News & Commentary

Content posted in May 2013
Page 1 / 3   >   >>
Four Ways SMBs Can Improve Security Through Cloud
News  |  5/31/2013  | 
Small and midsize firms are voracious users of cloud services; a few precautions can make their businesses even more secure
Google, Facebook Told U.K.: We Won't Be Snoops
News  |  5/31/2013  | 
Major U.S. tech firms including Google, Facebook, Twitter, Microsoft and Yahoo! had rejected now-canned U.K. plan to make them archive user traffic, says newspaper.
5 Big Database Breaches Of Spring 2013
News  |  5/30/2013  | 
Learning from the most recent impactful breaches of 2013
Endpoint Security
News  |  5/30/2013  | 
End user security requires layers of tools and training as employees use more devices and apps
Startup To Offer 'Human' Authentication
Quick Hits  |  5/30/2013  | 
Identify Security Software Inc. will launch next week and preview new technology that eschews passwords and biometrics
Hacking The TDoS Attack
News  |  5/30/2013  | 
Rising telephony denial-of-service (TDoS) attacks are not quite as prevalent as a DDoS, but they can be just as deadly
Hacking Firmware And Detecting Backdoors
Commentary  |  5/30/2013  | 
How device manufacturers can limit critical vulnerability discovery, public disclosure, and customer fallout
Ruby On Rails Under Attack
News  |  5/30/2013  | 
Patched vulnerability being exploited in the wild after many developers don't bother to patch
Recent Data Breaches: A Look Back
Quick Hits  |  5/30/2013  | 
Hactivists, cybercriminals take center stage in latest spate of data breaches
Halting Cybercrime Requires Cutting Off Easy Money
News  |  5/30/2013  | 
The crackdown on Liberty Reserve underscores the danger posed by anonymous money transfers using virtual or digital currencies -- a facet of cybercrime increasingly under scrutiny by law enforcement
Black Hat USA Reminds Early Reg Deadline For July Show Ends Friday
News  |  5/29/2013  | 
Organizers are expecting at least 6,500 security industry professionals at the exclusive gathering
Google Sets New 'Aggressive' 7-Day Deadline For Vendors To Reveal Or Fix Zero-Day Bugs Under Attack
News  |  5/29/2013  | 
New policy narrows window for software vendors' public response to zero-day bugs discovered by Google researchers
Will Britain Revive Its 'Snooper's Charter'?
News  |  5/29/2013  | 
Critics claim brutal slaying of soldier on London street could have been prevented by recently vetoed communications monitoring law.
Fact Check: Endpoints Are The New Perimeter
Commentary  |  5/29/2013  | 
Have endpoints been a perimeter and, if so, what should you do?
Thales Wins Secure Public Services Network Deal
News  |  5/29/2013  | 
In high-security PSN deal, Thales Group tapped to run U.K. Insolvency Service.
Anonymous Hacker Jeremy Hammond Pleads Guilty
News  |  5/29/2013  | 
Hammond faces up to 10 years in prison and $2.5 million restitution for Stratfor, law enforcement hacks committed under the banners of Anonymous, AntiSec and LulzSec.
Getting A Jump On Black Hat USA
Commentary  |  5/29/2013  | 
Dark Reading initiates early coverage on July Black Hat USA event, launches dedicated news page
Chinese Cyberspies Access U.S. Military Weapons System Designs
Quick Hits  |  5/29/2013  | 
Confidential report to DoD officials reveals breadth -- and reality -- of Chinese cyberespionage operations against U.S. military interests
3 Lessons From Layered Defense's Missed Attacks
News  |  5/29/2013  | 
Research shows that combining two security products produces widely different improvements in security
Gathering More Security Data From Your Endpoints
News  |  5/28/2013  | 
Endpoint security intelligence and controls have not kept pace with similar visibility and management of the network
Signs Of A Shift To Intel-Driven Defense
News  |  5/28/2013  | 
Organizations such as AIG move away from operations-based to intelligence-driven security strategies, emerging technologies
The Network And Malware, Part Deux
Commentary  |  5/28/2013  | 
Two analysts, one topic
Liberty Reserve Laundered $6 Billion, Say Feds
News  |  5/28/2013  | 
Executives at money-transfer business Liberty Reserve charged with running "bank of choice for the criminal underworld."
Chinese Hackers Stole U.S. Military Secrets
News  |  5/28/2013  | 
"Cyber exploitation" campaign obtained information relating to 29 weapon systems and 21 areas of cutting-edge research.
