News & Commentary

Content posted in June 2013
Page 1 / 3   >   >>
HTTPS Side-Channel Attack A Tool For Encrypted Secret Theft
News  |  6/29/2013  | 
Researchers to release details on how SSL vulnerability gives attackers ability to steal everything from OAuth tokens to PII through an enterprise app in just 30 seconds
Machine-Learning Project Sifts Through Big Security Data
News  |  6/28/2013  | 
As the volume of data created by security and network devices multiplies, researchers look for ways to teach computer to better highlight attack patterns
Surrendering The Endpoint
Commentary  |  6/28/2013  | 
Imagine there’s no desktop...
3 Stupid Corporation Tricks
News  |  6/28/2013  | 
With exactly one month to go before the start of Black Hat USA 2013, we highlight a trio of Briefings that focus on data security in corporate environments.
The (Attack) Path To Prioritization
Commentary  |  6/28/2013  | 
Since you can't fix every vulnerability, you need to prioritize what needs to get done now and what doesn't. Using attack path data can help
IE, Chrome Browser Attack Exploits Windows PCs
News  |  6/28/2013  | 
Microsoft says the social-engineering vulnerability, which uses "pop-under" browser notifications and a fake Captcha, isn't a Windows bug.
'BinaryPig' Uses Hadoop To Sniff Out Patterns In Malware
News  |  6/27/2013  | 
At Black Hat next month, researchers will release new set of big-data tools that can find patterns in the data among security firms' massive databases of malware
96 Percent Of Androids Running Old OS Versions
Quick Hits  |  6/27/2013  | 
Some 90 percent of all mobile threats target the popular Android platform, Juniper Networks report says
Microsoft's Big Bucks For Bugs Ups The Ante
News  |  6/27/2013  | 
How Microsoft's new bug bounty program will play in the quest for more secure software
Sextortion Warning: Masking Tape Time For Webcams
Commentary  |  6/27/2013  | 
"Camjacking" attacks activate your webcam and record your every move. Female images are in demand.
Researcher To Demo Spy-Phone At Black Hat
News  |  6/26/2013  | 
Using the ability to inject malicious code into applications on Android devices, a researcher will demonstrate at Black Hat how to create the infrastructure to spy on mobile users
Google Gets Help In Spanish Privacy Fight
News  |  6/26/2013  | 
Legal filing argues Europe's right to be forgotten isn't quite a right and doesn't obligate Google to delete data that makes people unhappy.
CSI: Cyberattack
Quick Hits  |  6/26/2013  | 
Seven clues to use to ID who's behind a malware attack
Carberp Source Code Leak Likely To Spawn Malware Variants, Innovation
News  |  6/26/2013  | 
Source code for the Carberp Trojan has been leaked, creating a double-edged sword for security researchers
Phishing Attackers Diversify, Target Facebook Credentials
News  |  6/26/2013  | 
FBI warns of surge in spear-phishing attacks, says criminals seek more than bank credentials.
Germany Criticizes U.K. 'Project Tempora' Cyber Spy Program
News  |  6/26/2013  | 
German politician wants the EU to address reports that Britain's spymasters are even better at harvesting Internet traffic than their NSA allies.
Online Privacy: We Just Don't Care
Commentary  |  6/26/2013  | 
Facebook leaked your data (again). Big Brother's watching everyone and everything. And Google is testing a "service" that sounds like you providing them a list of everything you own.
Cybercriminals Expand DDOS Extortion Demands
News  |  6/26/2013  | 
Free toolkits and outsourced cybercrime services make DDoS attacks popular with Anonymous, criminals, unscrupulous business competitors and anyone with a grudge.
British Cyber Defenses Receive Unexpected Boost
News  |  6/26/2013  | 
British intelligence services and cybersecurity initiatives get increased investment, even amidst brutal government cuts.
Vulnerability Severity Scores Make For Poor Patching Priority, Researchers Find
News  |  6/25/2013  | 
A bug's Common Vulnerability Scoring System (CVSS) score doesn't necessarily correlate with whether the vulnerability is being used in attacks
New Tool Gives Developers A Free Anti-SQL Injection Shortcut
News  |  6/25/2013  | 
The open-source AntiSQLi library for .NET and SQL Server automates parameterization during development of database-connected Web apps
Google Now Sharing Web Security Data
Quick Hits  |  6/25/2013  | 
Search engine giant's transparency report will now include data on numbers of malicious and infected websites, cleanup rates
Black Hat USA: T-Minus One Month And Counting
News  |  6/25/2013  | 
This highlighted trio of Briefings range widely in topic, yet they all sport that certain cool factor
Senate Bill Seeks Greater NSA Surveillance Oversight
News  |  6/25/2013  | 
Proposed legislation would require greater monitoring and privacy controls for NSA surveillance programs designed to gather foreign intelligence.
Ignoring Compliance Is A Real Option
Commentary  |  6/25/2013  | 
Security and compliance are commonly deferred by choice
Database Configuration Standards
Commentary  |  6/25/2013  | 
The trouble with database assessment and compliance
Anonymous Attacks North Korea, Denies Targeting South
News  |  6/25/2013  | 
Groups claiming to represent Anonymous launch separate DDoS attacks and defacements against both North and South Korean websites.
