Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in January 2014
Page 1 / 3   >   >>
Slide Show: 20 Security Startups To Watch
Slideshows  |  1/31/2014  | 
Cloud security, mobile security, advanced behavioral detection, and a few other surprises mark this latest crop of newcomers
Super Bowl Tech: A Supersized Role For Security
Commentary  |  1/31/2014  | 
The cold weather has been the strongest story line throughout the entire NFL season. Sundays game will be no exception -- behind the scenes and on the field.
Yahoo Mail Passwords: Act Now
News  |  1/31/2014  | 
Yahoo suffers hack attack, eyes third-party database and reused credentials as likely culprits, may enforce two-factor authentication to help users recover accounts.
Point-Of-Sale System Attack Campaign Hits More Than 40 Retailers
News  |  1/30/2014  | 
Tor-camouflaged 'ChewBacca' payment card-stealing Trojan doesn't appear to be related to Target, RSA researchers say
Finding The Balance Between Compliance & Security
Commentary  |  1/30/2014  | 
IT departments can reduce security risks by combining the flexibility of ISO 27000 with the stringent requirements of PCI. Heres how.
Chip-and-PIN Security Push To Pit Retailers Against Banks
News  |  1/30/2014  | 
While the cost of breaches typically falls on the merchants, card issuers and banks would foot much of the bill for improving the security of the payment-card system
Target Hackers Tapped Vendor Credentials
Quick Hits  |  1/30/2014  | 
Investigators suspect that BMC software, Microsoft configuration management tools, and SQL injection were used as hacking tools and techniques in Target's massive data breach
Target Hackers Tapped Vendor Credentials
News  |  1/30/2014  | 
Investigators suspect that BMC software, Microsoft configuration management tools, and SQL injection were used as hacking tools and techniques in Target's massive data breach.
Red Or Blue, I'm Usually The Only Woman On The Team
Commentary  |  1/30/2014  | 
Women are still few and far between in the cybersecurity field
Startup Confer Launches Cyberthreat Prevention Network
Quick Hits  |  1/30/2014  | 
New company Confer takes on endpoint security problem with sensors that feed into threat intelligence network
SpyEye Creator Got 'Sloppy,' Then Got Nabbed
News  |  1/29/2014  | 
Russian national behind the infamous crimeware kit pleads guilty to conspiracy to commit wire and bank fraud in his role as primary developer and distributor of SpyEye
For SMBs: How To Implement PCI DSS 3
Commentary  |  1/29/2014  | 
How PCI DSS v3.0 requirements affect the management of service providers for SMBs
4 Hurdles That Trip Security Analytics Efforts
News  |  1/29/2014  | 
Don't let these people and process problems get in the way of security analytics effectiveness.
Angry Birds Site Toppled After Surveillance Report
News  |  1/29/2014  | 
Syrian Electronic Army ally allegedly defaces Rovio's Angry Birds website over reports that company shared user data with US and UK surveillance agencies.
The Scariest End-User Security Question: What Changed?
Commentary  |  1/29/2014  | 
Hitting employees over the head with fear, uncertainty, and doubt does little to help protect them from security threats. Is multi-factor authentication "by force" a better approach?
Stumbling Blocks That Faceplant Security Analytics Programs
News  |  1/28/2014  | 
Understanding the people and process problems that get in the way of analytics effectiveness
The IPS Makeover
News  |  1/28/2014  | 
Next-gen intrusion-prevention systems have fuller visibility into applications and data. But do newer firewalls make IPS redundant?
Global Shortage Of Security Professionals Amid Raised Threat Level
Quick Hits  |  1/28/2014  | 
Cisco annual security report highlights Web, Java, Android abuse
DDoS Just Won't Die
News  |  1/28/2014  | 
Record-breaking 309 Gbps distributed denial-of-service attack reported, and attackers continue to employ new ways of flooding and overwhelming struggling targets
Feds Arrest Bitcoin Celebrity In Money Laundering Case
News  |  1/28/2014  | 
Bitcoin Foundation vice chair Charlie Shrem accused of changing $1 million into bitcoins for users of Silk Road marketplace.
Data Security: 4 Questions For Road Warriors
Commentary  |  1/28/2014  | 
Traveling with electronic gear containing sensitive data carries a greater security risk today than ever before.
NSA, British Spy Agency Collect Angry Birds Data
News  |  1/28/2014  | 
National Security Agency and Britain's Government Communications Headquarters have collected data from smartphone apps for years, says new report on documents leaked by Edward Snowden
Securing The Distributed Network Perimeter
News  |  1/28/2014  | 
A variety of cloud and managed services can be used to lock down the rapidly expanding corporate network perimeter
Secret Service Investigating Breach At Michael's Retail Chain
Quick Hits  |  1/28/2014  | 
Retail giant Michael's still has not disclosed source or scope of breach; Secret Service called in
Air Force Researchers Plant Rootkit In A PLC
News  |  1/27/2014  | 
Rogue code and malicious activity could go undetected in many of today's programmable logic controllers
How To Defend Point-Of-Sale Systems
News  |  1/27/2014  | 
US-CERT gives advice on defending POS systems against attacks like those against Target, Neiman Marcus.
