Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in May 2013
Page 1 / 3   >   >>
Four Ways SMBs Can Improve Security Through Cloud
News  |  5/31/2013  | 
Small and midsize firms are voracious users of cloud services; a few precautions can make their businesses even more secure
Google, Facebook Told U.K.: We Won't Be Snoops
News  |  5/31/2013  | 
Major U.S. tech firms including Google, Facebook, Twitter, Microsoft and Yahoo! had rejected now-canned U.K. plan to make them archive user traffic, says newspaper.
5 Big Database Breaches Of Spring 2013
News  |  5/30/2013  | 
Learning from the most recent impactful breaches of 2013
Endpoint Security
News  |  5/30/2013  | 
End user security requires layers of tools and training as employees use more devices and apps
Startup To Offer 'Human' Authentication
Quick Hits  |  5/30/2013  | 
Identify Security Software Inc. will launch next week and preview new technology that eschews passwords and biometrics
Hacking The TDoS Attack
News  |  5/30/2013  | 
Rising telephony denial-of-service (TDoS) attacks are not quite as prevalent as a DDoS, but they can be just as deadly
Hacking Firmware And Detecting Backdoors
Commentary  |  5/30/2013  | 
How device manufacturers can limit critical vulnerability discovery, public disclosure, and customer fallout
Ruby On Rails Under Attack
News  |  5/30/2013  | 
Patched vulnerability being exploited in the wild after many developers don't bother to patch
Recent Data Breaches: A Look Back
Quick Hits  |  5/30/2013  | 
Hactivists, cybercriminals take center stage in latest spate of data breaches
Halting Cybercrime Requires Cutting Off Easy Money
News  |  5/30/2013  | 
The crackdown on Liberty Reserve underscores the danger posed by anonymous money transfers using virtual or digital currencies -- a facet of cybercrime increasingly under scrutiny by law enforcement
Black Hat USA Reminds Early Reg Deadline For July Show Ends Friday
News  |  5/29/2013  | 
Organizers are expecting at least 6,500 security industry professionals at the exclusive gathering
Google Sets New 'Aggressive' 7-Day Deadline For Vendors To Reveal Or Fix Zero-Day Bugs Under Attack
News  |  5/29/2013  | 
New policy narrows window for software vendors' public response to zero-day bugs discovered by Google researchers
Will Britain Revive Its 'Snooper's Charter'?
News  |  5/29/2013  | 
Critics claim brutal slaying of soldier on London street could have been prevented by recently vetoed communications monitoring law.
Fact Check: Endpoints Are The New Perimeter
Commentary  |  5/29/2013  | 
Have endpoints been a perimeter and, if so, what should you do?
Thales Wins Secure Public Services Network Deal
News  |  5/29/2013  | 
In high-security PSN deal, Thales Group tapped to run U.K. Insolvency Service.
Anonymous Hacker Jeremy Hammond Pleads Guilty
News  |  5/29/2013  | 
Hammond faces up to 10 years in prison and $2.5 million restitution for Stratfor, law enforcement hacks committed under the banners of Anonymous, AntiSec and LulzSec.
Getting A Jump On Black Hat USA
Commentary  |  5/29/2013  | 
Dark Reading initiates early coverage on July Black Hat USA event, launches dedicated news page
Chinese Cyberspies Access U.S. Military Weapons System Designs
Quick Hits  |  5/29/2013  | 
Confidential report to DoD officials reveals breadth -- and reality -- of Chinese cyberespionage operations against U.S. military interests
3 Lessons From Layered Defense's Missed Attacks
News  |  5/29/2013  | 
Research shows that combining two security products produces widely different improvements in security
Gathering More Security Data From Your Endpoints
News  |  5/28/2013  | 
Endpoint security intelligence and controls have not kept pace with similar visibility and management of the network
Signs Of A Shift To Intel-Driven Defense
News  |  5/28/2013  | 
Organizations such as AIG move away from operations-based to intelligence-driven security strategies, emerging technologies
The Network And Malware, Part Deux
Commentary  |  5/28/2013  | 
Two analysts, one topic
Liberty Reserve Laundered $6 Billion, Say Feds
News  |  5/28/2013  | 
Executives at money-transfer business Liberty Reserve charged with running "bank of choice for the criminal underworld."
Chinese Hackers Stole U.S. Military Secrets
News  |  5/28/2013  | 
"Cyber exploitation" campaign obtained information relating to 29 weapon systems and 21 areas of cutting-edge research.
