News & Commentary

Content posted in May 2013
Page 1 / 3   >   >>
Four Ways SMBs Can Improve Security Through Cloud
News  |  5/31/2013  | 
Small and midsize firms are voracious users of cloud services; a few precautions can make their businesses even more secure
Google, Facebook Told U.K.: We Won't Be Snoops
News  |  5/31/2013  | 
Major U.S. tech firms including Google, Facebook, Twitter, Microsoft and Yahoo! had rejected now-canned U.K. plan to make them archive user traffic, says newspaper.
5 Big Database Breaches Of Spring 2013
News  |  5/30/2013  | 
Learning from the most recent impactful breaches of 2013
Endpoint Security
News  |  5/30/2013  | 
End user security requires layers of tools and training as employees use more devices and apps
Startup To Offer 'Human' Authentication
Quick Hits  |  5/30/2013  | 
Identify Security Software Inc. will launch next week and preview new technology that eschews passwords and biometrics
Hacking The TDoS Attack
News  |  5/30/2013  | 
Rising telephony denial-of-service (TDoS) attacks are not quite as prevalent as a DDoS, but they can be just as deadly
Hacking Firmware And Detecting Backdoors
Commentary  |  5/30/2013  | 
How device manufacturers can limit critical vulnerability discovery, public disclosure, and customer fallout
Ruby On Rails Under Attack
News  |  5/30/2013  | 
Patched vulnerability being exploited in the wild after many developers don't bother to patch
Recent Data Breaches: A Look Back
Quick Hits  |  5/30/2013  | 
Hactivists, cybercriminals take center stage in latest spate of data breaches
Halting Cybercrime Requires Cutting Off Easy Money
News  |  5/30/2013  | 
The crackdown on Liberty Reserve underscores the danger posed by anonymous money transfers using virtual or digital currencies -- a facet of cybercrime increasingly under scrutiny by law enforcement
Black Hat USA Reminds Early Reg Deadline For July Show Ends Friday
News  |  5/29/2013  | 
Organizers are expecting at least 6,500 security industry professionals at the exclusive gathering
Google Sets New 'Aggressive' 7-Day Deadline For Vendors To Reveal Or Fix Zero-Day Bugs Under Attack
News  |  5/29/2013  | 
New policy narrows window for software vendors' public response to zero-day bugs discovered by Google researchers
Will Britain Revive Its 'Snooper's Charter'?
News  |  5/29/2013  | 
Critics claim brutal slaying of soldier on London street could have been prevented by recently vetoed communications monitoring law.
Fact Check: Endpoints Are The New Perimeter
Commentary  |  5/29/2013  | 
Have endpoints been a perimeter and, if so, what should you do?
Thales Wins Secure Public Services Network Deal
News  |  5/29/2013  | 
In high-security PSN deal, Thales Group tapped to run U.K. Insolvency Service.
Anonymous Hacker Jeremy Hammond Pleads Guilty
News  |  5/29/2013  | 
Hammond faces up to 10 years in prison and $2.5 million restitution for Stratfor, law enforcement hacks committed under the banners of Anonymous, AntiSec and LulzSec.
Getting A Jump On Black Hat USA
Commentary  |  5/29/2013  | 
Dark Reading initiates early coverage on July Black Hat USA event, launches dedicated news page
Chinese Cyberspies Access U.S. Military Weapons System Designs
Quick Hits  |  5/29/2013  | 
Confidential report to DoD officials reveals breadth -- and reality -- of Chinese cyberespionage operations against U.S. military interests
3 Lessons From Layered Defense's Missed Attacks
News  |  5/29/2013  | 
Research shows that combining two security products produces widely different improvements in security
Gathering More Security Data From Your Endpoints
News  |  5/28/2013  | 
Endpoint security intelligence and controls have not kept pace with similar visibility and management of the network
Signs Of A Shift To Intel-Driven Defense
News  |  5/28/2013  | 
Organizations such as AIG move away from operations-based to intelligence-driven security strategies, emerging technologies
The Network And Malware, Part Deux
Commentary  |  5/28/2013  | 
Two analysts, one topic
Liberty Reserve Laundered $6 Billion, Say Feds
News  |  5/28/2013  | 
Executives at money-transfer business Liberty Reserve charged with running "bank of choice for the criminal underworld."
Chinese Hackers Stole U.S. Military Secrets
News  |  5/28/2013  | 
"Cyber exploitation" campaign obtained information relating to 29 weapon systems and 21 areas of cutting-edge research.
