Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in May 2013
<<   <   Page 2 / 3   >   >>
Google Aurora Hack Was Chinese Counterespionage Operation
News  |  5/21/2013  | 
Attackers were after U.S. government surveillance requests for undercover Chinese operatives, say former government officials.
APT Attacks Trace To India, Researcher Says
News  |  5/21/2013  | 
Multi-year hacking campaign targeted mining companies, legal firms, Pakistan, Angolan dissidents and others in Pakistan, the U.S., Iran, China and Germany.
IDs Of 22 Million At Risk Following Breach At Yahoo Japan
Quick Hits  |  5/21/2013  | 
Yahoo Japan officials say they "can't deny the possibility" of epic data breach
Even SMBs Should Look To Log Management For Security
News  |  5/21/2013  | 
A firewall, patch procedure, anti-malware and, possibly, an IDS are a good start. But to detect breaches, small and medium businesses should focus on logging activity and looking out for suspicious behavior
'Commercialized' Cyberespionage Attacks Out Of India Targeting U.S., Pakistan, China, And Others
News  |  5/20/2013  | 
Operation Hangover signals new franchise model in cyberespionage with cyberspying services for hire
Yahoo Japan Data Breach: 22M Accounts Exposed
News  |  5/20/2013  | 
Yahoo breach could have compromised 10% of all Yahoo user credentials. Meanwhile, Syrian Electronic Army targets The Financial Times.
Focused Black Hat 2013 Trainings Examine Incident Response, Malware
News  |  5/20/2013  | 
Infosec trainings aim to provide needed skills to properly respond to incidents large and small
Black Hat 2013 Showcases Home Security, Bootkits, Cellular OPSEC Failures
News  |  5/20/2013  | 
Black Hat announces three more featured talks
Google, DISA Launch User ID Pilot
News  |  5/20/2013  | 
Defense Department and Google pilot test seeks more secure ways to authenticate users on commercial cloud services.
Rethinking Identity Management
Commentary  |  5/20/2013  | 
Secret identities are a good thing. Multiple identities? Not so much
Strategies For Improving Web Application Security
Quick Hits  |  5/20/2013  | 
Web apps are essential to your business -- and easy targets for hackers. Here are some tips for keeping them secure
Large Attacks Hide More Subtle Threats In DDoS Data
News  |  5/18/2013  | 
While distributed denial-of-service attacks topping 100 Gbps garner the headlines, they are not the threat that should worry most companies
Why Database Monitoring?
Commentary  |  5/17/2013  | 
Hoping other people detect your breach before you lose millions is not a good strategy
Pakistan Hit By Targeted Attack Out Of India
Quick Hits  |  5/17/2013  | 
Information-stealing malware campaign spreads via phishing email attachments posing as Indian military secrets
Mapping Compliance Proof To Risk-Based Controls
News  |  5/17/2013  | 
Risk-based security decisions usually yield more secure environments, but some harmonization with regulations needs to be done to prove compliance
Pushdo Botnet Morphs To Elude Hunters
News  |  5/16/2013  | 
U.S., other national government agencies, contractors, and military networks found housing new Pushdo bots as botnet adds stealthier features to evade detection, takedown
Boston Children's Hospital Tackles Teen Records Privacy
News  |  5/16/2013  | 
Boston Children's Hospital's pioneering approach would bar parents from seeing sensitive portions of their children's personal health records.
LulzSec Hackers Get Prison Time in U.K. For Cyberattacks
News  |  5/16/2013  | 
Prison time marks the end of a prominent chapter in hacktivist history, one security researcher says
The Future Of Web Authentication
News  |  5/16/2013  | 
After years of relying on passwords, technology vendors -- and enterprises -- are ready for new methods of proving user identity.
DARPA Seeks Situational Awareness Tech
News  |  5/16/2013  | 
Agency reaches out to vendors for technology concepts that could help soldiers react to situations without getting too close to danger.
LulzSec Hackers Sentenced In London
News  |  5/16/2013  | 
Group's 50-day hacking spree compromised websites run by Sony, CIA, Arizona State Police, Westboro Baptist Church and more.
Who Is Syrian Electronic Army: 9 Facts
Slideshows  |  5/16/2013  | 
Syrian hackers claim to battle American imperialism, media bias and Angelina Jolie.
DHS Eyes Sharing Zero-Day Intelligence With Businesses
News  |  5/16/2013  | 
DHS proposal would give private businesses access to the government's stockpile of zero-day secrets for a fee. But some say the program may actually fuel the bug vulnerability marketplace.
Study: Application Vulnerabilities Are No. 1 Threat
Quick Hits  |  5/16/2013  | 
Shortage of training among developers is a key cause of high vulnerability rates, (ISC)2 survey says
Mass Customized Attacks Show Malware Maturity
News  |  5/15/2013  | 
The malware universe is typically divided into targeted attacks and mass, opportunistic attacks, but a middle category -- mass customized malware -- poses a more serious threat for business
Secure Software Standard In The Spotlight
News  |  5/15/2013  | 
Microsoft, among others, sees ISO application security standard as a way to spark widespread adoption of secure development programs
VMware Fights Android BYOD Headaches
News  |  5/15/2013  | 
VMware's BYOD ambitions kick into gear through its partnership with Verizon. But is the virtualization heavyweight making its mobile management play too late?
