News & Commentary

Content posted in May 2014
Page 1 / 2   >   >>
Blackshades Boss Pleads Not Guilty
News  |  5/30/2014  | 
The BlackShades organization was run like a real business -- salaried staff, detailed customer lists, support teams -- and that was a key factor in both its success and its demise.
The Mystery Of The TrueCrypt Encryption Software Shutdown
News  |  5/30/2014  | 
Developers of the open-source software call it quits, saying software "may contain unfixed security issues."
Flash Poll: The Hunt For Cyber Talent
Commentary  |  5/30/2014  | 
Our latest flash poll paints a nuanced picture of how the security skills shortage is playing out in hiring strategies for the SOC.
Large Electric Utilities Earn High Security Scores
Quick Hits  |  5/29/2014  | 
Critical infrastructure is a big target for attack, but new data shows some operators in that industry suffer fewer security incidents than other industries.
Indicting Chinese Military Officers Is A Huge Mistake
Commentary  |  5/29/2014  | 
Blaming soldiers following lawful orders only deflects from the government's responsibility to impose trade sanctions and take more useful measures.
FireEye: Malware Traffic to Ukraine, Russia Spiked During Peak of Conflict
News  |  5/29/2014  | 
A FireEye researcher posits that a significant spike in malware traffic to Russia and the Ukraine at the height of the conflict between the two countries could be part of a trend -- and could improve threat intelligence.
Iranian Cyberspies Pose as Journalists Online To Ensnare Their Targets
News  |  5/29/2014  | 
Cyberspying campaign out of Iran combines social engineering and social media to steal credentials from a wide array of US and Israeli military, government, and defense contractors.
A Year Later, Most Americans Think Snowden Did The Right Thing
Quick Hits  |  5/29/2014  | 
On anniversary of whistleblowing, 55 percent of Americans say Snowden was right to expose NSA's surveillance program; 82 percent believe they are still being watched.
Microsoft, Facebook Security Leaders Head Startup
News  |  5/28/2014  | 
The HackerOne project spins off into a new company aimed at facilitating vulnerability disclosure between researchers and software, web properties.
Microsoft: Ignore Unofficial XP Update Workaround
News  |  5/28/2014  | 
A small change to the Windows XP Registry allows users to receive security updates for another five years. Yet the tweak could create other security and functionality issues for XP holdouts.
Dissecting Dendroid: An In-Depth Look Inside An Android RAT Kit
Commentary  |  5/28/2014  | 
Dendroid is full of surprises to assist it in subverting traditional security tactics through company-issued Android phones or BYOD.
SSL After The Heartbleed
News  |  5/27/2014  | 
Encryption gets a big wake-up call -- and a little more scrutiny.
No More Jail Time: LulzSec's Sabu Sentenced to Time Served
Quick Hits  |  5/27/2014  | 
The black hat hacker-turned FBI informant receives a lighter sentence after giving feds information on 300 possible hacks.
Apple Users Fend Off Ransom Attacks Against iPhones & Macs
News  |  5/27/2014  | 
Hack leverages Find My iPhone feature and potential iCloud account compromise to hold devices hostage.
Dark Reading Radio: The Real Reason Security Jobs Remain Vacant
Commentary  |  5/27/2014  | 
Join us Wednesday, May 28, at 1:00 p.m. Eastern, to learn why good security staff really are not hard to find, if you know what to look for.
New Vulnerability In IE8 Remains Unpatched
Quick Hits  |  5/26/2014  | 
Security vulnerability in Microsoft's Internet Explorer 8 browser is disclosed by Zero-Day Initiative after software giant fails to patch during 180-day window
eBay Breach: Is Your Identity Up For Auction?
Commentary  |  5/23/2014  | 
In a sick twist of events, the roles may just have been reversed on eBay users. Its their social media identities and data that now have the greatest value in the cyber underground.
Women In Security: We've Still Got A Long Way To Go, Baby
Commentary  |  5/23/2014  | 
Research shows that the gender gap in IT remains a real problem, but getting girls interested in technology is not the issue.
SNMP DDoS Attacks Spike
Quick Hits  |  5/22/2014  | 
Akamai issues threat advisory on attack campaign that uses Team Poison-developed DDoS toolkit.
Privileged Use Also a State of Mind, Report Finds
Quick Hits  |  5/22/2014  | 
A new insider threat report from Raytheon and Ponemon reveals a "privileged" user mindset.
The Only 2 Things Every Developer Needs To Know About Injection
Commentary  |  5/22/2014  | 
Theres no simple solution for preventing injection attacks. There are effective strategies that can stop them in their tracks.
Flaws In EMV Chip And PIN Undercut Security
News  |  5/22/2014  | 
Weaknesses in the EMV protocol and implementations create vulnerabilities that could be exploited via POS malware and man-in-the-middle attacks.
7 Facts: eBay Fumbles Password Reset Warning
News  |  5/22/2014  | 
Online auction site criticized for notification misfire, failing to make password resets mandatory.
State-Owned Chinese Firms Hired Military Hackers for IT Services
News  |  5/21/2014  | 
The DOJ's historic indictment provides some rare insight into China's cyber espionage operations.
eBay Database Hacked With Stolen Employee Credentials
News  |  5/21/2014  | 
Encrypted passwords and other sensitive data exposed, users urged to change passwords.
Why Security & Profitability Go Hand-In-Hand
Commentary  |  5/21/2014  | 
Its never been more critical to put security on the front line to protect your company's bottom line.
Microsoft Silverlight Exploit Kit Attacks Spike
News  |  5/21/2014  | 
While crimeware authors continue gunning for outdated plug-ins, researchers report that businesses are finding and stopping related intrusions more quickly.
Chinese Hacking Charges a Wakeup Call for Both China & US Businesses
News  |  5/20/2014  | 
Indictments open the door for more aggressive US litigation of intellectual property theft by China -- but with possible costs to US businesses.
Outlook.com Android App Leaves Email Messages Exposed
Quick Hits  |  5/20/2014  | 
Researchers find Outlook.com emails unprotected by default on SD cards.
Dark Reading To Launch Weekly Internet Radio Show
Commentary  |  5/20/2014  | 
DR Radio will take place every Wednesday at 1:00 p.m. ET and will feature live chat; first topic will be "A Day in the Life of a Penetration Tester."
LifeLock Pulls Apps Over PCI Compliance Failure
News  |  5/20/2014  | 
Sensitive data stored in LifeLock Wallet apps and on company servers are proactively wiped after the company warns it wasn't being stored securely.
6 Tips For Securing Social Media In The Workplace
Commentary  |  5/20/2014  | 
Empower employees by training them to be aware and secure, and in how to avoid becoming a statistic.
'The New Normal': US Charges Chinese Military Officers With Cyber Espionage
News  |  5/19/2014  | 
The US Department of Justice and the FBI indict five members of the Chinese military for allegedly hacking and stealing trade secrets of major American steel, solar energy, and other manufacturing companies, including Alcoa, Westinghouse Electric, and US Steel.
Over 90 Arrested in Global FBI Crackdown on Blackshades RAT
News  |  5/19/2014  | 
A collaborative operation by international law enforcement agencies nabbed authors, staff members, and users of the popular software used for everything from blackmail to financial fraud.
Senators Slam Online Advertisers As 'Malvertising' Spikes
News  |  5/19/2014  | 
Complex ecosystem fails to arrest rise in malicious advertising, information security experts warn Congress.
How To Talk About InfoSec To Your Board Of Directors
Commentary  |  5/19/2014  | 
Today's cybersecurity challenges cannot be met by a compartmentalized IT strategy because every piece of the modern enterprise runs on connectivity and data.
Researchers: Recent Zero-Day Attacks Linked Via Common Exploit Package
Quick Hits  |  5/19/2014  | 
Elderwood Platform, a two-year-old package of exploits, has been used to create multiple zero-day threats, Symantec researchers said
Tech Insight: Free Tools For Offensive Security
Commentary  |  5/19/2014  | 
A professional penetration tester offers a look at the latest free and open-source tools available for pen testing and offensive tactics.