Michaels Stores Investigates Data Breach
News  |  1/27/2014  | 
Arts-and-crafts retailer goes into damage-control mode after banks report fraud possibly tied to shoppers' credit cards.
How & Why Cloud Security Will Empower Users
How & Why Cloud Security Will Empower Users
Dark Reading Videos  |  1/27/2014  | 
Cloud computing growth means big changes for enterprises of all sizes and in all markets.
Report: Phishing Attacks Enabled SEA To Crack CNN's Social Media
Quick Hits  |  1/27/2014  | 
Syrian Electronic Army fooled at least six CNN employees into giving up passwords, report says
Tech Insight: Defending Point-Of-Sale Systems
News  |  1/24/2014  | 
US-CERT publishes advice on defending POS systems against attacks like those against Target, Neiman Marcus
How & Why Cloud Security Will Empower Users
How & Why Cloud Security Will Empower Users
Dark Reading Videos  |  1/24/2014  | 
Cloud computing growth means big changes for enterprises of all sizes and in all markets.
Target Breach: Why Smartcards Wont Stop Hackers
Commentary  |  1/24/2014  | 
"Chip and PIN" smartcard adoption in the United States is long overdue. But the security improvement wouldn't have stopped Targets BlackPOS malware attackers.
Neiman Marcus Data Breach: 1.1M Cards Exposed
News  |  1/24/2014  | 
Debit and credit card details 'scraped' during transactions in stores.
How To Get The Most Out Of Risk Management Spend
News  |  1/24/2014  | 
Get the most bang for your security buck through risk management investments
1.1 Million Payment Cards Exposed In Neiman Marcus Data Breach
Quick Hits  |  1/23/2014  | 
Debit and credit card details 'scraped' during transactions in stores
Google Dismisses Chrome Browser Microphone Snooping Exploit
News  |  1/23/2014  | 
A researcher has released an exploit that abuses flaws he discovered in Chrome that could allow an attacker to snoop on phone calls or other conversations at your desktop, but Google says it's compliant with W3C
Future Shock: The Internet of Compromised Things
Commentary  |  1/23/2014  | 
Its doubtful that the average consumer would be aware that his or her refrigerator was participating in a DDoS attack. Even fewer would have any idea how to stop it.
China Blames Massive Internet Blackout On Hackers
News  |  1/23/2014  | 
Evidence about the 45-minute outage points to botched censorship operation, not hackers, security experts say
China Blames Massive Internet Blackout On Hackers
News  |  1/23/2014  | 
Evidence about the 45-minute outage points to botched censorship operation, not hackers, security experts say.
Startup Tackles Security Through Microsoft Active Directory
Quick Hits  |  1/23/2014  | 
New company Aorato identifies potential threats by monitoring traffic from ubiquitous Active Directory
Microsoft Maps Out Malware Haves And Have-Nots
News  |  1/22/2014  | 
Some countries suffer disproportionately from malware infections and cybercrime, and Windows XP could exacerbate the problem
DHS Warns Contractors About Breach Of Its Web Portal
News  |  1/22/2014  | 
More than 100 organizations got some bad news from DHS recently when it was revealed that hundreds of documents had been accessed without authorization
Target Mocks, Not Helps, Its Data Breach Victims
Commentary  |  1/22/2014  | 
The only thing consumers did wrong is to shop at Target. Why are they being blamed for the retailer's security failings?
Politically Motivated Cyberattackers Adopt New Tactics
News  |  1/22/2014  | 
Organized cybergroups from China, Syria, and Russia are finding new ways to breach enterprises, CrowdStrike reports.
Power Utility Substations At Risk
News  |  1/22/2014  | 
"Project Robus" so far has exposed dozens of security flaws in software using popular ICS/SCADA network protocol, but several vendors still have not patched.
Target Breach: 5 Unanswered Security Questions
Commentary  |  1/22/2014  | 
Investigators have yet to explain how Target was hacked, whether BlackPOS malware infected its payment servers, and whether the same gang also struck other retailers.
Google Chrome Allows Eavesdropping, Researcher Claims
News  |  1/22/2014  | 
Google doesn't recognize the browser behavior as a security issue.
No Easy Solution To Stop Amplification Attacks
News  |  1/22/2014  | 
Denial-of-service attacks powered by NTP amplification interrupted online-gaming services over the past month, renewing efforts to find solutions to the vulnerabilities
Security Startups Take Shape Out Of Stealth
Quick Hits  |  1/22/2014  | 
Former Google, Barracuda Networks executives behind new security companies launched yesterday
Power Utility Substations At Risk
News  |  1/21/2014  | 
'Project Robus' so far has exposed dozens of security flaws in software using popular ICS/SCADA network protocol, but several vendors still have not patched
Page 1 / 3   >   >>


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-13157
PUBLISHED: 2019-11-22
nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive.
CVE-2012-2079
PUBLISHED: 2019-11-22
A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal.
CVE-2019-11325
PUBLISHED: 2019-11-21
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
CVE-2019-18887
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel.
CVE-2019-18888
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. T...