Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in January 2014
Page 1 / 3   >   >>
Slide Show: 20 Security Startups To Watch
Slideshows  |  1/31/2014  | 
Cloud security, mobile security, advanced behavioral detection, and a few other surprises mark this latest crop of newcomers
Super Bowl Tech: A Supersized Role For Security
Commentary  |  1/31/2014  | 
The cold weather has been the strongest story line throughout the entire NFL season. Sundays game will be no exception -- behind the scenes and on the field.
Yahoo Mail Passwords: Act Now
News  |  1/31/2014  | 
Yahoo suffers hack attack, eyes third-party database and reused credentials as likely culprits, may enforce two-factor authentication to help users recover accounts.
Point-Of-Sale System Attack Campaign Hits More Than 40 Retailers
News  |  1/30/2014  | 
Tor-camouflaged 'ChewBacca' payment card-stealing Trojan doesn't appear to be related to Target, RSA researchers say
Finding The Balance Between Compliance & Security
Commentary  |  1/30/2014  | 
IT departments can reduce security risks by combining the flexibility of ISO 27000 with the stringent requirements of PCI. Heres how.
Chip-and-PIN Security Push To Pit Retailers Against Banks
News  |  1/30/2014  | 
While the cost of breaches typically falls on the merchants, card issuers and banks would foot much of the bill for improving the security of the payment-card system
Target Hackers Tapped Vendor Credentials
Quick Hits  |  1/30/2014  | 
Investigators suspect that BMC software, Microsoft configuration management tools, and SQL injection were used as hacking tools and techniques in Target's massive data breach
Target Hackers Tapped Vendor Credentials
News  |  1/30/2014  | 
Investigators suspect that BMC software, Microsoft configuration management tools, and SQL injection were used as hacking tools and techniques in Target's massive data breach.
Red Or Blue, I'm Usually The Only Woman On The Team
Commentary  |  1/30/2014  | 
Women are still few and far between in the cybersecurity field
Startup Confer Launches Cyberthreat Prevention Network
Quick Hits  |  1/30/2014  | 
New company Confer takes on endpoint security problem with sensors that feed into threat intelligence network
SpyEye Creator Got 'Sloppy,' Then Got Nabbed
News  |  1/29/2014  | 
Russian national behind the infamous crimeware kit pleads guilty to conspiracy to commit wire and bank fraud in his role as primary developer and distributor of SpyEye
For SMBs: How To Implement PCI DSS 3
Commentary  |  1/29/2014  | 
How PCI DSS v3.0 requirements affect the management of service providers for SMBs
4 Hurdles That Trip Security Analytics Efforts
News  |  1/29/2014  | 
Don't let these people and process problems get in the way of security analytics effectiveness.
Angry Birds Site Toppled After Surveillance Report
News  |  1/29/2014  | 
Syrian Electronic Army ally allegedly defaces Rovio's Angry Birds website over reports that company shared user data with US and UK surveillance agencies.
The Scariest End-User Security Question: What Changed?
Commentary  |  1/29/2014  | 
Hitting employees over the head with fear, uncertainty, and doubt does little to help protect them from security threats. Is multi-factor authentication "by force" a better approach?
Stumbling Blocks That Faceplant Security Analytics Programs
News  |  1/28/2014  | 
Understanding the people and process problems that get in the way of analytics effectiveness
The IPS Makeover
News  |  1/28/2014  | 
Next-gen intrusion-prevention systems have fuller visibility into applications and data. But do newer firewalls make IPS redundant?
Global Shortage Of Security Professionals Amid Raised Threat Level
Quick Hits  |  1/28/2014  | 
Cisco annual security report highlights Web, Java, Android abuse
DDoS Just Won't Die
News  |  1/28/2014  | 
Record-breaking 309 Gbps distributed denial-of-service attack reported, and attackers continue to employ new ways of flooding and overwhelming struggling targets
Feds Arrest Bitcoin Celebrity In Money Laundering Case
News  |  1/28/2014  | 
Bitcoin Foundation vice chair Charlie Shrem accused of changing $1 million into bitcoins for users of Silk Road marketplace.
