Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in July 2013
Page 1 / 3   >   >>
NSA Surveillance Can Penetrate VPNs
News  |  7/31/2013  | 
National Security Agency's XKeyscore system can collect just about everything that happens online, even things encrypted by VPNs, according to Edward Snowden.
NSA Director Faces Cybersecurity Community At Black Hat
News  |  7/31/2013  | 
Gen. Keith Alexander aims to set the record straight on controversial NSA spying programs, calling out how leaked surveillance programs helped derail specific terror plots
U.K. Online Dating Sites Catch Heat On Privacy
News  |  7/31/2013  | 
Government and BBC investigations raise alarms about the industry's personal data handling practices, social media identity theft.
Intelligence Agencies Banned Lenovo PCs After Chinese Acquisition
Quick Hits  |  7/31/2013  | 
U.S. feared use of PCs built by Lenovo posed security threat long before spying concerns over Huaweii and ZTE surfaced
New Free Service Cracks Weak Passwords
News  |  7/31/2013  | 
Cloud-based tool released for password auditing
U.K. Losing Battle Against Cyber Crime
News  |  7/30/2013  | 
New report by Home Affairs Committee warns that U.K. is insufficiently prepared to protect the country against cyber attacks and other online threats.
The Risky Business Of Managing Risk
Quick Hits  |  7/30/2013  | 
A retrospective of Dark Reading's recent coverage on how risk can be measured -- and minimized
Syrian Electronic Army Hacks White House Media Team
News  |  7/30/2013  | 
Hackers fail to take over White House website, and then got their Twitter accounts suspended for boasting about subsequent Thomson Reuters takeover.
How To Hack A Porsche Research Muffled
News  |  7/30/2013  | 
Court halts disclosure of research into exploitable vulnerabilities in late-'90s immobilizer technology still being used to secure cars made by Audi, Volkswagen and others.
DEF CON Kids To Get Badges That Hack
Commentary  |  7/29/2013  | 
Who says grown-ups should have all the fun with their DEF CON badges?
Microsoft Extends MAPP To Incident Responders And Offers Free Online URL, File Scanner
News  |  7/29/2013  | 
Microsoft Active Protections Program evolving to a protection, detection, and remediation program
Government Gets Closer To Launching CyberSecurity Framework
News  |  7/29/2013  | 
National Institute of Standards and Technology partners with industry on security standards that work across public and private sectors.
Intelligence Agencies Banned Lenovo PCs After Chinese Acquisition
News  |  7/29/2013  | 
U.S. feared use of PCs built by Lenovo posed security threat long before spying concerns over Huaweii and ZTE surfaced.
Cheap Monitoring Highlights Dangers Of Internet Of Things
News  |  7/27/2013  | 
Using a network of cheap sensors, the home-brewed CreepyDOL system can track people by signals sent from their mobile devices
Barnaby Jack And The Hacker Ethos
Commentary  |  7/26/2013  | 
Barnaby Jack's untimely death should give us pause to remember why folks hack things and ultimately why pushing the boundaries of technology benefits us all
In Appreciation: Barnaby Jack
News  |  7/26/2013  | 
Industry mourns passing of intrepid and charismatic security researcher
Better Bug Bounties Mean Safer Software, More Research Demand
News  |  7/26/2013  | 
Companies should expect safer software as more companies adopt bug bounty programs and studies prove their effectiveness
Somebody's Watching You: Hacking IP Video Cameras
Quick Hits  |  7/25/2013  | 
Major holes in network video recorders (NVRs) could result in a major physical security and privacy FAIL
Record-Setting Data Breach Highlights Corporate Security Risks
News  |  7/25/2013  | 
Case of five men indicted Thursday for allegedly stealing more than 160 million credit card numbers, in what Justice Department calls a record size scheme, shows how hard it is for business to deal with SQL injection attacks and similar approaches.
Feds Indict Five In Massive Credit-Card Data Breach Scheme
News  |  7/25/2013  | 
'Hacker 1' and 'Hacker 2' from the Heartland Payment Systems breach indictment were named today among the five defendants in latest breach charges that resulted in 160 million stolen credit card numbers and hundreds of millions of dollars in losses
SMB Insider Threat: Setting Behavior Boundaries
Commentary  |  7/25/2013  | 
Two major policies should be in place to guide and restrict user behavior
How Attackers Target And Exploit Critical Business Applications
Quick Hits  |  7/25/2013  | 
Applications such as ERP and CRM make businesses go, yet are often left unpatched and vulnerable
Firms Far From Taming The Tower Of APT Babel
News  |  7/25/2013  | 
Threat intelligence firms continue to have individual lexicons for advanced persistent threats, making information sharing more difficult
Security and Identity Management: Innovative Authentication Techniques
News  |  7/24/2013  | 
Today I want to take a closer look at identity. Most people will tell you things are pretty bad today, but things have improved quite a lot.
Campaign Launched To Kill Off The Password
News  |  7/24/2013  | 
The Petition Against Passwords calls for no more password login
Network Solutions Knocked Down Again
News  |  7/24/2013  | 
MySQL problems to blame for customers' website editing and permission change problems, says hosting provider, but users suspect more nefarious cause.
Past Performance And Future Results
Commentary  |  7/24/2013  | 
Folks forget that Cisco used to be very good at doing acquisitions, so is it premature to determine recent performance predisposes future results regarding Sourcefire?
