Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in June 2013
Page 1 / 3   >   >>
HTTPS Side-Channel Attack A Tool For Encrypted Secret Theft
News  |  6/29/2013  | 
Researchers to release details on how SSL vulnerability gives attackers ability to steal everything from OAuth tokens to PII through an enterprise app in just 30 seconds
Machine-Learning Project Sifts Through Big Security Data
News  |  6/28/2013  | 
As the volume of data created by security and network devices multiplies, researchers look for ways to teach computer to better highlight attack patterns
Surrendering The Endpoint
Commentary  |  6/28/2013  | 
Imagine there’s no desktop...
3 Stupid Corporation Tricks
News  |  6/28/2013  | 
With exactly one month to go before the start of Black Hat USA 2013, we highlight a trio of Briefings that focus on data security in corporate environments.
The (Attack) Path To Prioritization
Commentary  |  6/28/2013  | 
Since you can't fix every vulnerability, you need to prioritize what needs to get done now and what doesn't. Using attack path data can help
IE, Chrome Browser Attack Exploits Windows PCs
News  |  6/28/2013  | 
Microsoft says the social-engineering vulnerability, which uses "pop-under" browser notifications and a fake Captcha, isn't a Windows bug.
'BinaryPig' Uses Hadoop To Sniff Out Patterns In Malware
News  |  6/27/2013  | 
At Black Hat next month, researchers will release new set of big-data tools that can find patterns in the data among security firms' massive databases of malware
96 Percent Of Androids Running Old OS Versions
Quick Hits  |  6/27/2013  | 
Some 90 percent of all mobile threats target the popular Android platform, Juniper Networks report says
Microsoft's Big Bucks For Bugs Ups The Ante
News  |  6/27/2013  | 
How Microsoft's new bug bounty program will play in the quest for more secure software
Sextortion Warning: Masking Tape Time For Webcams
Commentary  |  6/27/2013  | 
"Camjacking" attacks activate your webcam and record your every move. Female images are in demand.
Researcher To Demo Spy-Phone At Black Hat
News  |  6/26/2013  | 
Using the ability to inject malicious code into applications on Android devices, a researcher will demonstrate at Black Hat how to create the infrastructure to spy on mobile users
Google Gets Help In Spanish Privacy Fight
News  |  6/26/2013  | 
Legal filing argues Europe's right to be forgotten isn't quite a right and doesn't obligate Google to delete data that makes people unhappy.
CSI: Cyberattack
Quick Hits  |  6/26/2013  | 
Seven clues to use to ID who's behind a malware attack
Carberp Source Code Leak Likely To Spawn Malware Variants, Innovation
News  |  6/26/2013  | 
Source code for the Carberp Trojan has been leaked, creating a double-edged sword for security researchers
Phishing Attackers Diversify, Target Facebook Credentials
News  |  6/26/2013  | 
FBI warns of surge in spear-phishing attacks, says criminals seek more than bank credentials.
Germany Criticizes U.K. 'Project Tempora' Cyber Spy Program
News  |  6/26/2013  | 
German politician wants the EU to address reports that Britain's spymasters are even better at harvesting Internet traffic than their NSA allies.
Online Privacy: We Just Don't Care
Commentary  |  6/26/2013  | 
Facebook leaked your data (again). Big Brother's watching everyone and everything. And Google is testing a "service" that sounds like you providing them a list of everything you own.
Cybercriminals Expand DDOS Extortion Demands
News  |  6/26/2013  | 
Free toolkits and outsourced cybercrime services make DDoS attacks popular with Anonymous, criminals, unscrupulous business competitors and anyone with a grudge.
British Cyber Defenses Receive Unexpected Boost
News  |  6/26/2013  | 
British intelligence services and cybersecurity initiatives get increased investment, even amidst brutal government cuts.
Vulnerability Severity Scores Make For Poor Patching Priority, Researchers Find
News  |  6/25/2013  | 
A bug's Common Vulnerability Scoring System (CVSS) score doesn't necessarily correlate with whether the vulnerability is being used in attacks
New Tool Gives Developers A Free Anti-SQL Injection Shortcut
News  |  6/25/2013  | 
The open-source AntiSQLi library for .NET and SQL Server automates parameterization during development of database-connected Web apps
Google Now Sharing Web Security Data
Quick Hits  |  6/25/2013  | 
Search engine giant's transparency report will now include data on numbers of malicious and infected websites, cleanup rates
Black Hat USA: T-Minus One Month And Counting
News  |  6/25/2013  | 
This highlighted trio of Briefings range widely in topic, yet they all sport that certain cool factor
Senate Bill Seeks Greater NSA Surveillance Oversight
News  |  6/25/2013  | 
Proposed legislation would require greater monitoring and privacy controls for NSA surveillance programs designed to gather foreign intelligence.
Ignoring Compliance Is A Real Option
Commentary  |  6/25/2013  | 
Security and compliance are commonly deferred by choice
Database Configuration Standards
Commentary  |  6/25/2013  | 
The trouble with database assessment and compliance
Anonymous Attacks North Korea, Denies Targeting South
News  |  6/25/2013  | 
Groups claiming to represent Anonymous launch separate DDoS attacks and defacements against both North and South Korean websites.
