News & Commentary

Content posted in April 2013
Page 1 / 3   >   >>
Open Source Software Libraries Get Renewed Scrutiny
News  |  4/30/2013  | 
The Open Web Application Security Project adds common software components to its list of threats to spur developers to look more deeply at software libraries
Password Reuse Rampant, But Users Value Security, Survey Says
Quick Hits  |  4/30/2013  | 
More people adopt some online—and mobile—security, but still fail in proper follow-through, according to a new study by Varonis
Chinese Cyberespionage: Brazen, Prolific, And Persistent
News  |  4/30/2013  | 
New research from multiple sources illustrates dominant role of China in cyberespionage
Darkleech Apache Attacks Intensify
News  |  4/30/2013  | 
Security researchers discover hard-to-detect, memory-resident Linux malware compromising Apache servers and redirecting browsers to other infected sites.
10 Top Password Managers
Slideshows  |  4/30/2013  | 
Tired of being stuck in password hell? Consider these password managers that balance security with convenience.
Can You Hack This Smartphone App For £10,000?
News  |  4/30/2013  | 
Redact says its peer-to-peer iPhone messaging app is invulnerable to third-party eavesdropping, and invites you to prove it wrong.
D-Link Camera Security Flaw: Upgrade Now
News  |  4/30/2013  | 
16 vulnerable D-Link IP camera models have password issue that provides a back door, so attackers could intercept live video feed. Get the firmware update.
Building A Detente Between Developers And Security
News  |  4/30/2013  | 
Don't give a long list of software defects to the developers if you value a good working relationship
Recent Breaches More Likely To Result In Fraud
News  |  4/29/2013  | 
A victim whose data is stolen in the past year will have a 1-in-4 chance of becoming a fraud victim as well, says Javelin's latest breach analysis
Big Data Makes A Big Target
Commentary  |  4/29/2013  | 
LivingSocial.com is another in a long line of "big scores" for data attackers
Mobile AV Apps Fail To Detect Disguised Malware
News  |  4/29/2013  | 
Researchers test popular mobile antivirus apps on ability to detect repackaged, transformed versions of known Android malware
LivingSocial Says Cyberattack Puts Data Of 50 Million Customers At Risk
Quick Hits  |  4/29/2013  | 
Shopping and deals site LivingSocial says all customers should change passwords; source of hack undisclosed
Syrian Electronic Army Strikes Again, Hacks Guardian Twitter Accounts
News  |  4/29/2013  | 
Eleven Twitter accounts associated with the newspaper were hijacked
Spamhaus DDoS Suspect Arrested
News  |  4/29/2013  | 
Cyberbunker leader traveled Spain in a van, accessed Wi-Fi hotspots to launch DDoS attacks against anti-spam opponents, Dutch authorities allege.
Syrian Hacktivists Hit Guardian Twitter Feeds
News  |  4/29/2013  | 
Pro-Assad hacktivist group takes over 11 Twitter feeds belonging to British news group, decries "lies and slander about Syria."
Managing Mobile Security In Small And Midsize Businesses
Quick Hits  |  4/29/2013  | 
Wireless devices are a boon to SMB productivity -- and a nightmare for security. Here are some tips for securing them
Tech Insight: Time To Set Up That Honeypot
News  |  4/26/2013  | 
A combination of traditional network security monitoring and recent advancements in honeypot and active defense tools is key to detecting today's threats
U.K. 'Big Brother' Bill Blocked -- For Now
News  |  4/26/2013  | 
Deputy Prime Minister Clegg kills so-called "snooper's charter" bill, which would allow broad government monitoring of private communications. But is the bill really dead?
Email Without A Warrant? Senators Not Sold
News  |  4/26/2013  | 
Update to 1986 Electronic Communications Privacy Act would require police to demonstrate probable cause before accessing someone's email or stored cloud data.
Anonymous Australia Disavows Self-Proclaimed LulzSec Leader
News  |  4/26/2013  | 
Australian police trumpet hacktivist mastermind takedown, but Anonymous dismisses him as a wannabe.
DARPA: New Threats Demand New Technologies
News  |  4/26/2013  | 
Agency shifts focus to layered capabilities and cyber as a tactical weapon, as budget constraints and new threats affect plans.
Cloud Security Starts With Development, Better Tools
News  |  4/26/2013  | 
Companies must train their developers in secure coding and rely on others' expertise for complex components of cloud services and Web applications
Possible Exploit Avenue Discovered For DarkLeech Web Server Attacks
News  |  4/25/2013  | 
A researcher at Cisco has uncovered a possible link between a malicious script and an attack that has compromised thousands of Web servers around the globe
Phishers Hack Hosting Providers To Launch Mass Attacks
Quick Hits  |  4/25/2013  | 
Nearly half of all phishing attacks in the second half of last year came via hacked hosting providers, according to new data from the Anti-Phishing Working Group (APWG)
How Lockheed Martin Phishes Its Own
News  |  4/25/2013  | 
Defense contractor built an internal spearphishing simulation program amid concerns of increasing targeted attacks
Websense Reports First Quarter 2013 Results
News  |  4/25/2013  | 
Reports revenues of $87.5 million, compared with $89.5 million in the first quarter of 2012
California Proposes 'Do Not Track' Honesty Checker
News  |  4/25/2013  | 
After DNT standards development stalls, legislators and advertisers seek new path forward on browser privacy.
