Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in September 2013
Page 1 / 3   >   >>
Only Ho-Hum Security Holes Ahead For In-Memory DB
News  |  9/30/2013  | 
Oracle's new performance features shouldn't pose any unique risks, experts say
Pen Testing: Making Passion A Priority
Commentary  |  9/30/2013  | 
What sets real penetration testers apart is their motivation and willingness to lose themselves in something they love
Reaping The Security Rewards Of SDN
News  |  9/30/2013  | 
Software-defined network will be a major theme for Interop -- here's why some experts believe security pros should be paying attention
Symantec Sinkholes Chunk Of Massive Click-Fraud Botnet
News  |  9/30/2013  | 
More than 500,000 'ZeroAccess' bots nabbed by researchers just prior to its update to more resilient malware
Medical Device Security: A Work In Progress
News  |  9/30/2013  | 
Healthcare organizations vary widely in how prepared they are to handle breaches of medical devices, says Deloitte report.
Project Sonar Crowdsources A Better Bug Killer
News  |  9/30/2013  | 
Scans of the entire Internet for known vulnerabilities turn up terabytes of data, but the next steps won’t be easy.
Commerce In A World Without Trust
Commentary  |  9/29/2013  | 
The trust model underlying online commerce has been threatened by the constant attacks on information providers used to authenticate consumers. Is the Internet as secure as it needs to be anymore?
Tech Insight: Top 4 Problem Areas That Lead To Internal Data Breaches
News  |  9/27/2013  | 
Enterprise constantly fail in four areas, which, in turn, can easily cause intentional and unintentional data leaks
Conflicting Challenges Put Top Execs Between A Rock And A Hard Place
Quick Hits  |  9/27/2013  | 
Paradoxes in security goals, practices create conundrums for decision makers, (ISC)2 study finds
Insider Threats Get More Difficult To Detect
News  |  9/27/2013  | 
User diversity and growth in network activity including cloud services are among reasons it's getting harder to guard against insider data breaches, says Fortune 1000 survey.
Fixating On The Edges
Commentary  |  9/26/2013  | 
Security folks tend to concentrate on their inability to block improbable attacks, while forgetting to focus on the attacks they're most likely to see
Establishing The New Normal After A Breach
News  |  9/26/2013  | 
Breach response shouldn't just be about notifications and system clean-up -- organizations can use their mistakes as learning aids to change processes and policies for lasting security success
Threat-Intel Sharing Services Emerge, But Challenges Remain
News  |  9/26/2013  | 
A number of services to help companies analyze threats and share intelligence have popped up, but the services have to solve some key problems
Report: 8 Out of 10 Users Infected With A Trojan
Quick Hits  |  9/26/2013  | 
Trojans overshadow all other forms of malware in second quarter, new study from PandaLabs shows
NSA Chief: Don't Dump Essential Security Tools
News  |  9/26/2013  | 
Gen. Keith Alexander defends National Security Agency practices, argues for advances in cybersecurity cooperation.
Rise Of The 'Hit-And-Run' APT
News  |  9/26/2013  | 
A new model of cyberespionage is emerging that relies on cybermercenaries hired to break in, steal information, and then leave -- with specific targeted information
Flash Storage Has Special Security Needs
Commentary  |  9/26/2013  | 
Over-provisioning and bad-block marking can leave flash storage devices vulnerable to data theft. Here are workarounds.
Yahoo Email Change Doesn't Solve Security Problem
News  |  9/26/2013  | 
Yahoo's "Not My Email" button may cut down on misdirected email, but security experts say Yahoo's solution doesn't address the underlying security issues.
Protecting The Network From Bring-Your-Own Vulnerabilities
News  |  9/25/2013  | 
Companies that allow employees to use their own devices for work inherit their employees' vulnerabilities. How should companies secure networks in the age of BYOD?
Hacking The Threat Intelligence-Sharing Model
News  |  9/25/2013  | 
A new report shines light on what's holding back more widespread, efficient sharing of attack intelligence among organizations
You Are Not Over Budget -- You Underestimated
Commentary  |  9/25/2013  | 
When forces align to underfund IT projects, they guarantee an ugly finish
Social Spam Invades The Enterprise
News  |  9/25/2013  | 
Spammers increasingly dodge email spam tools by using social media, posing new risks to government and corporate enterprises, study says.
Gartner Survey Says Many Organizations Fear Their Privacy Activities Are Insufficient
News  |  9/25/2013  | 
Perceived level of maturity attached to organizations' privacy activities has decreased since 2011
FISMA Security Approach Falls Short, Fed IT Pros Say
News  |  9/25/2013  | 
Primary tool for defending government information systems is inadequate in the battle against cyber threats and attacks, federal IT security managers say.
Five Habits IT Security Professionals Need To Break
Quick Hits  |  9/25/2013  | 
To move forward, security pros need to break old thinking, (ISC)2 Congress panel says
Yahoo Responds To Recycled Email Security Problem
News  |  9/25/2013  | 
Yahoo will launch a "Not My Email" button to return old account-holders' email and help former users reclaim their accounts.
