Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in June 2014
<<   <   Page 2 / 2
Wave Of DDoS Attacks Down Cloud-Based Services
News  |  6/11/2014  | 
Feedly fends off ransom demands of its attackers.
Microsoft Releases 2 Critical Updates, Patches 59 IE Holes
News  |  6/11/2014  | 
Patch Tuesday resolved 66 vulnerabilities in all, including two that had already been publicly disclosed without patches.
Dont Let Lousy Teachers Sink Security Awareness
Commentary  |  6/11/2014  | 
You can't fix a human problem with a technology solution. Here are three reasons why user education can work and six tips on how to develop a corporate culture of security.
Experts: CrowdStrike China Hacker Report Raises Red Flags For Business
News  |  6/11/2014  | 
The second report on Chinas hacking teams supports Department of Justice's accusations, offers insight on Chinese attackers.
SQL Injection Attacks Haunt Retailers
News  |  6/10/2014  | 
Only about a third of companies have the ability to detect SQL injection attacks, a new Ponemon report finds.
Zeus Being Used In DDoS, Attacks On Cloud Providers
Quick Hits  |  6/10/2014  | 
The popular Zeus RAT is being used for more than just financial fraud and data theft.
New Commercialized Trojan Takes Fresh Approach To Password-Stealing
News  |  6/10/2014  | 
Unlike most banking malware of today, new Pandemiya skips the Zeus source code and starts from scratch.
Putter Panda: Tip Of The Iceberg
Commentary  |  6/10/2014  | 
What CrowdStrike's outing of Putter Panda -- the second hacking group linked to China's spying on US defense and European satellite and aerospace industries -- means for the security industry.
Worldwide Cost of Cybercrime Estimated at $400 Billion
News  |  6/9/2014  | 
Experts with the Center for Strategic and International Studies, McAfee look at data loss figures and information from economists and intellectual property experts to come up with the figure.
Women in InfoSec: Building Bonds & New Solutions
Commentary  |  6/9/2014  | 
Learning, camaraderie, and fighting the good fight are just three reasons these women are trailblazing careers in InfoSec.
Dark Reading Radio: Breaking the Glass Ceiling in InfoSec
Commentary  |  6/6/2014  | 
Join the discussion about the challenges and rewards of being a woman in IT security from the vantage point of three accomplished security professionals. Wednesday, June 11, 2014 at 1:00 p.m. ET
TweetDeck Scammers Steal Twitter IDs Via OAuth
News  |  6/6/2014  | 
Users who give up their TweetDeck ID are promised 20 followers for free or 100 to 5,000 new followers a day for five days.
How Researchers Helped Cripple CryptoLocker
News  |  6/5/2014  | 
A Black Hat USA speaker will give the backstory on how he and others helped disrupt the infamous CyptoLocker operation, and what they learned about it.
Simplocker: First-Ever Data-Encrypting Ransomware For Android
News  |  6/5/2014  | 
ESET has discovered the first Android ransomware that doesn't just lock screens, but encrypts files.
If HTML5 Is The Future, What Happens To Access Control?
Commentary  |  6/5/2014  | 
The solution for multi-device deployment is HTML5. The challenge, for the enterprise, is deploying it correctly. Here are seven tools you will need.
New OpenSSL Flaw Exposes SSL To Man-In-The-Middle Attack
Quick Hits  |  6/5/2014  | 
Security advisory includes fixes for six newly discovered bugs in OpenSSL.
Google Adds Chrome Encryption Option For Webmail
News  |  6/4/2014  | 
An end-to-end encryption test module for Chrome is available now.
Molerats Go After Governments, US Financial Institution
News  |  6/4/2014  | 
Middle Eastern hacking group uses new malware, same tactics.
Safely Storing User Passwords: Hashing vs. Encrypting
Commentary  |  6/4/2014  | 
Securing user information begins with a proper understanding of security controls and the protection of user passwords using modern hashing algorithms. Here's a quick review of the fundamentals.
A Peek Inside Enterprise BYOD App Security Policies
Quick Hits  |  6/3/2014  | 
IBM company Fiberlink shares data on how enterprises are pushing and securing mobile apps.
DARPA Announces Teams For First Cyber Grand Challenge
Quick Hits  |  6/3/2014  | 
DEF CON 2016 will host the final competition for DARPA's first-of-its-kind tournament for developing automated security systems that can fight against cyber attacks as fast as they are launched.
Cleaning Up After GOZeus Takedown
News  |  6/3/2014  | 
Public-private effort shows signs of improvement, but these types of actions are fleeting.
Compliance: The Surprising Gift Of Windows XP
Commentary  |  6/3/2014  | 
The end of Windows XP will force organizations to properly reinvest in a modern and compliant desktop infrastructure that will be easier to maintain and secure.
Dark Reading Radio: Pay Up Or Never See Your Data Again
Commentary  |  6/3/2014  | 
Learn how ransomware is raising the stakes, and what law enforcement and the security community are doing about it.
Researchers: Mobile Applications Pose Rapidly Growing Threat To Enterprises
Quick Hits  |  6/3/2014  | 
The average user has about 200 apps running on his smartphone -- and they're not all safe, Mojave Networks study says.
Global Effort Disrupts GOZeuS Botnet, CryptoLocker; One Indicted
News  |  6/2/2014  | 
An international public-private collaboration involving security companies and law enforcement agencies in 11 countries aims to disrupt the underlying infrastructure of the cybercrime industry.
How The Math Of Biometric Authentication Adds Up
Commentary  |  6/2/2014  | 
Yes, it's true that if your authentication scheme only allows a single fingerprint you only have 10 choices. But there's no rule that says it has to be one, and only one.
SSL: Security's Best Friend Or Worst Enemy?
News  |  6/2/2014  | 
A new report shows that applications using SSL are on the rise in enterprises, putting them at greater risk of attacks that hide in plain sight or use vulnerabilities like Heartbleed.
<<   <   Page 2 / 2


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30485
PUBLISHED: 2021-04-11
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.