Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in May 2013
Page 1 / 3   >   >>
Four Ways SMBs Can Improve Security Through Cloud
News  |  5/31/2013  | 
Small and midsize firms are voracious users of cloud services; a few precautions can make their businesses even more secure
Google, Facebook Told U.K.: We Won't Be Snoops
News  |  5/31/2013  | 
Major U.S. tech firms including Google, Facebook, Twitter, Microsoft and Yahoo! had rejected now-canned U.K. plan to make them archive user traffic, says newspaper.
5 Big Database Breaches Of Spring 2013
News  |  5/30/2013  | 
Learning from the most recent impactful breaches of 2013
Endpoint Security
News  |  5/30/2013  | 
End user security requires layers of tools and training as employees use more devices and apps
Startup To Offer 'Human' Authentication
Quick Hits  |  5/30/2013  | 
Identify Security Software Inc. will launch next week and preview new technology that eschews passwords and biometrics
Hacking The TDoS Attack
News  |  5/30/2013  | 
Rising telephony denial-of-service (TDoS) attacks are not quite as prevalent as a DDoS, but they can be just as deadly
Hacking Firmware And Detecting Backdoors
Commentary  |  5/30/2013  | 
How device manufacturers can limit critical vulnerability discovery, public disclosure, and customer fallout
Ruby On Rails Under Attack
News  |  5/30/2013  | 
Patched vulnerability being exploited in the wild after many developers don't bother to patch
Recent Data Breaches: A Look Back
Quick Hits  |  5/30/2013  | 
Hactivists, cybercriminals take center stage in latest spate of data breaches
Halting Cybercrime Requires Cutting Off Easy Money
News  |  5/30/2013  | 
The crackdown on Liberty Reserve underscores the danger posed by anonymous money transfers using virtual or digital currencies -- a facet of cybercrime increasingly under scrutiny by law enforcement
Black Hat USA Reminds Early Reg Deadline For July Show Ends Friday
News  |  5/29/2013  | 
Organizers are expecting at least 6,500 security industry professionals at the exclusive gathering
Google Sets New 'Aggressive' 7-Day Deadline For Vendors To Reveal Or Fix Zero-Day Bugs Under Attack
News  |  5/29/2013  | 
New policy narrows window for software vendors' public response to zero-day bugs discovered by Google researchers
Will Britain Revive Its 'Snooper's Charter'?
News  |  5/29/2013  | 
Critics claim brutal slaying of soldier on London street could have been prevented by recently vetoed communications monitoring law.
Fact Check: Endpoints Are The New Perimeter
Commentary  |  5/29/2013  | 
Have endpoints been a perimeter and, if so, what should you do?
Thales Wins Secure Public Services Network Deal
News  |  5/29/2013  | 
In high-security PSN deal, Thales Group tapped to run U.K. Insolvency Service.
Anonymous Hacker Jeremy Hammond Pleads Guilty
News  |  5/29/2013  | 
Hammond faces up to 10 years in prison and $2.5 million restitution for Stratfor, law enforcement hacks committed under the banners of Anonymous, AntiSec and LulzSec.
Getting A Jump On Black Hat USA
Commentary  |  5/29/2013  | 
Dark Reading initiates early coverage on July Black Hat USA event, launches dedicated news page
Chinese Cyberspies Access U.S. Military Weapons System Designs
Quick Hits  |  5/29/2013  | 
Confidential report to DoD officials reveals breadth -- and reality -- of Chinese cyberespionage operations against U.S. military interests
3 Lessons From Layered Defense's Missed Attacks
News  |  5/29/2013  | 
Research shows that combining two security products produces widely different improvements in security
Gathering More Security Data From Your Endpoints
News  |  5/28/2013  | 
Endpoint security intelligence and controls have not kept pace with similar visibility and management of the network
Signs Of A Shift To Intel-Driven Defense
News  |  5/28/2013  | 
Organizations such as AIG move away from operations-based to intelligence-driven security strategies, emerging technologies
The Network And Malware, Part Deux
Commentary  |  5/28/2013  | 
Two analysts, one topic
Liberty Reserve Laundered $6 Billion, Say Feds
News  |  5/28/2013  | 
Executives at money-transfer business Liberty Reserve charged with running "bank of choice for the criminal underworld."
Chinese Hackers Stole U.S. Military Secrets
News  |  5/28/2013  | 
"Cyber exploitation" campaign obtained information relating to 29 weapon systems and 21 areas of cutting-edge research.