Post-NSA Revelations, Most Users Feel Less Safe
Quick Hits  |  9/24/2013  | 
Three-fourths of users say it's their own responsibility to protect their privacy, survey says
Apple Touch ID Fingerprint Reader Hack Heightens Biometrics Debate
News  |  9/24/2013  | 
Hackers say the attack demonstrates a fatal flaw of fingerprint biometrics: It's too easy to defeat
5 Steps To Stop A Snowden Scenario
News  |  9/24/2013  | 
The NSA leaks by a systems administrator have forced enterprises to rethink their risks of an insider leak and their privileged users' access
Connecting The Dots With Quality Analytics Data
News  |  9/24/2013  | 
Get creative about sourcing data, find ways to improve its quality, and then normalize it to mine its value
Why A Hardware Root Of Trust Matters For Mobile
News  |  9/24/2013  | 
Even with mobile device management, enterprises still lack control over devices
Spikes Launches AirGap Enterprise To Eliminate Malware Pandemic From Entering The Enterprise
News  |  9/24/2013  | 
Solution resides in the network DMZ rather than on end user devices
The Big Data Is The New Normal
Commentary  |  9/24/2013  | 
Big data, not relational, is the new platform of choice
Lack Of Security Expertise? App-Analysis Services Could Help
News  |  9/23/2013  | 
Companies now have a selection of software-scanning services to help assess their Web applications and find bugs -- here's a look at what makes a good service
Destructive Attacks On Oil And Gas Industry A Wake-Up Call
News  |  9/23/2013  | 
Cyberattacks could have real-world economic consequences in the oil and gas markets, even at the pump
Penetration Testing For Beginners
News  |  9/23/2013  | 
Interop workshop instructor discusses what it takes for networking pros to start wrapping their arms around security testing basics
Energy Dept. Invests $30 Million In Utility Security
News  |  9/23/2013  | 
Contracts will support new tools to protect electrical, gas and oil infrastructures from cyber attacks.
Yahoo Recycled Emails: Users Find Security Surprises
News  |  9/23/2013  | 
Some Yahoo users who took advantage of recycled IDs report they're getting emails intended for the old account holders -- including personal data.
Apple iPhone 5s Fooled By Fake Finger
News  |  9/23/2013  | 
Chaos Computer Club hackers bypass the fingerprint sensor in Apple's iPhone 5s, may qualify for Touch ID hack bounty.
Flaw In iOS 7 Lets Attackers Take Control Of Users' iPhones
Quick Hits  |  9/22/2013  | 
SIRI vulnerability enables attackers to act on user's behalf -- even when iPhone is locked
Dolloping Out Threat Intelligence
Commentary  |  9/21/2013  | 
When too much of a good thing causes confusion and setbacks
(ISC)2 Congress Addresses Security's People Problems
Commentary  |  9/20/2013  | 
Annual (ISC)2 conference puts technology aside to focus on the human side of security
3 Steps To Keep Down Security's False-Positive Workload
News  |  9/20/2013  | 
A high rate of false positives is a problem that affects many types of security systems, but a few proactive steps can help cut them down to size
Android Facebook App Users: Patch Now
News  |  9/20/2013  | 
Facebook has fixed a bug in its Android app that left photos vulnerable to interception.
Choosing, Managing, And Evaluating A Penetration Testing Service
Quick Hits  |  9/20/2013  | 
The right pen testing service can make your data more secure. The wrong one could introduce risk. Here's how to tell the difference
Q&A: Security In The Spotlight At Interop
News  |  9/19/2013  | 
John Pironti , chair of Interop's Risk Management and Security Track, talks risk management and what to expect at the upcoming conference
Microsoft Adopts Open Specs For Threat Intel-Sharing
Quick Hits  |  9/19/2013  | 
New Microsoft Active Protections Program (MAPP) for Responders program will use STIX, TAXI specifications for automating intelligence-sharing
Google's Plan To Kill Cookies
News  |  9/19/2013  | 
Google proposes anonymous identifier for advertising, or AdID, to replace cookies used by third-party marketers. Google would benefit -- but would consumers?
Phishers Expand Brands, Shift Gears
News  |  9/19/2013  | 
More brands than ever getting phished as cybercriminals branch out and rely less on mass phishing attacks
Shylock Malware Resurges, Targets Top U.S. Banks
News  |  9/19/2013  | 
Major U.S. financial firms are being targeted by tough-to-detect malware that can steal money while customers access their online accounts.
Page 1 / 3   >   >>


News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20538
PUBLISHED: 2021-05-10
IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive information or perform actions they should not have access to due to incorrect authorization mechanisms. IBM X-Force ID: 198919.
CVE-2021-20559
PUBLISHED: 2021-05-10
IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199228.
CVE-2021-20577
PUBLISHED: 2021-05-10
IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force I...
CVE-2021-29501
PUBLISHED: 2021-05-10
Ticketer is a command based ticket system cog (plugin) for the red discord bot. A vulnerability allowing discord users to expose sensitive information has been found in the Ticketer cog. Please upgrade to version 1.0.1 as soon as possible. As a workaround users may unload the ticketer cog to disable...
CVE-2020-13529
PUBLISHED: 2021-05-10
An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.