CrowdStrike Turns Security Fight Toward Attacker
Commentary  |  6/25/2013  | 
CrowdStrike Falcon platform is first to focus on the source of the attack, rather than stopping malware
Duking It Out Over Endpoint Admin Rights
News  |  6/25/2013  | 
Endpoint rights policies should mean something for elite users, too
South Korean Universities Targeted By Chinese-Speaking Hackers
News  |  6/24/2013  | 
'PinkStats' malware has been used for hacking nation-state targets for four years
US-CERT Warns Of Default Password Risks
Quick Hits  |  6/24/2013  | 
Change default passwords to strong ones, use stronger authentication methods before putting network-connected system online, US-CERT recommends
Should You Use Software-Defined Flash Storage?
Commentary  |  6/24/2013  | 
"Software definition" leverages the processor's power to do things that used to require dedicated hardware. So, what does that mean for flash?
NSA Leaker Snowden On The Run
News  |  6/24/2013  | 
U.S. files charges against former National Security Agency contractor Edward Snowden, who is seeking asylum in Ecuador. To date, Hong Kong and Moscow have declined to detain him.
The Slippery Slope Of Security Invisibility
Commentary  |  6/23/2013  | 
Everyone seems to want security to just be there, invisible to end users. Everyone except the security industry, that is, if it wants to survive
10 Most Common Security Vulnerabilities In Enterprise Databases
Quick Hits  |  6/23/2013  | 
Databases are among the most vulnerable systems in the enterprise. Here's where they are weak -- and what you can do about it
Tech Insight: Quick Wins For Strengthening SMB Security
News  |  6/21/2013  | 
Small businesses can quickly bolster their security posture with these free or low-cost hardening measures
'Aaron's Law' Seeks Hacking Legislation Reform
News  |  6/21/2013  | 
Following Aaron Swartz's suicide, revamp of Computer Fraud and Abuse Act would restrict federal prosecutions from prosecuting minor "acceptable use" violations.
Britain Orders Google To Delete Street View Data
News  |  6/21/2013  | 
Google has 35 days to purge all user personal data its Street View vehicles inadvertently collected in 2010 or face legal sanction.
Want NSA Attention? Use Encrypted Communications
News  |  6/21/2013  | 
Bad news has emerged for fans of PGP and other encryption services. The NSA is taking a gloves-off approach when you go this route.
WikiLeaks Offers Snowden Flight To Iceland
News  |  6/21/2013  | 
WikiLeaks donations fund charter plane to bring NSA whistleblower Snowden to Iceland in asylum attempt.
Analyzing Vulnerabilities In Business-Critical Applications
Quick Hits  |  6/21/2013  | 
Fears of downtime and broken apps complicate the vulnerability scanning process. Here are some tips to help
Cloud Can Simplify Vulnerability Management For SMBs
News  |  6/21/2013  | 
Lacking security skills, most small and midsize businesses need help in locking down their information technology, including cataloging and triaging vulnerabilities
Data Classification Can Boost Risk Management
News  |  6/21/2013  | 
The trouble is that organizations must execute on classification and retention policies to gain benefits
Google Given Three Months To Meet Privacy Law
News  |  6/20/2013  | 
French data protection agency threatens fines if privacy fixes aren't implemented soon.
Firefox Advances Do Not Track Technology
News  |  6/20/2013  | 
Mozilla says Firefox, over objections from the advertising industry, soon will begin blocking many types of cookies used to track users.
CSI: Atlanta? No, It's Phone Fingerprinting
Quick Hits  |  6/20/2013  | 
Pindrop Security collects $11M in funding to build out next-gen solution for preventing phone fraud
Why Are We So Slow To Detect Data Breaches?
News  |  6/20/2013  | 
Poor instrumenting of network sensors, bad SIEM tuning, and lack of communication between security team members allow breaches more time to fester
Microsoft Establishes Rewards Programs For Windows 8.1, Internet Explorer 11 Preview Security Bugs
News  |  6/19/2013  | 
Microsoft is launching new programs to get its hands on cutting-edge exploits developed by researchers
Microsoft Dangles $100,000 Bug Bounty
News  |  6/19/2013  | 
One hitch: The bugs might be worth more on the open market.
Security Needs More Designers, Not Architects
Commentary  |  6/19/2013  | 
The better we design the user experience, the more we reduce our risk
Page 1 / 3   >   >>


Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-28042
PUBLISHED: 2021-03-05
Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. This can lead to remote code execution.
CVE-2021-28041
PUBLISHED: 2021-03-05
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
CVE-2021-3377
PUBLISHED: 2021-03-05
The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting (XSS) vulnerability. This issue is fixed in v5.0.0.
CVE-2021-3420
PUBLISHED: 2021-03-05
A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow.
CVE-2020-29020
PUBLISHED: 2021-03-05
Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware.