Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Darkleech Apache Attacks Intensify
Security researchers discover hard-to-detect, memory-resident Linux malware compromising Apache servers and redirecting browsers to other infected sites.
D-Link Camera Security Flaw: Upgrade Now
16 vulnerable D-Link IP camera models have password issue that provides a back door, so attackers could intercept live video feed. Get the firmware update.
Spamhaus DDoS Suspect Arrested
Cyberbunker leader traveled Spain in a van, accessed Wi-Fi hotspots to launch DDoS attacks against anti-spam opponents, Dutch authorities allege.
Syrian Hacktivists Hit Guardian Twitter Feeds
Pro-Assad hacktivist group takes over 11 Twitter feeds belonging to British news group, decries "lies and slander about Syria."
Tech Insight: Time To Set Up That Honeypot
A combination of traditional network security monitoring and recent advancements in honeypot and active defense tools is key to detecting today's threats
Cloud Security Starts With Development, Better Tools
Companies must train their developers in secure coding and rely on others' expertise for complex components of cloud services and Web applications
Java Flaw Targeted By Crimeware Toolkit: Patch Now
Don't wait on this update, Java 7 users. Exploit uses bug, patched by Oracle last week, to execute arbitrary code.
Twitter Preps Two Factor Authentication After AP Hoax
Security move follows a rash of high-profile account takeovers, including a hoax tweet from the Associated Press' account about White House explosions.
Prioritizing Your Database Security Patches
Patching databases can be painful, but the presence of critical vulnerabilities can make closing security holes quickly necessary
Java's Security Renaissance Begins
Oracle's decision to delay Java 8 to ensure security is done right is a significant step -- but challenges remain for the troubled platform
Should Insiders Really Be Your Biggest Concern?
Verizon's Data Breach Investigations Report shows that by volume of breach occurrences, external attackers cause problems the majority of the time
Chinese Hackers Seek Drone Secrets
"Comment Crew" gang that fanned fears of Chinese hacking launches malware that combs for drone technology information.
Oracle Bug Hunter Spots Java 7 Server Flaw
Server Java Runtime Environment vulnerability can be used to escape sandbox and execute code, says Polish security expert.
Boston Bombers Can't Elude City's Tech Infrastructure
Video surveillance played a key role in identifying the suspects in Monday's tragic Boston Marathon bombing, setting a precedent for increasing use of sophisticated security IT systems nationwide.
Java 7 Malicious App Warning System Draws Criticism
Java runtime environment fails to verify that digital certificates used to sign "trusted" applications haven't been revoked.
Malware Attackers Exploit Boston Marathon Bombing
Now, 40% of all spam on the Internet name-drops the tragedy to trick users into executing malicious files or visiting sites that launch drive-by attacks.
Time To Dump Antivirus As Endpoint Protection?
Attackers find it easy to avoid signature- and heuristic-based anti-malware defenses. Experts recommend alternatives to antivirus programs be used alongside them, not in lieu of them
Safeguarding Your Data Against The Two-Bit Ne'er-Do-Well
A real-life data breach incident underscores the importance of employing even the most basic levels of security protection
Microsoft: Worms And Rogue AV Dying, Web Threats Thriving
Conficker finally flickering out, newest edition of Microsoft's Security Intelligence Report (SIR) shows
How Do You Use DAM For Blocking? You Don't
Curiously, many view blocking malicious Web application requests via WAFs as the appropriate approach
'Magic' Malware Uses Custom Protocol And A 'Magic Code' Handshake
Researchers spot a nearly year-long attack campaign that employs some special tricks
DDoS Attack Bandwidth Jumps 718%
Distributed denial-of-service study finds increase in attack quantity and severity, while most attacks continue to originate from China.
Coordinated Disclosure, Bug Bounties Help Speed Patches
Vulnerability advisories are increasingly accompanied by a patch these days, indicating that researchers and software firms are working more closely
Anonymous Takes Down North Korean Websites
Hacktivists knock five North Korean websites offline on the 101st anniversary of North Korea's founding.