The Network And The Malware
Commentary  |  5/28/2013  | 
This is the first installment of a two-part series in which Mike Rothman and Wendy Nather will tackle how to use the network for detection, monitoring, and forensics of advanced malware
What Every Database Administrator Should Know About Security
Quick Hits  |  5/28/2013  | 
Database administrators and security people are often at odds with each other. Here are some ways they can get together
Black Hat USA 2013: Complete Coverage
News  |  5/27/2013  | 
Articles leading up to, live coverage from, and post-event analysis of Black Hat USA 2013, July 27 - Aug. 1
Black Hat 2013 Goes Mobile With Reveals As Reg Deadline Approaches
News  |  5/27/2013  | 
Lectures delve deep into technical specifics regarding exploits and rootkits
Black Hat Reveals BlueTooth, SSL Exploit Talks For July Show
News  |  5/27/2013  | 
Each presentation will dip into clever exploits and workarounds for major protocols
Tech Insight: Free Versus Commercial Vulnerability Scanning Tools
News  |  5/24/2013  | 
Free, open-source vulnerability scanning tools are not always cheaper than their commercial counterparts
De-FUD-ing Privileged User Management
Commentary  |  5/24/2013  | 
A helpful contrast shows you what not to do
Google Researcher Reveals Zero-Day Windows Bug
News  |  5/24/2013  | 
Bug hunter criticizes Microsoft's "great hostility" to outside security researchers, releases proof-of-concept exploit for unpatched zero-day Windows vulnerability,
BIOS Bummer: New Malware Can Bypass BIOS Security
News  |  5/23/2013  | 
Researchers expect to release proofs-of-concept at Black Hat that show how malware can infect BIOS, persist past updates, and fool the TPM into thinking everything's fine
Security Pros Fail In Business Lingo
Quick Hits  |  5/23/2013  | 
Survey shows communication breakdown between IT security staffers and business execs
Google Upgrades Encryption In Its SSL Certificates
News  |  5/23/2013  | 
RSA 2048-bit encryption for all Google SSL certs, root certificate
Beware Of The 'Checklist' Penetration Tester
Commentary  |  5/23/2013  | 
A surefire way to spot a novice
DHS Warns Employees Of Potential Breach Of Private Data
News  |  5/23/2013  | 
A vulnerability in software used by a DHS vendor potentially exposed information ranging from Social Security numbers to names and birthdays
Strike Back If China Steals IP, Companies Told
News  |  5/23/2013  | 
Bipartisan report argues that businesses should be allowed to retrieve stolen intellectual property from attackers' networks.
New Focus On Risk, Threat Intelligence Breathes New Life Into GRC Strategies
News  |  5/23/2013  | 
Security is a central driver in enterprise Governance, Risk and Compliance initiatives, experts say
Twitter Adds SMS As Second Factor Of Authentication
Quick Hits  |  5/23/2013  | 
Phone will be second means of verifying user identity, Twitter says
'Hacking' Journalists Case Dredges Up Security Research Legal Debates
News  |  5/22/2013  | 
Telecom firm TerraComm seeks to sue Scripps-Howard journalists for Google searches that uncovered sensitive info freely available online
New Congressional Report Illuminates Attackers' Focus On Electric Grid
News  |  5/22/2013  | 
Regular attack attempts on electricity providers, malware infections threatening the power grid
Barracuda Networks Acquires SignNow To Fuel Cloud Data Storage Growth
News  |  5/22/2013  | 
SignNow by Barracuda allows users to sign and send documents from anywhere or any device
TripWire Introduces Complete NERC Solution Suite
News  |  5/22/2013  | 
Solution automates and streamlines NERC CIP Compliance
Much Ado About PushDo
Commentary  |  5/22/2013  | 
We don't need a stretcher -- we need a mop
Controlling The Risks Of Vulnerable Application Libraries
News  |  5/22/2013  | 
Libraries are easier to use than ever, but they're piling on more risk to the development process
FBI Arrests NYPD Detective On Hacking Charges
News  |  5/22/2013  | 
Detective accused of hiring hackers to obtain webmail access credentials for 30 targets, accessing federal crime-information database without authorization.
The Eight Most Common Causes Of Data Breaches
Quick Hits  |  5/22/2013  | 
Why do bad breaches happen to good companies? Here's a look at the most frequent causes
Myth-Busting SQL- And Other Injection Attacks
News  |  5/21/2013  | 
Black Hat injection-attacks instructor dishes on the complexity of SQL injection and the prevalence of lesser-known injection attacks
Flickr Can Store Any Data, Not Just Photos
News  |  5/21/2013  | 
Flickr offers a terabyte of free data, but, thanks to an outside developer, photographers may not be the only ones who find a way to use that space.
Page 1 / 3   >   >>


Microsoft President: Governments Must Cooperate on Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/8/2018
To Click or Not to Click: The Answer Is Easy
Kowsik Guruswamy, Chief Technology Officer at Menlo Security,  11/14/2018
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19279
PUBLISHED: 2018-11-14
PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non-SSD devices, this is limited to a 5-second window and file sizes less than 600 bytes. The effect on SSD devices may be greater.
CVE-2018-19280
PUBLISHED: 2018-11-14
Centreon 3.4.x has XSS via the resource name or macro expression of a poller macro.
CVE-2018-19281
PUBLISHED: 2018-11-14
Centreon 3.4.x allows SNMP trap SQL Injection.
CVE-2018-17960
PUBLISHED: 2018-11-14
CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste.
CVE-2018-19278
PUBLISHED: 2018-11-14
Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed lengt...