AP Twitter Hack: Lessons Learned
News  |  4/25/2013  | 
The bad news: beefing up password info won't save businesses from Twitter account takeover attacks.
How Cybercriminals Attack The Cloud
Quick Hits  |  4/25/2013  | 
What attacks are most likely against cloud computing environments? Here's a look -- and some advice
How To Stop Making Excuses For Poor Application Security Testing
News  |  4/25/2013  | 
Policies, prioritization, and planning can keep obstacles from standing in the way of solid preproduction security testing practices
Security Vendors In The Aftermath Of Targeted Attacks
News  |  4/24/2013  | 
RSA, Microsoft, and Bit9 executives share insights on how the high-profile targeted breaches they suffered have shaped things
VSS Monitoring Offers New Network Packet Broker Platforms
News  |  4/24/2013  | 
vBroker NPB system provides advanced traffic filtering, packet optimization, and offloading of unnecessary processing
Hacking Higher Education
News  |  4/24/2013  | 
The cybersecurity challenge on college campuses lies as much with the students as with malicious outsiders.
When Education Gets Too Virtual
News  |  4/24/2013  | 
Students can use technology to undermine the integrity of education.
(ISC)2 And The Cloud Security Alliance Collaborate To Create New Professional Certification For Cloud Security
News  |  4/24/2013  | 
New credential will build on existing certifications offered by both organizations
Java Flaw Targeted By Crimeware Toolkit: Patch Now
News  |  4/24/2013  | 
Don't wait on this update, Java 7 users. Exploit uses bug, patched by Oracle last week, to execute arbitrary code.
Twitter Preps Two Factor Authentication After AP Hoax
News  |  4/24/2013  | 
Security move follows a rash of high-profile account takeovers, including a hoax tweet from the Associated Press' account about White House explosions.
Many Hacked Businesses Remain Unprepared For The Next Breach
Quick Hits  |  4/24/2013  | 
New Ponemon report finds three-fourths of hacked organizations either have had or expect to have a breach that loses them customers and business partners
Prioritizing Your Database Security Patches
News  |  4/23/2013  | 
Patching databases can be painful, but the presence of critical vulnerabilities can make closing security holes quickly necessary
The Many Faces Of The Verizon Data Breach Investigation Report
Commentary  |  4/23/2013  | 
Verizon's annual data breach report offers volumes of data -- and even more interpretations
Java's Security Renaissance Begins
News  |  4/23/2013  | 
Oracle's decision to delay Java 8 to ensure security is done right is a significant step -- but challenges remain for the troubled platform
Cyber Strikes Like Nuclear Bombs, Says Chinese General
News  |  4/23/2013  | 
Chinese official calls for better Internet security, denies reports that China-affiliated attackers are targeting Western competitors.
Twitter Battles Syrian Hackers
News  |  4/23/2013  | 
Hacking group Syrian Electronic Army seizes CBS Twitter accounts and publishes links to websites that infect visitors with malware.
Should Insiders Really Be Your Biggest Concern?
News  |  4/23/2013  | 
Verizon's Data Breach Investigations Report shows that by volume of breach occurrences, external attackers cause problems the majority of the time
Did The Dog Bark In the Night?
Commentary  |  4/23/2013  | 
What we still don't know, despite the data
Lawsuits Bring Clarity To SMBs In Corporate Account Takeovers
News  |  4/22/2013  | 
Small businesses have had millions of dollars stolen from their accounts by online thieves; court cases have started creating a clear picture of responsibilities
Report: DDoS Attacks Getting Bigger, Faster Than Ever
Quick Hits  |  4/22/2013  | 
DDoS attacks of more than 10 Gbps now happen several times a day across the globe, study says
No 'One Size Fits All' In Data Breaches, New Verizon Report Finds
News  |  4/22/2013  | 
Verizon Data Breach Investigations Report 2013 says financial cybercrime accounting for three-fourths of real-world breaches, followed by cyberespionage in one-fifth of breaches
Chinese Hackers Seek Drone Secrets
News  |  4/22/2013  | 
"Comment Crew" gang that fanned fears of Chinese hacking launches malware that combs for drone technology information.
Scan My Eyeball, Already
Commentary  |  4/22/2013  | 
Could consumers be the catalyst for the password's ultimate demise?
Page 1 / 3   >   >>


Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
7 Free (or Cheap) Ways to Increase Your Cybersecurity Knowledge
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19349
PUBLISHED: 2018-11-17
In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php.
CVE-2018-19350
PUBLISHED: 2018-11-17
In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element.
CVE-2018-19341
PUBLISHED: 2018-11-17
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at FoxitReader...
CVE-2018-19342
PUBLISHED: 2018-11-17
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation starting at U3DBrowser+0x00000000...
CVE-2018-19343
PUBLISHED: 2018-11-17
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read), obtain sensitive information, or possibly have unspecified other impact via a U3D sample because of a "Data from Faul...