News & Commentary

Content posted in September 2013
Page 1 / 3   >   >>
Only Ho-Hum Security Holes Ahead For In-Memory DB
News  |  9/30/2013  | 
Oracle's new performance features shouldn't pose any unique risks, experts say
Pen Testing: Making Passion A Priority
Commentary  |  9/30/2013  | 
What sets real penetration testers apart is their motivation and willingness to lose themselves in something they love
Reaping The Security Rewards Of SDN
News  |  9/30/2013  | 
Software-defined network will be a major theme for Interop -- here's why some experts believe security pros should be paying attention
Symantec Sinkholes Chunk Of Massive Click-Fraud Botnet
News  |  9/30/2013  | 
More than 500,000 'ZeroAccess' bots nabbed by researchers just prior to its update to more resilient malware
Medical Device Security: A Work In Progress
News  |  9/30/2013  | 
Healthcare organizations vary widely in how prepared they are to handle breaches of medical devices, says Deloitte report.
Project Sonar Crowdsources A Better Bug Killer
News  |  9/30/2013  | 
Scans of the entire Internet for known vulnerabilities turn up terabytes of data, but the next steps won’t be easy.
Commerce In A World Without Trust
Commentary  |  9/29/2013  | 
The trust model underlying online commerce has been threatened by the constant attacks on information providers used to authenticate consumers. Is the Internet as secure as it needs to be anymore?
Tech Insight: Top 4 Problem Areas That Lead To Internal Data Breaches
News  |  9/27/2013  | 
Enterprise constantly fail in four areas, which, in turn, can easily cause intentional and unintentional data leaks
Conflicting Challenges Put Top Execs Between A Rock And A Hard Place
Quick Hits  |  9/27/2013  | 
Paradoxes in security goals, practices create conundrums for decision makers, (ISC)2 study finds
Insider Threats Get More Difficult To Detect
News  |  9/27/2013  | 
User diversity and growth in network activity including cloud services are among reasons it's getting harder to guard against insider data breaches, says Fortune 1000 survey.
Fixating On The Edges
Commentary  |  9/26/2013  | 
Security folks tend to concentrate on their inability to block improbable attacks, while forgetting to focus on the attacks they're most likely to see
Establishing The New Normal After A Breach
News  |  9/26/2013  | 
Breach response shouldn't just be about notifications and system clean-up -- organizations can use their mistakes as learning aids to change processes and policies for lasting security success
Threat-Intel Sharing Services Emerge, But Challenges Remain
News  |  9/26/2013  | 
A number of services to help companies analyze threats and share intelligence have popped up, but the services have to solve some key problems
Report: 8 Out of 10 Users Infected With A Trojan
Quick Hits  |  9/26/2013  | 
Trojans overshadow all other forms of malware in second quarter, new study from PandaLabs shows
NSA Chief: Don't Dump Essential Security Tools
News  |  9/26/2013  | 
Gen. Keith Alexander defends National Security Agency practices, argues for advances in cybersecurity cooperation.
Rise Of The 'Hit-And-Run' APT
News  |  9/26/2013  | 
A new model of cyberespionage is emerging that relies on cybermercenaries hired to break in, steal information, and then leave -- with specific targeted information
Flash Storage Has Special Security Needs
Commentary  |  9/26/2013  | 
Over-provisioning and bad-block marking can leave flash storage devices vulnerable to data theft. Here are workarounds.
Yahoo Email Change Doesn't Solve Security Problem
News  |  9/26/2013  | 
Yahoo's "Not My Email" button may cut down on misdirected email, but security experts say Yahoo's solution doesn't address the underlying security issues.
Protecting The Network From Bring-Your-Own Vulnerabilities
News  |  9/25/2013  | 
Companies that allow employees to use their own devices for work inherit their employees' vulnerabilities. How should companies secure networks in the age of BYOD?
Hacking The Threat Intelligence-Sharing Model
News  |  9/25/2013  | 
A new report shines light on what's holding back more widespread, efficient sharing of attack intelligence among organizations
You Are Not Over Budget -- You Underestimated
Commentary  |  9/25/2013  | 
When forces align to underfund IT projects, they guarantee an ugly finish
Social Spam Invades The Enterprise
News  |  9/25/2013  | 
Spammers increasingly dodge email spam tools by using social media, posing new risks to government and corporate enterprises, study says.
Gartner Survey Says Many Organizations Fear Their Privacy Activities Are Insufficient
News  |  9/25/2013  | 
Perceived level of maturity attached to organizations' privacy activities has decreased since 2011
FISMA Security Approach Falls Short, Fed IT Pros Say
News  |  9/25/2013  | 
Primary tool for defending government information systems is inadequate in the battle against cyber threats and attacks, federal IT security managers say.
Five Habits IT Security Professionals Need To Break
Quick Hits  |  9/25/2013  | 
To move forward, security pros need to break old thinking, (ISC)2 Congress panel says
Yahoo Responds To Recycled Email Security Problem
News  |  9/25/2013  | 
Yahoo will launch a "Not My Email" button to return old account-holders' email and help former users reclaim their accounts.
