Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in July 2013
Page 1 / 3   >   >>
NSA Surveillance Can Penetrate VPNs
News  |  7/31/2013  | 
National Security Agency's XKeyscore system can collect just about everything that happens online, even things encrypted by VPNs, according to Edward Snowden.
NSA Director Faces Cybersecurity Community At Black Hat
News  |  7/31/2013  | 
Gen. Keith Alexander aims to set the record straight on controversial NSA spying programs, calling out how leaked surveillance programs helped derail specific terror plots
U.K. Online Dating Sites Catch Heat On Privacy
News  |  7/31/2013  | 
Government and BBC investigations raise alarms about the industry's personal data handling practices, social media identity theft.
Intelligence Agencies Banned Lenovo PCs After Chinese Acquisition
Quick Hits  |  7/31/2013  | 
U.S. feared use of PCs built by Lenovo posed security threat long before spying concerns over Huaweii and ZTE surfaced
New Free Service Cracks Weak Passwords
News  |  7/31/2013  | 
Cloud-based tool released for password auditing
U.K. Losing Battle Against Cyber Crime
News  |  7/30/2013  | 
New report by Home Affairs Committee warns that U.K. is insufficiently prepared to protect the country against cyber attacks and other online threats.
The Risky Business Of Managing Risk
Quick Hits  |  7/30/2013  | 
A retrospective of Dark Reading's recent coverage on how risk can be measured -- and minimized
Syrian Electronic Army Hacks White House Media Team
News  |  7/30/2013  | 
Hackers fail to take over White House website, and then got their Twitter accounts suspended for boasting about subsequent Thomson Reuters takeover.
How To Hack A Porsche Research Muffled
News  |  7/30/2013  | 
Court halts disclosure of research into exploitable vulnerabilities in late-'90s immobilizer technology still being used to secure cars made by Audi, Volkswagen and others.
DEF CON Kids To Get Badges That Hack
Commentary  |  7/29/2013  | 
Who says grown-ups should have all the fun with their DEF CON badges?
Microsoft Extends MAPP To Incident Responders And Offers Free Online URL, File Scanner
News  |  7/29/2013  | 
Microsoft Active Protections Program evolving to a protection, detection, and remediation program
Government Gets Closer To Launching CyberSecurity Framework
News  |  7/29/2013  | 
National Institute of Standards and Technology partners with industry on security standards that work across public and private sectors.
Intelligence Agencies Banned Lenovo PCs After Chinese Acquisition
News  |  7/29/2013  | 
U.S. feared use of PCs built by Lenovo posed security threat long before spying concerns over Huaweii and ZTE surfaced.
Cheap Monitoring Highlights Dangers Of Internet Of Things
News  |  7/27/2013  | 
Using a network of cheap sensors, the home-brewed CreepyDOL system can track people by signals sent from their mobile devices
Barnaby Jack And The Hacker Ethos
Commentary  |  7/26/2013  | 
Barnaby Jack's untimely death should give us pause to remember why folks hack things and ultimately why pushing the boundaries of technology benefits us all
In Appreciation: Barnaby Jack
News  |  7/26/2013  | 
Industry mourns passing of intrepid and charismatic security researcher
Better Bug Bounties Mean Safer Software, More Research Demand
News  |  7/26/2013  | 
Companies should expect safer software as more companies adopt bug bounty programs and studies prove their effectiveness
Somebody's Watching You: Hacking IP Video Cameras
Quick Hits  |  7/25/2013  | 
Major holes in network video recorders (NVRs) could result in a major physical security and privacy FAIL
Record-Setting Data Breach Highlights Corporate Security Risks
News  |  7/25/2013  | 
Case of five men indicted Thursday for allegedly stealing more than 160 million credit card numbers, in what Justice Department calls a record size scheme, shows how hard it is for business to deal with SQL injection attacks and similar approaches.
Feds Indict Five In Massive Credit-Card Data Breach Scheme
News  |  7/25/2013  | 
'Hacker 1' and 'Hacker 2' from the Heartland Payment Systems breach indictment were named today among the five defendants in latest breach charges that resulted in 160 million stolen credit card numbers and hundreds of millions of dollars in losses
SMB Insider Threat: Setting Behavior Boundaries
Commentary  |  7/25/2013  | 
Two major policies should be in place to guide and restrict user behavior
How Attackers Target And Exploit Critical Business Applications
Quick Hits  |  7/25/2013  | 
Applications such as ERP and CRM make businesses go, yet are often left unpatched and vulnerable
Firms Far From Taming The Tower Of APT Babel
News  |  7/25/2013  | 
Threat intelligence firms continue to have individual lexicons for advanced persistent threats, making information sharing more difficult
Security and Identity Management: Innovative Authentication Techniques
News  |  7/24/2013  | 
Today I want to take a closer look at identity. Most people will tell you things are pretty bad today, but things have improved quite a lot.
Campaign Launched To Kill Off The Password
News  |  7/24/2013  | 
The Petition Against Passwords calls for no more password login
Network Solutions Knocked Down Again
News  |  7/24/2013  | 
MySQL problems to blame for customers' website editing and permission change problems, says hosting provider, but users suspect more nefarious cause.
Past Performance And Future Results
Commentary  |  7/24/2013  | 
Folks forget that Cisco used to be very good at doing acquisitions, so is it premature to determine recent performance predisposes future results regarding Sourcefire?
Royal Baby Malware Attacks
News  |  7/24/2013  | 
Hackers capitalize on mania for royal baby and upcoming zombie game; fake versions of real Android apps created via Master Key vulnerability found in China.
Can The NSA Really Track Turned-Off Cellphones?
Commentary  |  7/24/2013  | 
It depends on semantics, security experts say. What's clear is that surveillance is becoming much more sophisticated.
How NSA Data Demands On Microsoft Shape Your Security
Commentary  |  7/24/2013  | 
Microsoft is legally prevented from saying too much about charges it collaborated with the NSA. Product security gets caught in this complex situation.
Moving Away From Rash Hashing Decisions
News  |  7/24/2013  | 
Black Hat talk will discuss shortcomings of the latest technical evolution of hashing passwords for safe storage in databases, propose a competition to design something better
Visualization Helps Attackers Spot Flaws In Software's Armor
News  |  7/24/2013  | 
Using data visualization techniques, researchers make memory and randomization flaws easier to recognize, spotting vulnerabilities in anti-exploitation technology such as ASLR and DEP
Does User Awareness Help? Vendors Begin To Take Sides
Commentary  |  7/23/2013  | 
Security vendors such as FireEye speak in favor of awareness training -- even without a dog in the fight
'Next Big' Banking Trojan Spotted In Cybercrime Underground
Quick Hits  |  7/23/2013  | 
RSA says 'KINS' features a bootkit
Google Cloud Storage Improves
News  |  7/23/2013  | 
Three new features make Google's cloud storage service more useful for developers and businesses.
Cisco Banks On Sourcefire And Snort For Its Security Future
News  |  7/23/2013  | 
Cisco's security save costs to the tune of $2.7 billion, and the Snort pig stays open source
Russian Trojan With Twist Targets Financial Details
News  |  7/23/2013  | 
Malware, designed to not infect Russian or Ukrainian PCs, is already for sale on cybercrime underground, says RSA.
Syrian Electronic Army Returns, Smacks Down Tango
News  |  7/23/2013  | 
Pro-Assad hacktivists steal Tango chat app's user details and deletes related article from Daily Dot media site despite its knowledge of imminent attack.
Cloud File Storage Fight: No Knockout Yet
Commentary  |  7/23/2013  | 
Cloud file sharing services like Dropbox and Amazon continue to proliferate, with no clear winner. Enterprise IT still seeks ease of use and deployment.
Choosing And Implementing An Enterprise Database Encryption Strategy
Quick Hits  |  7/23/2013  | 
As long as your database information has value, you need encryption. Here are some tips for making enterprise database encryption work
Getting Physical At Black Hat
News  |  7/23/2013  | 
Researchers offer up work on breaking into buildings by hacking alarm key pad sensors and key card access control systems
SIM Card Hack A Wakeup Call
News  |  7/22/2013  | 
Crack of mobile SIM card crypto and virtual machine features could let an attacker target and clone a phone
Network Solutions Recovers After DDoS Attack
News  |  7/22/2013  | 
Customers still report ongoing outages in wake of last week's attacks.
Security Researcher Takes Credit For Apple Developer Website Hack
News  |  7/22/2013  | 
Access to the developer site has been partially restored, but the iOS and Mac Dev Centers remain down
Apple Developer Forum Hack Explained
News  |  7/22/2013  | 
Turkish security researcher said his bug report wasn't malicious, disputes Apple's claim that attack compromised information on iOS and Mac OS X developers.
Integrating Vulnerability Management Into The Application Development Process
Quick Hits  |  7/22/2013  | 
App developers often fail to do proper vulnerability scanning. Here are some ways to plug those holes
Edmodo Upgrades Student, Teacher Security, After Criticism
News  |  7/19/2013  | 
Network engineer and parent who complained of Edmodo's inadequate use of SSL encryption says "they've made a few million kids a lot safer."
APIs Giveth And APIs Taketh Away
Commentary  |  7/19/2013  | 
Despite the incredible power afforded by APIs exposing cloud, mobile and Web services, there is a downside. There always is
Tech Insight: Protecting Against Risks Posed By Anonymization Tools
News  |  7/19/2013  | 
Snowden and NSA concerns are causing more users to seek anonymization and encryption tools that could cause security headaches for enterprises
3 Briefings That Highlight Infosec's High-Stakes Game
News  |  7/19/2013  | 
Spectacular exploits and worrying implications await
Page 1 / 3   >   >>

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-10-22
Rasa X before 0.42.4 allows Directory Traversal during archive extraction. In the functionality that allows a user to load a trained model archive, an attacker has arbitrary write capability within specific directories via a crafted archive file.
PUBLISHED: 2021-10-22
SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled PHP file under the web root, because only the all-lowercase PHP file extensions were blo...
PUBLISHED: 2021-10-22
IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X...
PUBLISHED: 2021-10-22
eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows attackers to bypass a brute-force protection mechanism by using many different forged PHPSESSID values in HTTP Cookie header. This issue has been addressed by implementing bru...
PUBLISHED: 2021-10-22
GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack.