Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in June 2014
Page 1 / 2   >   >>
Cyberspying Campaign Comes With Sabotage Option
News  |  6/30/2014  | 
New research from Symantec spots US and Western European energy interests in the bull's eye, but the campaign could encompass more than just utilities.
3 Hot Cloud Security Startups Snag Funding
News  |  6/30/2014  | 
Tens of millions of venture capital dollars recently have been flowing into some growing cloud security endeavors.
NSA Director Downplays Damage From Snowden Leaks
Quick Hits  |  6/30/2014  | 
New NSA director tells The New York Times he'll have to be more open about agency's activities than his predecessors.
How Microsoft Cracks The BYOD Code: 3 Tips
Commentary  |  6/30/2014  | 
Microsofts CISO shares best-practices for balancing employee autonomy and security in todays bring-your-own world.
PlugX RAT Armed With 'Time Bomb' Leverages Dropbox In Attack
News  |  6/27/2014  | 
Attackers used Dropbox to update command and control settings, according to Trend Micro. The malware included a trigger date of May 5 to begin running.
3 Mobile Security Tips For SMBs
Commentary  |  6/27/2014  | 
Everyone in an organization has to work together to combat intrusions and data loss, but this is especially true for small businesses.
Decades-Old Vulnerability Threatens Internet Of Things
News  |  6/26/2014  | 
A newly discovered bug in the pervasive LZO algorithm has generated a wave of patching of open-source tools such as the Linux kernel this week.
As Stuxnet Anniversary Approaches, New SCADA Attack Is Discovered
News  |  6/26/2014  | 
F-Secure has unearthed a new attack against industrial control systems that goes after European targets, using rare infection vectors.
Why A Secured Network Is Like The Human Body
Commentary  |  6/26/2014  | 
Its time to throw away the analogies about building fortresses and perimeter defenses and start to approach InfoSec with the same standard of care we use for public health.
Oil & Natural Gas Industry Forms ISAC
Quick Hits  |  6/26/2014  | 
New ONG-ISAC joins existing Information Sharing and Analysis Centers for electricity, water, and other critical infrastructure sectors.
Alexander: Cyber Security Pros Face Uphill Battle
Quick Hits  |  6/26/2014  | 
Former NSA chief says rapid growth of data, malware will challenge security teams in coming years.
Luuuk Stole Half-Million Euros in One Week
News  |  6/25/2014  | 
A man-in-the-browser and a big team of money mules quickly, systematically robbed 190 account holders at a European bank.
Cloud Security: Think Todays Reality, Not Yesterdays Policy
Commentary  |  6/25/2014  | 
SaaS, BYOD, and mobility are inseparable, yet time and time again companies attempt to compartmentalize the three when they make a move to the cloud. That's a big mistake.
PayPal Two-Factor Authentication Broken
News  |  6/25/2014  | 
Researchers discover a way to bypass the extra layer of security for mobile PayPal app accounts.
Battling The Bot Nation
News  |  6/24/2014  | 
Online fraudsters and cyber criminals -- and even corporate competitors -- rely heavily on bots, and an emerging startup aims to quickly spot bots in action.
Governments Use 'Legal' Mobile Malware To Spy On Citizens
News  |  6/24/2014  | 
New research shows how C&C infrastructure and mobile Trojans are packaged by one firm offering worldwide governments the means to spy on everyday criminals and political targets.
Crowdsourcing & Cyber Security: Who Do You Trust?
Commentary  |  6/24/2014  | 
A collective security defense can definitely tip the balance in favor of the good guys. But challenges remain.
Dark Reading Radio: RAT Exterminators
Commentary  |  6/24/2014  | 
Join us Wednesday, June 25, at 1:00 p.m. ET for a conversation with Adam Meyers, director of intelligence for CrowdStrike.
Despite Target, Retailers Still Weak On Third-Party Security
Quick Hits  |  6/24/2014  | 
A new survey from TripWire shows mixed results about retailers' security practices.
Content Widget Maker Taboola Is Hacked On Reuters
Quick Hits  |  6/24/2014  | 
Syrian Electronic Army targets widget used by many publishers to surface content that the reader might like.
Microsoft Unveils New Intelligence-Sharing Platform
News  |  6/23/2014  | 
Azure cloud-based system for incident responders and Microsoft Active Protections Program (MAPP) partners automate swapping of threat and attack intel.
DNS Pioneer Founds New Security Startup
Quick Hits  |  6/23/2014  | 
Paul Vixie launches Farsight Security, aimed at catching domain abuse early in the lifecycle.
6 Recent Real-Life Cyber Extortion Scams
News  |  6/23/2014  | 
Companies have paid millions, shuttered their doors, and suffered downtime as malicious hackers ramp up blackmail efforts.
P.F. Chang's Breach Went Undetected For Months
Commentary  |  6/23/2014  | 
Early reports indicate that the compromise involved a large number of restaurant locations and dates as far back as September 2013.
Code Hosting Service Shuts Down After Cyber Attack
News  |  6/20/2014  | 
Code Spaces shuttered its doors after a hacker accessed the company's Amazon EC2 control panel and erased business data and other information.
Flash Poll: Critical Skills Gap In Threat Intelligence
Commentary  |  6/20/2014  | 
Our latest poll reflects members concerns over how to stay on top of the latest attack trends, defenses, and technologies.
Open-Source Tool Aimed At Propelling Honeypots Into the Mainstream
News  |  6/19/2014  | 
Free software automates the setup, management of honeypots for enterprises.
Google Play Apps Expose Users To Attack
Quick Hits  |  6/19/2014  | 
Researchers discover thousands of Android app developers store secret keys in their apps.
