News & Commentary

Content posted in September 2013
Page 1 / 3   >   >>
Only Ho-Hum Security Holes Ahead For In-Memory DB
News  |  9/30/2013  | 
Oracle's new performance features shouldn't pose any unique risks, experts say
Pen Testing: Making Passion A Priority
Commentary  |  9/30/2013  | 
What sets real penetration testers apart is their motivation and willingness to lose themselves in something they love
Reaping The Security Rewards Of SDN
News  |  9/30/2013  | 
Software-defined network will be a major theme for Interop -- here's why some experts believe security pros should be paying attention
Symantec Sinkholes Chunk Of Massive Click-Fraud Botnet
News  |  9/30/2013  | 
More than 500,000 'ZeroAccess' bots nabbed by researchers just prior to its update to more resilient malware
Medical Device Security: A Work In Progress
News  |  9/30/2013  | 
Healthcare organizations vary widely in how prepared they are to handle breaches of medical devices, says Deloitte report.
Project Sonar Crowdsources A Better Bug Killer
News  |  9/30/2013  | 
Scans of the entire Internet for known vulnerabilities turn up terabytes of data, but the next steps won’t be easy.
Commerce In A World Without Trust
Commentary  |  9/29/2013  | 
The trust model underlying online commerce has been threatened by the constant attacks on information providers used to authenticate consumers. Is the Internet as secure as it needs to be anymore?
Tech Insight: Top 4 Problem Areas That Lead To Internal Data Breaches
News  |  9/27/2013  | 
Enterprise constantly fail in four areas, which, in turn, can easily cause intentional and unintentional data leaks
Conflicting Challenges Put Top Execs Between A Rock And A Hard Place
Quick Hits  |  9/27/2013  | 
Paradoxes in security goals, practices create conundrums for decision makers, (ISC)2 study finds
Insider Threats Get More Difficult To Detect
News  |  9/27/2013  | 
User diversity and growth in network activity including cloud services are among reasons it's getting harder to guard against insider data breaches, says Fortune 1000 survey.
Fixating On The Edges
Commentary  |  9/26/2013  | 
Security folks tend to concentrate on their inability to block improbable attacks, while forgetting to focus on the attacks they're most likely to see
Establishing The New Normal After A Breach
News  |  9/26/2013  | 
Breach response shouldn't just be about notifications and system clean-up -- organizations can use their mistakes as learning aids to change processes and policies for lasting security success
Threat-Intel Sharing Services Emerge, But Challenges Remain
News  |  9/26/2013  | 
A number of services to help companies analyze threats and share intelligence have popped up, but the services have to solve some key problems
Report: 8 Out of 10 Users Infected With A Trojan
Quick Hits  |  9/26/2013  | 
Trojans overshadow all other forms of malware in second quarter, new study from PandaLabs shows
NSA Chief: Don't Dump Essential Security Tools
News  |  9/26/2013  | 
Gen. Keith Alexander defends National Security Agency practices, argues for advances in cybersecurity cooperation.
Rise Of The 'Hit-And-Run' APT
News  |  9/26/2013  | 
A new model of cyberespionage is emerging that relies on cybermercenaries hired to break in, steal information, and then leave -- with specific targeted information
Flash Storage Has Special Security Needs
Commentary  |  9/26/2013  | 
Over-provisioning and bad-block marking can leave flash storage devices vulnerable to data theft. Here are workarounds.
Yahoo Email Change Doesn't Solve Security Problem
News  |  9/26/2013  | 
Yahoo's "Not My Email" button may cut down on misdirected email, but security experts say Yahoo's solution doesn't address the underlying security issues.
Protecting The Network From Bring-Your-Own Vulnerabilities
News  |  9/25/2013  | 
Companies that allow employees to use their own devices for work inherit their employees' vulnerabilities. How should companies secure networks in the age of BYOD?
Hacking The Threat Intelligence-Sharing Model
News  |  9/25/2013  | 
A new report shines light on what's holding back more widespread, efficient sharing of attack intelligence among organizations
You Are Not Over Budget -- You Underestimated
Commentary  |  9/25/2013  | 
When forces align to underfund IT projects, they guarantee an ugly finish
Social Spam Invades The Enterprise
News  |  9/25/2013  | 
Spammers increasingly dodge email spam tools by using social media, posing new risks to government and corporate enterprises, study says.
Gartner Survey Says Many Organizations Fear Their Privacy Activities Are Insufficient
News  |  9/25/2013  | 
Perceived level of maturity attached to organizations' privacy activities has decreased since 2011
FISMA Security Approach Falls Short, Fed IT Pros Say
News  |  9/25/2013  | 
Primary tool for defending government information systems is inadequate in the battle against cyber threats and attacks, federal IT security managers say.
Five Habits IT Security Professionals Need To Break
Quick Hits  |  9/25/2013  | 
To move forward, security pros need to break old thinking, (ISC)2 Congress panel says
Yahoo Responds To Recycled Email Security Problem
News  |  9/25/2013  | 
Yahoo will launch a "Not My Email" button to return old account-holders' email and help former users reclaim their accounts.
