Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
U.K. Online Dating Sites Catch Heat On Privacy
Government and BBC investigations raise alarms about the industry's personal data handling practices, social media identity theft.
Intelligence Agencies Banned Lenovo PCs After Chinese Acquisition
U.S. feared use of PCs built by Lenovo posed security threat long before spying concerns over Huaweii and ZTE surfaced
Microsoft Extends MAPP To Incident Responders And Offers Free Online URL, File Scanner
Microsoft Active Protections Program evolving to a protection, detection, and remediation program
Intelligence Agencies Banned Lenovo PCs After Chinese Acquisition
U.S. feared use of PCs built by Lenovo posed security threat long before spying concerns over Huaweii and ZTE surfaced.
Cheap Monitoring Highlights Dangers Of Internet Of Things
Using a network of cheap sensors, the home-brewed CreepyDOL system can track people by signals sent from their mobile devices
Barnaby Jack And The Hacker Ethos
Barnaby Jack's untimely death should give us pause to remember why folks hack things and ultimately why pushing the boundaries of technology benefits us all
In Appreciation: Barnaby Jack
Industry mourns passing of intrepid and charismatic security researcher
Better Bug Bounties Mean Safer Software, More Research Demand
Companies should expect safer software as more companies adopt bug bounty programs and studies prove their effectiveness
Record-Setting Data Breach Highlights Corporate Security Risks
Case of five men indicted Thursday for allegedly stealing more than 160 million credit card numbers, in what Justice Department calls a record size scheme, shows how hard it is for business to deal with SQL injection attacks and similar approaches.
How Attackers Target And Exploit Critical Business Applications
Applications such as ERP and CRM make businesses go, yet are often left unpatched and vulnerable
Firms Far From Taming The Tower Of APT Babel
Threat intelligence firms continue to have individual lexicons for advanced persistent threats, making information sharing more difficult
Campaign Launched To Kill Off The Password
The Petition Against Passwords calls for no more password login
Network Solutions Knocked Down Again
MySQL problems to blame for customers' website editing and permission change problems, says hosting provider, but users suspect more nefarious cause.
Royal Baby Malware Attacks
Hackers capitalize on mania for royal baby and upcoming zombie game; fake versions of real Android apps created via Master Key vulnerability found in China.
Visualization Helps Attackers Spot Flaws In Software's Armor
Using data visualization techniques, researchers make memory and randomization flaws easier to recognize, spotting vulnerabilities in anti-exploitation technology such as ASLR and DEP
'Next Big' Banking Trojan Spotted In Cybercrime Underground
RSA says 'KINS' features a bootkit
Russian Trojan With Twist Targets Financial Details
Malware, designed to not infect Russian or Ukrainian PCs, is already for sale on cybercrime underground, says RSA.
SIM Card Hack A Wakeup Call
Crack of mobile SIM card crypto and virtual machine features could let an attacker target and clone a phone
APIs Giveth And APIs Taketh Away
Despite the incredible power afforded by APIs exposing cloud, mobile and Web services, there is a downside. There always is
Tech Insight: Protecting Against Risks Posed By Anonymization Tools
Snowden and NSA concerns are causing more users to seek anonymization and encryption tools that could cause security headaches for enterprises
3 Briefings That Highlight Infosec's High-Stakes Game
Spectacular exploits and worrying implications await
Huawei Spies For China, Former NSA Director Says
Michael Hayden, a former NSA and CIA chief, accuses Chinese telecom equipment maker Huawei of engaging in espionage on behalf of the Chinese state.
Java Dregs Create Unappetizing Enterprise Security Problem
Why is Java still such a security weakspot? Java updates don't nuke all older versions, leaving plenty of well-known vulnerabilities for online attackers to exploit.
'Write Once, Pwn Anywhere': Less Than 1 Percent Of Enterprises Run Newest Version Of Java
Most businesses have multiple, outdated versions of the app on their endpoints, new report finds
Service, Denied
Black Hat USA 2013 has lined up three DDoS-related Briefings, covering the topic from multiple angles
Google Play Has Apps Abusing Master Key Vulnerability
Two apps currently available for download in Google Play abuse the critical master key vulnerability that affects almost all Android devices. Is Google reviewing apps for the flaw?
