News & Commentary

Content posted in September 2013
Page 1 / 3   >   >>
Only Ho-Hum Security Holes Ahead For In-Memory DB
News  |  9/30/2013  | 
Oracle's new performance features shouldn't pose any unique risks, experts say
Pen Testing: Making Passion A Priority
Commentary  |  9/30/2013  | 
What sets real penetration testers apart is their motivation and willingness to lose themselves in something they love
Reaping The Security Rewards Of SDN
News  |  9/30/2013  | 
Software-defined network will be a major theme for Interop -- here's why some experts believe security pros should be paying attention
Symantec Sinkholes Chunk Of Massive Click-Fraud Botnet
News  |  9/30/2013  | 
More than 500,000 'ZeroAccess' bots nabbed by researchers just prior to its update to more resilient malware
Medical Device Security: A Work In Progress
News  |  9/30/2013  | 
Healthcare organizations vary widely in how prepared they are to handle breaches of medical devices, says Deloitte report.
Project Sonar Crowdsources A Better Bug Killer
News  |  9/30/2013  | 
Scans of the entire Internet for known vulnerabilities turn up terabytes of data, but the next steps won’t be easy.
Commerce In A World Without Trust
Commentary  |  9/29/2013  | 
The trust model underlying online commerce has been threatened by the constant attacks on information providers used to authenticate consumers. Is the Internet as secure as it needs to be anymore?
Tech Insight: Top 4 Problem Areas That Lead To Internal Data Breaches
News  |  9/27/2013  | 
Enterprise constantly fail in four areas, which, in turn, can easily cause intentional and unintentional data leaks
Conflicting Challenges Put Top Execs Between A Rock And A Hard Place
Quick Hits  |  9/27/2013  | 
Paradoxes in security goals, practices create conundrums for decision makers, (ISC)2 study finds
Insider Threats Get More Difficult To Detect
News  |  9/27/2013  | 
User diversity and growth in network activity including cloud services are among reasons it's getting harder to guard against insider data breaches, says Fortune 1000 survey.
Fixating On The Edges
Commentary  |  9/26/2013  | 
Security folks tend to concentrate on their inability to block improbable attacks, while forgetting to focus on the attacks they're most likely to see
Establishing The New Normal After A Breach
News  |  9/26/2013  | 
Breach response shouldn't just be about notifications and system clean-up -- organizations can use their mistakes as learning aids to change processes and policies for lasting security success
Threat-Intel Sharing Services Emerge, But Challenges Remain
News  |  9/26/2013  | 
A number of services to help companies analyze threats and share intelligence have popped up, but the services have to solve some key problems
Report: 8 Out of 10 Users Infected With A Trojan
Quick Hits  |  9/26/2013  | 
Trojans overshadow all other forms of malware in second quarter, new study from PandaLabs shows
NSA Chief: Don't Dump Essential Security Tools
News  |  9/26/2013  | 
Gen. Keith Alexander defends National Security Agency practices, argues for advances in cybersecurity cooperation.
Rise Of The 'Hit-And-Run' APT
News  |  9/26/2013  | 
A new model of cyberespionage is emerging that relies on cybermercenaries hired to break in, steal information, and then leave -- with specific targeted information
Flash Storage Has Special Security Needs
Commentary  |  9/26/2013  | 
Over-provisioning and bad-block marking can leave flash storage devices vulnerable to data theft. Here are workarounds.
Yahoo Email Change Doesn't Solve Security Problem
News  |  9/26/2013  | 
Yahoo's "Not My Email" button may cut down on misdirected email, but security experts say Yahoo's solution doesn't address the underlying security issues.
Protecting The Network From Bring-Your-Own Vulnerabilities
News  |  9/25/2013  | 
Companies that allow employees to use their own devices for work inherit their employees' vulnerabilities. How should companies secure networks in the age of BYOD?
Hacking The Threat Intelligence-Sharing Model
News  |  9/25/2013  | 
A new report shines light on what's holding back more widespread, efficient sharing of attack intelligence among organizations
You Are Not Over Budget -- You Underestimated
Commentary  |  9/25/2013  | 
When forces align to underfund IT projects, they guarantee an ugly finish
Social Spam Invades The Enterprise
News  |  9/25/2013  | 
Spammers increasingly dodge email spam tools by using social media, posing new risks to government and corporate enterprises, study says.
Gartner Survey Says Many Organizations Fear Their Privacy Activities Are Insufficient
News  |  9/25/2013  | 
Perceived level of maturity attached to organizations' privacy activities has decreased since 2011
FISMA Security Approach Falls Short, Fed IT Pros Say
News  |  9/25/2013  | 
Primary tool for defending government information systems is inadequate in the battle against cyber threats and attacks, federal IT security managers say.
Five Habits IT Security Professionals Need To Break
Quick Hits  |  9/25/2013  | 
To move forward, security pros need to break old thinking, (ISC)2 Congress panel says
Yahoo Responds To Recycled Email Security Problem
News  |  9/25/2013  | 
Yahoo will launch a "Not My Email" button to return old account-holders' email and help former users reclaim their accounts.
Post-NSA Revelations, Most Users Feel Less Safe
Quick Hits  |  9/24/2013  | 
Three-fourths of users say it's their own responsibility to protect their privacy, survey says
Apple Touch ID Fingerprint Reader Hack Heightens Biometrics Debate
News  |  9/24/2013  | 
Hackers say the attack demonstrates a fatal flaw of fingerprint biometrics: It's too easy to defeat
5 Steps To Stop A Snowden Scenario
News  |  9/24/2013  | 
The NSA leaks by a systems administrator have forced enterprises to rethink their risks of an insider leak and their privileged users' access
Connecting The Dots With Quality Analytics Data
News  |  9/24/2013  | 
Get creative about sourcing data, find ways to improve its quality, and then normalize it to mine its value
Why A Hardware Root Of Trust Matters For Mobile
News  |  9/24/2013  | 
Even with mobile device management, enterprises still lack control over devices
Spikes Launches AirGap Enterprise To Eliminate Malware Pandemic From Entering The Enterprise
News  |  9/24/2013  | 
Solution resides in the network DMZ rather than on end user devices
The Big Data Is The New Normal
Commentary  |  9/24/2013  | 
Big data, not relational, is the new platform of choice
Lack Of Security Expertise? App-Analysis Services Could Help
News  |  9/23/2013  | 
Companies now have a selection of software-scanning services to help assess their Web applications and find bugs -- here's a look at what makes a good service
Destructive Attacks On Oil And Gas Industry A Wake-Up Call
News  |  9/23/2013  | 
Cyberattacks could have real-world economic consequences in the oil and gas markets, even at the pump
Penetration Testing For Beginners
News  |  9/23/2013  | 
Interop workshop instructor discusses what it takes for networking pros to start wrapping their arms around security testing basics
Energy Dept. Invests $30 Million In Utility Security
News  |  9/23/2013  | 
Contracts will support new tools to protect electrical, gas and oil infrastructures from cyber attacks.
Yahoo Recycled Emails: Users Find Security Surprises
News  |  9/23/2013  | 
Some Yahoo users who took advantage of recycled IDs report they're getting emails intended for the old account holders -- including personal data.
Apple iPhone 5s Fooled By Fake Finger
News  |  9/23/2013  | 
Chaos Computer Club hackers bypass the fingerprint sensor in Apple's iPhone 5s, may qualify for Touch ID hack bounty.
Flaw In iOS 7 Lets Attackers Take Control Of Users' iPhones
Quick Hits  |  9/22/2013  | 
SIRI vulnerability enables attackers to act on user's behalf -- even when iPhone is locked
Dolloping Out Threat Intelligence
Commentary  |  9/21/2013  | 
When too much of a good thing causes confusion and setbacks
(ISC)2 Congress Addresses Security's People Problems
Commentary  |  9/20/2013  | 
Annual (ISC)2 conference puts technology aside to focus on the human side of security
3 Steps To Keep Down Security's False-Positive Workload
News  |  9/20/2013  | 
A high rate of false positives is a problem that affects many types of security systems, but a few proactive steps can help cut them down to size
Android Facebook App Users: Patch Now
News  |  9/20/2013  | 
Facebook has fixed a bug in its Android app that left photos vulnerable to interception.
Choosing, Managing, And Evaluating A Penetration Testing Service
Quick Hits  |  9/20/2013  | 
The right pen testing service can make your data more secure. The wrong one could introduce risk. Here's how to tell the difference
Q&A: Security In The Spotlight At Interop
News  |  9/19/2013  | 
John Pironti , chair of Interop's Risk Management and Security Track, talks risk management and what to expect at the upcoming conference
Microsoft Adopts Open Specs For Threat Intel-Sharing
Quick Hits  |  9/19/2013  | 
New Microsoft Active Protections Program (MAPP) for Responders program will use STIX, TAXI specifications for automating intelligence-sharing
Google's Plan To Kill Cookies
News  |  9/19/2013  | 
Google proposes anonymous identifier for advertising, or AdID, to replace cookies used by third-party marketers. Google would benefit -- but would consumers?
Phishers Expand Brands, Shift Gears
News  |  9/19/2013  | 
More brands than ever getting phished as cybercriminals branch out and rely less on mass phishing attacks
Shylock Malware Resurges, Targets Top U.S. Banks
News  |  9/19/2013  | 
Major U.S. financial firms are being targeted by tough-to-detect malware that can steal money while customers access their online accounts.
Page 1 / 3   >   >>


High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
Making the Case for a Cybersecurity Moon Shot
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  2/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-1659
PUBLISHED: 2019-02-21
A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime Infrastructure (PI) could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the Secure Sockets Layer (SSL) tunnel established between ISE and PI. The vulnerability is due to...
CVE-2019-8983
PUBLISHED: 2019-02-21
MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 1 of 2).
CVE-2019-8984
PUBLISHED: 2019-02-21
MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 2 of 2).
CVE-2018-20122
PUBLISHED: 2019-02-21
The web interface on FASTGate Fastweb devices with firmware through 0.00.47_FW_200_Askey 2017-05-17 (software through 1.0.1b) exposed a CGI binary that is vulnerable to a command injection vulnerability that can be exploited to achieve remote code execution with root privileges. No authentication is...
CVE-2018-6687
PUBLISHED: 2019-02-21
Loop with Unreachable Exit Condition ('Infinite Loop') in McAfee GetSusp (GetSusp) 3.0.0.461 and earlier allows attackers to DoS a manual GetSusp scan via while scanning a specifically crafted file . GetSusp is a free standalone McAfee tool that runs on several versions of Microsoft Windows.