Post-NSA Revelations, Most Users Feel Less Safe
Quick Hits  |  9/24/2013  | 
Three-fourths of users say it's their own responsibility to protect their privacy, survey says
Apple Touch ID Fingerprint Reader Hack Heightens Biometrics Debate
News  |  9/24/2013  | 
Hackers say the attack demonstrates a fatal flaw of fingerprint biometrics: It's too easy to defeat
5 Steps To Stop A Snowden Scenario
News  |  9/24/2013  | 
The NSA leaks by a systems administrator have forced enterprises to rethink their risks of an insider leak and their privileged users' access
Connecting The Dots With Quality Analytics Data
News  |  9/24/2013  | 
Get creative about sourcing data, find ways to improve its quality, and then normalize it to mine its value
Why A Hardware Root Of Trust Matters For Mobile
News  |  9/24/2013  | 
Even with mobile device management, enterprises still lack control over devices
Spikes Launches AirGap Enterprise To Eliminate Malware Pandemic From Entering The Enterprise
News  |  9/24/2013  | 
Solution resides in the network DMZ rather than on end user devices
The Big Data Is The New Normal
Commentary  |  9/24/2013  | 
Big data, not relational, is the new platform of choice
Lack Of Security Expertise? App-Analysis Services Could Help
News  |  9/23/2013  | 
Companies now have a selection of software-scanning services to help assess their Web applications and find bugs -- here's a look at what makes a good service
Destructive Attacks On Oil And Gas Industry A Wake-Up Call
News  |  9/23/2013  | 
Cyberattacks could have real-world economic consequences in the oil and gas markets, even at the pump
Penetration Testing For Beginners
News  |  9/23/2013  | 
Interop workshop instructor discusses what it takes for networking pros to start wrapping their arms around security testing basics
Energy Dept. Invests $30 Million In Utility Security
News  |  9/23/2013  | 
Contracts will support new tools to protect electrical, gas and oil infrastructures from cyber attacks.
Yahoo Recycled Emails: Users Find Security Surprises
News  |  9/23/2013  | 
Some Yahoo users who took advantage of recycled IDs report they're getting emails intended for the old account holders -- including personal data.
Apple iPhone 5s Fooled By Fake Finger
News  |  9/23/2013  | 
Chaos Computer Club hackers bypass the fingerprint sensor in Apple's iPhone 5s, may qualify for Touch ID hack bounty.
Flaw In iOS 7 Lets Attackers Take Control Of Users' iPhones
Quick Hits  |  9/22/2013  | 
SIRI vulnerability enables attackers to act on user's behalf -- even when iPhone is locked
Dolloping Out Threat Intelligence
Commentary  |  9/21/2013  | 
When too much of a good thing causes confusion and setbacks
(ISC)2 Congress Addresses Security's People Problems
Commentary  |  9/20/2013  | 
Annual (ISC)2 conference puts technology aside to focus on the human side of security
3 Steps To Keep Down Security's False-Positive Workload
News  |  9/20/2013  | 
A high rate of false positives is a problem that affects many types of security systems, but a few proactive steps can help cut them down to size
Android Facebook App Users: Patch Now
News  |  9/20/2013  | 
Facebook has fixed a bug in its Android app that left photos vulnerable to interception.
Choosing, Managing, And Evaluating A Penetration Testing Service
Quick Hits  |  9/20/2013  | 
The right pen testing service can make your data more secure. The wrong one could introduce risk. Here's how to tell the difference
Q&A: Security In The Spotlight At Interop
News  |  9/19/2013  | 
John Pironti , chair of Interop's Risk Management and Security Track, talks risk management and what to expect at the upcoming conference
Microsoft Adopts Open Specs For Threat Intel-Sharing
Quick Hits  |  9/19/2013  | 
New Microsoft Active Protections Program (MAPP) for Responders program will use STIX, TAXI specifications for automating intelligence-sharing
Google's Plan To Kill Cookies
News  |  9/19/2013  | 
Google proposes anonymous identifier for advertising, or AdID, to replace cookies used by third-party marketers. Google would benefit -- but would consumers?
Phishers Expand Brands, Shift Gears
News  |  9/19/2013  | 
More brands than ever getting phished as cybercriminals branch out and rely less on mass phishing attacks
Shylock Malware Resurges, Targets Top U.S. Banks
News  |  9/19/2013  | 
Major U.S. financial firms are being targeted by tough-to-detect malware that can steal money while customers access their online accounts.
Page 1 / 3   >   >>


Microsoft President: Governments Must Cooperate on Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/8/2018
To Click or Not to Click: The Answer Is Easy
Kowsik Guruswamy, Chief Technology Officer at Menlo Security,  11/14/2018
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19279
PUBLISHED: 2018-11-14
PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non-SSD devices, this is limited to a 5-second window and file sizes less than 600 bytes. The effect on SSD devices may be greater.
CVE-2018-19280
PUBLISHED: 2018-11-14
Centreon 3.4.x has XSS via the resource name or macro expression of a poller macro.
CVE-2018-19281
PUBLISHED: 2018-11-14
Centreon 3.4.x allows SNMP trap SQL Injection.
CVE-2018-17960
PUBLISHED: 2018-11-14
CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste.
CVE-2018-19278
PUBLISHED: 2018-11-14
Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed lengt...