Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Did Chinese Hackers Hit NY Times?
Some evidence suggests Chinese involvement in recent attack on The New York Times. Meanwhile, Symantec goes into damage-control mode over failure to block hackers.
Firefox Moves To Block Java, Silverlight, Adobe Reader
Mozilla's "click to play" move will block all plug-ins from executing without explicit user authorization.
Legitimate Sites Are Most Likely To Serve Up Malware, Cisco Study Says
About a third of all malware is encountered in the U.S., Cisco annual security study finds
Millions Of Networked Devices In Harm's Way
Unplug Universal Plug And Play (UPnP) to protect routers, storage devices, media players from getting hacked over the Internet, Rapid7 says
Unplug Universal Plug And Play: Security Warning
Tens of millions of devices with UPnP are remotely exploitable, warns Metasploit creator. New tool detects vulnerable devices, which include 6,900 different product versions spanning 1,500 vendors.
iOS 6.1 Fixes 27 Vulnerabilities
20 remote code execution errors in the WebKit browser engine, a staple of Apple security updates, are fixed in the new release for iPhones, iPads, and iPod Touches. Some of the bugs fixed are quite old, with one reported in 2011
AMD Suit Offers Lessons On Punishing Insider Thieves
Theft of 150,000 documents by AMD employees defecting to nVidia and subsequent lawsuit shows value of monitoring and forensics spend
HP Disputes Printer Security Vulnerabilities
Weaknesses in printer networking software could be used to bypass authentication, deny service and retrieve documents from any user, Spanish researcher says.
6 Steps To Better Customer Data Protection
Privacy isn't a concern just for the Googles and Facebooks of the world. Here are six ways small and midsize businesses (SMB) can better protect their customers -- and themselves.
Combatting Advanced Threats In 2013 Through Basics
Focus on fixing the problems of a past generation before focusing on the next
Java Security Work Remains, Bug Hunter Says
Proof-of-concept attack can be used to run arbitrary Java apps, despite Oracle's recent security fix.
Anonymous DDoS Attackers In Britain Sentenced
Two men receive jail time for botnet attacks on PayPal, MasterCard, Visa and the British anti-piracy lobby as part of Operation Payback.
SCADA Security 2.0
Siemens will consider whether to offer a bug bounty program as security experts look at new approaches to tackling SCADA security woes
China Accused Of Java, IE Zero Day Attacks
Human rights groups have been victims of "watering hole" attacks using recently discovered -- and patched -- flaws in Java and Internet Explorer, security researcher says.
Twitter Flaw Exposes Direct Messages To Third-Party Applications
Applications can view Twitter DMs even without users' permission, researcher says
Supply Chain Uncertainties Complicate Security
Los Alamos National Laboratory's move to oust Chinese hardware without any evidence of backdoors highlights how supply-chain insecurities are difficult to manage
Alleged Gozi Trojan Creator Among Three Charged by Authorities
Three people are facing decades behind bars if convicted of having roles in the malware's spread
Playing In The Sandbox Helps Developers Learn About Bugs
Using virtual environments, two start-up projects create different ways of showing -- not telling -- developers how and why to prevent bugs
Report: 70% Of Exploit Kits Out Of Russia
Most vulnerabilities used in kits employ older exploits
SCADA Password-Cracking Tool For Siemens S7 PLCs Released
Siemens says no bug involved so no patch needed, and is working on simplifying patching overall for its customers
Virut Malware Botnet Torpedoed By Security Researchers
Spamhaus group scuttles command and control systems for Russian botnet controlling an estimated 300,000 zombie PCs per day.
Java Hacker Uncovers Two Flaws In Latest Update
Expert Java bug hunter says Oracle's latest Java 7 update, released last week, has two sandbox-bypass bugs.
Java Security 'Fix' Is Disguised Malware Attack
Security researchers spot malware masquerading as a Java security update. Users urged to download Java updates directly from Oracle.
Java Security Warnings: Cut Through The Confusion
Recent warnings to deactivate Java are raising additional questions: What about JavaScript, EJB, JavaFX, Android and any other use of the programming language?
SCADA Hackers Go On Defense
ReVuln building SCADA 'shield,' and rolls out SCADA custom-patch service for its customers
OKCupid Blind Date App: Beware Privacy Flub
OKCupid.com smartphone app promised safe blind date arrangement, but API failed to hide sensitive information about users.