Tumblr iPhone Vulnerability: Change Passwords Now
Passwords are transmitted in plaintext by Tumblr's iPhone and iPad apps, leaving them vulnerable to being intercepted.
'Tortilla' Spices Up Active Defense Ops
New free Tor tool, due out at Black Hat USA, aims to make the Tor anonymizing network easier to use for all types of intel-gathering
Android Users Can Patch Critical Flaw
ReKey app can be used to patch vulnerability that affects 99% of all Android smartphones and tablets, but requires rooting devices first.
NSA Surveillance: IT Pro Survey Says What?
To understand the relationship between security and privacy, we should pay more attention to IT professionals and spend less time asking loaded questions.
WordPress, Other CMS Platforms Give Attackers Room For Creativity
Hackers use vulns in content management systems to accomplish everything from privilege escalation on servers to using connections to run command and control
Chrome Users More Likely To Ignore Security Warnings
Security messages affect user behavior -- as long as they're well-designed, according to study of Chrome and Firefox users.
Jay-Z App, Amazon Extension Slammed On Privacy
Android app offers free album for users' account, login info; meanwhile, Amazon 1Button extension for Chrome reports user activity to Amazon.
NSA Data Collection Worrisome For Global Firms
Microsoft, Google, Facebook, and other tech firms have downplayed their participation in government spying programs, but U.S. and international companies should worry about access to their data in the cloud
How Attackers Thwart Malware Investigation
A researcher at Black Hat USA this month will dissect a recent attack, showing off attackers' techniques for making malware analysis harder and intelligence gathering more time consuming
Overcome The Microsoft Mindset: Patch Faster
Why can't vendors patch every critical bug like it was the Pwn2Own competition?
Generic TLDs Threaten Name Collisions, Information Leakage
Security problems could ensue if common internal TLDs -- such as .corp and .exchange -- are allowed to be registered
Hackers Tap Windows Bug Revealed By Google Researcher
Windows bug details disclosed by Google researcher Tavis Ormandy in May were quickly used by online attackers, Microsoft says.
Hack 99% Of Android Devices: Big Vulnerability
Critical vulnerability that affects almost all Android devices now in operation could allow attackers to use exploit code to easily infect devices with a Trojanized version of a legitimate app.
Preparing For Possible Future Crypto Attacks
Security experts warn that current advances in solving a complex problem could make a broad class of public-key crypto systems less secure
South Korean Bank Hackers Target U.S. Military Secrets
Wiper malware APT gang has been traced to four-year military espionage campaign.
12 Trends In Privacy And Security
Industry experts forecast top trends in data breach, privacy, and security
'Zombie Apocalypse' Broadcast Hoax Explained
Homeland Security details vulnerabilities in emergency alert equipment that have been exploited to create hoax broadcasts.
Microsoft Patch Tuesday Fixes Six Critical Bugs
Microsoft issues patches for an unusual number of critical vulnerabilities that encompass the company's entire software ecosystem.
Below The Application: The High Risk Of Low-Level Threats
In-memory attacks and rootkits may hit your systems below the OS. Here are some tips to help your defense
Controlling The Big 7
With limited resources, funding, and expertise, focusing on protecting the Big 7 applications will enable security professionals to reduce a large portion of their attack surface
Fake Twitter Accounts Remain Multimillion-Dollar Business
Barracuda Labs digs into the market for buying Twitter followers
Skype Bug Enables Android Lock Screen Bypass
Up to half a billion Android devices that have Skype installed are vulnerable to having their lock screen bypassed and being "attack-dialed."
|
Latest Comment: 'Look, our very own Don Quixote! If only his chivalrous attempt could twart the ransom, we'd be spared the media coverage.'
Navigating the Deluge of Security DataIn this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industry’s conventional wisdom. Here’s a look at what they’re thinking about.
Tweet This
1 Comments
