Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Olympics Tap Big Data To Enhance Security
Olympics crime fighters are using big data analysis techniques to identify suspicious activity, imminent threats, and unexpected holes that attackers could exploit.
HTML Access Control Busted By Security Researchers
Open source HTExploit tool can bypass a standard directory protection technique used to secure many types of Web pages, security experts demonstrated at Black Hat.
NIST Updates Computer Security Guides
Guidelines focus on wireless security and protecting mobile devices from intrusion.
Mac Malware Spies On Email, Survives Reboots
Crisis malware lets attackers install without an administrator password and intercept email, IM, and other communications.
Power Plant Hack Talk, Free Tools Pulled From Def Con Lineup
Def Con talk on bugs, tools for hacking power plants replaced with another talk on HMI flaws
Web Browser Weaknesses Make Tracking Easy
Researcher kicks off effort to catalog all the ways that browsers and popular add-ons can be used to track users
Strike Back At Hackers? Get A Lawyer
Don't risk legal troubles. Get advice before taking the offensive against cybercriminals, military security expert says at Black Hat.
Mass Router Infection Possible: Black Hat
Black Hat presenters detail how an HTML5-compliant browser could deliver malicious firmware, bring network-connected hardware under attackers' control.
JavaScript Botnet Sheds Light On Criminal Activity
A security research group uses cached JavaScript to control computers connecting to a malicious proxy, gaining intelligence on fraudsters and criminals
Apple Makes Black Hat Debut
But presentation by Apple security team member doesn't reveal any new security details or plans for iOS
FAA's New Flight Control System Has Security Holes: Researcher
At the Black Hat conference, a computer scientist demonstrates how 'fake airplanes' can be inserted into FAA's upcoming air traffic control system.
Mahdi Malware Makers Push Anti-American Update
Spy malware, seemingly built by Iranians, gets update that searches for "USA" and "gov" on targeted machines, security researcher says at Black Hat.
Android Takeover With The Swipe Of A Smartphone
Security researcher discovers near-field communication (NFC) is a greenfield of security risks
Researchers To Launch New Tools For Search Engine Hacking
Free 'Diggity' data mining tools can identify and extract sensitive information from many popular cloud-based services
Dark Reading, Black Hat Partner To Produce Daily Conference Newsletter
Dark Reading newsletter subscribers, conference attendees will receive three days of Black Hat show coverage
Two-Thirds Of IT Pros Don't Know Who Has Local Admin Rights
Admin rights can be used by malware to install malicious software on local computers through the administrator account
When Hackers Meet Girlfriends: Readers Judge Our Theory
My modest proposal to deter law-breaking hackers by helping them get girlfriends sparked condemnation, support, and even marriage advice.
Black Hat: The Phishing Scare That Wasn't
Email glitch causes concern among security pros attending major industry event, but ends with humor
Apple Yanks Privacy Watcher From App Store
Clueful privacy app reported on free iOS apps' data-gathering practices, found 41% tracking users' location.
Smart Grid Researcher Releases Open Source Meter-Hacking Tool
'Termineter' unleashed prior to presentations on smart meter security next week at BSides, Black Hat USA
Attacking SCADA And Relative Cost Of Entry
SCADA technologies have been increasingly targeted by shadowy adversaries: Does that mean impending doom?
Firefox 14 Secures Google Search Queries
Security, interface, and gaming improvements debut in the latest version of Mozilla's Web browser.
Will Advanced Attackers Laugh At Your WAF?
Companies should not trust vendors' claims about Web application firewalls, says security engineer who at Black Hat USA will show 150 different ways attackers can get around Web defenses
'Waldo' Finds Ways To Abuse HTML5 WebSockets
Black Hat USA researchers to release free hacking tool and demonstrate how new communication channel could be used for XSS, denial-of-service, and hiding malicious or unauthorized traffic
Symantec Debuts Android Antivirus Software For Enterprises
Software interfaces with Symantec service that assesses apps from more than 70 app markets and blacklists malicious or suspicious choices.
AT&T To Sponsor Zero-Day Contest For Kids
Second annual DefCon Kids highlights mobile app security, responsible disclosure, social engineering, and other topics aimed at teaching the ways of white-hat hacking
Data Loss Prevention: What's The Use?