What Workplace Privacy Will Look Like In 10 Years
Commentary  |  6/19/2014  | 
New laws like Europe's "right to be forgotten" in Google search are just the latest examples of how quickly perceptions and practices about personal privacy in the workplace are changing.
Hackers Renege On Threat To Publish Domino's Customer Data
Quick Hits  |  6/19/2014  | 
Although Domino's Pizza refused to pay a ransom, the hacking group Rex Mundi has yet to follow through on threats to release stolen customer data.
Spyware Found On Chinese-Made Smartphone
Quick Hits  |  6/19/2014  | 
Unknown manufacturer ships smartphones loaded with app that could allow a hacker to steal personal data or spy on the user, German researcher says.
Malicious Google Play Clone Steals Banking Credentials
News  |  6/18/2014  | 
Google, FireEye disrupt sneaky Android malware operation.
Ending Cybersecurity Labor Shortage Will Take Time
News  |  6/18/2014  | 
Researchers at RAND say the industry has taken the right steps, but there is still a long way to go.
Data Security Decisions In A World Without TrueCrypt
Commentary  |  6/18/2014  | 
The last days of TrueCrypt left many unanswered questions. But one thing is certain: When encryption freeware ends its life abruptly, being a freeloader can get you into a load of trouble.
Dark Reading Radio: The Human Side Of Online Attacks
Commentary  |  6/18/2014  | 
Today's DR Radio show offers a look at phishing, social engineering, and the weakest link in the cyber defense chain: humans. Showtime is 1:00 p.m. EDT.
Security Pro File: Spam-Inspired Journey From Physics To Security
News  |  6/17/2014  | 
SANS Internet Storm Center director Johannes Ullrich talks threat tracking, spam, physics -- and his pick for the World Cup.
Scope Of SAP Bugs Still Plagues Enterprises
News  |  6/17/2014  | 
As SAP closes its 3,000th security vulnerability, ERP experts expound on the dangers of these vulns and enterprises' continued head-in-the-sand attitude about them.
The Problem With Cyber Insurance
Commentary  |  6/17/2014  | 
Insurers have yet to develop an evidence-based method to assess a company's cyber risk profile. This can result in high premiums, low coverage, and broad exclusions.
A Dyre New Banking Trojan
News  |  6/17/2014  | 
Newly discovered RAT sneaks by SSL and steals victims' banking credentials.
How Not To Respond To A DDoS Attack
News  |  6/16/2014  | 
Common mistakes made by victims of distributed denial-of-service attacks.
A Roadmap for CIOs & CSOs After the Year of the Mega Breach
Commentary  |  6/16/2014  | 
The journey starts with three steps: Engage the C-suite, think like a hacker, and look at the big picture.
P.F. Chang's Confirms Security Breach
Quick Hits  |  6/14/2014  | 
After initial silence, P.F. Chang's restaurant chain goes live with website disclosing information on stolen credit card data.
VDI Under The Security Microscope
News  |  6/13/2014  | 
Black Hat USA researchers explore security risks with virtual desktop infrastructure with BYOD.
Heartbleed & The Long Tail Of Vulnerabilities
Commentary  |  6/13/2014  | 
To this day there are still unpatched systems, still hackers scanning for vulnerable systems, and still cyber criminals using Heartbleed every day to break into companies.
Report: Slow Detection, Slow Response
Quick Hits  |  6/12/2014  | 
One-third of network security hacks are not discovered for hours, a report says.
Kids To Hack Corporate Crime Caper Case At DEF CON
News  |  6/12/2014  | 
The Social Engineering Capture the Flag contest for kids is now an official DEF CON contest.
Information Risk Maturity Index Says We're Aware But Not Ready
News  |  6/12/2014  | 
A new study from PwC and Iron Mountain shows that businesses are having trouble balancing the need for data insight and the need for data security.
Monitor DNS Traffic & You Just Might Catch A RAT
Commentary  |  6/12/2014  | 
Criminals will exploit any Internet service or protocol when given the opportunity. Here are six signs of suspicious activity to watch for in the DNS.
XSS Flaw In TweetDeck Leads To Spread Of Potential Exploits
Quick Hits  |  6/12/2014  | 
Twitter unit fixes cross-site scripting problem, but not before many users spread vulnerable scripts with their tweets.
P.F. Chang's The Latest Target?
Quick Hits  |  6/11/2014  | 
The restaurant chain is investigating a possible data breach.
Page 1 / 2   >   >>


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-3311
PUBLISHED: 2019-11-21
Directory traversal vulnerability in the Loftek Nexus 543 IP Camera allows remote attackers to read arbitrary files via a .. (dot dot) in the URL of an HTTP GET request.
CVE-2013-3312
PUBLISHED: 2019-11-21
Multiple cross-site request forgery (CSRF) vulnerabilities in the Loftek Nexus 543 IP Camera allow remote attackers to hijack the authentication of unspecified victims for requests that change (1) passwords or (2) firewall configuration, as demonstrated by a request to set_users.cgi.
CVE-2013-3313
PUBLISHED: 2019-11-21
The Loftek Nexus 543 IP Camera stores passwords in cleartext, which allows remote attackers to obtain sensitive information via an HTTP GET request to check_users.cgi. NOTE: cleartext passwords can also be obtained from proc/kcore when leveraging the directory traversal vulnerability in CVE-2013-331...
CVE-2013-3314
PUBLISHED: 2019-11-21
The Loftek Nexus 543 IP Camera allows remote attackers to obtain (1) IP addresses via a request to get_realip.cgi or (2) firmware versions (ui and system), timestamp, serial number, p2p port number, and wifi status via a request to get_status.cgi.
CVE-2015-2793
PUBLISHED: 2019-11-21
Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi.