke: Foreign Governments Not So Surprised by US Snooping
Richard Clarke: Foreign Governments Not So Surprised by US Snooping
Dark Reading Videos  |  3/27/2014  | 
Former White House cybersecurity advisor thinks foreign governments' outrage is largely an act.
Facebook Builds Its Own Threat Modeling System
Quick Hits  |  3/26/2014  | 
The tool helps the social network gather, store, analyze, and react to the latest threats against it.
Experts Question Security Payoff Of Sending Apps To The Cloud
News  |  3/26/2014  | 
Startups offer browsers in the cloud for security, while email and productivity apps are already there.
Finally, Plug & Play Authentication!
Finally, Plug & Play Authentication!
Dark Reading Videos  |  3/26/2014  | 
FIDO Alliance technology will allow enterprises to replace passwords with plug-and-play multifactor authentication.
Don't Put Too Much Faith in Cyberinsurance
Commentary  |  3/26/2014  | 
Cyberinsurance is great for covering discrete costs like breach notifications and legal fees, but don't rely heavily on it for much else.
March Madness: Online Privacy Edition
Commentary  |  3/26/2014  | 
Say hello to the privacy revolution where an emerging backlash is being spurred by NSA spying, mass data collection and plain old common sense.
Cartoon: Strong Passwords
Commentary  |  3/26/2014  | 
Target, PCI Auditor Trustwave Sued By Banks
News  |  3/26/2014  | 
Trustwave apparently certified the retailer as PCI compliant -- but can PCI assessors be held liable for data breaches?
How to Solve the Security Skills Shortage
How to Solve the Security Skills Shortage
Dark Reading Videos  |  3/26/2014  | 
At RSA, security professionals weighed in on how to close the security skills gap -- if there is one -- and solve staffing problems.
Microsoft Outlook Users Face Zero-Day Attack
News  |  3/25/2014  | 
Simply previewing maliciously crafted RTF documents in Outlook triggers exploit of bug present in Windows and Mac versions of Word, Microsoft warns
Outlook Users Face Zero-Day Attack
News  |  3/25/2014  | 
Simply previewing maliciously crafted RTF documents in Outlook triggers exploit of bug present in Windows and Mac versions of Word, Microsoft warns.
Secure Domain Foundation Launches; Will Serve As Forum For DNS Security Data Exchange
Quick Hits  |  3/25/2014  | 
New Secure Domain Foundation will facilitate security information sharing among Internet domain registrars
New Malwarebytes Technology Proactively Protects PCs From Advanced Stealthy Malware
News  |  3/24/2014  | 
Malwarebytes Anti-Malware Premium will support XP users for life
Windows XP: Feds Brace For End Of Support
News  |  3/24/2014  | 
Roughly one in 10 U.S. government PCs still use Windows XP. They will be more vulnerable to attacks when XP support ends on April 8
Former NSA And Google Engineers Launch A New And More Secure Disconnect Search
News  |  3/24/2014  | 
Disconnect Search protects users’ privacy in four ways
Lancope Unveils New Version Of StealthWatch System
News  |  3/24/2014  | 
StealthWatch 6.5 delivers enhanced usability and security analytics
Lumeta Announces Integration With Allgress
News  |  3/24/2014  | 
Integrated solution includes centralized data store
Palo Alto Networks To Acquire Cyvera For Approximately $200 Million
News  |  3/24/2014  | 
Cyvera provides cyberdefense solutions that protect organizations from sophisticated, targeted cyberattacks
New Android Remote Access Tool Highlights Growing Market For Mobile Spyware
News  |  3/21/2014  | 
Researchers discuss the growing market for remote access tools used to target Google Android devices
Symantec Fires CEO In Surprise Move
News  |  3/21/2014  | 
Analysts question security and storage giant's turnaround after the board fires its second CEO in two years
Symantec Fires CEO In Surprise Move
News  |  3/21/2014  | 
Analysts question security and storage giant's turnaround after the board fires its second CEO in two years.
CounterTack Secures Funding From U.S. Army’s OnPoint Technologies
News  |  3/21/2014  | 
CounterTack recently completed its Series B round of funding
CounterTack Secures Additional Financing To Close Out Series B Funding At $15 Million
News  |  3/21/2014  | 
VC unit of Siemens (SFS VC) joins CounterTack investors, including Goldman Sachs, Fairhaven Capital, and a group of private financiers
Bowbridge Software Launches New Content Security Solution For SAP Applications
News  |  3/21/2014  | 
ApplicationSecurity Bridge analyzes user input before the application processes
Google Now Encrypts Gmail Traffic To And From Its Servers
News  |  3/20/2014  | 
Full HTTPS for Gmail traffic aims to allay concerns of cyber-spying
Cryptzone Adds Encrypted Off-Line File Storage To Its Secure Mobile App
News  |  3/20/2014  | 
MAP version 10.3 for Android encrypts individual files as they are saved to a mobile device
IBM Launches New Software And Services To Fight Fraud And Financial Crime
News  |  3/20/2014  | 
Company will help organizations take a holistic approach to mitigate the financial losses caused by fraud while protecting the value of their brands
Luck O' The Irish: Caption Contest Winners Announced
Commentary  |  3/20/2014  | 
A lot of blarney tinged with geek. And the winning caption is...
Will Target Face FTC Probe?
News  |  3/20/2014  | 
Retailer's security practices remain under scrutiny as regulators ponder FTC investigation. Meanwhile, Sony options rights to Hollywood cyber-thriller based on breach story.
NSA Records Billions Of Foreign Phone Calls
News  |  3/20/2014  | 
New disclosures from former NSA contractor Edward Snowden detail the National Security Agency's RETRO system
Stop Targeted Attackers
News  |  3/20/2014  | 
All cyber-attackers aren't equal. Focus more attention on exploits made just for you
A Cybercrime Gang-Software Pirate Mash-Up
News  |  3/19/2014  | 
New report illustrates lucrative market for malware-riddled, pirated software -- and the cost to enterprises
Linux Takeover Artists Fling 35M Spam Messages Daily
News  |  3/19/2014  | 
"Operation Windigo" server takeover campaign controls 10,000 hacked servers, launches millions of spam, malware, and drive-by exploit kit attacks per day
Many Businesses Fail To Disclose Data Breaches
News  |  3/19/2014  | 
Only about 35% of businesses worldwide say they share attack and threat information with others in their industry, even though 77% admit to suffering from a cyberattack.
Linux Takeover Artists Fling 35M Spam Messages Daily
News  |  3/19/2014  | 
"Operation Windigo" server takeover campaign controls 10,000 hacked servers, launches millions of spam, malware, and drive-by exploit kit attacks per day.
Verdasys Closes $12 Million Investment
News  |  3/19/2014  | 
Kenneth Levine joins Verdasys as CEO, replacing Jim Ricotta
Page 1 / 3   >   >>


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15504
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
CVE-2018-15505
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 a...
CVE-2018-15492
PUBLISHED: 2018-08-18
A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.
CVE-2018-15494
PUBLISHED: 2018-08-18
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
CVE-2018-15495
PUBLISHED: 2018-08-18
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.