News & Commentary

Content posted in May 2013
Page 1 / 3   >   >>
Four Ways SMBs Can Improve Security Through Cloud
News  |  5/31/2013  | 
Small and midsize firms are voracious users of cloud services; a few precautions can make their businesses even more secure
Google, Facebook Told U.K.: We Won't Be Snoops
News  |  5/31/2013  | 
Major U.S. tech firms including Google, Facebook, Twitter, Microsoft and Yahoo! had rejected now-canned U.K. plan to make them archive user traffic, says newspaper.
5 Big Database Breaches Of Spring 2013
News  |  5/30/2013  | 
Learning from the most recent impactful breaches of 2013
Endpoint Security
News  |  5/30/2013  | 
End user security requires layers of tools and training as employees use more devices and apps
Startup To Offer 'Human' Authentication
Quick Hits  |  5/30/2013  | 
Identify Security Software Inc. will launch next week and preview new technology that eschews passwords and biometrics
Hacking The TDoS Attack
News  |  5/30/2013  | 
Rising telephony denial-of-service (TDoS) attacks are not quite as prevalent as a DDoS, but they can be just as deadly
Hacking Firmware And Detecting Backdoors
Commentary  |  5/30/2013  | 
How device manufacturers can limit critical vulnerability discovery, public disclosure, and customer fallout
Ruby On Rails Under Attack
News  |  5/30/2013  | 
Patched vulnerability being exploited in the wild after many developers don't bother to patch
Recent Data Breaches: A Look Back
Quick Hits  |  5/30/2013  | 
Hactivists, cybercriminals take center stage in latest spate of data breaches
Halting Cybercrime Requires Cutting Off Easy Money
News  |  5/30/2013  | 
The crackdown on Liberty Reserve underscores the danger posed by anonymous money transfers using virtual or digital currencies -- a facet of cybercrime increasingly under scrutiny by law enforcement
Black Hat USA Reminds Early Reg Deadline For July Show Ends Friday
News  |  5/29/2013  | 
Organizers are expecting at least 6,500 security industry professionals at the exclusive gathering
Google Sets New 'Aggressive' 7-Day Deadline For Vendors To Reveal Or Fix Zero-Day Bugs Under Attack
News  |  5/29/2013  | 
New policy narrows window for software vendors' public response to zero-day bugs discovered by Google researchers
Will Britain Revive Its 'Snooper's Charter'?
News  |  5/29/2013  | 
Critics claim brutal slaying of soldier on London street could have been prevented by recently vetoed communications monitoring law.
Fact Check: Endpoints Are The New Perimeter
Commentary  |  5/29/2013  | 
Have endpoints been a perimeter and, if so, what should you do?
Thales Wins Secure Public Services Network Deal
News  |  5/29/2013  | 
In high-security PSN deal, Thales Group tapped to run U.K. Insolvency Service.
Anonymous Hacker Jeremy Hammond Pleads Guilty
News  |  5/29/2013  | 
Hammond faces up to 10 years in prison and $2.5 million restitution for Stratfor, law enforcement hacks committed under the banners of Anonymous, AntiSec and LulzSec.
Getting A Jump On Black Hat USA
Commentary  |  5/29/2013  | 
Dark Reading initiates early coverage on July Black Hat USA event, launches dedicated news page
Chinese Cyberspies Access U.S. Military Weapons System Designs
Quick Hits  |  5/29/2013  | 
Confidential report to DoD officials reveals breadth -- and reality -- of Chinese cyberespionage operations against U.S. military interests
3 Lessons From Layered Defense's Missed Attacks
News  |  5/29/2013  | 
Research shows that combining two security products produces widely different improvements in security
Gathering More Security Data From Your Endpoints
News  |  5/28/2013  | 
Endpoint security intelligence and controls have not kept pace with similar visibility and management of the network
Signs Of A Shift To Intel-Driven Defense
News  |  5/28/2013  | 
Organizations such as AIG move away from operations-based to intelligence-driven security strategies, emerging technologies
The Network And Malware, Part Deux
Commentary  |  5/28/2013  | 
Two analysts, one topic
Liberty Reserve Laundered $6 Billion, Say Feds
News  |  5/28/2013  | 
Executives at money-transfer business Liberty Reserve charged with running "bank of choice for the criminal underworld."
Chinese Hackers Stole U.S. Military Secrets
News  |  5/28/2013  | 
"Cyber exploitation" campaign obtained information relating to 29 weapon systems and 21 areas of cutting-edge research.