The Network And The Malware
Commentary  |  5/28/2013  | 
This is the first installment of a two-part series in which Mike Rothman and Wendy Nather will tackle how to use the network for detection, monitoring, and forensics of advanced malware
What Every Database Administrator Should Know About Security
Quick Hits  |  5/28/2013  | 
Database administrators and security people are often at odds with each other. Here are some ways they can get together
Black Hat USA 2013: Complete Coverage
News  |  5/27/2013  | 
Articles leading up to, live coverage from, and post-event analysis of Black Hat USA 2013, July 27 - Aug. 1
Black Hat 2013 Goes Mobile With Reveals As Reg Deadline Approaches
News  |  5/27/2013  | 
Lectures delve deep into technical specifics regarding exploits and rootkits
Black Hat Reveals BlueTooth, SSL Exploit Talks For July Show
News  |  5/27/2013  | 
Each presentation will dip into clever exploits and workarounds for major protocols
Tech Insight: Free Versus Commercial Vulnerability Scanning Tools
News  |  5/24/2013  | 
Free, open-source vulnerability scanning tools are not always cheaper than their commercial counterparts
De-FUD-ing Privileged User Management
Commentary  |  5/24/2013  | 
A helpful contrast shows you what not to do
Google Researcher Reveals Zero-Day Windows Bug
News  |  5/24/2013  | 
Bug hunter criticizes Microsoft's "great hostility" to outside security researchers, releases proof-of-concept exploit for unpatched zero-day Windows vulnerability,
BIOS Bummer: New Malware Can Bypass BIOS Security
News  |  5/23/2013  | 
Researchers expect to release proofs-of-concept at Black Hat that show how malware can infect BIOS, persist past updates, and fool the TPM into thinking everything's fine
Security Pros Fail In Business Lingo
Quick Hits  |  5/23/2013  | 
Survey shows communication breakdown between IT security staffers and business execs
Google Upgrades Encryption In Its SSL Certificates
News  |  5/23/2013  | 
RSA 2048-bit encryption for all Google SSL certs, root certificate
Beware Of The 'Checklist' Penetration Tester
Commentary  |  5/23/2013  | 
A surefire way to spot a novice
DHS Warns Employees Of Potential Breach Of Private Data
News  |  5/23/2013  | 
A vulnerability in software used by a DHS vendor potentially exposed information ranging from Social Security numbers to names and birthdays
Strike Back If China Steals IP, Companies Told
News  |  5/23/2013  | 
Bipartisan report argues that businesses should be allowed to retrieve stolen intellectual property from attackers' networks.
New Focus On Risk, Threat Intelligence Breathes New Life Into GRC Strategies
News  |  5/23/2013  | 
Security is a central driver in enterprise Governance, Risk and Compliance initiatives, experts say
Twitter Adds SMS As Second Factor Of Authentication
Quick Hits  |  5/23/2013  | 
Phone will be second means of verifying user identity, Twitter says
'Hacking' Journalists Case Dredges Up Security Research Legal Debates
News  |  5/22/2013  | 
Telecom firm TerraComm seeks to sue Scripps-Howard journalists for Google searches that uncovered sensitive info freely available online
New Congressional Report Illuminates Attackers' Focus On Electric Grid
News  |  5/22/2013  | 
Regular attack attempts on electricity providers, malware infections threatening the power grid
Barracuda Networks Acquires SignNow To Fuel Cloud Data Storage Growth
News  |  5/22/2013  | 
SignNow by Barracuda allows users to sign and send documents from anywhere or any device
TripWire Introduces Complete NERC Solution Suite
News  |  5/22/2013  | 
Solution automates and streamlines NERC CIP Compliance
Much Ado About PushDo
Commentary  |  5/22/2013  | 
We don't need a stretcher -- we need a mop
Controlling The Risks Of Vulnerable Application Libraries
News  |  5/22/2013  | 
Libraries are easier to use than ever, but they're piling on more risk to the development process
FBI Arrests NYPD Detective On Hacking Charges
News  |  5/22/2013  | 
Detective accused of hiring hackers to obtain webmail access credentials for 30 targets, accessing federal crime-information database without authorization.
The Eight Most Common Causes Of Data Breaches
Quick Hits  |  5/22/2013  | 
Why do bad breaches happen to good companies? Here's a look at the most frequent causes
Myth-Busting SQL- And Other Injection Attacks
News  |  5/21/2013  | 
Black Hat injection-attacks instructor dishes on the complexity of SQL injection and the prevalence of lesser-known injection attacks
Flickr Can Store Any Data, Not Just Photos
News  |  5/21/2013  | 
Flickr offers a terabyte of free data, but, thanks to an outside developer, photographers may not be the only ones who find a way to use that space.
Page 1 / 3   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-31600
PUBLISHED: 2022-07-04
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, where a user with high privileges can chain another vulnerability to this vulnerability, causing an integer overflow, possibly leading to code execution, escalation of privileges, denial of service, compromised integrity, and informat...
CVE-2022-31601
PUBLISHED: 2022-07-04
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmbiosPei, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure.
CVE-2022-31602
PUBLISHED: 2022-07-04
NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with elevated privileges and a preconditioned heap can exploit an out-of-bounds write vulnerability, which may lead to code execution, denial of service, data integrity impact, and information disclosure.
CVE-2022-31603
PUBLISHED: 2022-07-04
NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global data can exploit improper validation of an array index to cause code execution, which may lead to denial of service, data integrity impact, and information disclosu...
CVE-2022-31599
PUBLISHED: 2022-07-04
NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other ...