CrowdStrike Turns Security Fight Toward Attacker
Commentary  |  6/25/2013  | 
CrowdStrike Falcon platform is first to focus on the source of the attack, rather than stopping malware
Duking It Out Over Endpoint Admin Rights
News  |  6/25/2013  | 
Endpoint rights policies should mean something for elite users, too
South Korean Universities Targeted By Chinese-Speaking Hackers
News  |  6/24/2013  | 
'PinkStats' malware has been used for hacking nation-state targets for four years
US-CERT Warns Of Default Password Risks
Quick Hits  |  6/24/2013  | 
Change default passwords to strong ones, use stronger authentication methods before putting network-connected system online, US-CERT recommends
Should You Use Software-Defined Flash Storage?
Commentary  |  6/24/2013  | 
"Software definition" leverages the processor's power to do things that used to require dedicated hardware. So, what does that mean for flash?
NSA Leaker Snowden On The Run
News  |  6/24/2013  | 
U.S. files charges against former National Security Agency contractor Edward Snowden, who is seeking asylum in Ecuador. To date, Hong Kong and Moscow have declined to detain him.
The Slippery Slope Of Security Invisibility
Commentary  |  6/23/2013  | 
Everyone seems to want security to just be there, invisible to end users. Everyone except the security industry, that is, if it wants to survive
10 Most Common Security Vulnerabilities In Enterprise Databases
Quick Hits  |  6/23/2013  | 
Databases are among the most vulnerable systems in the enterprise. Here's where they are weak -- and what you can do about it
Tech Insight: Quick Wins For Strengthening SMB Security
News  |  6/21/2013  | 
Small businesses can quickly bolster their security posture with these free or low-cost hardening measures
'Aaron's Law' Seeks Hacking Legislation Reform
News  |  6/21/2013  | 
Following Aaron Swartz's suicide, revamp of Computer Fraud and Abuse Act would restrict federal prosecutions from prosecuting minor "acceptable use" violations.
Britain Orders Google To Delete Street View Data
News  |  6/21/2013  | 
Google has 35 days to purge all user personal data its Street View vehicles inadvertently collected in 2010 or face legal sanction.
Want NSA Attention? Use Encrypted Communications
News  |  6/21/2013  | 
Bad news has emerged for fans of PGP and other encryption services. The NSA is taking a gloves-off approach when you go this route.
WikiLeaks Offers Snowden Flight To Iceland
News  |  6/21/2013  | 
WikiLeaks donations fund charter plane to bring NSA whistleblower Snowden to Iceland in asylum attempt.
Analyzing Vulnerabilities In Business-Critical Applications
Quick Hits  |  6/21/2013  | 
Fears of downtime and broken apps complicate the vulnerability scanning process. Here are some tips to help
Cloud Can Simplify Vulnerability Management For SMBs
News  |  6/21/2013  | 
Lacking security skills, most small and midsize businesses need help in locking down their information technology, including cataloging and triaging vulnerabilities
Data Classification Can Boost Risk Management
News  |  6/21/2013  | 
The trouble is that organizations must execute on classification and retention policies to gain benefits
Google Given Three Months To Meet Privacy Law
News  |  6/20/2013  | 
French data protection agency threatens fines if privacy fixes aren't implemented soon.
Firefox Advances Do Not Track Technology
News  |  6/20/2013  | 
Mozilla says Firefox, over objections from the advertising industry, soon will begin blocking many types of cookies used to track users.
CSI: Atlanta? No, It's Phone Fingerprinting
Quick Hits  |  6/20/2013  | 
Pindrop Security collects $11M in funding to build out next-gen solution for preventing phone fraud
Why Are We So Slow To Detect Data Breaches?
News  |  6/20/2013  | 
Poor instrumenting of network sensors, bad SIEM tuning, and lack of communication between security team members allow breaches more time to fester
Microsoft Establishes Rewards Programs For Windows 8.1, Internet Explorer 11 Preview Security Bugs
News  |  6/19/2013  | 
Microsoft is launching new programs to get its hands on cutting-edge exploits developed by researchers
Microsoft Dangles $100,000 Bug Bounty
News  |  6/19/2013  | 
One hitch: The bugs might be worth more on the open market.
Security Needs More Designers, Not Architects
Commentary  |  6/19/2013  | 
The better we design the user experience, the more we reduce our risk
Page 1 / 3   >   >>


Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
What Israel's Elite Defense Force Unit 8200 Can Teach Security about Diversity
Lital Asher-Dotan, Senior Director, Security Research and Content, Cybereason,  5/21/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Shhh!  They're watching... And you have a laptop?  
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-3018
PUBLISHED: 2018-05-24
The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM X-Force ID: 84354.
CVE-2013-3023
PUBLISHED: 2018-05-24
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 might allow remote attackers to obtain sensitive information about Tomcat credentials by sniffing the network for a session in which HTTP is used. IBM X-Force ID: 84361.
CVE-2013-3024
PUBLISHED: 2018-05-24
IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362.
CVE-2018-5674
PUBLISHED: 2018-05-24
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
CVE-2018-5675
PUBLISHED: 2018-05-24
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...