Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in June 2013
<<   <   Page 2 / 3   >   >>
NSA Tests IT Access Control Restrictions
News  |  6/19/2013  | 
Could two-person access requirements and better automation prevent future leaks?
What Prism Knows: 8 Metadata Facts
News  |  6/19/2013  | 
Data traffic analysis could provide "megadata" intelligence agencies can use to cross-reference information using big data techniques.
Survey: Customers Expect To Be Asked, Compensated For Use Of Personal Data
Quick Hits  |  6/19/2013  | 
Consumers recognize value of personal info, expect "identity etiquette," survey says
Beware Of HTML5 Development Risks
News  |  6/19/2013  | 
Local storage, native resource rights, and third-party code all add greater functionality and higher risk to HTML5 applications
Google Challenges Surveillance Gag Order
News  |  6/18/2013  | 
Google argues it has a First Amendment Right to report the number of demands for information it receives under national security laws.
Slide Show: 10 Ways Attackers Automate Malware Production
Slideshows  |  6/18/2013  | 
Peeking into an attacker's toolbox to see how malware production is automated and the Internet is flooded with millions of unique malware applications
FBI Driver's License Photo Searches Raise Privacy Questions
News  |  6/18/2013  | 
Facial-recognition software advances allow law enforcement and government agencies to match images of unknown suspects with government-issued ID photos.
NTT To Acquire Solutionary, Add Cloud Security Services
Quick Hits  |  6/18/2013  | 
Pure-play managed security services provider Solutionary will become part of NTT's cloud portfolio
CrowdStrike Falcon Traces Attacks Back To Hackers
News  |  6/17/2013  | 
Startup that encourages playing offense on security launches cloud-based service to help businesses identify adversaries, mitigate attacks and pursue responses.
Google Launches Attack On Online Child Pornography
News  |  6/17/2013  | 
Google pledges millions to charities and software developers to help it eliminate online material that endangers children.
Apple, Facebook, Microsoft Detail Surveillance Requests
News  |  6/17/2013  | 
Newly published information details the total number of government surveillance requests received; Google abstains, citing "a step back for users."
Medical Devices Subject To Cyberattack, FDA Warns
Quick Hits  |  6/17/2013  | 
Food and Drug Administration issues alert on vulnerabilities in medical devices
Researcher To Open-Source Tools For Finding Odd Authentication Behavior
News  |  6/15/2013  | 
Rather than watching for communications between infected systems and command-and-control servers, companies can detect stealthy malware when it attempts to spread
Small Business, Big Target
Commentary  |  6/14/2013  | 
Why SMBs are a big target of hackers, regulators, and security-conscious partners--and what to do about it
YouVisit: Virtual College Tours Get Real
News  |  6/14/2013  | 
Unlike other sites with "virtual campus tours" that piece together bits of video and resource links, YouVisit offers virtual walking tours with speaking guides.
Black Hat USA 2013 Reveals Turbo Talks On Top Topics
News  |  6/14/2013  | 
High-speed sessions will focus on content from almost every corner of security space
Bug Data Buys Businesses Intel From U.S. Government
News  |  6/14/2013  | 
Thousands of businesses are reportedly exchanging information with the government on zero-day vulnerabilities and online threats in return for classified intelligence.
Cyberespionage Operators Work In Groups, Process Enormous Data Workloads
News  |  6/14/2013  | 
A group of Taiwanese researchers peer into the operations center of a group behind one large espionage campaign
0-Day The (Bug) Bounty Hunter
Commentary  |  6/13/2013  | 
Companies increasingly offer bug bounties to help find vulnerabilities and threats. This is an opportunity for those looking to get into security
Iranians Targeted In Massive Phishing Campaign
Quick Hits  |  6/13/2013  | 
Google spotted targeted attacks out of Iran against tens of thousands of Iranians in the run-up to the country's presidential election on Friday
Letter Of (Cyber) Marque And Reprisal
Commentary  |  6/13/2013  | 
Facilitating future 'hack back' programs
LulzSec Hacker Ryan Cleary To Be Released
News  |  6/13/2013  | 
Release comes despite being convicted of possessing child porn images and serving only a portion of his sentence, leading hackers to suggest he's working with authorities.
New OWASP Top 10 Reflects Unchanged State Of Web Security
News  |  6/13/2013  | 
Injection flaws still rank No. 1 in Web application vulnerabilities
Snowden Says U.S. Hacking Chinese Civilians Since 2009
News  |  6/13/2013  | 
NSA whistle-blower says U.S. spies on people using computers at Hong Kong's Chinese University, as well as government officials and businesses in mainland China.
