News & Commentary

Content posted in June 2014
Page 1 / 2   >   >>
Cyberspying Campaign Comes With Sabotage Option
News  |  6/30/2014  | 
New research from Symantec spots US and Western European energy interests in the bull's eye, but the campaign could encompass more than just utilities.
3 Hot Cloud Security Startups Snag Funding
News  |  6/30/2014  | 
Tens of millions of venture capital dollars recently have been flowing into some growing cloud security endeavors.
NSA Director Downplays Damage From Snowden Leaks
Quick Hits  |  6/30/2014  | 
New NSA director tells The New York Times he'll have to be more open about agency's activities than his predecessors.
How Microsoft Cracks The BYOD Code: 3 Tips
Commentary  |  6/30/2014  | 
Microsofts CISO shares best-practices for balancing employee autonomy and security in todays bring-your-own world.
PlugX RAT Armed With 'Time Bomb' Leverages Dropbox In Attack
News  |  6/27/2014  | 
Attackers used Dropbox to update command and control settings, according to Trend Micro. The malware included a trigger date of May 5 to begin running.
3 Mobile Security Tips For SMBs
Commentary  |  6/27/2014  | 
Everyone in an organization has to work together to combat intrusions and data loss, but this is especially true for small businesses.
Decades-Old Vulnerability Threatens Internet Of Things
News  |  6/26/2014  | 
A newly discovered bug in the pervasive LZO algorithm has generated a wave of patching of open-source tools such as the Linux kernel this week.
As Stuxnet Anniversary Approaches, New SCADA Attack Is Discovered
News  |  6/26/2014  | 
F-Secure has unearthed a new attack against industrial control systems that goes after European targets, using rare infection vectors.
Why A Secured Network Is Like The Human Body
Commentary  |  6/26/2014  | 
Its time to throw away the analogies about building fortresses and perimeter defenses and start to approach InfoSec with the same standard of care we use for public health.
Oil & Natural Gas Industry Forms ISAC
Quick Hits  |  6/26/2014  | 
New ONG-ISAC joins existing Information Sharing and Analysis Centers for electricity, water, and other critical infrastructure sectors.
Alexander: Cyber Security Pros Face Uphill Battle
Quick Hits  |  6/26/2014  | 
Former NSA chief says rapid growth of data, malware will challenge security teams in coming years.
Luuuk Stole Half-Million Euros in One Week
News  |  6/25/2014  | 
A man-in-the-browser and a big team of money mules quickly, systematically robbed 190 account holders at a European bank.
Cloud Security: Think Todays Reality, Not Yesterdays Policy
Commentary  |  6/25/2014  | 
SaaS, BYOD, and mobility are inseparable, yet time and time again companies attempt to compartmentalize the three when they make a move to the cloud. That's a big mistake.
PayPal Two-Factor Authentication Broken
News  |  6/25/2014  | 
Researchers discover a way to bypass the extra layer of security for mobile PayPal app accounts.
Battling The Bot Nation
News  |  6/24/2014  | 
Online fraudsters and cyber criminals -- and even corporate competitors -- rely heavily on bots, and an emerging startup aims to quickly spot bots in action.
Governments Use 'Legal' Mobile Malware To Spy On Citizens
News  |  6/24/2014  | 
New research shows how C&C infrastructure and mobile Trojans are packaged by one firm offering worldwide governments the means to spy on everyday criminals and political targets.
Crowdsourcing & Cyber Security: Who Do You Trust?
Commentary  |  6/24/2014  | 
A collective security defense can definitely tip the balance in favor of the good guys. But challenges remain.
Dark Reading Radio: RAT Exterminators
Commentary  |  6/24/2014  | 
Join us Wednesday, June 25, at 1:00 p.m. ET for a conversation with Adam Meyers, director of intelligence for CrowdStrike.
Despite Target, Retailers Still Weak On Third-Party Security
Quick Hits  |  6/24/2014  | 
A new survey from TripWire shows mixed results about retailers' security practices.
Content Widget Maker Taboola Is Hacked On Reuters
Quick Hits  |  6/24/2014  | 
Syrian Electronic Army targets widget used by many publishers to surface content that the reader might like.
Microsoft Unveils New Intelligence-Sharing Platform
News  |  6/23/2014  | 
Azure cloud-based system for incident responders and Microsoft Active Protections Program (MAPP) partners automate swapping of threat and attack intel.
DNS Pioneer Founds New Security Startup
Quick Hits  |  6/23/2014  | 
Paul Vixie launches Farsight Security, aimed at catching domain abuse early in the lifecycle.
6 Recent Real-Life Cyber Extortion Scams
News  |  6/23/2014  | 
Companies have paid millions, shuttered their doors, and suffered downtime as malicious hackers ramp up blackmail efforts.
P.F. Chang's Breach Went Undetected For Months
Commentary  |  6/23/2014  | 
Early reports indicate that the compromise involved a large number of restaurant locations and dates as far back as September 2013.
Code Hosting Service Shuts Down After Cyber Attack
News  |  6/20/2014  | 
Code Spaces shuttered its doors after a hacker accessed the company's Amazon EC2 control panel and erased business data and other information.
