News & Commentary

Content posted in July 2013
Page 1 / 3   >   >>
NSA Surveillance Can Penetrate VPNs
News  |  7/31/2013  | 
National Security Agency's XKeyscore system can collect just about everything that happens online, even things encrypted by VPNs, according to Edward Snowden.
NSA Director Faces Cybersecurity Community At Black Hat
News  |  7/31/2013  | 
Gen. Keith Alexander aims to set the record straight on controversial NSA spying programs, calling out how leaked surveillance programs helped derail specific terror plots
U.K. Online Dating Sites Catch Heat On Privacy
News  |  7/31/2013  | 
Government and BBC investigations raise alarms about the industry's personal data handling practices, social media identity theft.
Intelligence Agencies Banned Lenovo PCs After Chinese Acquisition
Quick Hits  |  7/31/2013  | 
U.S. feared use of PCs built by Lenovo posed security threat long before spying concerns over Huaweii and ZTE surfaced
New Free Service Cracks Weak Passwords
News  |  7/31/2013  | 
Cloud-based tool released for password auditing
U.K. Losing Battle Against Cyber Crime
News  |  7/30/2013  | 
New report by Home Affairs Committee warns that U.K. is insufficiently prepared to protect the country against cyber attacks and other online threats.
The Risky Business Of Managing Risk
Quick Hits  |  7/30/2013  | 
A retrospective of Dark Reading's recent coverage on how risk can be measured -- and minimized
Syrian Electronic Army Hacks White House Media Team
News  |  7/30/2013  | 
Hackers fail to take over White House website, and then got their Twitter accounts suspended for boasting about subsequent Thomson Reuters takeover.
How To Hack A Porsche Research Muffled
News  |  7/30/2013  | 
Court halts disclosure of research into exploitable vulnerabilities in late-'90s immobilizer technology still being used to secure cars made by Audi, Volkswagen and others.
DEF CON Kids To Get Badges That Hack
Commentary  |  7/29/2013  | 
Who says grown-ups should have all the fun with their DEF CON badges?
Microsoft Extends MAPP To Incident Responders And Offers Free Online URL, File Scanner
News  |  7/29/2013  | 
Microsoft Active Protections Program evolving to a protection, detection, and remediation program
Government Gets Closer To Launching CyberSecurity Framework
News  |  7/29/2013  | 
National Institute of Standards and Technology partners with industry on security standards that work across public and private sectors.
Intelligence Agencies Banned Lenovo PCs After Chinese Acquisition
News  |  7/29/2013  | 
U.S. feared use of PCs built by Lenovo posed security threat long before spying concerns over Huaweii and ZTE surfaced.
Cheap Monitoring Highlights Dangers Of Internet Of Things
News  |  7/27/2013  | 
Using a network of cheap sensors, the home-brewed CreepyDOL system can track people by signals sent from their mobile devices
Barnaby Jack And The Hacker Ethos
Commentary  |  7/26/2013  | 
Barnaby Jack's untimely death should give us pause to remember why folks hack things and ultimately why pushing the boundaries of technology benefits us all
In Appreciation: Barnaby Jack
News  |  7/26/2013  | 
Industry mourns passing of intrepid and charismatic security researcher
Better Bug Bounties Mean Safer Software, More Research Demand
News  |  7/26/2013  | 
Companies should expect safer software as more companies adopt bug bounty programs and studies prove their effectiveness
Somebody's Watching You: Hacking IP Video Cameras
Quick Hits  |  7/25/2013  | 
Major holes in network video recorders (NVRs) could result in a major physical security and privacy FAIL
Record-Setting Data Breach Highlights Corporate Security Risks
News  |  7/25/2013  | 
Case of five men indicted Thursday for allegedly stealing more than 160 million credit card numbers, in what Justice Department calls a record size scheme, shows how hard it is for business to deal with SQL injection attacks and similar approaches.
Feds Indict Five In Massive Credit-Card Data Breach Scheme
News  |  7/25/2013  | 
'Hacker 1' and 'Hacker 2' from the Heartland Payment Systems breach indictment were named today among the five defendants in latest breach charges that resulted in 160 million stolen credit card numbers and hundreds of millions of dollars in losses
SMB Insider Threat: Setting Behavior Boundaries
Commentary  |  7/25/2013  | 
Two major policies should be in place to guide and restrict user behavior
How Attackers Target And Exploit Critical Business Applications
Quick Hits  |  7/25/2013  | 
Applications such as ERP and CRM make businesses go, yet are often left unpatched and vulnerable
Firms Far From Taming The Tower Of APT Babel
News  |  7/25/2013  | 
Threat intelligence firms continue to have individual lexicons for advanced persistent threats, making information sharing more difficult
Security and Identity Management: Innovative Authentication Techniques
News  |  7/24/2013  | 
Today I want to take a closer look at identity. Most people will tell you things are pretty bad today, but things have improved quite a lot.
Campaign Launched To Kill Off The Password
News  |  7/24/2013  | 
The Petition Against Passwords calls for no more password login
Network Solutions Knocked Down Again
News  |  7/24/2013  | 
MySQL problems to blame for customers' website editing and permission change problems, says hosting provider, but users suspect more nefarious cause.
