Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in May 2013
<<   <   Page 2 / 3   >   >>
Google Aurora Hack Was Chinese Counterespionage Operation
News  |  5/21/2013  | 
Attackers were after U.S. government surveillance requests for undercover Chinese operatives, say former government officials.
APT Attacks Trace To India, Researcher Says
News  |  5/21/2013  | 
Multi-year hacking campaign targeted mining companies, legal firms, Pakistan, Angolan dissidents and others in Pakistan, the U.S., Iran, China and Germany.
IDs Of 22 Million At Risk Following Breach At Yahoo Japan
Quick Hits  |  5/21/2013  | 
Yahoo Japan officials say they "can't deny the possibility" of epic data breach
Even SMBs Should Look To Log Management For Security
News  |  5/21/2013  | 
A firewall, patch procedure, anti-malware and, possibly, an IDS are a good start. But to detect breaches, small and medium businesses should focus on logging activity and looking out for suspicious behavior
'Commercialized' Cyberespionage Attacks Out Of India Targeting U.S., Pakistan, China, And Others
News  |  5/20/2013  | 
Operation Hangover signals new franchise model in cyberespionage with cyberspying services for hire
Yahoo Japan Data Breach: 22M Accounts Exposed
News  |  5/20/2013  | 
Yahoo breach could have compromised 10% of all Yahoo user credentials. Meanwhile, Syrian Electronic Army targets The Financial Times.
Focused Black Hat 2013 Trainings Examine Incident Response, Malware
News  |  5/20/2013  | 
Infosec trainings aim to provide needed skills to properly respond to incidents large and small
Black Hat 2013 Showcases Home Security, Bootkits, Cellular OPSEC Failures
News  |  5/20/2013  | 
Black Hat announces three more featured talks
Google, DISA Launch User ID Pilot
News  |  5/20/2013  | 
Defense Department and Google pilot test seeks more secure ways to authenticate users on commercial cloud services.
Rethinking Identity Management
Commentary  |  5/20/2013  | 
Secret identities are a good thing. Multiple identities? Not so much
Strategies For Improving Web Application Security
Quick Hits  |  5/20/2013  | 
Web apps are essential to your business -- and easy targets for hackers. Here are some tips for keeping them secure
Large Attacks Hide More Subtle Threats In DDoS Data
News  |  5/18/2013  | 
While distributed denial-of-service attacks topping 100 Gbps garner the headlines, they are not the threat that should worry most companies
Why Database Monitoring?
Commentary  |  5/17/2013  | 
Hoping other people detect your breach before you lose millions is not a good strategy
Pakistan Hit By Targeted Attack Out Of India
Quick Hits  |  5/17/2013  | 
Information-stealing malware campaign spreads via phishing email attachments posing as Indian military secrets
Mapping Compliance Proof To Risk-Based Controls
News  |  5/17/2013  | 
Risk-based security decisions usually yield more secure environments, but some harmonization with regulations needs to be done to prove compliance
Pushdo Botnet Morphs To Elude Hunters
News  |  5/16/2013  | 
U.S., other national government agencies, contractors, and military networks found housing new Pushdo bots as botnet adds stealthier features to evade detection, takedown
Boston Children's Hospital Tackles Teen Records Privacy
News  |  5/16/2013  | 
Boston Children's Hospital's pioneering approach would bar parents from seeing sensitive portions of their children's personal health records.
LulzSec Hackers Get Prison Time in U.K. For Cyberattacks
News  |  5/16/2013  | 
Prison time marks the end of a prominent chapter in hacktivist history, one security researcher says
The Future Of Web Authentication
News  |  5/16/2013  | 
After years of relying on passwords, technology vendors -- and enterprises -- are ready for new methods of proving user identity.
DARPA Seeks Situational Awareness Tech
News  |  5/16/2013  | 
Agency reaches out to vendors for technology concepts that could help soldiers react to situations without getting too close to danger.
LulzSec Hackers Sentenced In London
News  |  5/16/2013  | 
Group's 50-day hacking spree compromised websites run by Sony, CIA, Arizona State Police, Westboro Baptist Church and more.
Who Is Syrian Electronic Army: 9 Facts
Slideshows  |  5/16/2013  | 
Syrian hackers claim to battle American imperialism, media bias and Angelina Jolie.
DHS Eyes Sharing Zero-Day Intelligence With Businesses
News  |  5/16/2013  | 
DHS proposal would give private businesses access to the government's stockpile of zero-day secrets for a fee. But some say the program may actually fuel the bug vulnerability marketplace.
Study: Application Vulnerabilities Are No. 1 Threat
Quick Hits  |  5/16/2013  | 
Shortage of training among developers is a key cause of high vulnerability rates, (ISC)2 survey says
Mass Customized Attacks Show Malware Maturity
News  |  5/15/2013  | 
The malware universe is typically divided into targeted attacks and mass, opportunistic attacks, but a middle category -- mass customized malware -- poses a more serious threat for business
Secure Software Standard In The Spotlight
News  |  5/15/2013  | 
Microsoft, among others, sees ISO application security standard as a way to spark widespread adoption of secure development programs
VMware Fights Android BYOD Headaches
News  |  5/15/2013  | 
VMware's BYOD ambitions kick into gear through its partnership with Verizon. But is the virtualization heavyweight making its mobile management play too late?
