Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in June 2013
Page 1 / 3   >   >>
HTTPS Side-Channel Attack A Tool For Encrypted Secret Theft
News  |  6/29/2013  | 
Researchers to release details on how SSL vulnerability gives attackers ability to steal everything from OAuth tokens to PII through an enterprise app in just 30 seconds
Machine-Learning Project Sifts Through Big Security Data
News  |  6/28/2013  | 
As the volume of data created by security and network devices multiplies, researchers look for ways to teach computer to better highlight attack patterns
Surrendering The Endpoint
Commentary  |  6/28/2013  | 
Imagine there’s no desktop...
3 Stupid Corporation Tricks
News  |  6/28/2013  | 
With exactly one month to go before the start of Black Hat USA 2013, we highlight a trio of Briefings that focus on data security in corporate environments.
The (Attack) Path To Prioritization
Commentary  |  6/28/2013  | 
Since you can't fix every vulnerability, you need to prioritize what needs to get done now and what doesn't. Using attack path data can help
IE, Chrome Browser Attack Exploits Windows PCs
News  |  6/28/2013  | 
Microsoft says the social-engineering vulnerability, which uses "pop-under" browser notifications and a fake Captcha, isn't a Windows bug.
'BinaryPig' Uses Hadoop To Sniff Out Patterns In Malware
News  |  6/27/2013  | 
At Black Hat next month, researchers will release new set of big-data tools that can find patterns in the data among security firms' massive databases of malware
96 Percent Of Androids Running Old OS Versions
Quick Hits  |  6/27/2013  | 
Some 90 percent of all mobile threats target the popular Android platform, Juniper Networks report says
Microsoft's Big Bucks For Bugs Ups The Ante
News  |  6/27/2013  | 
How Microsoft's new bug bounty program will play in the quest for more secure software
Sextortion Warning: Masking Tape Time For Webcams
Commentary  |  6/27/2013  | 
"Camjacking" attacks activate your webcam and record your every move. Female images are in demand.
Researcher To Demo Spy-Phone At Black Hat
News  |  6/26/2013  | 
Using the ability to inject malicious code into applications on Android devices, a researcher will demonstrate at Black Hat how to create the infrastructure to spy on mobile users
Google Gets Help In Spanish Privacy Fight
News  |  6/26/2013  | 
Legal filing argues Europe's right to be forgotten isn't quite a right and doesn't obligate Google to delete data that makes people unhappy.
CSI: Cyberattack
Quick Hits  |  6/26/2013  | 
Seven clues to use to ID who's behind a malware attack
Carberp Source Code Leak Likely To Spawn Malware Variants, Innovation
News  |  6/26/2013  | 
Source code for the Carberp Trojan has been leaked, creating a double-edged sword for security researchers
Phishing Attackers Diversify, Target Facebook Credentials
News  |  6/26/2013  | 
FBI warns of surge in spear-phishing attacks, says criminals seek more than bank credentials.
Germany Criticizes U.K. 'Project Tempora' Cyber Spy Program
News  |  6/26/2013  | 
German politician wants the EU to address reports that Britain's spymasters are even better at harvesting Internet traffic than their NSA allies.
Online Privacy: We Just Don't Care
Commentary  |  6/26/2013  | 
Facebook leaked your data (again). Big Brother's watching everyone and everything. And Google is testing a "service" that sounds like you providing them a list of everything you own.
Cybercriminals Expand DDOS Extortion Demands
News  |  6/26/2013  | 
Free toolkits and outsourced cybercrime services make DDoS attacks popular with Anonymous, criminals, unscrupulous business competitors and anyone with a grudge.
British Cyber Defenses Receive Unexpected Boost
News  |  6/26/2013  | 
British intelligence services and cybersecurity initiatives get increased investment, even amidst brutal government cuts.
Vulnerability Severity Scores Make For Poor Patching Priority, Researchers Find
News  |  6/25/2013  | 
A bug's Common Vulnerability Scoring System (CVSS) score doesn't necessarily correlate with whether the vulnerability is being used in attacks
New Tool Gives Developers A Free Anti-SQL Injection Shortcut
News  |  6/25/2013  | 
The open-source AntiSQLi library for .NET and SQL Server automates parameterization during development of database-connected Web apps
Google Now Sharing Web Security Data
Quick Hits  |  6/25/2013  | 
Search engine giant's transparency report will now include data on numbers of malicious and infected websites, cleanup rates
Black Hat USA: T-Minus One Month And Counting
News  |  6/25/2013  | 
This highlighted trio of Briefings range widely in topic, yet they all sport that certain cool factor
Senate Bill Seeks Greater NSA Surveillance Oversight
News  |  6/25/2013  | 
Proposed legislation would require greater monitoring and privacy controls for NSA surveillance programs designed to gather foreign intelligence.
Ignoring Compliance Is A Real Option
Commentary  |  6/25/2013  | 
Security and compliance are commonly deferred by choice
Database Configuration Standards
Commentary  |  6/25/2013  | 
The trouble with database assessment and compliance
Anonymous Attacks North Korea, Denies Targeting South
News  |  6/25/2013  | 
Groups claiming to represent Anonymous launch separate DDoS attacks and defacements against both North and South Korean websites.
