News & Commentary

Content posted in April 2013
Page 1 / 3   >   >>
Open Source Software Libraries Get Renewed Scrutiny
News  |  4/30/2013  | 
The Open Web Application Security Project adds common software components to its list of threats to spur developers to look more deeply at software libraries
Password Reuse Rampant, But Users Value Security, Survey Says
Quick Hits  |  4/30/2013  | 
More people adopt some online—and mobile—security, but still fail in proper follow-through, according to a new study by Varonis
Chinese Cyberespionage: Brazen, Prolific, And Persistent
News  |  4/30/2013  | 
New research from multiple sources illustrates dominant role of China in cyberespionage
Darkleech Apache Attacks Intensify
News  |  4/30/2013  | 
Security researchers discover hard-to-detect, memory-resident Linux malware compromising Apache servers and redirecting browsers to other infected sites.
10 Top Password Managers
Slideshows  |  4/30/2013  | 
Tired of being stuck in password hell? Consider these password managers that balance security with convenience.
Can You Hack This Smartphone App For £10,000?
News  |  4/30/2013  | 
Redact says its peer-to-peer iPhone messaging app is invulnerable to third-party eavesdropping, and invites you to prove it wrong.
D-Link Camera Security Flaw: Upgrade Now
News  |  4/30/2013  | 
16 vulnerable D-Link IP camera models have password issue that provides a back door, so attackers could intercept live video feed. Get the firmware update.
Building A Detente Between Developers And Security
News  |  4/30/2013  | 
Don't give a long list of software defects to the developers if you value a good working relationship
Recent Breaches More Likely To Result In Fraud
News  |  4/29/2013  | 
A victim whose data is stolen in the past year will have a 1-in-4 chance of becoming a fraud victim as well, says Javelin's latest breach analysis
Big Data Makes A Big Target
Commentary  |  4/29/2013  | 
LivingSocial.com is another in a long line of "big scores" for data attackers
Mobile AV Apps Fail To Detect Disguised Malware
News  |  4/29/2013  | 
Researchers test popular mobile antivirus apps on ability to detect repackaged, transformed versions of known Android malware
LivingSocial Says Cyberattack Puts Data Of 50 Million Customers At Risk
Quick Hits  |  4/29/2013  | 
Shopping and deals site LivingSocial says all customers should change passwords; source of hack undisclosed
Syrian Electronic Army Strikes Again, Hacks Guardian Twitter Accounts
News  |  4/29/2013  | 
Eleven Twitter accounts associated with the newspaper were hijacked
Spamhaus DDoS Suspect Arrested
News  |  4/29/2013  | 
Cyberbunker leader traveled Spain in a van, accessed Wi-Fi hotspots to launch DDoS attacks against anti-spam opponents, Dutch authorities allege.
Syrian Hacktivists Hit Guardian Twitter Feeds
News  |  4/29/2013  | 
Pro-Assad hacktivist group takes over 11 Twitter feeds belonging to British news group, decries "lies and slander about Syria."
Managing Mobile Security In Small And Midsize Businesses
Quick Hits  |  4/29/2013  | 
Wireless devices are a boon to SMB productivity -- and a nightmare for security. Here are some tips for securing them
Tech Insight: Time To Set Up That Honeypot
News  |  4/26/2013  | 
A combination of traditional network security monitoring and recent advancements in honeypot and active defense tools is key to detecting today's threats
U.K. 'Big Brother' Bill Blocked -- For Now
News  |  4/26/2013  | 
Deputy Prime Minister Clegg kills so-called "snooper's charter" bill, which would allow broad government monitoring of private communications. But is the bill really dead?
Email Without A Warrant? Senators Not Sold
News  |  4/26/2013  | 
Update to 1986 Electronic Communications Privacy Act would require police to demonstrate probable cause before accessing someone's email or stored cloud data.
Anonymous Australia Disavows Self-Proclaimed LulzSec Leader
News  |  4/26/2013  | 
Australian police trumpet hacktivist mastermind takedown, but Anonymous dismisses him as a wannabe.
DARPA: New Threats Demand New Technologies
News  |  4/26/2013  | 
Agency shifts focus to layered capabilities and cyber as a tactical weapon, as budget constraints and new threats affect plans.
Cloud Security Starts With Development, Better Tools
News  |  4/26/2013  | 
Companies must train their developers in secure coding and rely on others' expertise for complex components of cloud services and Web applications
Possible Exploit Avenue Discovered For DarkLeech Web Server Attacks
News  |  4/25/2013  | 
A researcher at Cisco has uncovered a possible link between a malicious script and an attack that has compromised thousands of Web servers around the globe
Phishers Hack Hosting Providers To Launch Mass Attacks
Quick Hits  |  4/25/2013  | 
Nearly half of all phishing attacks in the second half of last year came via hacked hosting providers, according to new data from the Anti-Phishing Working Group (APWG)
How Lockheed Martin Phishes Its Own
News  |  4/25/2013  | 
Defense contractor built an internal spearphishing simulation program amid concerns of increasing targeted attacks
Websense Reports First Quarter 2013 Results
News  |  4/25/2013  | 
Reports revenues of $87.5 million, compared with $89.5 million in the first quarter of 2012
California Proposes 'Do Not Track' Honesty Checker
News  |  4/25/2013  | 
After DNT standards development stalls, legislators and advertisers seek new path forward on browser privacy.
AP Twitter Hack: Lessons Learned
News  |  4/25/2013  | 
The bad news: beefing up password info won't save businesses from Twitter account takeover attacks.
How Cybercriminals Attack The Cloud
Quick Hits  |  4/25/2013  | 
What attacks are most likely against cloud computing environments? Here's a look -- and some advice
How To Stop Making Excuses For Poor Application Security Testing
News  |  4/25/2013  | 
Policies, prioritization, and planning can keep obstacles from standing in the way of solid preproduction security testing practices
Security Vendors In The Aftermath Of Targeted Attacks
News  |  4/24/2013  | 
RSA, Microsoft, and Bit9 executives share insights on how the high-profile targeted breaches they suffered have shaped things
VSS Monitoring Offers New Network Packet Broker Platforms
News  |  4/24/2013  | 
vBroker NPB system provides advanced traffic filtering, packet optimization, and offloading of unnecessary processing
Hacking Higher Education
News  |  4/24/2013  | 
The cybersecurity challenge on college campuses lies as much with the students as with malicious outsiders.
When Education Gets Too Virtual
News  |  4/24/2013  | 
Students can use technology to undermine the integrity of education.
(ISC)2 And The Cloud Security Alliance Collaborate To Create New Professional Certification For Cloud Security
News  |  4/24/2013  | 
New credential will build on existing certifications offered by both organizations
Java Flaw Targeted By Crimeware Toolkit: Patch Now
News  |  4/24/2013  | 
Don't wait on this update, Java 7 users. Exploit uses bug, patched by Oracle last week, to execute arbitrary code.
Twitter Preps Two Factor Authentication After AP Hoax
News  |  4/24/2013  | 
Security move follows a rash of high-profile account takeovers, including a hoax tweet from the Associated Press' account about White House explosions.
Many Hacked Businesses Remain Unprepared For The Next Breach
Quick Hits  |  4/24/2013  | 
New Ponemon report finds three-fourths of hacked organizations either have had or expect to have a breach that loses them customers and business partners
Prioritizing Your Database Security Patches
News  |  4/23/2013  | 
Patching databases can be painful, but the presence of critical vulnerabilities can make closing security holes quickly necessary
The Many Faces Of The Verizon Data Breach Investigation Report
Commentary  |  4/23/2013  | 
Verizon's annual data breach report offers volumes of data -- and even more interpretations
Java's Security Renaissance Begins
News  |  4/23/2013  | 
Oracle's decision to delay Java 8 to ensure security is done right is a significant step -- but challenges remain for the troubled platform
Cyber Strikes Like Nuclear Bombs, Says Chinese General
News  |  4/23/2013  | 
Chinese official calls for better Internet security, denies reports that China-affiliated attackers are targeting Western competitors.
Twitter Battles Syrian Hackers
News  |  4/23/2013  | 
Hacking group Syrian Electronic Army seizes CBS Twitter accounts and publishes links to websites that infect visitors with malware.
Should Insiders Really Be Your Biggest Concern?
News  |  4/23/2013  | 
Verizon's Data Breach Investigations Report shows that by volume of breach occurrences, external attackers cause problems the majority of the time
Did The Dog Bark In the Night?
Commentary  |  4/23/2013  | 
What we still don't know, despite the data
Lawsuits Bring Clarity To SMBs In Corporate Account Takeovers
News  |  4/22/2013  | 
Small businesses have had millions of dollars stolen from their accounts by online thieves; court cases have started creating a clear picture of responsibilities
Report: DDoS Attacks Getting Bigger, Faster Than Ever
Quick Hits  |  4/22/2013  | 
DDoS attacks of more than 10 Gbps now happen several times a day across the globe, study says
No 'One Size Fits All' In Data Breaches, New Verizon Report Finds
News  |  4/22/2013  | 
Verizon Data Breach Investigations Report 2013 says financial cybercrime accounting for three-fourths of real-world breaches, followed by cyberespionage in one-fifth of breaches
Chinese Hackers Seek Drone Secrets
News  |  4/22/2013  | 
"Comment Crew" gang that fanned fears of Chinese hacking launches malware that combs for drone technology information.
Scan My Eyeball, Already
Commentary  |  4/22/2013  | 
Could consumers be the catalyst for the password's ultimate demise?
Page 1 / 3   >   >>


Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
What Israel's Elite Defense Force Unit 8200 Can Teach Security about Diversity
Lital Asher-Dotan, Senior Director, Security Research and Content, Cybereason,  5/21/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Shhh!  They're watching... And you have a laptop?  
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-3018
PUBLISHED: 2018-05-24
The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM X-Force ID: 84354.
CVE-2013-3023
PUBLISHED: 2018-05-24
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 might allow remote attackers to obtain sensitive information about Tomcat credentials by sniffing the network for a session in which HTTP is used. IBM X-Force ID: 84361.
CVE-2013-3024
PUBLISHED: 2018-05-24
IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362.
CVE-2018-5674
PUBLISHED: 2018-05-24
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
CVE-2018-5675
PUBLISHED: 2018-05-24
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...