News & Commentary

Content posted in April 2014
Page 1 / 2   >   >>
Sefnit Botnet Swaps Tor for SSH
News  |  4/30/2014  | 
Facebook security researchers spot a Sefnit/Mevade click-fraud and Bitcoin-mining botnet returning to its previous SSH command-and-control communications infrastructure.
How Enterprises Can Harvest The Knowledge Of Security-Focused Venture Capitalists
News  |  4/30/2014  | 
Tomorrows game-changing security startups are meeting with investors today. Here are some tips on how you take advantage of smart guidance from venture funding firms.
Post-Heartbleed: When Not To Change Your Password
Commentary  |  4/30/2014  | 
One takeaway from Heartbleed is that conventional wisdom about the need to periodically change passwords is wrong.
European Police Seek Cybercrime Triage
News  |  4/30/2014  | 
Many organized cybercrime gangs operate beyond European and US borders -- or jurisdiction -- thus making online crime eradication impossible.
Consumers Ditch Their Breached Retailers, Banks and Doctors
Quick Hits  |  4/29/2014  | 
New survey shows how data breaches do affect some consumers' buying decisions.
What Not To Do In a Cyberattack
News  |  4/29/2014  | 
How to keep calm and avoid common mistakes in an incident response operation.
New IE Zero-Day Prompts More Calls to Ditch Windows XP
News  |  4/29/2014  | 
Experts call for Windows XP users running IE to be mindful that they should upgrade to a new system supported by Microsoft.
AOL Subscriber Data Stolen: You've Got Pwned
News  |  4/29/2014  | 
Change passwords and security questions now, AOL warns subscribers. For everyone else, treat all emails from AOL addresses with suspicion.
Mobile & Social: The Tipping Point For Cybercrime
Commentary  |  4/29/2014  | 
Spamming and scamming has moved to social media in full force, according to new research on the Twittersphere from Trend Micro.
Microsoft Warns Of Zero-Day Vulnerability In Internet Explorer
Quick Hits  |  4/28/2014  | 
Zero-day security vulnerability in IE 6-11 could allow remote code execution even if the user doesn't click on anything, Microsoft says.
The Failures of Internet Governance
The Failures of Internet Governance
Dark Reading Videos  |  4/28/2014  | 
Snooping and cybercrime exacerbate the problem of having a world without borders inside a world with many borders.
SEC Requests Financial Firms' Security Details
News  |  4/28/2014  | 
SEC asks 50 businesses for copies of their security policies, procedures, and controls in an effort to help the industry bolster cybersecurity protection.
Organized Crime Group Scams US Companies Out Of Millions
Quick Hits  |  4/28/2014  | 
Social engineering attack tricks companies into large wire transfers.
Why Bug Bounties Are The New Normal
Commentary  |  4/28/2014  | 
Bug bounties today are big business. Find out how crowdsourcing is changing the dynamics of independent security research and vulnerability disclosure.
FBI Warning Highlights Healthcare's Security Infancy
News  |  4/25/2014  | 
Cyberattacks likely to increase against healthcare providers, FBI warns, and experts say it's no surprise since industry's security posture is about a decade behind that of the financial services sector.
After Heartbleed, Tech Giants Fund Open Source Security
News  |  4/25/2014  | 
In the wake of the Heartbleed vulnerability, 12 tech giants -- including Facebook, Google, IBM, and Microsoft -- each pledge $100,000 annually to improve core open source technology such as OpenSSL.
Data Security: Think Outside The Box
Commentary  |  4/25/2014  | 
What the public and private sector can learn from each other's data security priorities is an exercise in nuance that is well worth the effort. Here's why.
Employees Slacking on Security of Their Mobile Devices
Quick Hits  |  4/24/2014  | 
A survey says that 15% say they had a password compromised.
FBI Informant Sabu Tied To Foreign Attacks
News  |  4/24/2014  | 
Report triggers questions about FBI's apparent use of a zero-day vulnerability, and whether campaign was designed to amass intelligence on foreign targets.
Venture Capital: The Lifeblood Behind Security Innovation
News  |  4/24/2014  | 
Want to know where the next generation of IT security innovation and technology is coming from? Follow the money.
Report: Some Retail Firms Still Don't Recognize Cyber Security Risks
Quick Hits  |  4/24/2014  | 
Nearly 10 percent of retail firms have not reported any cyber security exposure to the SEC since 2011, Willis Group says.
How To Detect Heartbleed Mutations
Commentary  |  4/24/2014  | 
The nightmare of Heartbleed is not the chaos of fixing the bug. It's identifying hundreds, possibly thousands, of small mutations still hiding in the network.
Intelligence-Sharing Suffers Growing Pains
News  |  4/23/2014  | 
For most organizations, intelligence-sharing remains mainly ad-hoc and informal -- and thus fraught with frustration and pitfalls, new report from Ponemon finds.
Android Heartbleed Alert: 150 Million Apps Still Vulnerable
News  |  4/23/2014  | 
Android developers are starting to patch OpenSSL flaws. Meanwhile, Apple ships an SSL fix for iOS and OS X.
Workplace Data Privacy Vs. Security: The New Balance
Commentary  |  4/23/2014  | 
Is it time to rethink the traditional lock-down approach to employee use of corporate networks at work?
Michaels Data Breach Response: 7 Facts
News  |  4/22/2014  | 
Could the retailer have done more to spot the eight-month intrusion in the first place?
Bots Attack US Mainly During Dinnertime
Quick Hits  |  4/22/2014  | 
Most bot-infected machines hail from the US and wage attacks there between 6 and 9 p.m. Eastern Time, new report finds.