Past Performance And Future Results
Commentary  |  7/24/2013  | 
Folks forget that Cisco used to be very good at doing acquisitions, so is it premature to determine recent performance predisposes future results regarding Sourcefire?
Royal Baby Malware Attacks
News  |  7/24/2013  | 
Hackers capitalize on mania for royal baby and upcoming zombie game; fake versions of real Android apps created via Master Key vulnerability found in China.
Can The NSA Really Track Turned-Off Cellphones?
Commentary  |  7/24/2013  | 
It depends on semantics, security experts say. What's clear is that surveillance is becoming much more sophisticated.
How NSA Data Demands On Microsoft Shape Your Security
Commentary  |  7/24/2013  | 
Microsoft is legally prevented from saying too much about charges it collaborated with the NSA. Product security gets caught in this complex situation.
Moving Away From Rash Hashing Decisions
News  |  7/24/2013  | 
Black Hat talk will discuss shortcomings of the latest technical evolution of hashing passwords for safe storage in databases, propose a competition to design something better
Visualization Helps Attackers Spot Flaws In Software's Armor
News  |  7/24/2013  | 
Using data visualization techniques, researchers make memory and randomization flaws easier to recognize, spotting vulnerabilities in anti-exploitation technology such as ASLR and DEP
Does User Awareness Help? Vendors Begin To Take Sides
Commentary  |  7/23/2013  | 
Security vendors such as FireEye speak in favor of awareness training -- even without a dog in the fight
'Next Big' Banking Trojan Spotted In Cybercrime Underground
Quick Hits  |  7/23/2013  | 
RSA says 'KINS' features a bootkit
Google Cloud Storage Improves
News  |  7/23/2013  | 
Three new features make Google's cloud storage service more useful for developers and businesses.
Cisco Banks On Sourcefire And Snort For Its Security Future
News  |  7/23/2013  | 
Cisco's security save costs to the tune of $2.7 billion, and the Snort pig stays open source
Russian Trojan With Twist Targets Financial Details
News  |  7/23/2013  | 
Malware, designed to not infect Russian or Ukrainian PCs, is already for sale on cybercrime underground, says RSA.
Syrian Electronic Army Returns, Smacks Down Tango
News  |  7/23/2013  | 
Pro-Assad hacktivists steal Tango chat app's user details and deletes related article from Daily Dot media site despite its knowledge of imminent attack.
Cloud File Storage Fight: No Knockout Yet
Commentary  |  7/23/2013  | 
Cloud file sharing services like Dropbox and Amazon continue to proliferate, with no clear winner. Enterprise IT still seeks ease of use and deployment.
Choosing And Implementing An Enterprise Database Encryption Strategy
Quick Hits  |  7/23/2013  | 
As long as your database information has value, you need encryption. Here are some tips for making enterprise database encryption work
Getting Physical At Black Hat
News  |  7/23/2013  | 
Researchers offer up work on breaking into buildings by hacking alarm key pad sensors and key card access control systems
SIM Card Hack A Wakeup Call
News  |  7/22/2013  | 
Crack of mobile SIM card crypto and virtual machine features could let an attacker target and clone a phone
Network Solutions Recovers After DDoS Attack
News  |  7/22/2013  | 
Customers still report ongoing outages in wake of last week's attacks.
Security Researcher Takes Credit For Apple Developer Website Hack
News  |  7/22/2013  | 
Access to the developer site has been partially restored, but the iOS and Mac Dev Centers remain down
Apple Developer Forum Hack Explained
News  |  7/22/2013  | 
Turkish security researcher said his bug report wasn't malicious, disputes Apple's claim that attack compromised information on iOS and Mac OS X developers.
Integrating Vulnerability Management Into The Application Development Process
Quick Hits  |  7/22/2013  | 
App developers often fail to do proper vulnerability scanning. Here are some ways to plug those holes
Edmodo Upgrades Student, Teacher Security, After Criticism
News  |  7/19/2013  | 
Network engineer and parent who complained of Edmodo's inadequate use of SSL encryption says "they've made a few million kids a lot safer."
APIs Giveth And APIs Taketh Away
Commentary  |  7/19/2013  | 
Despite the incredible power afforded by APIs exposing cloud, mobile and Web services, there is a downside. There always is
Tech Insight: Protecting Against Risks Posed By Anonymization Tools
News  |  7/19/2013  | 
Snowden and NSA concerns are causing more users to seek anonymization and encryption tools that could cause security headaches for enterprises
3 Briefings That Highlight Infosec's High-Stakes Game
News  |  7/19/2013  | 
Spectacular exploits and worrying implications await
Page 1 / 3   >   >>


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Data Privacy Careers Are Helping to Close the IT Gender Gap
Dana Simberkoff, Chief Compliance and Risk Management Officer, AvePoint, Inc,  8/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15601
PUBLISHED: 2018-08-21
apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 performs a urldecode step too late in the "Cannot upload executable files" protection mechanism.
CVE-2018-15603
PUBLISHED: 2018-08-21
An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the Author field of the "Leave a Comment" screen.
CVE-2018-15598
PUBLISHED: 2018-08-21
Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable.
CVE-2018-15599
PUBLISHED: 2018-08-21
The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase.
CVE-2018-0501
PUBLISHED: 2018-08-21
The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail.