Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in July 2013
<<   <   Page 2 / 3   >   >>
Huawei Spies For China, Former NSA Director Says
News  |  7/19/2013  | 
Michael Hayden, a former NSA and CIA chief, accuses Chinese telecom equipment maker Huawei of engaging in espionage on behalf of the Chinese state.
Will IT GRC Become IRM?
News  |  7/18/2013  | 
Analysts report a shift toward Integrated Risk Management across the enterprise, but IT risk management experts argue on how it'll happen
'Hangover' Persists, More Mac Malware Found
News  |  7/18/2013  | 
Attackers behind the Operation Hangover cyberspying campaign out of India found dropping OS X malware, covering their tracks online
Java Dregs Create Unappetizing Enterprise Security Problem
News  |  7/18/2013  | 
Why is Java still such a security weakspot? Java updates don't nuke all older versions, leaving plenty of well-known vulnerabilities for online attackers to exploit.
Anonymous To FEMA: Shall We Play A Game?
News  |  7/18/2013  | 
Offended by FEMA's portrayal of fictional hacktivists as anti-American and easily defeated, Anonymous strikes back with data dump.
'Write Once, Pwn Anywhere': Less Than 1 Percent Of Enterprises Run Newest Version Of Java
Quick Hits  |  7/18/2013  | 
Most businesses have multiple, outdated versions of the app on their endpoints, new report finds
What Every End User Should Know About Online Security
Quick Hits  |  7/18/2013  | 
What your end users don't know about security could hurt your business. Here are some tips that may help
Researchers To Highlight Weaknesses In Secure Mobile Data Stores
News  |  7/18/2013  | 
At Black Hat USA, a team of mobile-security researchers plans to show off ways to circumvent the security of encrypted containers meant to protect data on mobile devices
Security Spending Still Doesn't Follow Attack And Breach Trends
News  |  7/17/2013  | 
Databases may be at risk of the most severe damages from attacks, but the network layer still gobbles up most of the security cash
Service, Denied
News  |  7/17/2013  | 
Black Hat USA 2013 has lined up three DDoS-related Briefings, covering the topic from multiple angles
Google Play Has Apps Abusing Master Key Vulnerability
News  |  7/17/2013  | 
Two apps currently available for download in Google Play abuse the critical master key vulnerability that affects almost all Android devices. Is Google reviewing apps for the flaw?
Tumblr iPhone Vulnerability: Change Passwords Now
News  |  7/17/2013  | 
Passwords are transmitted in plaintext by Tumblr's iPhone and iPad apps, leaving them vulnerable to being intercepted.
CSRF Still Armed And Dangerous
News  |  7/17/2013  | 
Cross-site request forgery may not get the same attention as SQLi or XSS, but it still poses considerable risk to Web apps
SMB Insider Threat: Don't Hire A Hacker
Commentary  |  7/17/2013  | 
Security advice to address the insider threat at a small to midsize business
South Korean Officials: North Korea Was Behind Recent Cyberattacks
Quick Hits  |  7/16/2013  | 
Malware, IP address, and attack methods all point to the North, they say
Hackers Hawk Stolen Health Insurance Information In Detailed Dossiers
News  |  7/16/2013  | 
Stolen identity "kitz" come complete with health insurance info, banking information, physical copies of credit cards, and more
'Tortilla' Spices Up Active Defense Ops
News  |  7/16/2013  | 
New free Tor tool, due out at Black Hat USA, aims to make the Tor anonymizing network easier to use for all types of intel-gathering
Anonymous Not Behind Attacks, South Korea Says
News  |  7/16/2013  | 
June's online attacks against South Korean government agencies and private businesses trace back to hackers operating from North Korea, not Anonymous, officials say.
Eye Scans Meet Federal ID Cards
News  |  7/16/2013  | 
National Institute for Standards and Technology ruling gives government agencies the option to use use iris scans instead of fingerprints to identify card holder.
Android Users Can Patch Critical Flaw
News  |  7/16/2013  | 
ReKey app can be used to patch vulnerability that affects 99% of all Android smartphones and tablets, but requires rooting devices first.
The Security Pro's Guide To Responsible Vulnerability Disclosure
Quick Hits  |  7/16/2013  | 
A look at the changing nature of vulnerability disclosure -- and how it may affect your enterprise defenses
SMBs Should 'Game' incident-response
News  |  7/15/2013  | 
Incident-response exercises are valuable at helping companies respond more quickly to security events, but they can also help educate businesses about the importance of being prepared
NSA Surveillance: IT Pro Survey Says What?
Commentary  |  7/15/2013  | 
To understand the relationship between security and privacy, we should pay more attention to IT professionals and spend less time asking loaded questions.
WordPress, Other CMS Platforms Give Attackers Room For Creativity
News  |  7/15/2013  | 
Hackers use vulns in content management systems to accomplish everything from privilege escalation on servers to using connections to run command and control
Chrome Users More Likely To Ignore Security Warnings
News  |  7/15/2013  | 
Security messages affect user behavior -- as long as they're well-designed, according to study of Chrome and Firefox users.
In-Q-Tel, HyTrust Fight Insider Threats
News  |  7/15/2013  | 
CIA's investment arm cuts deal with HyTrust, maker of virtual appliance that monitors virtualized and cloud-based environments to spot insider abuses.