Royal Baby Malware Attacks
News  |  7/24/2013  | 
Hackers capitalize on mania for royal baby and upcoming zombie game; fake versions of real Android apps created via Master Key vulnerability found in China.
Can The NSA Really Track Turned-Off Cellphones?
Commentary  |  7/24/2013  | 
It depends on semantics, security experts say. What's clear is that surveillance is becoming much more sophisticated.
How NSA Data Demands On Microsoft Shape Your Security
Commentary  |  7/24/2013  | 
Microsoft is legally prevented from saying too much about charges it collaborated with the NSA. Product security gets caught in this complex situation.
Moving Away From Rash Hashing Decisions
News  |  7/24/2013  | 
Black Hat talk will discuss shortcomings of the latest technical evolution of hashing passwords for safe storage in databases, propose a competition to design something better
Visualization Helps Attackers Spot Flaws In Software's Armor
News  |  7/24/2013  | 
Using data visualization techniques, researchers make memory and randomization flaws easier to recognize, spotting vulnerabilities in anti-exploitation technology such as ASLR and DEP
Does User Awareness Help? Vendors Begin To Take Sides
Commentary  |  7/23/2013  | 
Security vendors such as FireEye speak in favor of awareness training -- even without a dog in the fight
'Next Big' Banking Trojan Spotted In Cybercrime Underground
Quick Hits  |  7/23/2013  | 
RSA says 'KINS' features a bootkit
Google Cloud Storage Improves
News  |  7/23/2013  | 
Three new features make Google's cloud storage service more useful for developers and businesses.
Cisco Banks On Sourcefire And Snort For Its Security Future
News  |  7/23/2013  | 
Cisco's security save costs to the tune of $2.7 billion, and the Snort pig stays open source
Russian Trojan With Twist Targets Financial Details
News  |  7/23/2013  | 
Malware, designed to not infect Russian or Ukrainian PCs, is already for sale on cybercrime underground, says RSA.
Syrian Electronic Army Returns, Smacks Down Tango
News  |  7/23/2013  | 
Pro-Assad hacktivists steal Tango chat app's user details and deletes related article from Daily Dot media site despite its knowledge of imminent attack.
Cloud File Storage Fight: No Knockout Yet
Commentary  |  7/23/2013  | 
Cloud file sharing services like Dropbox and Amazon continue to proliferate, with no clear winner. Enterprise IT still seeks ease of use and deployment.
Choosing And Implementing An Enterprise Database Encryption Strategy
Quick Hits  |  7/23/2013  | 
As long as your database information has value, you need encryption. Here are some tips for making enterprise database encryption work
Getting Physical At Black Hat
News  |  7/23/2013  | 
Researchers offer up work on breaking into buildings by hacking alarm key pad sensors and key card access control systems
SIM Card Hack A Wakeup Call
News  |  7/22/2013  | 
Crack of mobile SIM card crypto and virtual machine features could let an attacker target and clone a phone
Network Solutions Recovers After DDoS Attack
News  |  7/22/2013  | 
Customers still report ongoing outages in wake of last week's attacks.
Security Researcher Takes Credit For Apple Developer Website Hack
News  |  7/22/2013  | 
Access to the developer site has been partially restored, but the iOS and Mac Dev Centers remain down
Apple Developer Forum Hack Explained
News  |  7/22/2013  | 
Turkish security researcher said his bug report wasn't malicious, disputes Apple's claim that attack compromised information on iOS and Mac OS X developers.
Integrating Vulnerability Management Into The Application Development Process
Quick Hits  |  7/22/2013  | 
App developers often fail to do proper vulnerability scanning. Here are some ways to plug those holes
Edmodo Upgrades Student, Teacher Security, After Criticism
News  |  7/19/2013  | 
Network engineer and parent who complained of Edmodo's inadequate use of SSL encryption says "they've made a few million kids a lot safer."
APIs Giveth And APIs Taketh Away
Commentary  |  7/19/2013  | 
Despite the incredible power afforded by APIs exposing cloud, mobile and Web services, there is a downside. There always is
Tech Insight: Protecting Against Risks Posed By Anonymization Tools
News  |  7/19/2013  | 
Snowden and NSA concerns are causing more users to seek anonymization and encryption tools that could cause security headaches for enterprises
3 Briefings That Highlight Infosec's High-Stakes Game
News  |  7/19/2013  | 
Spectacular exploits and worrying implications await
Page 1 / 3   >   >>

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Incorporating a Prevention Mindset into Threat Detection and Response
Threat detection and response systems, by definition, are reactive because they have to wait for damage to be done before finding the attack. With a prevention-mindset, security teams can proactively anticipate the attacker's next move, rather than reacting to specific threats or trying to detect the latest techniques in real-time. The report covers areas enterprises should focus on: What positive response looks like. Improving security hygiene. Combining preventive actions with red team efforts.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-05-24
Opencast is a free and open source solution for automated video capture and distribution at scale. Prior to Opencast 10.14 and 11.7, users could pass along URLs for files belonging to organizations other than the user's own, which Opencast would then import into the current organization, bypassing o...
PUBLISHED: 2022-05-24
GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite `TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC` is agreed and the server uses 512 bit GOST secret keys are vulnerable to buffer overflow. GOST engine version 3.0...
PUBLISHED: 2022-05-24
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. Prior to version 6.1.11, he USBX DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. In particular cases this may allow an attacker to bypass security features or...
PUBLISHED: 2022-05-24
The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure of ...
PUBLISHED: 2022-05-24
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.