Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Toyota Accuses Former IT Contractor Of Data Breach
Third-party IT contractor breached Toyota's systems, compromised sensitive data, automaker says
Security Experts: Java Should Be Disabled Unless Necessary
Security researchers say Java's popularity as an attack vector means it should be disabled unless it is needed
FinFisher Mobile Spyware Tracking Political Activists
Developer of spyware that can take over iPhone and BlackBerry devices draws fire after researchers spot the spyware in use against activists in Bahrain.
Accused LulzSec Hackers Attended College Together
The two students accused of Sony Pictures hack participated in Cyber Defense Competition team exercises at the University of Advanced Technology in Arizona.
ABCs Of Factoring Risk Into Cloud Service Decisions
Taking an empirical, risk-based approach to deciding on third-party, shared-infrastructure services
Second Middle Eastern Utility Hit By Malware Attack
Qatar gas company hack similar pattern as that of Saudi Arabian oil company -- shades of Shamoon?
Air Force Seeks Offensive Cyber Weapons
Agency solicits proposals on capabilities ranging from attack to mapping networks.
Oracle Issues Patch That Kills Latest Java Attack
New Java 7 Update 7 release fixes the two vulnerabilities used in tandem in recent wave of attacks -- plus other flaws
Laptop Fingerprint Readers Vulnerable To Password Hacks
Security software included with UPEK fingerprint scanners stores Windows passwords in plaintext, making them retrievable by an attacker.
Java Zero-Day Malware Attack: 6 Facts
New details reveal Oracle knew about the Java exploit in April, but has yet to release a patch. Here's how to protect yourself against active attacks.
Hacktivists Continue To Own Systems Through SQL Injection
LulzSec indictment and GhostShell attacks bring the spotlight back onto black hats' favorite data theft technique
New 'Reliable' Java Attack Spreading Fast, Uses Two Zero-Day Bugs
Hundreds of domains serving up attack, tens of thousands of new victim machines since Java exploit was added to BlackHole toolkit
U.S. Intelligence Agencies Seek A Private Cloud OS
CIA's investment arm has partnered with Adaptive Computing to develop a cloud OS for agencies' use. OpenStack platform may be used.
Java Zero Day Attack: Second Bug Found
Were security researchers irresponsible to detail the zero-day vulnerabilities without first working with Oracle to craft a patch?
Keeping DNS Services Safe And Operational
Domain Name System technology is critical to your Internet communications. Here are some tips for keeping your DNS services -- and your data -- secure
GhostShell Haunts Websites With SQL Injection
Admin and user accounts from websites breached and posted online
Lessons In Campus Cybersecurity
What universities are doing -- and should be doing -- in response to increased cyberthreats, and how students can protect their suddenly very valuable IDs
The State Of Virtual Data Protection And Recovery
Hybrid physical/virtual storage environments present their own challenges to data protection and backup. Start with a solid plan.
ID Don't Mean A Thing Unless It's Got That Integration Thing
Architecture astronauts talk identity strategy, but pros talk identity integration logistics
Java Zero-Day Attack Could Hit Enterprises Hard
In-the-wild exploit targets unpatched Java 7 vulnerability affecting Windows, OS X, and Linux. Security experts advise disabling Java in browsers.
Cyberattacks Carried Out Against Forces In Afghanistan, U.S. General Says
Marine Corps Lt. General Richard Mills says electronic warfare played an important role in Afghanistan campaigns
30,000 Machines Infected In Targeted Attack On Saudi Aramco
Oil company's revelation matches counts by hackers claiming responsibility and Shamoon connection
Saudi Aramco Restores Network After Shamoon Malware Attack
Hacktivist-launched virus takes out 75% of state-owned oil company's workstations, signals the growing power of attackers with social or political agendas.
Dropbox Two-Factor Authentication Has Kinks, Users Say
Cloud storage provider upgrades security after attacker stole data from Dropbox employee's account. But users say the beta version needs tweaks.