10 Ways Small Businesses Can Save Money On Security
Quick Hits  |  6/13/2013  | 
Small and midsize businesses have limited IT resources. Here are some ways they can stretch their security dollars
Don't Take Vulnerability Counts At Face Value
News  |  6/13/2013  | 
With flaw tallies varying by up to 75 percent, vulnerability data needs to be taken with a grain of salt, yet reports based on the data fail to include caveats, Black Hat presenters say
8 Charged In $15 Million Attempted Cyberfraud Targeting U.S. Banking Customers
News  |  6/12/2013  | 
Hackers gained access to the computer networks of several financial institutions, including Citibank, E-Trade, and JP Morgan Chase Bank
NSA Leak Ushers In New Era Of The Insider Threat
News  |  6/12/2013  | 
A determined user or contractor hell-bent on leaking data can't be stopped, but businesses should revisit their user access policies and protections
NSA Prism: Google, Facebook Want More Transparency
News  |  6/12/2013  | 
Fearing loss of customer trust, Google, Facebook, Microsoft and Twitter ask for permission to share more information about government data demands.
7 Tips To Avoid NSA Digital Dragnet
News  |  6/12/2013  | 
These apps will keep your cell phone calls under wraps -- if the NSA hasn't already found a way to break them.
NSA Prism Whistleblower Snowden Deserves A Medal
Commentary  |  6/12/2013  | 
Without Snowden's leaks, we wouldn't be pursuing rational, democratic debates on the government's post-Sept. 11 balance between security and civil liberties.
NSA Prism Fallout Delays EU Airline Database Vote
News  |  6/12/2013  | 
Accusations of "paranoia" and discrimination against non-U.S. citizens aired in Brussels this week -- though the importance of working with America on security was also a theme.
Bad SSH Key Management Leaves Databases At Risk
News  |  6/11/2013  | 
Not enough oversight of keys leaves SSH clients open to abuse
Microsoft: SMB Cloud Security, Privacy Concerns A Matter Of Perception
Quick Hits  |  6/11/2013  | 
Survey finds some SMBs afraid of going to the cloud for security reasons -- and other SMBs loving the cloud for security reasons
Getting Out Of PRISM
Commentary  |  6/11/2013  | 
What we can learn from national security monitoring
NSA Prism: Patriot Act Author Questions Scope
News  |  6/11/2013  | 
White House says NSA's surveillance programs implement FISA and the Patriot Act -- but Patriot Act author is not so sure. Meanwhile, privacy groups turn up the heat.
NSA Prism: Snowden Is Wrong, Says British Government
News  |  6/11/2013  | 
Foreign Secretary denies that British government used Prism program to access communications of private citizens, but questions remain.
9 Facts About NSA Prism Whistleblower
News  |  6/11/2013  | 
Here's what we know about Edward J. Snowden, the NSA contractor last seen in Hong Kong -- and why the Bradley Manning case could affect Snowden's fate.
NSA Prism Relies Heavily On IT Contractors
News  |  6/11/2013  | 
NSA whistleblower Snowden likely enjoyed access to Prism program details as a contracted NSA IT administrator. Systems administrators remain an important link in your security chain.
Tech Insight: What You Need To Know To Be A Cyber Forensics Pro
News  |  6/11/2013  | 
A look at the skills, experience, and personality traits that make a successful forensics expert
(ISC)2 Launches Certification Program For Cyber Forensics Experts
Quick Hits  |  6/11/2013  | 
New Certified Cyber Forensics Professional (CCFP) will help train security pros to handle breaches, testify in court
12 Endpoint Security Myths Dispelled
News  |  6/11/2013  | 
Mistaken beliefs that hold back endpoint protection
U.S.-Chinese Summit: 4 Information Security Takeaways
News  |  6/10/2013  | 
What did the summit accomplish with regard to cyber spying and cyber attacks -- and what's left undone?
Endpoint Data Protection: Tablet Trouble
Commentary  |  6/10/2013  | 
Backup managers should look at bringing endpoint protection in-house and using it to protect tablets.
Federal Agencies Graded On Cybersecurity
News  |  6/10/2013  | 
White House report on cybersecurity goals shows agencies are making progress to keep federal IT systems safe, but they might miss 2014 targets.
Why Database Assessment?
Commentary  |  6/10/2013  | 
How FIS bungled the basics
Black Hat USA 2013 Showcases NAND, Windows 8 Secure Boot Hacking Talks
News  |  6/10/2013  | 
Organizers confirm another trio of Briefings from the show
Security Talk: 7 Ways To Make Users Listen
News  |  6/10/2013  | 
Zeus reboot underscores the fundamental cause of many security breaches: Human error. Here's how to keep users listening when you talk security.
NSA Prism: Inside The Modern Surveillance State
Commentary  |  6/10/2013  | 
The government's approach seems to be: "Collect first, ask questions later."
Gartner: Get A Jump On Securing Mobile Users
News  |  6/10/2013  | 
Don't wait around for mobile and other attacks to evolve, Gartner analyst says
<<   <   Page 2 / 3   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-41393
PUBLISHED: 2021-09-18
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations.
CVE-2021-41394
PUBLISHED: 2021-09-18
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations.
CVE-2021-41395
PUBLISHED: 2021-09-18
Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username.
CVE-2021-3806
PUBLISHED: 2021-09-18
A path traversal vulnerability on Pardus Software Center's &quot;extractArchive&quot; function could allow anyone on the same network to do a man-in-the-middle and write files on the system.
CVE-2021-41392
PUBLISHED: 2021-09-17
static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal Electron API.