The Network And The Malware
Commentary  |  5/28/2013  | 
This is the first installment of a two-part series in which Mike Rothman and Wendy Nather will tackle how to use the network for detection, monitoring, and forensics of advanced malware
What Every Database Administrator Should Know About Security
Quick Hits  |  5/28/2013  | 
Database administrators and security people are often at odds with each other. Here are some ways they can get together
Black Hat USA 2013: Complete Coverage
News  |  5/27/2013  | 
Articles leading up to, live coverage from, and post-event analysis of Black Hat USA 2013, July 27 - Aug. 1
Black Hat 2013 Goes Mobile With Reveals As Reg Deadline Approaches
News  |  5/27/2013  | 
Lectures delve deep into technical specifics regarding exploits and rootkits
Black Hat Reveals BlueTooth, SSL Exploit Talks For July Show
News  |  5/27/2013  | 
Each presentation will dip into clever exploits and workarounds for major protocols
Tech Insight: Free Versus Commercial Vulnerability Scanning Tools
News  |  5/24/2013  | 
Free, open-source vulnerability scanning tools are not always cheaper than their commercial counterparts
De-FUD-ing Privileged User Management
Commentary  |  5/24/2013  | 
A helpful contrast shows you what not to do
Google Researcher Reveals Zero-Day Windows Bug
News  |  5/24/2013  | 
Bug hunter criticizes Microsoft's "great hostility" to outside security researchers, releases proof-of-concept exploit for unpatched zero-day Windows vulnerability,
BIOS Bummer: New Malware Can Bypass BIOS Security
News  |  5/23/2013  | 
Researchers expect to release proofs-of-concept at Black Hat that show how malware can infect BIOS, persist past updates, and fool the TPM into thinking everything's fine
Security Pros Fail In Business Lingo
Quick Hits  |  5/23/2013  | 
Survey shows communication breakdown between IT security staffers and business execs
Google Upgrades Encryption In Its SSL Certificates
News  |  5/23/2013  | 
RSA 2048-bit encryption for all Google SSL certs, root certificate
Beware Of The 'Checklist' Penetration Tester
Commentary  |  5/23/2013  | 
A surefire way to spot a novice
DHS Warns Employees Of Potential Breach Of Private Data
News  |  5/23/2013  | 
A vulnerability in software used by a DHS vendor potentially exposed information ranging from Social Security numbers to names and birthdays
Strike Back If China Steals IP, Companies Told
News  |  5/23/2013  | 
Bipartisan report argues that businesses should be allowed to retrieve stolen intellectual property from attackers' networks.
New Focus On Risk, Threat Intelligence Breathes New Life Into GRC Strategies
News  |  5/23/2013  | 
Security is a central driver in enterprise Governance, Risk and Compliance initiatives, experts say
Twitter Adds SMS As Second Factor Of Authentication
Quick Hits  |  5/23/2013  | 
Phone will be second means of verifying user identity, Twitter says
'Hacking' Journalists Case Dredges Up Security Research Legal Debates
News  |  5/22/2013  | 
Telecom firm TerraComm seeks to sue Scripps-Howard journalists for Google searches that uncovered sensitive info freely available online
New Congressional Report Illuminates Attackers' Focus On Electric Grid
News  |  5/22/2013  | 
Regular attack attempts on electricity providers, malware infections threatening the power grid
Barracuda Networks Acquires SignNow To Fuel Cloud Data Storage Growth
News  |  5/22/2013  | 
SignNow by Barracuda allows users to sign and send documents from anywhere or any device
TripWire Introduces Complete NERC Solution Suite
News  |  5/22/2013  | 
Solution automates and streamlines NERC CIP Compliance
Much Ado About PushDo
Commentary  |  5/22/2013  | 
We don't need a stretcher -- we need a mop
Controlling The Risks Of Vulnerable Application Libraries
News  |  5/22/2013  | 
Libraries are easier to use than ever, but they're piling on more risk to the development process
FBI Arrests NYPD Detective On Hacking Charges
News  |  5/22/2013  | 
Detective accused of hiring hackers to obtain webmail access credentials for 30 targets, accessing federal crime-information database without authorization.
The Eight Most Common Causes Of Data Breaches
Quick Hits  |  5/22/2013  | 
Why do bad breaches happen to good companies? Here's a look at the most frequent causes
Myth-Busting SQL- And Other Injection Attacks
News  |  5/21/2013  | 
Black Hat injection-attacks instructor dishes on the complexity of SQL injection and the prevalence of lesser-known injection attacks
Flickr Can Store Any Data, Not Just Photos
News  |  5/21/2013  | 
Flickr offers a terabyte of free data, but, thanks to an outside developer, photographers may not be the only ones who find a way to use that space.
Page 1 / 3   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8144
PUBLISHED: 2020-04-01
The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. It accepts a request with a URL to firmware u...
CVE-2020-8145
PUBLISHED: 2020-04-01
The UniFi Video Server (Windows) web interface configuration restore functionality at the “backup� and “wizard� endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLIC_GROUP ...
CVE-2020-8146
PUBLISHED: 2020-04-01
In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. The issue was fixed by adjusting the .tsExport folder when the controller is running on Windows and adjusting the SafeDllSearchMode in the win...
CVE-2020-6009
PUBLISHED: 2020-04-01
LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauthenticated SQL Injection.
CVE-2020-6096
PUBLISHED: 2020-04-01
An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker ...