Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in September 2013
Page 1 / 3   >   >>
Only Ho-Hum Security Holes Ahead For In-Memory DB
News  |  9/30/2013  | 
Oracle's new performance features shouldn't pose any unique risks, experts say
Pen Testing: Making Passion A Priority
Commentary  |  9/30/2013  | 
What sets real penetration testers apart is their motivation and willingness to lose themselves in something they love
Reaping The Security Rewards Of SDN
News  |  9/30/2013  | 
Software-defined network will be a major theme for Interop -- here's why some experts believe security pros should be paying attention
Symantec Sinkholes Chunk Of Massive Click-Fraud Botnet
News  |  9/30/2013  | 
More than 500,000 'ZeroAccess' bots nabbed by researchers just prior to its update to more resilient malware
Medical Device Security: A Work In Progress
News  |  9/30/2013  | 
Healthcare organizations vary widely in how prepared they are to handle breaches of medical devices, says Deloitte report.
Project Sonar Crowdsources A Better Bug Killer
News  |  9/30/2013  | 
Scans of the entire Internet for known vulnerabilities turn up terabytes of data, but the next steps won’t be easy.
Commerce In A World Without Trust
Commentary  |  9/29/2013  | 
The trust model underlying online commerce has been threatened by the constant attacks on information providers used to authenticate consumers. Is the Internet as secure as it needs to be anymore?
Tech Insight: Top 4 Problem Areas That Lead To Internal Data Breaches
News  |  9/27/2013  | 
Enterprise constantly fail in four areas, which, in turn, can easily cause intentional and unintentional data leaks
Conflicting Challenges Put Top Execs Between A Rock And A Hard Place
Quick Hits  |  9/27/2013  | 
Paradoxes in security goals, practices create conundrums for decision makers, (ISC)2 study finds
Insider Threats Get More Difficult To Detect
News  |  9/27/2013  | 
User diversity and growth in network activity including cloud services are among reasons it's getting harder to guard against insider data breaches, says Fortune 1000 survey.
Fixating On The Edges
Commentary  |  9/26/2013  | 
Security folks tend to concentrate on their inability to block improbable attacks, while forgetting to focus on the attacks they're most likely to see
Establishing The New Normal After A Breach
News  |  9/26/2013  | 
Breach response shouldn't just be about notifications and system clean-up -- organizations can use their mistakes as learning aids to change processes and policies for lasting security success
Threat-Intel Sharing Services Emerge, But Challenges Remain
News  |  9/26/2013  | 
A number of services to help companies analyze threats and share intelligence have popped up, but the services have to solve some key problems
Report: 8 Out of 10 Users Infected With A Trojan
Quick Hits  |  9/26/2013  | 
Trojans overshadow all other forms of malware in second quarter, new study from PandaLabs shows
NSA Chief: Don't Dump Essential Security Tools
News  |  9/26/2013  | 
Gen. Keith Alexander defends National Security Agency practices, argues for advances in cybersecurity cooperation.
Rise Of The 'Hit-And-Run' APT
News  |  9/26/2013  | 
A new model of cyberespionage is emerging that relies on cybermercenaries hired to break in, steal information, and then leave -- with specific targeted information
Flash Storage Has Special Security Needs
Commentary  |  9/26/2013  | 
Over-provisioning and bad-block marking can leave flash storage devices vulnerable to data theft. Here are workarounds.
Yahoo Email Change Doesn't Solve Security Problem
News  |  9/26/2013  | 
Yahoo's "Not My Email" button may cut down on misdirected email, but security experts say Yahoo's solution doesn't address the underlying security issues.
Protecting The Network From Bring-Your-Own Vulnerabilities
News  |  9/25/2013  | 
Companies that allow employees to use their own devices for work inherit their employees' vulnerabilities. How should companies secure networks in the age of BYOD?
Hacking The Threat Intelligence-Sharing Model
News  |  9/25/2013  | 
A new report shines light on what's holding back more widespread, efficient sharing of attack intelligence among organizations
You Are Not Over Budget -- You Underestimated
Commentary  |  9/25/2013  | 
When forces align to underfund IT projects, they guarantee an ugly finish
Social Spam Invades The Enterprise
News  |  9/25/2013  | 
Spammers increasingly dodge email spam tools by using social media, posing new risks to government and corporate enterprises, study says.
Gartner Survey Says Many Organizations Fear Their Privacy Activities Are Insufficient
News  |  9/25/2013  | 
Perceived level of maturity attached to organizations' privacy activities has decreased since 2011
FISMA Security Approach Falls Short, Fed IT Pros Say
News  |  9/25/2013  | 
Primary tool for defending government information systems is inadequate in the battle against cyber threats and attacks, federal IT security managers say.
Five Habits IT Security Professionals Need To Break
Quick Hits  |  9/25/2013  | 
To move forward, security pros need to break old thinking, (ISC)2 Congress panel says
Yahoo Responds To Recycled Email Security Problem
News  |  9/25/2013  | 
Yahoo will launch a "Not My Email" button to return old account-holders' email and help former users reclaim their accounts.
Post-NSA Revelations, Most Users Feel Less Safe
Quick Hits  |  9/24/2013  | 
Three-fourths of users say it's their own responsibility to protect their privacy, survey says
Apple Touch ID Fingerprint Reader Hack Heightens Biometrics Debate
News  |  9/24/2013  | 
Hackers say the attack demonstrates a fatal flaw of fingerprint biometrics: It's too easy to defeat
5 Steps To Stop A Snowden Scenario
News  |  9/24/2013  | 
The NSA leaks by a systems administrator have forced enterprises to rethink their risks of an insider leak and their privileged users' access
Connecting The Dots With Quality Analytics Data
News  |  9/24/2013  | 
Get creative about sourcing data, find ways to improve its quality, and then normalize it to mine its value
Why A Hardware Root Of Trust Matters For Mobile
News  |  9/24/2013  | 
Even with mobile device management, enterprises still lack control over devices
Spikes Launches AirGap Enterprise To Eliminate Malware Pandemic From Entering The Enterprise
News  |  9/24/2013  | 
Solution resides in the network DMZ rather than on end user devices
The Big Data Is The New Normal
Commentary  |  9/24/2013  | 
Big data, not relational, is the new platform of choice
Lack Of Security Expertise? App-Analysis Services Could Help
News  |  9/23/2013  | 
Companies now have a selection of software-scanning services to help assess their Web applications and find bugs -- here's a look at what makes a good service
Destructive Attacks On Oil And Gas Industry A Wake-Up Call
News  |  9/23/2013  | 
Cyberattacks could have real-world economic consequences in the oil and gas markets, even at the pump
Penetration Testing For Beginners
News  |  9/23/2013  | 
Interop workshop instructor discusses what it takes for networking pros to start wrapping their arms around security testing basics
Energy Dept. Invests $30 Million In Utility Security
News  |  9/23/2013  | 
Contracts will support new tools to protect electrical, gas and oil infrastructures from cyber attacks.
Yahoo Recycled Emails: Users Find Security Surprises
News  |  9/23/2013  | 
Some Yahoo users who took advantage of recycled IDs report they're getting emails intended for the old account holders -- including personal data.
Apple iPhone 5s Fooled By Fake Finger
News  |  9/23/2013  | 
Chaos Computer Club hackers bypass the fingerprint sensor in Apple's iPhone 5s, may qualify for Touch ID hack bounty.
Flaw In iOS 7 Lets Attackers Take Control Of Users' iPhones
Quick Hits  |  9/22/2013  | 
SIRI vulnerability enables attackers to act on user's behalf -- even when iPhone is locked
Dolloping Out Threat Intelligence
Commentary  |  9/21/2013  | 
When too much of a good thing causes confusion and setbacks
(ISC)2 Congress Addresses Security's People Problems
Commentary  |  9/20/2013  | 
Annual (ISC)2 conference puts technology aside to focus on the human side of security
3 Steps To Keep Down Security's False-Positive Workload
News  |  9/20/2013  | 
A high rate of false positives is a problem that affects many types of security systems, but a few proactive steps can help cut them down to size
Android Facebook App Users: Patch Now
News  |  9/20/2013  | 
Facebook has fixed a bug in its Android app that left photos vulnerable to interception.
Choosing, Managing, And Evaluating A Penetration Testing Service
Quick Hits  |  9/20/2013  | 
The right pen testing service can make your data more secure. The wrong one could introduce risk. Here's how to tell the difference
Q&A: Security In The Spotlight At Interop
News  |  9/19/2013  | 
John Pironti , chair of Interop's Risk Management and Security Track, talks risk management and what to expect at the upcoming conference
Microsoft Adopts Open Specs For Threat Intel-Sharing
Quick Hits  |  9/19/2013  | 
New Microsoft Active Protections Program (MAPP) for Responders program will use STIX, TAXI specifications for automating intelligence-sharing
Google's Plan To Kill Cookies
News  |  9/19/2013  | 
Google proposes anonymous identifier for advertising, or AdID, to replace cookies used by third-party marketers. Google would benefit -- but would consumers?
Phishers Expand Brands, Shift Gears
News  |  9/19/2013  | 
More brands than ever getting phished as cybercriminals branch out and rely less on mass phishing attacks
Shylock Malware Resurges, Targets Top U.S. Banks
News  |  9/19/2013  | 
Major U.S. financial firms are being targeted by tough-to-detect malware that can steal money while customers access their online accounts.
Page 1 / 3   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-0652
PUBLISHED: 2021-10-22
In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a possible way to introduce a memory corruption due to sharing of not thread-safe objects. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitati...
CVE-2021-0702
PUBLISHED: 2021-10-22
In RevertActiveSessions of apexd.cpp, there is a possible way to share the wrong file due to an unintentional MediaStore downgrade. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: An...
CVE-2021-0703
PUBLISHED: 2021-10-22
In SecondStageMain of init.cpp, there is a possible use after free due to incorrect shared_ptr usage. This could lead to local escalation of privilege if the attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.Pr...
CVE-2021-0705
PUBLISHED: 2021-10-22
In sanitizeSbn of NotificationManagerService.java, there is a possible way to keep service running in foreground and keep granted permissions due to Bypass of Background Service Restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User intera...
CVE-2021-0706
PUBLISHED: 2021-10-22
In startListening of PluginManagerImpl.java, there is a possible way to disable arbitrary app components due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersi...