News & Commentary

Content posted in August 2013
Page 1 / 3   >   >>
Thwart DNS Hijackers: 5 Tips
Commentary  |  8/30/2013  | 
Domain name system attacks hit The New York Times and Twitter hard last month. Here are five ways to make your DNS records harder to hack and easier to recover if they're compromised.
Getting To The Root Of Application Security Problems
News  |  8/30/2013  | 
Lack of root cause analysis following vulnerability testing keeps app sec teams treating symptoms rather than the disease of insecure coding
U.S. Spy Agencies Spend $37 Billion On Data
News  |  8/30/2013  | 
16 U.S. intelligence agencies spend most of their money on data collection and analysis, according to documents obtained by the Washington Post.
Energy Dept. Hack Details Emerge
News  |  8/30/2013  | 
Exclusive: Unpatched ColdFusion server containing employee information was hacked; agency claims lack of budget to put proper fixes in place.
The Easiest Way To Deface A Website Is To Target The Domain Registrar
Commentary  |  8/30/2013  | 
Hacking the DNS and domain maintenance systems makes for a much easier, safer, and efficient way of defacing the busiest and highest-profile websites on the Internet
Custom Chrome Browser Promises More Privacy, No Tracking
News  |  8/30/2013  | 
Hidden Reflex launches Chromium-based browser tweaked to block advertisers' tracking networks while speeding up page-load times.
Malicious Chrome Extension Poses As Facebook Video
News  |  8/30/2013  | 
As malware attacks targeting browser extensions become more common, security researchers advise users to be more careful about installing extensions and to regularly review permissions.
Kelihos Botnet Taps Spam Blocklists To Hone Attacks
News  |  8/30/2013  | 
Malware taps legitimate anti-spam services from the likes of SpamHaus and Sophos before turning PC into control proxy or spam relay.
Java Malicious App Alert System Tricked
Quick Hits  |  8/30/2013  | 
Developer hacks Java security warnings to display fake app names; Oracle reportedly prepping a fix
IPv6 To Complicate Threat-Intelligence Landscape
News  |  8/30/2013  | 
Reputation-based blacklists could face exponential growth when the number of possible Internet addresses becomes, for all practical purposes, infinite
Interop New York 2013: Complete Coverage
News  |  8/29/2013  | 
Articles leading up to, live coverage from, and post-event analysis of Interop New York 2013
Windows 8 Picture Passwords Easily Cracked
News  |  8/29/2013  | 
Microsoft's picture gesture authentication system isn't that secure, security researchers say.
No Proof Of Malware In New York Times DNS Hijacking Attack
News  |  8/29/2013  | 
No evidence thus far to confirm that the Syrian Electronic Army embedded malware on redirected Web pages, but investigation continues
Talking Threats With Senior Management
Commentary  |  8/29/2013  | 
Every so often, you get lucky and a senior executives asks you about security. You have some choices as to how to answer the question. Choose wisely
Lessons Learned From N.Y. Times Hack Attack
News  |  8/29/2013  | 
How could the Times have recovered faster after the Syrian Electronic Army attacked its DNS registry? Here are six considerations to help protect your business from similar harm.
5 Factors Of Better SMB Security Software
Commentary  |  8/29/2013  | 
Security software does not always play well within the SMB space
Java Malicious App Alert System Tricked
News  |  8/29/2013  | 
Developer hacks Java security warnings to display fake app names; Oracle reportedly prepping a fix.
Secure Data, Not Devices
Commentary  |  8/29/2013  | 
As government goes mobile and makes greater use of cloud services, IT leaders must adopt a more data-centric, not device-centric, security approach.
Four Tips For Spotting The Kelihos Botnet Infection
Quick Hits  |  8/29/2013  | 
Kelihos keeps coming back -- but it's not tough to detect, Zscaler researcher says
Rumored iOS Fingerprint Sensor Would Boost Mobile Security
News  |  8/29/2013  | 
While not the first mobile phone maker to put a fingerprint sensor on a smartphone, Apple's adoption could make a higher level of security more convenient
Struggling With Attack Detection And Analysis
News  |  8/28/2013  | 
New survey shows organizations don't know when they've been attacked and can't easily determine scope of attacks
Syrian Electronic Army Strikes Again In 'Modern-Day Defacement'
News  |  8/28/2013  | 
Hacktivists scored potential access to treasure trove of targets via hack of major domain registrar's reseller, but didn't wreak the massive damage they could have
Eyeball Scans Stay Accurate Over Time, Says NIST
News  |  8/28/2013  | 
National Institute of Standards and Technology research says aging doesn't hurt reliability of iris images to identify individuals.
Iris Scans: Security Technology In Action
Slideshows  |  8/28/2013  | 
Iris-based security scans are the stuff of sci-fi movies, but NIST research shows how the technology can now be used in the real world to reliably identify individuals.
New Security Trend: Bring Your Own Attorney
Commentary  |  8/28/2013  | 
BYOA is not a security joke anymore. There is clearly a need for a cybersecurity community that is well-versed in legal and ethical principles.
Feds Charge Wall Street Traders With Code Theft
News  |  8/28/2013  | 
Three men accused of stealing Flow Traders' proprietary high-frequency trading information and algorithms.
NY Times Caught In Syrian Hacker Attack
News  |  8/28/2013  | 
Hacks amount to "warning shots," threatening more widespread cyberattacks should the U.S. and allies launch military campaign against Syria, warns security expert.
Facebook Reveals Government Requests For User Data
News  |  8/28/2013  | 
Facebook says the U.S. topped the list, making about half the total requests.
Confidential Submission To The Antivirus Cloud
Commentary  |  8/27/2013  | 
Would a government intelligence agency want your antivirus telemetry?
Ex-CSOs Team, Offer Free Security Help
News  |  8/27/2013  | 
Former enterprise CSOs from Anheuser-Busch, State Farm Insurance, Deutsche Bank, and other firms form a new team at Websense that assists and mentors other CSOs -- gratis
Don't Be The Tortoise
Commentary  |  8/27/2013  | 
Agility may not always win the race, but you sure shouldn't bet against it
4 Million Patients At Risk After Computer Theft From Chicago Medical Group
Quick Hits  |  8/27/2013  | 
Unencrypted Social Security numbers, names, addresses, health insurance information potentially exposed in major HIPAA violation
G20 Summit Becomes Bait For Cyberespionage Attacks
News  |  8/27/2013  | 
The upcoming G20 Summit in Russia is being used as a lure in a spate of APT-style attacks
Anonymous Hacker Claims FBI Directed LulzSec Hacks
News  |  8/27/2013  | 
Admitted hacker Jeremy Hammond alleges FBI used informer Sabu to persuade LulzSec and Anonymous to hack into foreign governments' networks.
Department Of Energy Cyberattack: 5 Takeaways
News  |  8/27/2013  | 
Exclusive: Outdated, unpatched system blamed for DOE breach, but agency said to be getting its cybersecurity house in order.
Chinese Internet Crippled By DDoS Attack
Quick Hits  |  8/27/2013  | 
Distributed denial-of-service attack Sunday was largest China has ever seen, authorities say
4 Steps For More Secure Small Business Websites
News  |  8/27/2013  | 
Cybercriminals increasingly are targeting the blogs and e-commerce sites of SMBs, but a handful of simple steps can make these sites harder to hack
Getting The Most Out Of A Security Red Team
News  |  8/27/2013  | 
Justify security expenses and improve defenses through the use of an internal red team
DDoS Botnet Now Can Detect Denial-Of-Service Defenses
News  |  8/26/2013  | 
New variant of the infamous DirtJumper Drive malware can see and bypass DDoS mitigation
Incentives And Organizational Alignment (Or Lack Thereof)
Commentary  |  8/26/2013  | 
The lack of incentives for security effectiveness remains a problem for security professionals. Until we define legitimate success criteria as the basis to align the organization around security, nothing will change
Hackers Target Java 6 With Security Exploits
News  |  8/26/2013  | 
Security experts spot code that attacks vulnerability in Java 6, urge users to upgrade to Java 7 immediately.
U.S. Surveillance Fallout Costing Third-Party Providers
News  |  8/23/2013  | 
E-mail encryption provider Lavabit shuts down, Silent Circle shutters its own service, and analysts are forecasting tens of billions of lost revenue for cloud and service providers
Nearly One-Fifth Of Enterprise Operating Systems Not Fully Patched
Quick Hits  |  8/23/2013  | 
Less than half of organizations run malicious code execution prevention tools, Rapid7 survey finds
NSA Paid Tech Companies Millions For Prism
News  |  8/23/2013  | 
Leaked documents show taxpayer cost of involving Google, Microsoft and other tech companies in Prism digital dragnet.
Hack My Google Glass: Security's Next Big Worry?
Commentary  |  8/23/2013  | 
Wearable computing devices must strike a difficult balance between security and convenience. A recent episode involving Google Glass and malicious QR codes raises questions.
3 Inconvenient Truths About Big Data In Security Analysis
News  |  8/23/2013  | 
HD Moore at UNITED Security Conference predicts: "We'll see a large breach from one of the analytics providers in the next 12 months"
Report: Teens Actually Do Care About Online Privacy
Quick Hits  |  8/22/2013  | 
Nearly 60 percent of girls disable location-tracking on their mobile devices, new report finds
NSA Responds To Criticism Over Surveillance Programs
News  |  8/22/2013  | 
NSA says it only touches about 1 percent of online communications in the U.S.
Russia May Block Tor
News  |  8/22/2013  | 
In effort to combat child porn, Russian security forces consider installing filters preventing access to Tor networks. But experts say blocking the anonymizing service could be difficult.
Trustwave And TNS Team to Help Businesses Protect Payment Card Data
News  |  8/22/2013  | 
Companies join forces to offer an open and vendor-agnostic point-to-point encryption service
Page 1 / 3   >   >>


More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark Reading,  5/24/2018
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11505
PUBLISHED: 2018-05-26
The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output.
CVE-2018-6409
PUBLISHED: 2018-05-26
An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.
CVE-2018-6410
PUBLISHED: 2018-05-26
An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter.
CVE-2018-6411
PUBLISHED: 2018-05-26
An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form_elements SQL Injection.
CVE-2018-11500
PUBLISHED: 2018-05-26
An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account.