Flash Poll: Critical Skills Gap In Threat Intelligence
Commentary  |  6/20/2014  | 
Our latest poll reflects members concerns over how to stay on top of the latest attack trends, defenses, and technologies.
Open-Source Tool Aimed At Propelling Honeypots Into the Mainstream
News  |  6/19/2014  | 
Free software automates the setup, management of honeypots for enterprises.
Google Play Apps Expose Users To Attack
Quick Hits  |  6/19/2014  | 
Researchers discover thousands of Android app developers store secret keys in their apps.
What Workplace Privacy Will Look Like In 10 Years
Commentary  |  6/19/2014  | 
New laws like Europe's "right to be forgotten" in Google search are just the latest examples of how quickly perceptions and practices about personal privacy in the workplace are changing.
Hackers Renege On Threat To Publish Domino's Customer Data
Quick Hits  |  6/19/2014  | 
Although Domino's Pizza refused to pay a ransom, the hacking group Rex Mundi has yet to follow through on threats to release stolen customer data.
Spyware Found On Chinese-Made Smartphone
Quick Hits  |  6/19/2014  | 
Unknown manufacturer ships smartphones loaded with app that could allow a hacker to steal personal data or spy on the user, German researcher says.
Malicious Google Play Clone Steals Banking Credentials
News  |  6/18/2014  | 
Google, FireEye disrupt sneaky Android malware operation.
Ending Cybersecurity Labor Shortage Will Take Time
News  |  6/18/2014  | 
Researchers at RAND say the industry has taken the right steps, but there is still a long way to go.
Data Security Decisions In A World Without TrueCrypt
Commentary  |  6/18/2014  | 
The last days of TrueCrypt left many unanswered questions. But one thing is certain: When encryption freeware ends its life abruptly, being a freeloader can get you into a load of trouble.
Dark Reading Radio: The Human Side Of Online Attacks
Commentary  |  6/18/2014  | 
Today's DR Radio show offers a look at phishing, social engineering, and the weakest link in the cyber defense chain: humans. Showtime is 1:00 p.m. EDT.
Security Pro File: Spam-Inspired Journey From Physics To Security
News  |  6/17/2014  | 
SANS Internet Storm Center director Johannes Ullrich talks threat tracking, spam, physics -- and his pick for the World Cup.
Scope Of SAP Bugs Still Plagues Enterprises
News  |  6/17/2014  | 
As SAP closes its 3,000th security vulnerability, ERP experts expound on the dangers of these vulns and enterprises' continued head-in-the-sand attitude about them.
The Problem With Cyber Insurance
Commentary  |  6/17/2014  | 
Insurers have yet to develop an evidence-based method to assess a company's cyber risk profile. This can result in high premiums, low coverage, and broad exclusions.
A Dyre New Banking Trojan
News  |  6/17/2014  | 
Newly discovered RAT sneaks by SSL and steals victims' banking credentials.
How Not To Respond To A DDoS Attack
News  |  6/16/2014  | 
Common mistakes made by victims of distributed denial-of-service attacks.
A Roadmap for CIOs & CSOs After the Year of the Mega Breach
Commentary  |  6/16/2014  | 
The journey starts with three steps: Engage the C-suite, think like a hacker, and look at the big picture.
P.F. Chang's Confirms Security Breach
Quick Hits  |  6/14/2014  | 
After initial silence, P.F. Chang's restaurant chain goes live with website disclosing information on stolen credit card data.
VDI Under The Security Microscope
News  |  6/13/2014  | 
Black Hat USA researchers explore security risks with virtual desktop infrastructure with BYOD.
Heartbleed & The Long Tail Of Vulnerabilities
Commentary  |  6/13/2014  | 
To this day there are still unpatched systems, still hackers scanning for vulnerable systems, and still cyber criminals using Heartbleed every day to break into companies.
Report: Slow Detection, Slow Response
Quick Hits  |  6/12/2014  | 
One-third of network security hacks are not discovered for hours, a report says.
Kids To Hack Corporate Crime Caper Case At DEF CON
News  |  6/12/2014  | 
The Social Engineering Capture the Flag contest for kids is now an official DEF CON contest.
Information Risk Maturity Index Says We're Aware But Not Ready
News  |  6/12/2014  | 
A new study from PwC and Iron Mountain shows that businesses are having trouble balancing the need for data insight and the need for data security.
Monitor DNS Traffic & You Just Might Catch A RAT
Commentary  |  6/12/2014  | 
Criminals will exploit any Internet service or protocol when given the opportunity. Here are six signs of suspicious activity to watch for in the DNS.
XSS Flaw In TweetDeck Leads To Spread Of Potential Exploits
Quick Hits  |  6/12/2014  | 
Twitter unit fixes cross-site scripting problem, but not before many users spread vulnerable scripts with their tweets.
P.F. Chang's The Latest Target?
Quick Hits  |  6/11/2014  | 
The restaurant chain is investigating a possible data breach.
Page 1 / 2   >   >>


13 Russians Indicted for Massive Operation to Sway US Election
Kelly Sheridan, Associate Editor, Dark Reading,  2/16/2018
From DevOps to DevSecOps: Structuring Communication for Better Security
Robert Hawk, Privacy & Security Lead at xMatters,  2/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.