Winning By Losing
Employers and customers will take everything you have to give, and then ask for more. You can bitch about it, or you can say no -- the choice is yours
Application Detects Social Network Spam, Malware
Using the social context of posts, researchers from UC Riverside create prototype Facebook app that detects social malware with 97 percent accuracy
Some 'Operation Ghost Click' IP Addresses Back From The Dead
In advance of court proceedings, RIPE reallocates some IP address blocks that had been used by crime gang in DNSChanger malware scheme
Safer Boots: Feds Urge Malware-Resistant BIOS
NIST advises PC and server makers strengthen the security of BIOS ROM chip flashware. Attacks against BIOS can be used to create persistent rootkits that survive reboots.
Create A Mac Zombie Army, Cheap: Hacker Emptor
NetWeird malware toolkit promises to convert Macs into zombies ready to do botnet bidding. But some security experts say this is a case of criminals trying to out-scam each other.
The Attacker's Trade-Off: Stealth Versus Resilience
Trade-offs are a fact of life for network defenders, but attackers have to abide them as well. Understanding attackers' problems can help companies better use them to their advantage
10 Tips For Protecting Mobile Users
Mobile employees, devices, and data need protecting. Here are 10 tips to make it happen.
Google 'Red Team' To Test Product Privacy
Taking privacy seriously translates into new hires for Google.
Gauss Researchers Collide
Kaspersky Lab's sinkhole for the malware mistaken by FireEye researchers as live Gauss activity
Windows Password Clues Easy To Crack
Metasploit penetration testing framework has been updated with an attack that retrieves all Windows 7 and 8 password clues.
The Case For A Cyber Arms Treaty
In the wake of Stuxnet, could an international 'cyber arms' agreement forestall U.S. cyber warfare with China and other countries?
DARPA Seeks 'Plan X' Cyber Warfare Tools
Defense Department looks for hardened operating systems and other new technologies for managing cyber warfare in real time on a large scale.
Top 5 Deadliest Mobile Malware Threats Of 2012
Security pros discuss the most prolific and complex mobile malware threats to appear so far in 2012
Shamoon, Saudi Aramco, And Targeted Destruction
Still no definitive connection between Shamoon and Saudi Aramco breach, but new clues emerge
LulzSec Leader Sabu, Still Working With Feds, Gets Temporary Sentencing Reprieve
Hector Xavier Monsegur, a.k.a. Sabu, gets six more months before he's sentenced for 12 counts of computing hacking conspiracies and other crimes
iPhone Security Unbreakable? Security Gurus Disagree
Hardened PIN entry and full-disk encryption make Apple smartphones extremely tough to crack, says forensic expert, prompting much debate.
Shamoon Malware Might Be Flame Copycat
August attack on Saudi energy company likely work of "anti-tyranny" hacktivist group Cutting Sword of Justice, probably a Flame copycat, say security experts.
5 Systems You're Forgetting To Patch
Workstation patching is vital, but these systems need frequent updates, too
Most Paid Apple iOS, Google Android Apps Have Been Hacked
New study finds that less than 5 percent of popular mobile apps use professional-grade defenses
Sexy Monitoring
We examine security monitoring in the context of "sexy defense"
Crisis Financial Malware Spreads Via Virtual Machines
Malicious code, disguised as a VeriSign-approved Adobe Flash installer, affects Macs, Windows PCs, and Windows Mobile devices.
Managed Services Growth About Security, Not Compliance
Small businesses seek better security; large enterprises look to reduce costs and free up internal security teams
Security Snags Loom Over Social Login
Even with standards, social authenticators are hardly secure enough for enterprises
SpiderOak Encrypted Cloud Storage: Dropbox Alternative
Enterprise online storage can be secure and private, CEO Ethan Oberman insists. Defense Dept. is an early customer.
Don't Trust That Text Message: Tool Simplifies iOS SMS-Spoofing
Known SMS flaw isn't in the phone itself, however
How To Protect Your Commercial Web Server
Public Internet servers are among criminals’ favorite targets. Is your security strategy up to the challenge?
|
How Enterprises are Attacking the Cybersecurity ProblemConcerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
0 Comments
