News & Commentary

Content posted in July 2012
Page 1 / 3   >   >>
More Than Half Of Top 20 Fortune 500 Firms Infected With 'Gameover' Zeus Botnet
Quick Hits  |  7/31/2012  | 
Financial botnet has amassed some 680,000 bots
Indicted College Student Speaks Up About Her Case, Anonymous
News  |  7/31/2012  | 
Def Con panel raises questions about penalties in online civil disobedience -- amid an Anonymous at a 'crossroads'
Olympics Tap Big Data To Enhance Security
News  |  7/31/2012  | 
Olympics crime fighters are using big data analysis techniques to identify suspicious activity, imminent threats, and unexpected holes that attackers could exploit.
The Most Expensive Part Of The Monitoring System
Commentary  |  7/31/2012  | 
That would be the carbon-based life forms
HTML Access Control Busted By Security Researchers
News  |  7/31/2012  | 
Open source HTExploit tool can bypass a standard directory protection technique used to secure many types of Web pages, security experts demonstrated at Black Hat.
Five Steps To Protecting Intellectual Property
Quick Hits  |  7/31/2012  | 
Staying secure means finding out where your sensitive data resides -- and how to protect it
Hiding SAP Attacks In Plain Sight
News  |  7/31/2012  | 
Black Hat presenter uses test service and server-side request forgery to root SAP deployments
'Luckycat' APT Campaign Building Android Malware
News  |  7/30/2012  | 
Trend Micro researchers discover evidence of cyberespionage actors targeting Android users as well
Black Hat's Future Is The Past
Commentary  |  7/30/2012  | 
Black Hat has changed a lot over the years. Now, more than ever, we need it to stick to its roots
NIST Updates Computer Security Guides
News  |  7/30/2012  | 
Guidelines focus on wireless security and protecting mobile devices from intrusion.
Mac Malware Spies On Email, Survives Reboots
News  |  7/30/2012  | 
Crisis malware lets attackers install without an administrator password and intercept email, IM, and other communications.
Power Plant Hack Talk, Free Tools Pulled From Def Con Lineup
News  |  7/29/2012  | 
Def Con talk on bugs, tools for hacking power plants replaced with another talk on HMI flaws
Black Hat's Graduation
Commentary  |  7/29/2012  | 
Is it just me or did the Black Hat conference feel more like the summer RSA Conference? That may not necessarily be a bad thing, depending on what Black Hat wants to be when it grows up
Def Con: Experts Sound Alarm About Global Meeting On Internet's Future
Quick Hits  |  7/28/2012  | 
Panelists at Def Con urge security community to be aware and speak out about privacy, freedom concerns at upcoming World Conference on International Telecommunications (WCIT-12) meeting
Web Browser Weaknesses Make Tracking Easy
News  |  7/27/2012  | 
Researcher kicks off effort to catalog all the ways that browsers and popular add-ons can be used to track users
Strike Back At Hackers? Get A Lawyer
News  |  7/27/2012  | 
Don't risk legal troubles. Get advice before taking the offensive against cybercriminals, military security expert says at Black Hat.
Mass Router Infection Possible: Black Hat
News  |  7/27/2012  | 
Black Hat presenters detail how an HTML5-compliant browser could deliver malicious firmware, bring network-connected hardware under attackers' control.
JavaScript Botnet Sheds Light On Criminal Activity
News  |  7/27/2012  | 
A security research group uses cached JavaScript to control computers connecting to a malicious proxy, gaining intelligence on fraudsters and criminals
More Than Half Of Major Banks Infected With Conficker, Zeus, Fake AV, Other Malware
Quick Hits  |  7/26/2012  | 
Most users infected with malware suffer reinfection
Apple Makes Black Hat Debut
News  |  7/26/2012  | 
But presentation by Apple security team member doesn't reveal any new security details or plans for iOS
FAA's New Flight Control System Has Security Holes: Researcher
News  |  7/26/2012  | 
At the Black Hat conference, a computer scientist demonstrates how 'fake airplanes' can be inserted into FAA's upcoming air traffic control system.
Simplifying SQL Injection Detection
News  |  7/26/2012  | 
Black Hat researcher releases new lexical analysis tool that doesn't rely on regular expressions
Mahdi Malware Makers Push Anti-American Update
News  |  7/26/2012  | 
Spy malware, seemingly built by Iranians, gets update that searches for "USA" and "gov" on targeted machines, security researcher says at Black Hat.
Android Takeover With The Swipe Of A Smartphone
News  |  7/25/2012  | 
Security researcher discovers near-field communication (NFC) is a greenfield of security risks
Researchers To Launch New Tools For Search Engine Hacking
Quick Hits  |  7/25/2012  | 
Free 'Diggity' data mining tools can identify and extract sensitive information from many popular cloud-based services
We've Got Regulatory Fatigue
Commentary  |  7/25/2012  | 
Many organizations are worn out by ever-changing laws and regulations
Microsoft Adds BlueHat Prize Finalist's Technology To Its Free Toolkit
News  |  7/25/2012  | 
New security defense method may or may not end up the grand-prize winner of the contest
Evader Tool Shows Holes In Network Perimeter Security
News  |  7/25/2012  | 
Unveiled at Black Hat security conference, free testing tool checks for attacks employing so-called advanced evasion techniques.
