News & Commentary

Content posted in August 2013
Page 1 / 3   >   >>
Thwart DNS Hijackers: 5 Tips
Commentary  |  8/30/2013  | 
Domain name system attacks hit The New York Times and Twitter hard last month. Here are five ways to make your DNS records harder to hack and easier to recover if they're compromised.
Getting To The Root Of Application Security Problems
News  |  8/30/2013  | 
Lack of root cause analysis following vulnerability testing keeps app sec teams treating symptoms rather than the disease of insecure coding
U.S. Spy Agencies Spend $37 Billion On Data
News  |  8/30/2013  | 
16 U.S. intelligence agencies spend most of their money on data collection and analysis, according to documents obtained by the Washington Post.
Energy Dept. Hack Details Emerge
News  |  8/30/2013  | 
Exclusive: Unpatched ColdFusion server containing employee information was hacked; agency claims lack of budget to put proper fixes in place.
The Easiest Way To Deface A Website Is To Target The Domain Registrar
Commentary  |  8/30/2013  | 
Hacking the DNS and domain maintenance systems makes for a much easier, safer, and efficient way of defacing the busiest and highest-profile websites on the Internet
Custom Chrome Browser Promises More Privacy, No Tracking
News  |  8/30/2013  | 
Hidden Reflex launches Chromium-based browser tweaked to block advertisers' tracking networks while speeding up page-load times.
Malicious Chrome Extension Poses As Facebook Video
News  |  8/30/2013  | 
As malware attacks targeting browser extensions become more common, security researchers advise users to be more careful about installing extensions and to regularly review permissions.
Kelihos Botnet Taps Spam Blocklists To Hone Attacks
News  |  8/30/2013  | 
Malware taps legitimate anti-spam services from the likes of SpamHaus and Sophos before turning PC into control proxy or spam relay.
Java Malicious App Alert System Tricked
Quick Hits  |  8/30/2013  | 
Developer hacks Java security warnings to display fake app names; Oracle reportedly prepping a fix
IPv6 To Complicate Threat-Intelligence Landscape
News  |  8/30/2013  | 
Reputation-based blacklists could face exponential growth when the number of possible Internet addresses becomes, for all practical purposes, infinite
Interop New York 2013: Complete Coverage
News  |  8/29/2013  | 
Articles leading up to, live coverage from, and post-event analysis of Interop New York 2013
Windows 8 Picture Passwords Easily Cracked
News  |  8/29/2013  | 
Microsoft's picture gesture authentication system isn't that secure, security researchers say.
No Proof Of Malware In New York Times DNS Hijacking Attack
News  |  8/29/2013  | 
No evidence thus far to confirm that the Syrian Electronic Army embedded malware on redirected Web pages, but investigation continues
Talking Threats With Senior Management
Commentary  |  8/29/2013  | 
Every so often, you get lucky and a senior executives asks you about security. You have some choices as to how to answer the question. Choose wisely
Lessons Learned From N.Y. Times Hack Attack
News  |  8/29/2013  | 
How could the Times have recovered faster after the Syrian Electronic Army attacked its DNS registry? Here are six considerations to help protect your business from similar harm.
5 Factors Of Better SMB Security Software
Commentary  |  8/29/2013  | 
Security software does not always play well within the SMB space
Java Malicious App Alert System Tricked
News  |  8/29/2013  | 
Developer hacks Java security warnings to display fake app names; Oracle reportedly prepping a fix.
Secure Data, Not Devices
Commentary  |  8/29/2013  | 
As government goes mobile and makes greater use of cloud services, IT leaders must adopt a more data-centric, not device-centric, security approach.
Four Tips For Spotting The Kelihos Botnet Infection
Quick Hits  |  8/29/2013  | 
Kelihos keeps coming back -- but it's not tough to detect, Zscaler researcher says
Rumored iOS Fingerprint Sensor Would Boost Mobile Security
News  |  8/29/2013  | 
While not the first mobile phone maker to put a fingerprint sensor on a smartphone, Apple's adoption could make a higher level of security more convenient
Struggling With Attack Detection And Analysis
News  |  8/28/2013  | 
New survey shows organizations don't know when they've been attacked and can't easily determine scope of attacks
Syrian Electronic Army Strikes Again In 'Modern-Day Defacement'
News  |  8/28/2013  | 
Hacktivists scored potential access to treasure trove of targets via hack of major domain registrar's reseller, but didn't wreak the massive damage they could have
Eyeball Scans Stay Accurate Over Time, Says NIST
News  |  8/28/2013  | 
National Institute of Standards and Technology research says aging doesn't hurt reliability of iris images to identify individuals.
Iris Scans: Security Technology In Action
Slideshows  |  8/28/2013  | 
Iris-based security scans are the stuff of sci-fi movies, but NIST research shows how the technology can now be used in the real world to reliably identify individuals.
New Security Trend: Bring Your Own Attorney
Commentary  |  8/28/2013  | 
BYOA is not a security joke anymore. There is clearly a need for a cybersecurity community that is well-versed in legal and ethical principles.
Feds Charge Wall Street Traders With Code Theft
News  |  8/28/2013  | 
Three men accused of stealing Flow Traders' proprietary high-frequency trading information and algorithms.
NY Times Caught In Syrian Hacker Attack
News  |  8/28/2013  | 
Hacks amount to "warning shots," threatening more widespread cyberattacks should the U.S. and allies launch military campaign against Syria, warns security expert.
Facebook Reveals Government Requests For User Data
News  |  8/28/2013  | 
Facebook says the U.S. topped the list, making about half the total requests.
Confidential Submission To The Antivirus Cloud
Commentary  |  8/27/2013  | 
Would a government intelligence agency want your antivirus telemetry?
Ex-CSOs Team, Offer Free Security Help
News  |  8/27/2013  | 
Former enterprise CSOs from Anheuser-Busch, State Farm Insurance, Deutsche Bank, and other firms form a new team at Websense that assists and mentors other CSOs -- gratis
Don't Be The Tortoise
Commentary  |  8/27/2013  | 
Agility may not always win the race, but you sure shouldn't bet against it
4 Million Patients At Risk After Computer Theft From Chicago Medical Group
Quick Hits  |  8/27/2013  | 
Unencrypted Social Security numbers, names, addresses, health insurance information potentially exposed in major HIPAA violation
G20 Summit Becomes Bait For Cyberespionage Attacks
News  |  8/27/2013  | 
The upcoming G20 Summit in Russia is being used as a lure in a spate of APT-style attacks
Anonymous Hacker Claims FBI Directed LulzSec Hacks
News  |  8/27/2013  | 
Admitted hacker Jeremy Hammond alleges FBI used informer Sabu to persuade LulzSec and Anonymous to hack into foreign governments' networks.
Department Of Energy Cyberattack: 5 Takeaways
News  |  8/27/2013  | 
Exclusive: Outdated, unpatched system blamed for DOE breach, but agency said to be getting its cybersecurity house in order.
Chinese Internet Crippled By DDoS Attack
Quick Hits  |  8/27/2013  | 
Distributed denial-of-service attack Sunday was largest China has ever seen, authorities say
4 Steps For More Secure Small Business Websites
News  |  8/27/2013  | 
Cybercriminals increasingly are targeting the blogs and e-commerce sites of SMBs, but a handful of simple steps can make these sites harder to hack
Getting The Most Out Of A Security Red Team
News  |  8/27/2013  | 
Justify security expenses and improve defenses through the use of an internal red team
DDoS Botnet Now Can Detect Denial-Of-Service Defenses
News  |  8/26/2013  | 
New variant of the infamous DirtJumper Drive malware can see and bypass DDoS mitigation
Incentives And Organizational Alignment (Or Lack Thereof)
Commentary  |  8/26/2013  | 
The lack of incentives for security effectiveness remains a problem for security professionals. Until we define legitimate success criteria as the basis to align the organization around security, nothing will change
Hackers Target Java 6 With Security Exploits
News  |  8/26/2013  | 
Security experts spot code that attacks vulnerability in Java 6, urge users to upgrade to Java 7 immediately.
U.S. Surveillance Fallout Costing Third-Party Providers
News  |  8/23/2013  | 
E-mail encryption provider Lavabit shuts down, Silent Circle shutters its own service, and analysts are forecasting tens of billions of lost revenue for cloud and service providers
Nearly One-Fifth Of Enterprise Operating Systems Not Fully Patched
Quick Hits  |  8/23/2013  | 
Less than half of organizations run malicious code execution prevention tools, Rapid7 survey finds
NSA Paid Tech Companies Millions For Prism
News  |  8/23/2013  | 
Leaked documents show taxpayer cost of involving Google, Microsoft and other tech companies in Prism digital dragnet.
Hack My Google Glass: Security's Next Big Worry?
Commentary  |  8/23/2013  | 
Wearable computing devices must strike a difficult balance between security and convenience. A recent episode involving Google Glass and malicious QR codes raises questions.
3 Inconvenient Truths About Big Data In Security Analysis
News  |  8/23/2013  | 
HD Moore at UNITED Security Conference predicts: "We'll see a large breach from one of the analytics providers in the next 12 months"
Report: Teens Actually Do Care About Online Privacy
Quick Hits  |  8/22/2013  | 
Nearly 60 percent of girls disable location-tracking on their mobile devices, new report finds
NSA Responds To Criticism Over Surveillance Programs
News  |  8/22/2013  | 
NSA says it only touches about 1 percent of online communications in the U.S.
Russia May Block Tor
News  |  8/22/2013  | 
In effort to combat child porn, Russian security forces consider installing filters preventing access to Tor networks. But experts say blocking the anonymizing service could be difficult.
Trustwave And TNS Team to Help Businesses Protect Payment Card Data
News  |  8/22/2013  | 
Companies join forces to offer an open and vendor-agnostic point-to-point encryption service
Page 1 / 3   >   >>


Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
7 Free (or Cheap) Ways to Increase Your Cybersecurity Knowledge
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19349
PUBLISHED: 2018-11-17
In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php.
CVE-2018-19350
PUBLISHED: 2018-11-17
In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element.
CVE-2018-19341
PUBLISHED: 2018-11-17
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at FoxitReader...
CVE-2018-19342
PUBLISHED: 2018-11-17
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation starting at U3DBrowser+0x00000000...
CVE-2018-19343
PUBLISHED: 2018-11-17
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read), obtain sensitive information, or possibly have unspecified other impact via a U3D sample because of a "Data from Faul...