Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
SCADA 'Sandbox' Tests Real-World Impact Of Cyberattacks On Critical Infrastructure
New testbeds would help operators test software patches as well
China Targets U.S. In Hacking Blame Game
Responding to allegations that China regularly hacks U.S.
businesses, Chinese government officials claim that 63% of cyber attacks on their military systems in 2012 came from the U.S.
MiniDuke Espionage Malware Uses Twitter To Infect PCs
Online espionage campaign sends malicious PDF documents to victims, and the infected PCs use Twitter to install malware that can copy and delete files.
Anonymous: 10 Things We've Learned In 2013
The Anonymous hacker group continues to seek equal measures of revenge, justice and reform -- preferably through chaotic means -- for perceived wrongdoings.
The Best Way To Spend Your Security Budget
One SQL injection attack can bring in big bucks. It's a no-brainer that you should make this problem top priority
China's Cyberespionage Will Continue Unabated, Say Experts
The U.S. government will be slow to act against aggressors who attack through the Internet, predict policy and China experts at RSA
Flash Patch, Take Three: Adobe Issues New Fix
With attackers actively targeting zero-day flaws in Flash Reader, Adobe has released its third emergency Flash update this month.
SMS Spam Delivers More Malware, Scams
Threats are now often disguised as gift offers, product giveaways, and payment protection insurance.
2 More Java Zero-Day Vulnerabilities Emerge
While Oracle investigates reports that two bugs in Java 7 could allow attackers to remotely bypass the sandbox and compromise a system, security experts reiterate: If you don't need Java, turn it off
2 More Java Zero-Day Vulnerabilities Emerge
While Oracle investigates reports that two bugs in Java 7 could allow attackers to remotely bypass the sandbox and compromise a system, security experts reiterate: If you don't need Java, turn it off.
RSA, Juniper Team Up In Threat Intelligence-Sharing
Intelligence-sharing among vendors -- and about attacks on vendors -- key to thwarting today's attacks, officials say
Google Security Vulnerability Allowed Two-Step Verification Bypass
Researchers at Duo Security detailed an attack that could have allowed a hacker to hijack a user's Google account
Smartphones, Foolish Security Choices
One quarter of smartphone users store "intimate" images on their mobile devices, says security vendor AVG.
Microsoft Hacked: Joins Apple, Facebook, Twitter
Microsoft's OS X users compromised by watering-hole attack launched from a third-party iOS development site.
Don't Blame China For Security Hacks, Blame Yourself
Focus on the sorry state of your information security defenses before worrying about the Chinese, Russians, hacktivists or cybercrime gangs.
More Improvements To SIEM Than Big Data
For big companies looking to spend big budgets, the Big Data pitch for security information and event management (SIEM) systems is a good fit. But other improvements are on the way
Move Over, APTs -- The RAM-Based Advanced Volatile Threat Is Spinning Up Fast
By attacking random access memory, AVT creators make their exploits less persistent -- and harder to detect
Hacktivists Prep For International Open Data Day
On Saturday, International Open Data Day, cities around the world will host hackathons in an attempt to reveal useful applications of government data.
NBC Websites Hacked To Serve Citadel Financial Malware
RedKit exploit kit launched drive-by malware attacks from NBC websites, targeted vulnerabilities in Java and Adobe Reader.
China Denies U.S. Hacking Accusations: 6 Facts
Mandiant report says that an elite Chinese military hacking unit is responsible for launching APT attacks against U.S. businesses. Chinese government cries foul.
BK Hack Triggers Twitter Password Smackdown
"Operation Whopper" takeover of Burger King and Jeep Twitter accounts, and spoof hacks by MTV and BET, trigger Twitter's "friendly reminder" to use strong passwords.
The Road To Hell Is Authenticated By Facebook
OAuth allows us to log into many sites using familiar credentials, from Twitter, Facebook, Google or Microsoft. The main author of the original OAuth 1.0 spec says these giants took it and made OAuth 2.0 a monstrous, complex, and insecure mess that has already brought us significant vulnerabilities
Oxford University Briefly Blocks Google Docs
Increase in phishing attacks prompts Oxford University to take "temporary, extreme action."
Attribution Delivers Questionable Security Value
Sure, politicians have some fodder for their diplomatic cannons, but do companies gain much from identifying their attackers? Experts debate the merits of attribution
Apple, Facebook Twitter Attacks: 6 Key Facts
FBI investigates how hackers compromised an iOS developer website to exploit Java plug-in vulnerabilities and breach major social networking and technology companies.