LulzSec Hacker 'Pirates' Face Sentencing
News  |  5/15/2013  | 
Four members of Anonymous spinoff faced sentencing Wednesday for leaking data and launching distributed denial of service attacks against Sony, the Pentagon and other major sites.
Internet Crime Cost Consumers More Than A Half-Billion Dollars Last Year
Quick Hits  |  5/15/2013  | 
Number of cases reported by consumers to FBI-partnered Internet Crime Complaint Center increased by nearly 10 percent last year, with scams in auto fraud, FBI impersonation via email, extortion at the top of the list
Web Application Testing Using Real-World Attacks
News  |  5/15/2013  | 
Using exploits to test Web applications can be an enlightening way to test for vulnerabilities, but there are downsides as well
New Algorithm Lets SCADA Devices Detect, Deflect Attacks
News  |  5/14/2013  | 
Embedded software prototype operates under the 'new normal' that many SCADA environments have already been breached
FBI Briefs Bank Executives On DDoS Attack Campaign
News  |  5/14/2013  | 
FBI expedited security clearances so it could share classified info on Operation Ababil, a distributed denial of service attack that continues to disrupt U.S. financial websites.
Know Your Pen Tester: The Novice
Commentary  |  5/14/2013  | 
Beware of the tool-obsessed pen-tester
Apple iPhone Decryption Backlog Stymies Police
News  |  5/14/2013  | 
Apple's waiting list to bypass security controls on latest-generation iPhone and iPad devices means months-long delays for law enforcement investigators.
Black Hat USA 2013 Rolls Out SIM Card, Femtocell Hacking Talks
News  |  5/14/2013  | 
Organizers have confirmed some early details on Briefings talks
U.S. Cyber Command Head General Alexander To Keynote Black Hat USA 2013
News  |  5/14/2013  | 
Success is measured by how well the government collaborates with partners and customers, according to Gen. Alexander
SAFECode Launches Software Security Training Program For Enterprises
Quick Hits  |  5/14/2013  | 
Free curriculum will help businesses build software security training programs in-house, SAFECode says
Is Application Sandboxing The Next Endpoint Security Must-Have?
News  |  5/14/2013  | 
Virtualized containers expected to catch on in the enterprise, but the technology has its weaknesses, too
3 Big Mistakes In Incident Response
News  |  5/13/2013  | 
How not to respond to a cyberattack
Use A Human Trust Model For Endpoints
Commentary  |  5/13/2013  | 
Use anthropomorphic references to engage your brain and strengthen your approach to security
Microsoft Tech Support Scams: Why They Thrive
News  |  5/13/2013  | 
Readers detail "frozen DNS Trojan" cold calls and "repairs" that lead to $882 in unauthorized wire transfers.
Ten Emerging Threats Your Company May Not Know About
Quick Hits  |  5/13/2013  | 
Some new attacks get a lot of attention. Here's a look at 10 that haven't, but ought to be on your radar
Fixes For Microsoft, Adobe Zero Days Out For Patch Tuesday
News  |  5/10/2013  | 
Busy patch cycle awaits administrator this month
Cisco Rolls Out New Secure Smart Grid Offerings
News  |  5/10/2013  | 
Increased security and automation solutions and services will enhance utility operations
The Dragon In The Room
Commentary  |  5/10/2013  | 
China, China, China
British Universities Given Funds For Cyber Security Program
News  |  5/10/2013  | 
U.K. government provides grants to University of Oxford and Royal Holloway, University of London to fund doctoral programs in cyber security.
Huawei CEO Dismisses Security, Spying Concerns
News  |  5/10/2013  | 
Company founder denies that Huawei employees would ever be forced to spy for China.
Washington State Courts Reveal Security Breach
News  |  5/10/2013  | 
State officials don't know when attackers accessed up to 160,000 Social Security and 1 million driver's license numbers stored in unencrypted format.
Erase The Line Between QA Defects And Security Flaws?
News  |  5/10/2013  | 
Is a defect a defect by any other name? Some testing advocates push for industry to stop segregating security from the rest of quality testing categories
Startups Tackle Secure Corporate Data Access From Personal Devices
News  |  5/9/2013  | 
With employees wanting to use data both inside and outside the company, cloud security startups have focused on two models: protecting data in third-party cloud services and protecting data on the endpoint
<<   <   Page 2 / 3   >   >>


Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20027
PUBLISHED: 2021-06-14
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls.
CVE-2021-32684
PUBLISHED: 2021-06-14
magento-scripts contains scripts and configuration used by Create Magento App, a zero-configuration tool-chain which allows one to deploy Magento 2. In versions 1.5.1 and 1.5.2, after changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec, an...
CVE-2021-34693
PUBLISHED: 2021-06-14
net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.
CVE-2021-27887
PUBLISHED: 2021-06-14
Cross-site Scripting (XSS) vulnerability in the main dashboard of Ellipse APM versions allows an authenticated user or integrated application to inject malicious data into the application that can then be executed in a victim&acirc;&euro;&trade;s browser. This issue affects: Hitachi ABB Power Grids ...
CVE-2021-27196
PUBLISHED: 2021-06-14
Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the...