Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in May 2013
<<   <   Page 3 / 3
Google Building Management System Hack Highlights SCADA Security Challenges
News  |  5/9/2013  | 
Security challenges related to SCADA systems don't just affect power plants -- ask Google
I Think We're All Botnets On This Bus
Commentary  |  5/9/2013  | 
How many undercover researchers can fit under one cover?
Education Tech Vendors Launch Apps Contest
News  |  5/9/2013  | 
Learning management systems (LMS) vendors hope awards program will spur educational apps development.
8 New Yorkers Indicted As Part of $45 Million Cyberheist Of Prepaid Debit Cards
News  |  5/9/2013  | 
Orchestrated massive global 'bank heist' by an international cybercrime organization targeted credit card processor for MasterCard prepaid debit cards, waged and coordinated mass ATM withdrawals
Health IT Execs' Top Worries: Security, BYOD, Cloud
News  |  5/9/2013  | 
Personal mobile devices still present huge security challenge, say HIMSS Analytics focus group participants.
Unified Threat Management Vendors Don't Excel
News  |  5/9/2013  | 
Our survey shows users aren’t fond of UTM appliances.
McAfee, AV's King Of Crazy, Resurfaces
News  |  5/9/2013  | 
Antivirus pioneer and former fugitive from justice in Belize John McAfee shares more about his code-slinging and drug-smuggling past.
How Syrian Electronic Army Unpeeled The Onion
News  |  5/9/2013  | 
Satire site The Onion details multi-pronged Twitter account takeover strategies used by hacktivists.
Microsoft Issues Emergency Fix For IE Zero-Day
Quick Hits  |  5/9/2013  | 
'Fix it' now available as a temporary defense until actual patch is ready; only IE 8 is affected by flaw
Five Questions To Ask When Choosing A Threat Intelligence Service
Commentary  |  5/9/2013  | 
Threat intelligence services are becoming an essential weapon in the enterprise security arsenal. Do you know how to choose one?
Advanced Persistent Threats: The New Reality
Quick Hits  |  5/9/2013  | 
Once rare and sophisticated, the APT is now becoming a common attack. Is your organization ready?
Department Of Labor Attack Points To Industry Weaknesses
News  |  5/9/2013  | 
Security pros say latest watering hole attack patterns expose the 'ecosystem of mediocrity' set out by today's baseline of protection
Panic Now
Commentary  |  5/8/2013  | 
There is a big difference between panic and anxiety
Senate Bill Calls For 'Watch List' Of Nations Cyberspying On U.S., Trade Sanctions
News  |  5/8/2013  | 
China faces increasing political pressure from the U.S. to curb its cyberespionage activity, but legislation not certain
CounterTack Announces Scout 4
News  |  5/8/2013  | 
Scout 4 introduces a new kernel-level Stealth Agent
Nginx Patches Critical Web Server Software Vulnerability
News  |  5/8/2013  | 
Meanwhile, hackers behind Cdorked malware that targets Apache servers now have extended it to infect open-source Nginx and Lighttpd server software.
10 Reasons SQL Injection Still Works
News  |  5/8/2013  | 
Developer techniques, business process choices, and attacker preferences all play a part in the continued relevance of SQLi
'OpUSA' Hacktivist Attacks Fall Short
News  |  5/7/2013  | 
Anonymous groups wage ad-hoc defacements, data dumps from a few lesser-known sites -- not the planned attacks on major U.S. government agencies, banks
Barracuda Networks Delivers Network Virtualization Platform For Virtualized Networking Applications
News  |  5/7/2013  | 
Barracuda eon llows for “bare metal” performance of virtualized networking applications that require consolidation and multigigabit performance
Convenience Store Chain Hacked, Customer Payment Data At Risk
Quick Hits  |  5/7/2013  | 
MAPCO Express says the FBI is investigating a breach that exposed customer financial data in its stores
Anonymous OpUSA Hackathon: Mostly Bluster
News  |  5/7/2013  | 
DHS predicts Tuesday's hackathon will involve little more than nuisance exploits. Meanwhile, Syrian Electronic Army hacks Twitter feeds of satire site The Onion.
Revel Systems Tackles Identity Theft With iPad POS Security
News  |  5/7/2013  | 
Photo ID feature prevents credit card identity theft at the point-of-sale
Sweet Password Security Strategy: Honeywords
News  |  5/7/2013  | 
To improve detection of database breaches, businesses should store multiple fake passwords and monitor attempts to use them, according to researchers at security firm RSA.