Jay-Z App, Amazon Extension Slammed On Privacy
News  |  7/15/2013  | 
Android app offers free album for users' account, login info; meanwhile, Amazon 1Button extension for Chrome reports user activity to Amazon.
Hacking The Emergency Alerting System
Commentary  |  7/15/2013  | 
More EAS devices vulnerable now than when vendors were alerted in January
Data Security: Who's Stealing Your Stuff?
Commentary  |  7/15/2013  | 
According to Verizon's annual Data Breach Investigation Report, it's not the NSA or even a sys admin with superuser privileges like Edward Snowden that's the biggest threat.
Report: Phone Fraud Plagues Call Centers At Financial Institutions
Quick Hits  |  7/15/2013  | 
Social engineers increasingly tap unsuspecting customer service reps for information, Aite Group says
Budget-Friendly Android Apps For Security Monitoring
Commentary  |  7/15/2013  | 
Mobile network and performanance analysis doesn't have to be a costly. Find out how to turn a $100 Android device and some mobile apps into a security Swiss army knife.
NSA Data Collection Worrisome For Global Firms
News  |  7/13/2013  | 
Microsoft, Google, Facebook, and other tech firms have downplayed their participation in government spying programs, but U.S. and international companies should worry about access to their data in the cloud
Browser Plug-In Vulns The Endpoint's Weakest Link
News  |  7/12/2013  | 
Online infections, exploit kit damage wreaked due to poor browser plug-in hygiene
Microsoft Helped NSA Siphon Hotmail, Skype User Data
News  |  7/12/2013  | 
Microsoft says it takes your privacy seriously, but legal compliance with court-ordered NSA surveillance programs -- including Prism -- is mandatory.
Free 'Active Defense' Tools Emerge
News  |  7/11/2013  | 
Ammunition for fighting back against cyberattackers in subtle yet disruptive ways is becoming available in open source
How Attackers Thwart Malware Investigation
News  |  7/11/2013  | 
A researcher at Black Hat USA this month will dissect a recent attack, showing off attackers' techniques for making malware analysis harder and intelligence gathering more time consuming
DEF CON Founder Urges Feds To Take A 'Time Out' From The Hacker Conference
Quick Hits  |  7/11/2013  | 
The Dark Tangent's post stirs heated debate within the hacker, security community
Overcome The Microsoft Mindset: Patch Faster
Commentary  |  7/11/2013  | 
Why can't vendors patch every critical bug like it was the Pwn2Own competition?
The Five Most Common Security Pitfalls In Software Development
Quick Hits  |  7/11/2013  | 
How can software developers build more secure applications? Here are five pitfalls to avoid
Generic TLDs Threaten Name Collisions, Information Leakage
News  |  7/11/2013  | 
Security problems could ensue if common internal TLDs -- such as .corp and .exchange -- are allowed to be registered
Dropbox, WordPress Used As Cloud Cover In New APT Attacks
News  |  7/10/2013  | 
Cyberespionage group behind hacks of The New York Times and other media outlets discovered using popular services as camouflage
Hackers Tap Windows Bug Revealed By Google Researcher
News  |  7/10/2013  | 
Windows bug details disclosed by Google researcher Tavis Ormandy in May were quickly used by online attackers, Microsoft says.
Hack 99% Of Android Devices: Big Vulnerability
News  |  7/10/2013  | 
Critical vulnerability that affects almost all Android devices now in operation could allow attackers to use exploit code to easily infect devices with a Trojanized version of a legitimate app.
Commercial DDoS Services Proliferate, Are Responsible For Many Recent Attacks
Commentary  |  7/10/2013  | 
Customers can DDoS a website for as little as $10, Vigilant by Deloitte speaker will tell Black Hat audience
SSNs Exposed In Most Data Breaches In California
Quick Hits  |  7/10/2013  | 
State Attorney General calls for adoption of encryption in 'leading edge' data breach report
Preparing For Possible Future Crypto Attacks
News  |  7/10/2013  | 
Security experts warn that current advances in solving a complex problem could make a broad class of public-key crypto systems less secure
Cyberspies Posing As Hacktivists Waged Cyberattacks To Steal South Korean, U.S. Military Intel
News  |  7/9/2013  | 
Four-year cyberespionage campaign tied to wave of attacks on South Korea- -- all to steal military secrets
South Korean Bank Hackers Target U.S. Military Secrets
News  |  7/9/2013  | 
Wiper malware APT gang has been traced to four-year military espionage campaign.
12 Trends In Privacy And Security
News  |  7/9/2013  | 
Industry experts forecast top trends in data breach, privacy, and security
'Zombie Apocalypse' Broadcast Hoax Explained
News  |  7/9/2013  | 
Homeland Security details vulnerabilities in emergency alert equipment that have been exploited to create hoax broadcasts.
<<   <   Page 2 / 3   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-22879
PUBLISHED: 2021-04-14
Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation.
CVE-2021-27989
PUBLISHED: 2021-04-14
Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in multiple parameters within /medianet/sgcontentset.aspx.
CVE-2021-25316
PUBLISHED: 2021-04-14
A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows local attackers to prevent VM live migrations This issue affects: SUSE Linux Enterprise Server 12-SP5 s390-tools versions prior to 2.1.0-18.29.1. SUSE Linux Enterp...
CVE-2021-28797
PUBLISHED: 2021-04-14
A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (an...
CVE-2020-36323
PUBLISHED: 2021-04-14
In the standard library in Rust before 1.50.3, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.