Why deploy data loss prevention technologies if there are ways to circumvent the system?
Apple In-App Store Hacked
Hacker finds way to loot in-app store items and posts a how-to on YouTube.
Yahoo Password Breach: 7 Lessons Learned
What should businesses, users, and regulators take away from the Yahoo password breach? Start with encryption for all stored passwords.
More Data Breaches, Fewer Details For Victims
The number of hack attacks that result in breaches has increased, but businesses are releasing less information about what was stolen--or who's at fault.
Crimeware Developers Shift To More Obfuscation, Java Exploits
After making their code harder to reverse-engineer, exploit kits are now focusing on improving attacks
How To Select A DDoS Mitigation Service
Distributed denial-of-service attacks can flare up quickly and do serious damage. Time to call in the experts?
Instagram Closes Security Hole
A security researcher says the vulnerability could allow people to access photos taken by others, while Instagram says private photos can not be accessed
Blast Phishing Attack Fooled Many Users
Spam disguised as convincing emails from LinkedIn, Facebook, and
other trusted entities were one targeted operation aimed at stealing
online financial credentials, say Trend Micro researchers.
Free Android Apps Have Privacy Cost
More than half of free Android apps use advertising networks and exchanges. Most are legit, but about 5% interface with 'aggressive' networks that could threaten your privacy.
Yahoo Hack Leaks 453,000 Voice Passwords
Yahoo passwords were stored unencrypted and stolen via a SQL injection attack, attackers claim. Meanwhile, Formspring resets passwords for 28 million users after a password breach.
Stealing Documents Through Social Media Image-Sharing
Innocent-looking vacation pictures on Facebook could conceivably traffic exfiltrated documents, Black Hat researchers warn
Megaupload's Kim Dotcom Offers To Extradite Himself
Dotcom says he'll come to U.S. if DOJ will guarantee him a fair trial and unfreeze his assets to cover legal expenses and living costs.
More Android Malware Pulled From Google Play
Disguised as Mario Bros. and Grand Theft Auto games, the malware downloaded itself in stages to evade Google's automated security checks.
DarkComet Developer Retires Notorious Remote Access Tool
Some call DarkComet a tool; others call it a Trojan. RAT had been used by Syrian police and anti-Tibet organizations to spy on targeted computers.
Anonymous Hands WikiLeaks 2.4 Million Syrian Emails
Hacktivist group claims credit for data breach; turned to WikiLeaks to help process the emails.
DNSChanger Still A Threat
DNSChanger server shutdown on Monday didn't cause a significant disruption, but the danger is not over yet, security experts say.
'Clonewise' Security Service Helps Identify Vulnerable Code
Researcher at Black Hat to demonstrate service that can help find vulnerable libraries built into larger bodies of code
Yahoo Defends Android App, Botnet Questions Remain
Security firm traces torrent of spam to Yahoo's failure to activate HTTPS by default in its Android app.
Lessons Learned From Duqu
The sophisticated Duqu exploit is one of the most complex ever seen. What does it tell you about your enterprise defenses?
Court Slams Bank For Ignoring Zeus Attack
Federal appeals court panel reverses previous ruling that construction company could not sue bank to recover $345,000 stolen by malware attackers.
Researchers Use Cloud To Clear Up Malware Evasion
An analysis project surveys the techniques used by malware to evade security software and plans to turn the research into a service to analyze malware
Flame Killing: Free Tool Spots Vulnerable Digital Certificates
One-quarter of enterprises still use insecure MD5 cryptographic hash function to sign their digital certificates, putting corporate secrets at risk.
Cyberattack Reports On U.S. Critical Infrastructure Jump Dramatically
A new report from ICS-CERT shows the number of reported incidents increased from 9 to 198 between 2009 and 2011.
British Police Bust Baltic Financial Malware Trio
Men face jail time for using SpyEye malware to steal consumers' online bank account information and launder $157,000. Separately, a TeamPoison hacker awaits sentencing for stealing former U.K. prime minister Tony Blair's online address book.
|
Special Report: Computing's New Normal, a Dark Reading PerspectiveThis special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
The Threat from the Internet—and What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Tweet This
17 Comments