Gawker Attacker Turned FBI Informant, Pursued Other Hackers
News  |  5/16/2014  | 
Unsealed court documents reveal that "Eekdacat" hacked Gawker, but related charges were dropped after the hacker helped the FBI nab other hackers.
OpenDNS Receives $35M Investment in Enterprise Security Vision
News  |  5/16/2014  | 
OpenDNS received a $35 million boost recently to build out its capabilities as it walks along its roadmap for cloud-based enterprise security and big data analytics.
Apple Picking: 5 Ways to Lose (& Retrieve) Mac Data
Commentary  |  5/16/2014  | 
Apple platforms are far from invincible, as these common loss scenarios demonstrate.
A State of Security Event Overload
Quick Hits  |  5/15/2014  | 
As many as 150,000 security events are logged each day in some enterprises, new data shows.
Dual Retail Cyberthreat Intelligence-Sharing Efforts Emerge
News  |  5/15/2014  | 
The Retail Industry Leaders Association (RILA) rolls out a retail ISAC following the National Retail Federation's (NRF) announcement last month of an intel-sharing platform planned for June.
InformationWeek Radio: State of Information Security Salaries & Careers
News  |  5/15/2014  | 
InformationWeek Radio: The IW Salary Survey shows that security pros have high salaries and great job security ... but how long will it last?
Zeus 'Gameover' Trojan Expands Global Reach
News  |  5/15/2014  | 
Cybercrime clients configure juggernaut Gameover variant of banking Trojan to reach bank customers in new countries.
Beware Cognitive Bias
Commentary  |  5/15/2014  | 
Cognitive bias can compromise any profession. But when cognitive bias goes unrecognized in cyber security, far-reaching and serious consequences follow.
Study: Data Breaches Make Huge Impact On Brand Reputation
Quick Hits  |  5/15/2014  | 
Consumers rank data breaches and poor customer service high in their effects on brand perception.
On The Trail of An Iranian Hacking Operation
News  |  5/14/2014  | 
The Iranian Ajax Security Team of hackers went from high-profile hacktivists posturing on Facebook to cyberspies encrypting stolen information from defense contractors.
Dispelling The Myths Of Cyber Security
Commentary  |  5/14/2014  | 
Perfect security that focuses on eliminating threats is too expensive and impossible to achieve. Better to think about consequence management.
Microsoft Blocks Zero-Day Attacks Targeting IE, Office
News  |  5/14/2014  | 
Security updates patch bugs being exploited via in-the-wild attacks, except for Windows XP, which now becomes a sitting duck.
Page 1 / 2   >   >>


Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
7 Free (or Cheap) Ways to Increase Your Cybersecurity Knowledge
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19333
PUBLISHED: 2018-11-17
pkg/sentry/kernel/shm/shm.go in Google gVisor before 2018-11-01 allows attackers to overwrite memory locations in processes running as root (but not escape the sandbox) via vectors involving IPC_RMID shmctl calls, because reference counting is mishandled.
CVE-2018-19340
PUBLISHED: 2018-11-17
Guriddo Form PHP 5.3 has XSS via the demos/jqform/defaultnodb/default.php OrderID, ShipName, ShipAddress, ShipCity, ShipPostalCode, ShipCountry, Freight, or details parameter.
CVE-2018-19327
PUBLISHED: 2018-11-17
An issue was discovered in JTBC(PHP) 3.0.1.7. aboutus/manage.php?type=action&action=add allows CSRF.
CVE-2018-19328
PUBLISHED: 2018-11-17
LAOBANCMS 2.0 allows install/mysql_hy.php?riqi=../ Directory Traversal.
CVE-2018-19329
PUBLISHED: 2018-11-17
GreenCMS v2.3.0603 allows remote authenticated administrators to delete arbitrary files by modifying a base64-encoded pathname in an m=admin&c=media&a=delfilehandle&id= call, related to the m=admin&c=media&a=restorefile delete button.