News & Commentary

Content posted in July 2012
Page 1 / 3   >   >>
More Than Half Of Top 20 Fortune 500 Firms Infected With 'Gameover' Zeus Botnet
Quick Hits  |  7/31/2012  | 
Financial botnet has amassed some 680,000 bots
Indicted College Student Speaks Up About Her Case, Anonymous
News  |  7/31/2012  | 
Def Con panel raises questions about penalties in online civil disobedience -- amid an Anonymous at a 'crossroads'
Olympics Tap Big Data To Enhance Security
News  |  7/31/2012  | 
Olympics crime fighters are using big data analysis techniques to identify suspicious activity, imminent threats, and unexpected holes that attackers could exploit.
The Most Expensive Part Of The Monitoring System
Commentary  |  7/31/2012  | 
That would be the carbon-based life forms
HTML Access Control Busted By Security Researchers
News  |  7/31/2012  | 
Open source HTExploit tool can bypass a standard directory protection technique used to secure many types of Web pages, security experts demonstrated at Black Hat.
Five Steps To Protecting Intellectual Property
Quick Hits  |  7/31/2012  | 
Staying secure means finding out where your sensitive data resides -- and how to protect it
Hiding SAP Attacks In Plain Sight
News  |  7/31/2012  | 
Black Hat presenter uses test service and server-side request forgery to root SAP deployments
'Luckycat' APT Campaign Building Android Malware
News  |  7/30/2012  | 
Trend Micro researchers discover evidence of cyberespionage actors targeting Android users as well
Black Hat's Future Is The Past
Commentary  |  7/30/2012  | 
Black Hat has changed a lot over the years. Now, more than ever, we need it to stick to its roots
NIST Updates Computer Security Guides
News  |  7/30/2012  | 
Guidelines focus on wireless security and protecting mobile devices from intrusion.
Mac Malware Spies On Email, Survives Reboots
News  |  7/30/2012  | 
Crisis malware lets attackers install without an administrator password and intercept email, IM, and other communications.
Power Plant Hack Talk, Free Tools Pulled From Def Con Lineup
News  |  7/29/2012  | 
Def Con talk on bugs, tools for hacking power plants replaced with another talk on HMI flaws
Black Hat's Graduation
Commentary  |  7/29/2012  | 
Is it just me or did the Black Hat conference feel more like the summer RSA Conference? That may not necessarily be a bad thing, depending on what Black Hat wants to be when it grows up
Def Con: Experts Sound Alarm About Global Meeting On Internet's Future
Quick Hits  |  7/28/2012  | 
Panelists at Def Con urge security community to be aware and speak out about privacy, freedom concerns at upcoming World Conference on International Telecommunications (WCIT-12) meeting
Web Browser Weaknesses Make Tracking Easy
News  |  7/27/2012  | 
Researcher kicks off effort to catalog all the ways that browsers and popular add-ons can be used to track users
Strike Back At Hackers? Get A Lawyer
News  |  7/27/2012  | 
Don't risk legal troubles. Get advice before taking the offensive against cybercriminals, military security expert says at Black Hat.
Mass Router Infection Possible: Black Hat
News  |  7/27/2012  | 
Black Hat presenters detail how an HTML5-compliant browser could deliver malicious firmware, bring network-connected hardware under attackers' control.
JavaScript Botnet Sheds Light On Criminal Activity
News  |  7/27/2012  | 
A security research group uses cached JavaScript to control computers connecting to a malicious proxy, gaining intelligence on fraudsters and criminals
More Than Half Of Major Banks Infected With Conficker, Zeus, Fake AV, Other Malware
Quick Hits  |  7/26/2012  | 
Most users infected with malware suffer reinfection
Apple Makes Black Hat Debut
News  |  7/26/2012  | 
But presentation by Apple security team member doesn't reveal any new security details or plans for iOS
FAA's New Flight Control System Has Security Holes: Researcher
News  |  7/26/2012  | 
At the Black Hat conference, a computer scientist demonstrates how 'fake airplanes' can be inserted into FAA's upcoming air traffic control system.
Simplifying SQL Injection Detection
News  |  7/26/2012  | 
Black Hat researcher releases new lexical analysis tool that doesn't rely on regular expressions
Mahdi Malware Makers Push Anti-American Update
News  |  7/26/2012  | 
Spy malware, seemingly built by Iranians, gets update that searches for "USA" and "gov" on targeted machines, security researcher says at Black Hat.
Android Takeover With The Swipe Of A Smartphone
News  |  7/25/2012  | 
Security researcher discovers near-field communication (NFC) is a greenfield of security risks
Researchers To Launch New Tools For Search Engine Hacking
Quick Hits  |  7/25/2012  | 
Free 'Diggity' data mining tools can identify and extract sensitive information from many popular cloud-based services
We've Got Regulatory Fatigue
Commentary  |  7/25/2012  | 
Many organizations are worn out by ever-changing laws and regulations
Microsoft Adds BlueHat Prize Finalist's Technology To Its Free Toolkit
News  |  7/25/2012  | 
New security defense method may or may not end up the grand-prize winner of the contest
Evader Tool Shows Holes In Network Perimeter Security
News  |  7/25/2012  | 
Unveiled at Black Hat security conference, free testing tool checks for attacks employing so-called advanced evasion techniques.
Impersonating Microsoft Exchange Servers To Manipulate Mobile Devices
News  |  7/25/2012  | 
Black Hat researcher demonstrates mobile man-in-the-middle proof-of-concept attack that allows for unauthorized remote wipes
Free Advanced Evasion Technique Tool Unleashed
News  |  7/25/2012  | 
'Evader' to demonstrate how attacks slip by popular network security devices
Black Hat Researcher Finds Holes In ARM, x86, Embedded Systems
News  |  7/24/2012  | 
Black Hat session aims to expose sometimes shocking vulnerabilities in widely used products
Black Hat Goes Back To The Future
News  |  7/24/2012  | 
Five speakers who spoke at the first Black Hat conference will appear together on a panel titled 'Smashing the Future for Fun and Profit' on Wednesday
Black Hat, BSides, Def Con: Defenders, Take Note
Commentary  |  7/24/2012  | 
Summer security conferences include defense-related topics on top of the usual offensive fare
Dark Reading, Black Hat Partner To Produce Daily Conference Newsletter
Quick Hits  |  7/24/2012  | 
Dark Reading newsletter subscribers, conference attendees will receive three days of Black Hat show coverage
DARPA-Funded Service Seeks Flaws In Smartphones
News  |  7/24/2012  | 
The brainchild of start-up Duo Security, the X-Ray service will let users know whether their smartphones have vulnerable systems software
Using Chip Malfunction To Leak Private Keys
News  |  7/23/2012  | 
Black Hat researcher shows attackers could manipulate Linux machines running Open SSL and RSA encryption to gain access to authentication encryption keys for spoofing
Two-Thirds Of IT Pros Don't Know Who Has Local Admin Rights
News  |  7/23/2012  | 
Admin rights can be used by malware to install malicious software on local computers through the administrator account
When Hackers Meet Girlfriends: Readers Judge Our Theory
Commentary  |  7/23/2012  | 
My modest proposal to deter law-breaking hackers by helping them get girlfriends sparked condemnation, support, and even marriage advice.
The Mobile Monitoring Mess
Commentary  |  7/23/2012  | 
Bringing your own device to work sounds peachy to employees, but security, regulatory, and privacy issues still need to be worked out on the monitoring side
Black Hat: The Phishing Scare That Wasn't
Quick Hits  |  7/23/2012  | 
Email glitch causes concern among security pros attending major industry event, but ends with humor
New Memory Method Lets Users Remember Long Passwords -- Subconsciously
Quick Hits  |  7/22/2012  | 
'Implicit learning' lets users store a 30-character password in their memories -- without remembering it
Tech Insight: Speeding Up Incident Response With Continuous Monitoring
News  |  7/20/2012  | 
Increase speed and effectiveness of incident response through continuous monitoring and enterprise IR tool integration
Apple Yanks Privacy Watcher From App Store
News  |  7/20/2012  | 
Clueful privacy app reported on free iOS apps' data-gathering practices, found 41% tracking users' location.
An IPS For SAP Apps
Quick Hits  |  7/19/2012  | 
Onapsis offers an intrusion prevention system for the enterprise resource planning application
Madi Malware: Advanced Persistent Threat Or Just A Threat?
News  |  7/19/2012  | 
Security researchers are calling Madi an example of an advanced persistent threat, but what makes an APT an APT?
Smart Grid Researcher Releases Open Source Meter-Hacking Tool
News  |  7/19/2012  | 
'Termineter' unleashed prior to presentations on smart meter security next week at BSides, Black Hat USA
Attacking SCADA And Relative Cost Of Entry
Commentary  |  7/19/2012  | 
SCADA technologies have been increasingly targeted by shadowy adversaries: Does that mean impending doom?
Hackers Claim Wall Street Resume Leak
News  |  7/19/2012  | 
Team GhostShell members said they've leaked usernames, passwords, and resumes from jobs board ITWallStreet.com.
Android Attackers Launch Fake App Market
News  |  7/19/2012  | 
Malicious apps include a fake version of Skype that surreptitiously sends text messages to premium-rate numbers, racking up charges to the user and revenue for the cybercriminals.
End Users Still Don't Know How To Handle Personal Data, Study Finds
Quick Hits  |  7/19/2012  | 
Nearly a third of users have been victims of cybercrime; one-fifth still use no protection while surfing
Page 1 / 3   >   >>


New Bluetooth Hack Affects Millions of Vehicles
Dark Reading Staff 11/16/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17948
PUBLISHED: 2018-11-20
An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3.
CVE-2018-1779
PUBLISHED: 2018-11-20
IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated attacker to cause a denial of service due to not setting limits on JSON payload size. IBM X-Force ID: 148802.
CVE-2018-19367
PUBLISHED: 2018-11-20
Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case.
CVE-2018-19335
PUBLISHED: 2018-11-20
Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug reports.
CVE-2018-19334
PUBLISHED: 2018-11-20
Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axis) can be used to obtain sensitive information about the content of bug reports.