Post-NSA Revelations, Most Users Feel Less Safe
Quick Hits  |  9/24/2013  | 
Three-fourths of users say it's their own responsibility to protect their privacy, survey says
Apple Touch ID Fingerprint Reader Hack Heightens Biometrics Debate
News  |  9/24/2013  | 
Hackers say the attack demonstrates a fatal flaw of fingerprint biometrics: It's too easy to defeat
5 Steps To Stop A Snowden Scenario
News  |  9/24/2013  | 
The NSA leaks by a systems administrator have forced enterprises to rethink their risks of an insider leak and their privileged users' access
Connecting The Dots With Quality Analytics Data
News  |  9/24/2013  | 
Get creative about sourcing data, find ways to improve its quality, and then normalize it to mine its value
Why A Hardware Root Of Trust Matters For Mobile
News  |  9/24/2013  | 
Even with mobile device management, enterprises still lack control over devices
Spikes Launches AirGap Enterprise To Eliminate Malware Pandemic From Entering The Enterprise
News  |  9/24/2013  | 
Solution resides in the network DMZ rather than on end user devices
The Big Data Is The New Normal
Commentary  |  9/24/2013  | 
Big data, not relational, is the new platform of choice
Lack Of Security Expertise? App-Analysis Services Could Help
News  |  9/23/2013  | 
Companies now have a selection of software-scanning services to help assess their Web applications and find bugs -- here's a look at what makes a good service
Destructive Attacks On Oil And Gas Industry A Wake-Up Call
News  |  9/23/2013  | 
Cyberattacks could have real-world economic consequences in the oil and gas markets, even at the pump
Penetration Testing For Beginners
News  |  9/23/2013  | 
Interop workshop instructor discusses what it takes for networking pros to start wrapping their arms around security testing basics
Energy Dept. Invests $30 Million In Utility Security
News  |  9/23/2013  | 
Contracts will support new tools to protect electrical, gas and oil infrastructures from cyber attacks.
Yahoo Recycled Emails: Users Find Security Surprises
News  |  9/23/2013  | 
Some Yahoo users who took advantage of recycled IDs report they're getting emails intended for the old account holders -- including personal data.
Apple iPhone 5s Fooled By Fake Finger
News  |  9/23/2013  | 
Chaos Computer Club hackers bypass the fingerprint sensor in Apple's iPhone 5s, may qualify for Touch ID hack bounty.
Flaw In iOS 7 Lets Attackers Take Control Of Users' iPhones
Quick Hits  |  9/22/2013  | 
SIRI vulnerability enables attackers to act on user's behalf -- even when iPhone is locked
Dolloping Out Threat Intelligence
Commentary  |  9/21/2013  | 
When too much of a good thing causes confusion and setbacks
(ISC)2 Congress Addresses Security's People Problems
Commentary  |  9/20/2013  | 
Annual (ISC)2 conference puts technology aside to focus on the human side of security
3 Steps To Keep Down Security's False-Positive Workload
News  |  9/20/2013  | 
A high rate of false positives is a problem that affects many types of security systems, but a few proactive steps can help cut them down to size
Android Facebook App Users: Patch Now
News  |  9/20/2013  | 
Facebook has fixed a bug in its Android app that left photos vulnerable to interception.
Choosing, Managing, And Evaluating A Penetration Testing Service
Quick Hits  |  9/20/2013  | 
The right pen testing service can make your data more secure. The wrong one could introduce risk. Here's how to tell the difference
Q&A: Security In The Spotlight At Interop
News  |  9/19/2013  | 
John Pironti , chair of Interop's Risk Management and Security Track, talks risk management and what to expect at the upcoming conference
Microsoft Adopts Open Specs For Threat Intel-Sharing
Quick Hits  |  9/19/2013  | 
New Microsoft Active Protections Program (MAPP) for Responders program will use STIX, TAXI specifications for automating intelligence-sharing
Google's Plan To Kill Cookies
News  |  9/19/2013  | 
Google proposes anonymous identifier for advertising, or AdID, to replace cookies used by third-party marketers. Google would benefit -- but would consumers?
Phishers Expand Brands, Shift Gears
News  |  9/19/2013  | 
More brands than ever getting phished as cybercriminals branch out and rely less on mass phishing attacks
Shylock Malware Resurges, Targets Top U.S. Banks
News  |  9/19/2013  | 
Major U.S. financial firms are being targeted by tough-to-detect malware that can steal money while customers access their online accounts.
Page 1 / 3   >   >>


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15504
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
CVE-2018-15505
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 a...
CVE-2018-15492
PUBLISHED: 2018-08-18
A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.
CVE-2018-15494
PUBLISHED: 2018-08-18
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
CVE-2018-15495
PUBLISHED: 2018-08-18
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.