7 Tips To Improve 'Signal-to-Noise' In The SOC
Commentary  |  4/22/2014  | 
When security analysts are desensitized to alerts because of sheer volume, they miss the true positives that can prevent a large-scale data breach. Here's how to up your game.
Free Scanning Tool Promises To Find Heartbleed On Any Device
Quick Hits  |  4/22/2014  | 
CrowdStrike says tool identifies the flaw on web servers, VPNs, servers, routers, printers, and phones.
Stolen Passwords Used In Most Data Breaches
News  |  4/22/2014  | 
New Verizon 2014 Data Breach Investigations Report identifies nine types of attack patterns that accounted for 93 percent of security incidents in the past decade.
FAQ: Understanding The True Price of Encryption
Commentary  |  4/21/2014  | 
In the wake of recent events like Heartbleed, the search for cost-effective, easy, and scalable encryption solutions has never been more important.
Heartbleed Attack Targeted Enterprise VPN
News  |  4/21/2014  | 
Attack spotted using the OpenSSL Heartbleed bug to steal session tokens and bypass two-factor authentication.
Michaels Retail Chain Reveals Details Of Breach: Nearly 3M Affected
Quick Hits  |  4/18/2014  | 
Attack on point-of-sale systems went on for more than six months, officials say.
Poll: Dark Reading Community Acts On Heartbleed
Commentary  |  4/18/2014  | 
Roughly 60 percent of respondents to our flash poll have installed the Heartbeat fix or are in the process of doing so.
Heartbleed: A Password Manager Reality Check
News  |  4/18/2014  | 
Is a password manager an effective defense against vulnerabilities like Heartbleed, or just another way to lose data to hackers?
Phishers Recruit Home PCs
News  |  4/18/2014  | 
Residential broadband machines spotted hosting phishing attacks.
SQL Injection Cleanup Takes Two Months or More
Quick Hits  |  4/17/2014  | 
A new report highlights the prevalence and persistence of SQL injection attacks.
Satellite Communications Wide Open To Hackers
News  |  4/17/2014  | 
Satellite terminals widely used in transportation, military, and industrial plants contain backdoors, hardcoded credentials, weak encryption algorithms, and other design flaws, a new report says.
11 Heartbleed Facts: Vulnerability Discovery, Mitigation Continue
News  |  4/17/2014  | 
Millions of websites, applications from Cisco and VMware, Google Play apps, as well as millions of Android devices are vulnerable -- and the list keeps growing.
Microsoft Delays Enterprise Windows 8.1 Support Doomsday
News  |  4/17/2014  | 
Responding to criticism, Microsoft gives businesses until August to adopt Windows 8.1 Update and continue receiving security updates. Consumers still face May 13 deadline.
How A Little Obscurity Can Bolster Security
Commentary  |  4/17/2014  | 
Most security professionals deride the idea of "security by obscurity." Is it time to re-evaluate the conventional wisdom?
Did A Faulty Memory Feature Lead To Heartbleed?
News  |  4/16/2014  | 
Debate arises over an older memory allocation feature in OpenSSL, and the OpenBSD community starts to tear down and revise the crypto software for its own use.
The Real Wakeup Call From Heartbleed
Commentary  |  4/16/2014  | 
There's nothing special about Heartbleed. Its another flaw in a popular library that exposed a lot of servers to attack. The danger lies in the way software libraries are built and whether they can be trusted.
Mobility: Who Bears The Brunt Of Data Security & Privacy
Commentary  |  4/16/2014  | 
OS manufacturers, app developers, and consumers all have a role to play in smartphone data security. But not everyone is equally responsible.
Don't Blame It On The Web Programming Platform
Quick Hits  |  4/15/2014  | 
New data shows no one Web development platform generates more vulnerabilities than another -- and website security is still a problem.
White House Details Zero-Day Bug Policy
News  |  4/15/2014  | 
NSA denies prior knowledge of the Heartbleed vulnerability, but the White House reserves the right to withhold zero-day exploit information in some cases involving security or law enforcement.
Active Directory Is Dead: 3 Reasons
Commentary  |  4/15/2014  | 
These days, Active Directory smells gangrenous to innovative companies born in the cloud and connecting customers, employees, and partners across devices at light speed.
Heartbleed's Intranet & VPN Connection
News  |  4/14/2014  | 
How the game-changing crypto bug affects internal servers, clients, and VPN networks -- and what to do about it.
Akamai Withdraws Proposed Heartbleed Patch
News  |  4/14/2014  | 
As researchers demonstrate OpenSSL bug exploits that retrieve private keys, Akamai rescinds a patch suggestion for the SSL/TLS library after a security researcher punches holes in it.
CIO Vs. CSO: Allies Or Enemies?
Commentary  |  4/14/2014  | 
In the wake of the Target breach it's clear that the CIO and CSO must have clear boundaries of responsibility and equal representation in the board room.
Page 1 / 2   >   >>


Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
Charlie Miller, Senior Vice President, The Santa Fe Group,  5/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11232
PUBLISHED: 2018-05-18
The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable.
CVE-2017-15855
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, the camera application triggers "user-memory-access" issue as the Camera CPP module Linux driver directly accesses the application provided buffer, which resides in u...
CVE-2018-3567
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WLAN while processing the HTT_T2H_MSG_TYPE_PEER_MAP or HTT_T2H_MSG_TYPE_PEER_UNMAP messages.
CVE-2018-3568
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, in __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur.
CVE-2018-5827
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WLAN while processing an extscan hotlist event.