Vulnerable APIs Continue To Pose Threat To Cloud
From banks to Instagram, weaknesses in online APIs have caused problems in the last year, with security experts warning that poorly implemented or designed Web APIs could put company data at risk
McAfee's Escape From Belize Turns Movie
Tale of eccentric antivirus founder John McAfee's escape to Guatemala and Miami set to be adapted by the team behind Crazy, Stupid, Love.
Another Java Zero-Day Vulnerability Hits Black Market
Just 24 hours after Oracle patched two critical flaws in Java, online vulnerability vendor starts selling never-seen Java bug.
The SCADA Patch Problem
Industrial control systems vendors are starting to patch security bugs, but actually installing the fixes can invite more trouble
10 Facts: Secure Java For Business Use
Businesses that rely on Java must now take additional steps to keep employees safe. Here's where to start.
Cloud's Privileged Identity Gap Intensifies Insider Threats
Organizations need to rein in shared accounts and do a better job tracking user activity across cloud architectures
Java Fallout: 4 SMB Security Resolutions
Fixing this kind of security issue doesn't require going head-to-head with organized crime rings or hacktivist groups. It just requires some human elbow grease.
Anonymous Hacks MIT In Aaron Swartz Tribute
Hacktivist group leaves defaced Web page calling for reform of computer crime and intellectual property laws.
Red October Espionage Network Rivals Flame
Newly discovered espionage malware infrastructure largely targets organizations in Eastern Europe and Asia.
Oracle Fixes Zero Day Java Flaws: Patch Now
Java 7 update, released Sunday, fixes bugs widely targeted by crimeware toolkits. Other critical bug updates coming later this week from Oracle and Microsoft.
How Cybercriminals Choose Their Targets And Tactics
Targeted attacks are becoming pervasive. Here's a look at how those targets are chosen -- and how your organization might avoid being one of them
Monitoring Bank DDoS Attacks Tough Task For Third Parties
While data is not readily available on the attacks hitting financial institutions, defenders dealing with the incidents say that the attacks are effective and costly
Anonymous Says DDoS Attacks Like Free Speech
Hacktivist collective Anonymous petitions the White House to make DDoS attacks part of First Amendment protections. Shutdown attacks are akin to Occupy protests, group argues.
Java Under Attack Again, Disable Now
Java zero-day vulnerability is under attack by at least four active campaigns. Oracle has yet to respond. Here's what to do.
Attack Code, Metasploit Module Released For Serious Ruby On Rails Bugs
Drop everything and patch Ruby on Rails apps now, security experts say
Bank Attacker Iran Ties Questioned By Security Pros
U.S. government officials continue to blame Iran for launching attacks against U.S. banks, but some information security experts see only circumstantial evidence.
U.K. Armed Forces Leaving Cyber Back Door Open?
Huge resources have been promised to beef up country's cyber warfare defense, but little has actually been sent to armed forces, bipartisan report says.
Apple Targets App Store Bait And Switch Scammers
Apple will lock down app screenshots after approval to stem a spate of sellers hawking fake apps.
Expect Less Targeting From This Year's Targeted Attacks
Broader spearphishing campaigns and watering-hole attacks look to compromise and gather intelligence on broader classes of targets
How Well Do You Know Your Data?
The more you know about your data, the more effectively you can protect it
McAfee Takes Belize: Social Engineering Lesson
Eccentric antivirus firm founder John McAfee says he tricked people with spyware -- using free laptops. Social engineering attacks remain cheap, easy and effective.
Critical Ruby On Rails Issue Threatens 240,000 Websites
Bug allows attackers to execute arbitrary code on any version of Ruby published in the last six years.
U.S. Bank Hack Attack Techniques Identified
Security researchers detail how poorly secured, hosted servers helped launch botnet-based attacks; U.S. government continues to blame Iran.
|
Latest Comment: This comment is waiting for review by our moderators.
The Year in Security: 2019This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
![[Just Released] How Enterprises are Attacking the Cybersecurity Problem](https://dsimg.ubm-us.net/asset/413163/625983/report%20thumbnail.PNG)
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Tweet This
7 Comments