Oracle, Apple Issue Java Security Patches
Oracle updates Java 7 and issues the final-ever public update for Java 6, while Apple releases its own Java 6 update for OS X users.
Lessons Learned From A Decade Of Vulnerabilities
A pair of reports look at the trends in vulnerability disclosure over a decade or more. Here are four lessons from the data on more than 50,000 flaws
Anonymous Takes On State Department, More Banks
Hacktivist group says it will release work email addresses for more than 170 U.S. State Department employees in fifth round of Operation Last Resort attacks.
Most Americans Believe U.S. Businesses Are Vulnerable To Cyberattack, Study Says
Ninety-three percent believe U.S. corporations are at least somewhat vulnerable to state-sponsored online attacks, Tenable report says
iPhone Vulnerability: Return Of The Lock Screen Bypass
How do these errors resurface after being fixed? In Apple's case, the problem could be a weakness in their test plans or procedures
Adobe Zero-Day Attack Bypasses Sandbox
Adobe fumbles on the security front by not enabling -- by default -- technology built into its PDF Reader and Acrobat that would have blocked the current attacks.
Major Certificate Authorities Unite In The Name Of SSL Security
Comodo, DigiCert, Entrust, GlobalSign, Go Daddy, Symantec, and Trend Micro form Certificate Authority Security Council (CASC)
Assessing Risk And Prioritizing Vulnerability Remediation
Vulnerabilities crop up constantly in your IT environment. How do you choose which ones to tackle first? Here are some risk-based recommendations
Cybersecurity Executive Order Leaves Tough Work Undone
Government and industry must work together in challenging new ways to implement the White House's executive order on cybersecurity, top federal officials said Wednesday.
Adobe Reader, Acrobat Under Attack
Cue the security fatigue: Zero-day attacks target Adobe Reader and Acrobat, Adobe pushes second Flash patch, Microsoft fixes 57 flaws.
Cybercrime 2.0: It's All About The Money
Malware creator and hacker "business model" has shifted from high volume toward high yield, Websense study finds. IT must educate users accordingly.
Besieged By Hackers, OpenX Will Close Open Ad Platform
Self-service ad platform proves indefensible when hackers come knocking.
Microsoft Fixes 57 Bugs In Windows, Office, IE
Microsoft package of security fixes is one of the biggest updates ever; security professionals advise installing it immediately.
Zombie Alert Hoax: Emergency Broadcast System Hacked
Bodies of the dead are rising from their graves, warns CBS affiliate. News at 10.
Getting Into The Heads Of Departing Insiders
Strong policies, human decency, and targeted communication can keep the semi-malicious insider from walking out the door with valuable IP
Adobe Issues Emergency Patch For Flash Player
As attackers actively target new bugs in Flash Player browser plug-in, Adobe issues Windows, Mac, Linux and Android patches.
Taming Big Bad Data For Better Security
Companies get inundated by incident and event data from their systems, but more vendors are creating platforms for analyzing the data and picking out security intelligence
Ex-Employees Say It's OK To Take Corporate Data With Them
New Symantec survey finds nearly 70 percent of employees who recently left or were fired from their job say their organizations don't prevent them from using confidential info
Barracuda Issues Security Update, Apologizes To Customers
Security appliance manufacturer apologizes for leaving hardcoded, undocumented accounts in its products.
Microsoft, Symantec Torpedo Massive Botnet
Tech companies team up to take down Bamital botnet, which generated over $1 million annually via search engine click fraud.
More Data On Attackers, But Attribution Still Dodgy
Identifying the groups behind attacks is still a dicey proposition, but security firms are collecting more information on attackers' techniques and their infrastructure
Email Domain Protection Effort Gains Traction
Phishing and email domain abuse prevention specification DMARC marks year one with widespread adoption
Researchers Demo Building Control System Hack
Unpatched bugs could also ultimately expose the corporate network
DDoS Attacks Spur Concerns Over Infrastructure Weaknesses
The ongoing distributed denial-of-service attacks on banks have some security professionals worried about the attacks moving to less prepared industries
Fake Email Dies Under DMARC Regime
Authentication and cooperation, made possible by the DMARC framework, cut down on email domain abuse.
|
Latest Comment: Your password expired and you have been locked out of your machine. Give me your new 2FA code to continue.
2020: The Year in SecurityDownload this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Tweet This
0 Comments