The Network And The Malware
Commentary  |  5/28/2013  | 
This is the first installment of a two-part series in which Mike Rothman and Wendy Nather will tackle how to use the network for detection, monitoring, and forensics of advanced malware
What Every Database Administrator Should Know About Security
Quick Hits  |  5/28/2013  | 
Database administrators and security people are often at odds with each other. Here are some ways they can get together
Black Hat USA 2013: Complete Coverage
News  |  5/27/2013  | 
Articles leading up to, live coverage from, and post-event analysis of Black Hat USA 2013, July 27 - Aug. 1
Black Hat 2013 Goes Mobile With Reveals As Reg Deadline Approaches
News  |  5/27/2013  | 
Lectures delve deep into technical specifics regarding exploits and rootkits
Black Hat Reveals BlueTooth, SSL Exploit Talks For July Show
News  |  5/27/2013  | 
Each presentation will dip into clever exploits and workarounds for major protocols
Tech Insight: Free Versus Commercial Vulnerability Scanning Tools
News  |  5/24/2013  | 
Free, open-source vulnerability scanning tools are not always cheaper than their commercial counterparts
De-FUD-ing Privileged User Management
Commentary  |  5/24/2013  | 
A helpful contrast shows you what not to do
Google Researcher Reveals Zero-Day Windows Bug
News  |  5/24/2013  | 
Bug hunter criticizes Microsoft's "great hostility" to outside security researchers, releases proof-of-concept exploit for unpatched zero-day Windows vulnerability,
BIOS Bummer: New Malware Can Bypass BIOS Security
News  |  5/23/2013  | 
Researchers expect to release proofs-of-concept at Black Hat that show how malware can infect BIOS, persist past updates, and fool the TPM into thinking everything's fine
Security Pros Fail In Business Lingo
Quick Hits  |  5/23/2013  | 
Survey shows communication breakdown between IT security staffers and business execs
Google Upgrades Encryption In Its SSL Certificates
News  |  5/23/2013  | 
RSA 2048-bit encryption for all Google SSL certs, root certificate
Beware Of The 'Checklist' Penetration Tester
Commentary  |  5/23/2013  | 
A surefire way to spot a novice
DHS Warns Employees Of Potential Breach Of Private Data
News  |  5/23/2013  | 
A vulnerability in software used by a DHS vendor potentially exposed information ranging from Social Security numbers to names and birthdays
Strike Back If China Steals IP, Companies Told
News  |  5/23/2013  | 
Bipartisan report argues that businesses should be allowed to retrieve stolen intellectual property from attackers' networks.
New Focus On Risk, Threat Intelligence Breathes New Life Into GRC Strategies
News  |  5/23/2013  | 
Security is a central driver in enterprise Governance, Risk and Compliance initiatives, experts say
Twitter Adds SMS As Second Factor Of Authentication
Quick Hits  |  5/23/2013  | 
Phone will be second means of verifying user identity, Twitter says
'Hacking' Journalists Case Dredges Up Security Research Legal Debates
News  |  5/22/2013  | 
Telecom firm TerraComm seeks to sue Scripps-Howard journalists for Google searches that uncovered sensitive info freely available online
New Congressional Report Illuminates Attackers' Focus On Electric Grid
News  |  5/22/2013  | 
Regular attack attempts on electricity providers, malware infections threatening the power grid
Barracuda Networks Acquires SignNow To Fuel Cloud Data Storage Growth
News  |  5/22/2013  | 
SignNow by Barracuda allows users to sign and send documents from anywhere or any device
TripWire Introduces Complete NERC Solution Suite
News  |  5/22/2013  | 
Solution automates and streamlines NERC CIP Compliance
Much Ado About PushDo
Commentary  |  5/22/2013  | 
We don't need a stretcher -- we need a mop
Controlling The Risks Of Vulnerable Application Libraries
News  |  5/22/2013  | 
Libraries are easier to use than ever, but they're piling on more risk to the development process
FBI Arrests NYPD Detective On Hacking Charges
News  |  5/22/2013  | 
Detective accused of hiring hackers to obtain webmail access credentials for 30 targets, accessing federal crime-information database without authorization.
The Eight Most Common Causes Of Data Breaches
Quick Hits  |  5/22/2013  | 
Why do bad breaches happen to good companies? Here's a look at the most frequent causes
Myth-Busting SQL- And Other Injection Attacks
News  |  5/21/2013  | 
Black Hat injection-attacks instructor dishes on the complexity of SQL injection and the prevalence of lesser-known injection attacks
Flickr Can Store Any Data, Not Just Photos
News  |  5/21/2013  | 
Flickr offers a terabyte of free data, but, thanks to an outside developer, photographers may not be the only ones who find a way to use that space.
Page 1 / 3   >   >>


High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
Making the Case for a Cybersecurity Moon Shot
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  2/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-1659
PUBLISHED: 2019-02-21
A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime Infrastructure (PI) could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the Secure Sockets Layer (SSL) tunnel established between ISE and PI. The vulnerability is due to...
CVE-2019-8983
PUBLISHED: 2019-02-21
MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 1 of 2).
CVE-2019-8984
PUBLISHED: 2019-02-21
MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 2 of 2).
CVE-2018-20122
PUBLISHED: 2019-02-21
The web interface on FASTGate Fastweb devices with firmware through 0.00.47_FW_200_Askey 2017-05-17 (software through 1.0.1b) exposed a CGI binary that is vulnerable to a command injection vulnerability that can be exploited to achieve remote code execution with root privileges. No authentication is...
CVE-2018-6687
PUBLISHED: 2019-02-21
Loop with Unreachable Exit Condition ('Infinite Loop') in McAfee GetSusp (GetSusp) 3.0.0.461 and earlier allows attackers to DoS a manual GetSusp scan via while scanning a specifically crafted file . GetSusp is a free standalone McAfee tool that runs on several versions of Microsoft Windows.