LulzSec Hacker 'Pirates' Face Sentencing
News  |  5/15/2013  | 
Four members of Anonymous spinoff faced sentencing Wednesday for leaking data and launching distributed denial of service attacks against Sony, the Pentagon and other major sites.
Internet Crime Cost Consumers More Than A Half-Billion Dollars Last Year
Quick Hits  |  5/15/2013  | 
Number of cases reported by consumers to FBI-partnered Internet Crime Complaint Center increased by nearly 10 percent last year, with scams in auto fraud, FBI impersonation via email, extortion at the top of the list
Web Application Testing Using Real-World Attacks
News  |  5/15/2013  | 
Using exploits to test Web applications can be an enlightening way to test for vulnerabilities, but there are downsides as well
New Algorithm Lets SCADA Devices Detect, Deflect Attacks
News  |  5/14/2013  | 
Embedded software prototype operates under the 'new normal' that many SCADA environments have already been breached
FBI Briefs Bank Executives On DDoS Attack Campaign
News  |  5/14/2013  | 
FBI expedited security clearances so it could share classified info on Operation Ababil, a distributed denial of service attack that continues to disrupt U.S. financial websites.
Know Your Pen Tester: The Novice
Commentary  |  5/14/2013  | 
Beware of the tool-obsessed pen-tester
Apple iPhone Decryption Backlog Stymies Police
News  |  5/14/2013  | 
Apple's waiting list to bypass security controls on latest-generation iPhone and iPad devices means months-long delays for law enforcement investigators.
Black Hat USA 2013 Rolls Out SIM Card, Femtocell Hacking Talks
News  |  5/14/2013  | 
Organizers have confirmed some early details on Briefings talks
U.S. Cyber Command Head General Alexander To Keynote Black Hat USA 2013
News  |  5/14/2013  | 
Success is measured by how well the government collaborates with partners and customers, according to Gen. Alexander
SAFECode Launches Software Security Training Program For Enterprises
Quick Hits  |  5/14/2013  | 
Free curriculum will help businesses build software security training programs in-house, SAFECode says
Is Application Sandboxing The Next Endpoint Security Must-Have?
News  |  5/14/2013  | 
Virtualized containers expected to catch on in the enterprise, but the technology has its weaknesses, too
3 Big Mistakes In Incident Response
News  |  5/13/2013  | 
How not to respond to a cyberattack
Use A Human Trust Model For Endpoints
Commentary  |  5/13/2013  | 
Use anthropomorphic references to engage your brain and strengthen your approach to security
Microsoft Tech Support Scams: Why They Thrive
News  |  5/13/2013  | 
Readers detail "frozen DNS Trojan" cold calls and "repairs" that lead to $882 in unauthorized wire transfers.
Ten Emerging Threats Your Company May Not Know About
Quick Hits  |  5/13/2013  | 
Some new attacks get a lot of attention. Here's a look at 10 that haven't, but ought to be on your radar
Fixes For Microsoft, Adobe Zero Days Out For Patch Tuesday
News  |  5/10/2013  | 
Busy patch cycle awaits administrator this month
Cisco Rolls Out New Secure Smart Grid Offerings
News  |  5/10/2013  | 
Increased security and automation solutions and services will enhance utility operations
The Dragon In The Room
Commentary  |  5/10/2013  | 
China, China, China
British Universities Given Funds For Cyber Security Program
News  |  5/10/2013  | 
U.K. government provides grants to University of Oxford and Royal Holloway, University of London to fund doctoral programs in cyber security.
Huawei CEO Dismisses Security, Spying Concerns
News  |  5/10/2013  | 
Company founder denies that Huawei employees would ever be forced to spy for China.
Washington State Courts Reveal Security Breach
News  |  5/10/2013  | 
State officials don't know when attackers accessed up to 160,000 Social Security and 1 million driver's license numbers stored in unencrypted format.
Erase The Line Between QA Defects And Security Flaws?
News  |  5/10/2013  | 
Is a defect a defect by any other name? Some testing advocates push for industry to stop segregating security from the rest of quality testing categories
Startups Tackle Secure Corporate Data Access From Personal Devices
News  |  5/9/2013  | 
With employees wanting to use data both inside and outside the company, cloud security startups have focused on two models: protecting data in third-party cloud services and protecting data on the endpoint
<<   <   Page 2 / 3   >   >>


44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9008
PUBLISHED: 2020-02-25
Stored Cross-site scripting (XSS) vulnerability in Blackboard Learn/PeopleTool v9.1 allows users to inject arbitrary web script via the Tile widget in the People Tool profile editor.
CVE-2020-9018
PUBLISHED: 2020-02-25
LiteCart through 2.2.1 allows admin/?app=users&amp;doc=edit_user CSRF to add a user.
CVE-2020-9019
PUBLISHED: 2020-02-25
The WPJobBoard plugin 5.5.3 for WordPress allows Persistent XSS via the Add Job form, as demonstrated by title and Description.
CVE-2020-9391
PUBLISHED: 2020-02-25
An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has been ...
CVE-2020-8793
PUBLISHED: 2020-02-25
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.