News & Commentary

Content posted in June 2013
Page 1 / 3   >   >>
HTTPS Side-Channel Attack A Tool For Encrypted Secret Theft
News  |  6/29/2013  | 
Researchers to release details on how SSL vulnerability gives attackers ability to steal everything from OAuth tokens to PII through an enterprise app in just 30 seconds
Machine-Learning Project Sifts Through Big Security Data
News  |  6/28/2013  | 
As the volume of data created by security and network devices multiplies, researchers look for ways to teach computer to better highlight attack patterns
Surrendering The Endpoint
Commentary  |  6/28/2013  | 
Imagine there’s no desktop...
3 Stupid Corporation Tricks
News  |  6/28/2013  | 
With exactly one month to go before the start of Black Hat USA 2013, we highlight a trio of Briefings that focus on data security in corporate environments.
The (Attack) Path To Prioritization
Commentary  |  6/28/2013  | 
Since you can't fix every vulnerability, you need to prioritize what needs to get done now and what doesn't. Using attack path data can help
IE, Chrome Browser Attack Exploits Windows PCs
News  |  6/28/2013  | 
Microsoft says the social-engineering vulnerability, which uses "pop-under" browser notifications and a fake Captcha, isn't a Windows bug.
'BinaryPig' Uses Hadoop To Sniff Out Patterns In Malware
News  |  6/27/2013  | 
At Black Hat next month, researchers will release new set of big-data tools that can find patterns in the data among security firms' massive databases of malware
96 Percent Of Androids Running Old OS Versions
Quick Hits  |  6/27/2013  | 
Some 90 percent of all mobile threats target the popular Android platform, Juniper Networks report says
Microsoft's Big Bucks For Bugs Ups The Ante
News  |  6/27/2013  | 
How Microsoft's new bug bounty program will play in the quest for more secure software
Sextortion Warning: Masking Tape Time For Webcams
Commentary  |  6/27/2013  | 
"Camjacking" attacks activate your webcam and record your every move. Female images are in demand.
Researcher To Demo Spy-Phone At Black Hat
News  |  6/26/2013  | 
Using the ability to inject malicious code into applications on Android devices, a researcher will demonstrate at Black Hat how to create the infrastructure to spy on mobile users
Google Gets Help In Spanish Privacy Fight
News  |  6/26/2013  | 
Legal filing argues Europe's right to be forgotten isn't quite a right and doesn't obligate Google to delete data that makes people unhappy.
CSI: Cyberattack
Quick Hits  |  6/26/2013  | 
Seven clues to use to ID who's behind a malware attack
Carberp Source Code Leak Likely To Spawn Malware Variants, Innovation
News  |  6/26/2013  | 
Source code for the Carberp Trojan has been leaked, creating a double-edged sword for security researchers
Phishing Attackers Diversify, Target Facebook Credentials
News  |  6/26/2013  | 
FBI warns of surge in spear-phishing attacks, says criminals seek more than bank credentials.
Germany Criticizes U.K. 'Project Tempora' Cyber Spy Program
News  |  6/26/2013  | 
German politician wants the EU to address reports that Britain's spymasters are even better at harvesting Internet traffic than their NSA allies.
Online Privacy: We Just Don't Care
Commentary  |  6/26/2013  | 
Facebook leaked your data (again). Big Brother's watching everyone and everything. And Google is testing a "service" that sounds like you providing them a list of everything you own.
Cybercriminals Expand DDOS Extortion Demands
News  |  6/26/2013  | 
Free toolkits and outsourced cybercrime services make DDoS attacks popular with Anonymous, criminals, unscrupulous business competitors and anyone with a grudge.
British Cyber Defenses Receive Unexpected Boost
News  |  6/26/2013  | 
British intelligence services and cybersecurity initiatives get increased investment, even amidst brutal government cuts.
Vulnerability Severity Scores Make For Poor Patching Priority, Researchers Find
News  |  6/25/2013  | 
A bug's Common Vulnerability Scoring System (CVSS) score doesn't necessarily correlate with whether the vulnerability is being used in attacks
New Tool Gives Developers A Free Anti-SQL Injection Shortcut
News  |  6/25/2013  | 
The open-source AntiSQLi library for .NET and SQL Server automates parameterization during development of database-connected Web apps
Google Now Sharing Web Security Data
Quick Hits  |  6/25/2013  | 
Search engine giant's transparency report will now include data on numbers of malicious and infected websites, cleanup rates
Black Hat USA: T-Minus One Month And Counting
News  |  6/25/2013  | 
This highlighted trio of Briefings range widely in topic, yet they all sport that certain cool factor
Senate Bill Seeks Greater NSA Surveillance Oversight
News  |  6/25/2013  | 
Proposed legislation would require greater monitoring and privacy controls for NSA surveillance programs designed to gather foreign intelligence.
Ignoring Compliance Is A Real Option
Commentary  |  6/25/2013  | 
Security and compliance are commonly deferred by choice
Database Configuration Standards
Commentary  |  6/25/2013  | 
The trouble with database assessment and compliance
Anonymous Attacks North Korea, Denies Targeting South
News  |  6/25/2013  | 
Groups claiming to represent Anonymous launch separate DDoS attacks and defacements against both North and South Korean websites.
CrowdStrike Turns Security Fight Toward Attacker
Commentary  |  6/25/2013  | 
CrowdStrike Falcon platform is first to focus on the source of the attack, rather than stopping malware
Duking It Out Over Endpoint Admin Rights
News  |  6/25/2013  | 
Endpoint rights policies should mean something for elite users, too
South Korean Universities Targeted By Chinese-Speaking Hackers
News  |  6/24/2013  | 
'PinkStats' malware has been used for hacking nation-state targets for four years
US-CERT Warns Of Default Password Risks
Quick Hits  |  6/24/2013  | 
Change default passwords to strong ones, use stronger authentication methods before putting network-connected system online, US-CERT recommends
Should You Use Software-Defined Flash Storage?
Commentary  |  6/24/2013  | 
"Software definition" leverages the processor's power to do things that used to require dedicated hardware. So, what does that mean for flash?
NSA Leaker Snowden On The Run
News  |  6/24/2013  | 
U.S. files charges against former National Security Agency contractor Edward Snowden, who is seeking asylum in Ecuador. To date, Hong Kong and Moscow have declined to detain him.
The Slippery Slope Of Security Invisibility
Commentary  |  6/23/2013  | 
Everyone seems to want security to just be there, invisible to end users. Everyone except the security industry, that is, if it wants to survive
10 Most Common Security Vulnerabilities In Enterprise Databases
Quick Hits  |  6/23/2013  | 
Databases are among the most vulnerable systems in the enterprise. Here's where they are weak -- and what you can do about it
Tech Insight: Quick Wins For Strengthening SMB Security
News  |  6/21/2013  | 
Small businesses can quickly bolster their security posture with these free or low-cost hardening measures
'Aaron's Law' Seeks Hacking Legislation Reform
News  |  6/21/2013  | 
Following Aaron Swartz's suicide, revamp of Computer Fraud and Abuse Act would restrict federal prosecutions from prosecuting minor "acceptable use" violations.
Britain Orders Google To Delete Street View Data
News  |  6/21/2013  | 
Google has 35 days to purge all user personal data its Street View vehicles inadvertently collected in 2010 or face legal sanction.
Want NSA Attention? Use Encrypted Communications
News  |  6/21/2013  | 
Bad news has emerged for fans of PGP and other encryption services. The NSA is taking a gloves-off approach when you go this route.
WikiLeaks Offers Snowden Flight To Iceland
News  |  6/21/2013  | 
WikiLeaks donations fund charter plane to bring NSA whistleblower Snowden to Iceland in asylum attempt.
Analyzing Vulnerabilities In Business-Critical Applications
Quick Hits  |  6/21/2013  | 
Fears of downtime and broken apps complicate the vulnerability scanning process. Here are some tips to help
Cloud Can Simplify Vulnerability Management For SMBs
News  |  6/21/2013  | 
Lacking security skills, most small and midsize businesses need help in locking down their information technology, including cataloging and triaging vulnerabilities
Data Classification Can Boost Risk Management
News  |  6/21/2013  | 
The trouble is that organizations must execute on classification and retention policies to gain benefits
Google Given Three Months To Meet Privacy Law
News  |  6/20/2013  | 
French data protection agency threatens fines if privacy fixes aren't implemented soon.
Firefox Advances Do Not Track Technology
News  |  6/20/2013  | 
Mozilla says Firefox, over objections from the advertising industry, soon will begin blocking many types of cookies used to track users.
CSI: Atlanta? No, It's Phone Fingerprinting
Quick Hits  |  6/20/2013  | 
Pindrop Security collects $11M in funding to build out next-gen solution for preventing phone fraud
Why Are We So Slow To Detect Data Breaches?
News  |  6/20/2013  | 
Poor instrumenting of network sensors, bad SIEM tuning, and lack of communication between security team members allow breaches more time to fester
Microsoft Establishes Rewards Programs For Windows 8.1, Internet Explorer 11 Preview Security Bugs
News  |  6/19/2013  | 
Microsoft is launching new programs to get its hands on cutting-edge exploits developed by researchers
Microsoft Dangles $100,000 Bug Bounty
News  |  6/19/2013  | 
One hitch: The bugs might be worth more on the open market.
Security Needs More Designers, Not Architects
Commentary  |  6/19/2013  | 
The better we design the user experience, the more we reduce our risk
Page 1 / 3   >   >>


6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
6 Reasons Why Employees Violate Security Policies
Ericka Chickowski, Contributing Writer, Dark Reading,  10/16/2018
Getting Up to Speed with "Always-On SSL"
Tim Callan, Senior Fellow, Comodo CA,  10/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: Too funny!
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.