CrowdStrike Turns Security Fight Toward Attacker
Commentary  |  6/25/2013  | 
CrowdStrike Falcon platform is first to focus on the source of the attack, rather than stopping malware
Duking It Out Over Endpoint Admin Rights
News  |  6/25/2013  | 
Endpoint rights policies should mean something for elite users, too
South Korean Universities Targeted By Chinese-Speaking Hackers
News  |  6/24/2013  | 
'PinkStats' malware has been used for hacking nation-state targets for four years
US-CERT Warns Of Default Password Risks
Quick Hits  |  6/24/2013  | 
Change default passwords to strong ones, use stronger authentication methods before putting network-connected system online, US-CERT recommends
Should You Use Software-Defined Flash Storage?
Commentary  |  6/24/2013  | 
"Software definition" leverages the processor's power to do things that used to require dedicated hardware. So, what does that mean for flash?
NSA Leaker Snowden On The Run
News  |  6/24/2013  | 
U.S. files charges against former National Security Agency contractor Edward Snowden, who is seeking asylum in Ecuador. To date, Hong Kong and Moscow have declined to detain him.
The Slippery Slope Of Security Invisibility
Commentary  |  6/23/2013  | 
Everyone seems to want security to just be there, invisible to end users. Everyone except the security industry, that is, if it wants to survive
10 Most Common Security Vulnerabilities In Enterprise Databases
Quick Hits  |  6/23/2013  | 
Databases are among the most vulnerable systems in the enterprise. Here's where they are weak -- and what you can do about it
Tech Insight: Quick Wins For Strengthening SMB Security
News  |  6/21/2013  | 
Small businesses can quickly bolster their security posture with these free or low-cost hardening measures
'Aaron's Law' Seeks Hacking Legislation Reform
News  |  6/21/2013  | 
Following Aaron Swartz's suicide, revamp of Computer Fraud and Abuse Act would restrict federal prosecutions from prosecuting minor "acceptable use" violations.
Britain Orders Google To Delete Street View Data
News  |  6/21/2013  | 
Google has 35 days to purge all user personal data its Street View vehicles inadvertently collected in 2010 or face legal sanction.
Want NSA Attention? Use Encrypted Communications
News  |  6/21/2013  | 
Bad news has emerged for fans of PGP and other encryption services. The NSA is taking a gloves-off approach when you go this route.
WikiLeaks Offers Snowden Flight To Iceland
News  |  6/21/2013  | 
WikiLeaks donations fund charter plane to bring NSA whistleblower Snowden to Iceland in asylum attempt.
Analyzing Vulnerabilities In Business-Critical Applications
Quick Hits  |  6/21/2013  | 
Fears of downtime and broken apps complicate the vulnerability scanning process. Here are some tips to help
Cloud Can Simplify Vulnerability Management For SMBs
News  |  6/21/2013  | 
Lacking security skills, most small and midsize businesses need help in locking down their information technology, including cataloging and triaging vulnerabilities
Data Classification Can Boost Risk Management
News  |  6/21/2013  | 
The trouble is that organizations must execute on classification and retention policies to gain benefits
Google Given Three Months To Meet Privacy Law
News  |  6/20/2013  | 
French data protection agency threatens fines if privacy fixes aren't implemented soon.
Firefox Advances Do Not Track Technology
News  |  6/20/2013  | 
Mozilla says Firefox, over objections from the advertising industry, soon will begin blocking many types of cookies used to track users.
CSI: Atlanta? No, It's Phone Fingerprinting
Quick Hits  |  6/20/2013  | 
Pindrop Security collects $11M in funding to build out next-gen solution for preventing phone fraud
Why Are We So Slow To Detect Data Breaches?
News  |  6/20/2013  | 
Poor instrumenting of network sensors, bad SIEM tuning, and lack of communication between security team members allow breaches more time to fester
Microsoft Establishes Rewards Programs For Windows 8.1, Internet Explorer 11 Preview Security Bugs
News  |  6/19/2013  | 
Microsoft is launching new programs to get its hands on cutting-edge exploits developed by researchers
Microsoft Dangles $100,000 Bug Bounty
News  |  6/19/2013  | 
One hitch: The bugs might be worth more on the open market.
Security Needs More Designers, Not Architects
Commentary  |  6/19/2013  | 
The better we design the user experience, the more we reduce our risk
Page 1 / 3   >   >>


Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
How Attackers Infiltrate the Supply Chain & What to Do About It
Shay Nahari, Head of Red-Team Services at CyberArk,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7843
PUBLISHED: 2019-07-18
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Insufficient input validation vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
CVE-2019-7846
PUBLISHED: 2019-07-18
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper error handling vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
CVE-2019-7847
PUBLISHED: 2019-07-18
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper Restriction of XML External Entity Reference ('XXE') vulnerability. Successful exploitation could lead to Arbitrary read access to the file system in the context of the current user.
CVE-2019-7848
PUBLISHED: 2019-07-18
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Inadequate access control vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
CVE-2019-7850
PUBLISHED: 2019-07-18
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have a Command injection vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.