Anonymous, LulzSec, OpUSA Plan Broad Attacks On Government Agencies, Banks On Tuesday
Quick Hits  |  5/7/2013  | 
Hacktivist groups plan denial-of-service attacks on banks, government sites
5 Ways For SMBs To Boost Security But Not Costs
News  |  5/6/2013  | 
Straight-shooting advice--and some out-of-the-box thinking--on how smaller companies can save money on security while doing it better
Metasploit Module Released For IE Zero-Day Flaw Used In Labor Attack
News  |  5/6/2013  | 
Other U.S. energy agencies, organizations targeted in apparent nuclear technology cyberspying campaign that employed a zero-day bug in Internet Explorer 8
Active Data Vs. Active Archive
Commentary  |  5/6/2013  | 
We need better metrics to help us decide what data should be on primary storage and what should be on archive storage.
Security Minor Leagues
Commentary  |  5/6/2013  | 
The security skills gap continues to expand as more companies realize what they need and, more importantly what they don't have. We need a security minor league system to meet the demand
Got Malware? Three Signs Revealed In DNS Traffic
News  |  5/3/2013  | 
Monitoring your network's requests for domain lookups can reveal network problems and potential malware infections
La Vie En ROSI
Commentary  |  5/3/2013  | 
Return on security investment may be slightly less mythical than you think
Threat Nuevo: Latin America, Caribbean Cybercrime On The Rise
Quick Hits  |  5/3/2013  | 
Cybercriminals in the region have built their own tools and learned from their predecessors in other regions, says Trend Micro report in cooperation with Organization of American States (OAS)
Giving FIDO A Longer Leash To Eliminate Web Passwords
News  |  5/3/2013  | 
New alliance gaining momentum in push to develop open architecture for authentication interoperability
Reputation.com Suffers Breach, Changes Customer Passwords
Quick Hits  |  5/2/2013  | 
Some customer information exposed, including salted and hashed passwords from 'a minority' of customers
Facebook Turns Friends Into IT Support
News  |  5/2/2013  | 
Facebook's new Trusted Contacts option lets friends assist with account recovery, so Facebook personnel don't have to.
China Tied To 3-Year Hack Of Defense Contractor
News  |  5/2/2013  | 
U.S. defense contractor QinetiQ ignored persistent attack warning signs, lost terabytes of secret information, say investigators.
Websites Harbor Fewer Flaws, But Most Have At Least One Serious Vulnerability
News  |  5/2/2013  | 
SQL injection drops out of WhiteHat Security's top 10 website vulnerability list
Twitter To News Outlets: More Takeovers Ahead
News  |  5/2/2013  | 
Twitter memo warns of ongoing account takeover attempts, urges media businesses to prepare. Should Twitter be doing more?
Consumer Reports: 58 Million U.S. PCs Infected With Malware
Quick Hits  |  5/2/2013  | 
Malware cost consumers nearly $4 billion in repairs in 2012, Consumer Reports says
Five Habits Of Highly Successful Malware
News  |  5/2/2013  | 
It's no secret that malware is dodging defenses; security experts pinpoint successful strategies, including the use of real-time communications, frequent disguises, and laying low
Learning From Auditor War Stories
News  |  5/1/2013  | 
Stories of IT missteps and unforeseen disasters while auditors are on-site can point to important lessons for preparing for compliance and security
New Mobile Vulnerability Scan App Verifies Mobile Device Security In Seconds
News  |  5/1/2013  | 
SecurityMetrics MobileScan searches for weaknesses that render devices vulnerable to cybercriminals
Fake Firefox Spyware Riles Mozilla
News  |  5/1/2013  | 
Surveillance software pretends to be Firefox to escape detection, report claims. Mozilla lawyers take action.
Dark Reading's Seven-Year Itch
Commentary  |  5/1/2013  | 
After seven years of covering the security industry, Dark Reading is just getting started
FBI Seeks Real-Time Facebook, Google Wiretaps
News  |  5/1/2013  | 
Government proposal would expand wiretap laws to cover not just service providers, but also the likes of Facebook and Google, backed by escalating fines for noncompliance.
U.S. Labor Dept. Website Hacked, Serves Malware
News  |  5/1/2013  | 
Attack bears strong similarities to previous campaigns executed by Chinese APT attack group "DeepPanda," reports security expert.
U.S. Department Of Labor Website Discovered Hacked, Spreading PoisonIvy
News  |  5/1/2013  | 
Waterhole attack possibly tied to Chinese cyberespionage actors, researchers say
<<   <   Page 3 / 3


44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9008
PUBLISHED: 2020-02-25
Stored Cross-site scripting (XSS) vulnerability in Blackboard Learn/PeopleTool v9.1 allows users to inject arbitrary web script via the Tile widget in the People Tool profile editor.
CVE-2020-9018
PUBLISHED: 2020-02-25
LiteCart through 2.2.1 allows admin/?app=users&amp;doc=edit_user CSRF to add a user.
CVE-2020-9019
PUBLISHED: 2020-02-25
The WPJobBoard plugin 5.5.3 for WordPress allows Persistent XSS via the Add Job form, as demonstrated by title and Description.
CVE-2020-9391
PUBLISHED: 2020-02-25
An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has been ...
CVE-2020-8793
PUBLISHED: 2020-02-25
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.