Impersonating Microsoft Exchange Servers To Manipulate Mobile Devices
News  |  7/25/2012  | 
Black Hat researcher demonstrates mobile man-in-the-middle proof-of-concept attack that allows for unauthorized remote wipes
Free Advanced Evasion Technique Tool Unleashed
News  |  7/25/2012  | 
'Evader' to demonstrate how attacks slip by popular network security devices
Black Hat Researcher Finds Holes In ARM, x86, Embedded Systems
News  |  7/24/2012  | 
Black Hat session aims to expose sometimes shocking vulnerabilities in widely used products
Black Hat Goes Back To The Future
News  |  7/24/2012  | 
Five speakers who spoke at the first Black Hat conference will appear together on a panel titled 'Smashing the Future for Fun and Profit' on Wednesday
Black Hat, BSides, Def Con: Defenders, Take Note
Commentary  |  7/24/2012  | 
Summer security conferences include defense-related topics on top of the usual offensive fare
Dark Reading, Black Hat Partner To Produce Daily Conference Newsletter
Quick Hits  |  7/24/2012  | 
Dark Reading newsletter subscribers, conference attendees will receive three days of Black Hat show coverage
DARPA-Funded Service Seeks Flaws In Smartphones
News  |  7/24/2012  | 
The brainchild of start-up Duo Security, the X-Ray service will let users know whether their smartphones have vulnerable systems software
Using Chip Malfunction To Leak Private Keys
News  |  7/23/2012  | 
Black Hat researcher shows attackers could manipulate Linux machines running Open SSL and RSA encryption to gain access to authentication encryption keys for spoofing
Two-Thirds Of IT Pros Don't Know Who Has Local Admin Rights
News  |  7/23/2012  | 
Admin rights can be used by malware to install malicious software on local computers through the administrator account
When Hackers Meet Girlfriends: Readers Judge Our Theory
Commentary  |  7/23/2012  | 
My modest proposal to deter law-breaking hackers by helping them get girlfriends sparked condemnation, support, and even marriage advice.
The Mobile Monitoring Mess
Commentary  |  7/23/2012  | 
Bringing your own device to work sounds peachy to employees, but security, regulatory, and privacy issues still need to be worked out on the monitoring side
Black Hat: The Phishing Scare That Wasn't
Quick Hits  |  7/23/2012  | 
Email glitch causes concern among security pros attending major industry event, but ends with humor
New Memory Method Lets Users Remember Long Passwords -- Subconsciously
Quick Hits  |  7/22/2012  | 
'Implicit learning' lets users store a 30-character password in their memories -- without remembering it
Tech Insight: Speeding Up Incident Response With Continuous Monitoring
News  |  7/20/2012  | 
Increase speed and effectiveness of incident response through continuous monitoring and enterprise IR tool integration
Apple Yanks Privacy Watcher From App Store
News  |  7/20/2012  | 
Clueful privacy app reported on free iOS apps' data-gathering practices, found 41% tracking users' location.
An IPS For SAP Apps
Quick Hits  |  7/19/2012  | 
Onapsis offers an intrusion prevention system for the enterprise resource planning application
Madi Malware: Advanced Persistent Threat Or Just A Threat?
News  |  7/19/2012  | 
Security researchers are calling Madi an example of an advanced persistent threat, but what makes an APT an APT?
Smart Grid Researcher Releases Open Source Meter-Hacking Tool
News  |  7/19/2012  | 
'Termineter' unleashed prior to presentations on smart meter security next week at BSides, Black Hat USA
Attacking SCADA And Relative Cost Of Entry
Commentary  |  7/19/2012  | 
SCADA technologies have been increasingly targeted by shadowy adversaries: Does that mean impending doom?
Hackers Claim Wall Street Resume Leak
News  |  7/19/2012  | 
Team GhostShell members said they've leaked usernames, passwords, and resumes from jobs board ITWallStreet.com.
Android Attackers Launch Fake App Market
News  |  7/19/2012  | 
Malicious apps include a fake version of Skype that surreptitiously sends text messages to premium-rate numbers, racking up charges to the user and revenue for the cybercriminals.
End Users Still Don't Know How To Handle Personal Data, Study Finds
Quick Hits  |  7/19/2012  | 
Nearly a third of users have been victims of cybercrime; one-fifth still use no protection while surfing
Page 1 / 3   >   >>


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15594
PUBLISHED: 2018-08-20
arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests.
CVE-2018-15572
PUBLISHED: 2018-08-20
The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.
CVE-2018-15573
PUBLISHED: 2018-08-20
** DISPUTED ** An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata parameter and a pathname in the lf...
CVE-2018-15574
PUBLISHED: 2018-08-20
** DISPUTED ** An issue was discovered in the license editor in Reprise License Manager (RLM) through 12.2BL2. It is a cross-site scripting vulnerability in the /goform/edit_lf_get_data lf parameter via GET or POST. NOTE: the vendor has stated "We do not consider this a vulnerability."
CVE-2018-15570
PUBLISHED: 2018-08-20
In waimai Super Cms 20150505, there is stored XSS via the /admin.php/Foodcat/editsave fcname parameter.