Wireless Camera Flaws Allow Remote Exploitation
Foscam wireless IP cameras contain multiple vulnerabilities that can be used to steal credentials or hack the devices to launch further attacks, warn researchers from Qualys.
Microsoft Discovers Trojan That Erases Evidence Of Its Existence
This downloader is also the payload
Open Group Publishes Security Standard For Technology Supply Chain
New O-TTPS standard is designed to improve security of commercial off-the-shelf IT products
FAA Dismisses Android App Airplane Takeover
Demonstrated training software exploits don't work against the flight management systems installed in planes, say airline regulators and avionics manufacturers.
Microsoft: 'Embassies' Could Provide Users Sanctuary From Threats
Taking a cue from virtualized datacenters, Microsoft researchers envision a browser architecture that isolates Web apps from each other to strengthen security
Airplane Takeover Demonstrated Via Android App
Software hack allows security researcher to take control of aircraft navigation and other systems; avionics manufacturers emphasize that the presentation exploited training software.
Domain Names Like .Food May Leave Bad Taste
Symantec, Go Daddy, Trend Micro and other digital certificate authorities raise security, other concerns with ICANN about the pending release of new top-level domain names.
LulzSec Hackers Plead Guilty To CIA, Sony Attacks
Three men admit in London courtroom they launched distributed denial of service attacks and defacements that targeted a variety of websites.
Slide Show: 8 Egregious Examples Of Insider Threats
Real-world case studies from the CERT Insider Threat Center
South Korea Charges Alleged Hackers
South Korean government accuses two men of working with North Korean hackers to steal personal data relating to 140 million South Koreans.
Microsoft Windows 8 Security Software Lacks Teeth
Microsoft's free corporate and consumer endpoint security software needs more malware-stopping power, finds independent German firm AV-Test.
Office 2003, Windows XP Support Ends In One Year
If you're still using Windows XP, then you won't let a little thing like unpatched public vulnerabilities stop you. But many Office 2003 users will be surprised to find themselves cut loose by Microsoft
Google Uses Reputation To Detect Malicious Downloads
Researchers use data about websites, IP addresses, and domains to detect 99 percent of malicious executables downloaded by users -- outperforming antivirus and URL-reputation services
Alleged Carberp Botnet Ringleader Busted
Joint Ukrainian and Russian operation busts alleged Carberp boss and about 20 developers of malware-driven botnet that stole millions of dollars.
Exposed Website Reboots, Reveals Celeb Credit Reports
Personal data on U.S. Secret Service director, Anderson Cooper, George Clooney and other public figures released by Exposed website, famous for leaking data on Michelle Obama.
Carna Compromise Delivers Data, But Casts Suspicions
Created by an anonymous researcher, the Carna botnet found that 1.2 million Internet-connected devices are trivially exploitable, but the illegality of the methods raises doubts
Robocall Killers Seek End Of Nuisance Calls
FTC contest winners have new ideas on to how to identify and block illegal spam calls to landlines and cellphones.
No Bold Moves On U.S. Cybersecurity Framework
New cybersecurity framework, to be created per a February Obama administration executive order, likely will draw heavily from existing cybersecurity standards.
Darkleech Attacks Hit 20,000 Websites
Malicious Apache modules, installed after root-level server compromises, are serving hard-to-detect real-time malware attacks against Windows users.
Identifying And Remediating Security Vulnerabilities In The Cloud
Cloud computing can lead to security risks. Here are some insights on tracking them down
Taming Bad Inputs Means Taking Aim At 'Weird Machines'
Overly accommodating platforms and protocols let attackers use inputs like code, essentially allowing attackers to program an unintentional virtual machine
Anonymous Hits North Korea Via DDoS
Hacktivists disrupt government and airline websites after North Korean government threatens to restart nuclear reactor, invade South Korea.
|
Latest Comment: This comment is waiting for review by our moderators.
The Year in Security: 2019This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
![[Just Released] How Enterprises are Attacking the Cybersecurity Problem](https://dsimg.ubm-us.net/asset/413163/625983/report%20thumbnail.PNG)
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Tweet This
6 Comments