The Network And The Malware
Commentary  |  5/28/2013  | 
This is the first installment of a two-part series in which Mike Rothman and Wendy Nather will tackle how to use the network for detection, monitoring, and forensics of advanced malware
What Every Database Administrator Should Know About Security
Quick Hits  |  5/28/2013  | 
Database administrators and security people are often at odds with each other. Here are some ways they can get together
Black Hat USA 2013: Complete Coverage
News  |  5/27/2013  | 
Articles leading up to, live coverage from, and post-event analysis of Black Hat USA 2013, July 27 - Aug. 1
Black Hat 2013 Goes Mobile With Reveals As Reg Deadline Approaches
News  |  5/27/2013  | 
Lectures delve deep into technical specifics regarding exploits and rootkits
Black Hat Reveals BlueTooth, SSL Exploit Talks For July Show
News  |  5/27/2013  | 
Each presentation will dip into clever exploits and workarounds for major protocols
Tech Insight: Free Versus Commercial Vulnerability Scanning Tools
News  |  5/24/2013  | 
Free, open-source vulnerability scanning tools are not always cheaper than their commercial counterparts
De-FUD-ing Privileged User Management
Commentary  |  5/24/2013  | 
A helpful contrast shows you what not to do
Google Researcher Reveals Zero-Day Windows Bug
News  |  5/24/2013  | 
Bug hunter criticizes Microsoft's "great hostility" to outside security researchers, releases proof-of-concept exploit for unpatched zero-day Windows vulnerability,
BIOS Bummer: New Malware Can Bypass BIOS Security
News  |  5/23/2013  | 
Researchers expect to release proofs-of-concept at Black Hat that show how malware can infect BIOS, persist past updates, and fool the TPM into thinking everything's fine
Security Pros Fail In Business Lingo
Quick Hits  |  5/23/2013  | 
Survey shows communication breakdown between IT security staffers and business execs
Google Upgrades Encryption In Its SSL Certificates
News  |  5/23/2013  | 
RSA 2048-bit encryption for all Google SSL certs, root certificate
Beware Of The 'Checklist' Penetration Tester
Commentary  |  5/23/2013  | 
A surefire way to spot a novice
DHS Warns Employees Of Potential Breach Of Private Data
News  |  5/23/2013  | 
A vulnerability in software used by a DHS vendor potentially exposed information ranging from Social Security numbers to names and birthdays
Strike Back If China Steals IP, Companies Told
News  |  5/23/2013  | 
Bipartisan report argues that businesses should be allowed to retrieve stolen intellectual property from attackers' networks.
New Focus On Risk, Threat Intelligence Breathes New Life Into GRC Strategies
News  |  5/23/2013  | 
Security is a central driver in enterprise Governance, Risk and Compliance initiatives, experts say
Twitter Adds SMS As Second Factor Of Authentication
Quick Hits  |  5/23/2013  | 
Phone will be second means of verifying user identity, Twitter says
'Hacking' Journalists Case Dredges Up Security Research Legal Debates
News  |  5/22/2013  | 
Telecom firm TerraComm seeks to sue Scripps-Howard journalists for Google searches that uncovered sensitive info freely available online
New Congressional Report Illuminates Attackers' Focus On Electric Grid
News  |  5/22/2013  | 
Regular attack attempts on electricity providers, malware infections threatening the power grid
Barracuda Networks Acquires SignNow To Fuel Cloud Data Storage Growth
News  |  5/22/2013  | 
SignNow by Barracuda allows users to sign and send documents from anywhere or any device
TripWire Introduces Complete NERC Solution Suite
News  |  5/22/2013  | 
Solution automates and streamlines NERC CIP Compliance
Much Ado About PushDo
Commentary  |  5/22/2013  | 
We don't need a stretcher -- we need a mop
Controlling The Risks Of Vulnerable Application Libraries
News  |  5/22/2013  | 
Libraries are easier to use than ever, but they're piling on more risk to the development process
FBI Arrests NYPD Detective On Hacking Charges
News  |  5/22/2013  | 
Detective accused of hiring hackers to obtain webmail access credentials for 30 targets, accessing federal crime-information database without authorization.
The Eight Most Common Causes Of Data Breaches
Quick Hits  |  5/22/2013  | 
Why do bad breaches happen to good companies? Here's a look at the most frequent causes
Myth-Busting SQL- And Other Injection Attacks
News  |  5/21/2013  | 
Black Hat injection-attacks instructor dishes on the complexity of SQL injection and the prevalence of lesser-known injection attacks
Flickr Can Store Any Data, Not Just Photos
News  |  5/21/2013  | 
Flickr offers a terabyte of free data, but, thanks to an outside developer, photographers may not be the only ones who find a way to use that space.
Page 1 / 3   >   >>


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15504
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
CVE-2018-15505
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 a...
CVE-2018-15492
PUBLISHED: 2018-08-18
A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.
CVE-2018-15494
PUBLISHED: 2018-08-18
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
CVE-2018-15495
PUBLISHED: 2018-08-18
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.