Data Security: 4 Questions For Road Warriors
Commentary  |  1/28/2014  | 
Traveling with electronic gear containing sensitive data carries a greater security risk today than ever before.
NSA, British Spy Agency Collect Angry Birds Data
News  |  1/28/2014  | 
National Security Agency and Britain's Government Communications Headquarters have collected data from smartphone apps for years, says new report on documents leaked by Edward Snowden
Securing The Distributed Network Perimeter
News  |  1/28/2014  | 
A variety of cloud and managed services can be used to lock down the rapidly expanding corporate network perimeter
Secret Service Investigating Breach At Michael's Retail Chain
Quick Hits  |  1/28/2014  | 
Retail giant Michael's still has not disclosed source or scope of breach; Secret Service called in
Air Force Researchers Plant Rootkit In A PLC
News  |  1/27/2014  | 
Rogue code and malicious activity could go undetected in many of today's programmable logic controllers
How To Defend Point-Of-Sale Systems
News  |  1/27/2014  | 
US-CERT gives advice on defending POS systems against attacks like those against Target, Neiman Marcus.
Michaels Stores Investigates Data Breach
News  |  1/27/2014  | 
Arts-and-crafts retailer goes into damage-control mode after banks report fraud possibly tied to shoppers' credit cards.
How & Why Cloud Security Will Empower Users
How & Why Cloud Security Will Empower Users
Dark Reading Videos  |  1/27/2014  | 
Cloud computing growth means big changes for enterprises of all sizes and in all markets.
Report: Phishing Attacks Enabled SEA To Crack CNN's Social Media
Quick Hits  |  1/27/2014  | 
Syrian Electronic Army fooled at least six CNN employees into giving up passwords, report says
Tech Insight: Defending Point-Of-Sale Systems
News  |  1/24/2014  | 
US-CERT publishes advice on defending POS systems against attacks like those against Target, Neiman Marcus
How & Why Cloud Security Will Empower Users
How & Why Cloud Security Will Empower Users
Dark Reading Videos  |  1/24/2014  | 
Cloud computing growth means big changes for enterprises of all sizes and in all markets.
Target Breach: Why Smartcards Wont Stop Hackers
Commentary  |  1/24/2014  | 
"Chip and PIN" smartcard adoption in the United States is long overdue. But the security improvement wouldn't have stopped Targets BlackPOS malware attackers.
Neiman Marcus Data Breach: 1.1M Cards Exposed
News  |  1/24/2014  | 
Debit and credit card details 'scraped' during transactions in stores.
How To Get The Most Out Of Risk Management Spend
News  |  1/24/2014  | 
Get the most bang for your security buck through risk management investments
1.1 Million Payment Cards Exposed In Neiman Marcus Data Breach
Quick Hits  |  1/23/2014  | 
Debit and credit card details 'scraped' during transactions in stores
Google Dismisses Chrome Browser Microphone Snooping Exploit
News  |  1/23/2014  | 
A researcher has released an exploit that abuses flaws he discovered in Chrome that could allow an attacker to snoop on phone calls or other conversations at your desktop, but Google says it's compliant with W3C
Future Shock: The Internet of Compromised Things
Commentary  |  1/23/2014  | 
Its doubtful that the average consumer would be aware that his or her refrigerator was participating in a DDoS attack. Even fewer would have any idea how to stop it.
China Blames Massive Internet Blackout On Hackers
News  |  1/23/2014  | 
Evidence about the 45-minute outage points to botched censorship operation, not hackers, security experts say
China Blames Massive Internet Blackout On Hackers
News  |  1/23/2014  | 
Evidence about the 45-minute outage points to botched censorship operation, not hackers, security experts say.
Startup Tackles Security Through Microsoft Active Directory
Quick Hits  |  1/23/2014  | 
New company Aorato identifies potential threats by monitoring traffic from ubiquitous Active Directory
Microsoft Maps Out Malware Haves And Have-Nots
News  |  1/22/2014  | 
Some countries suffer disproportionately from malware infections and cybercrime, and Windows XP could exacerbate the problem
DHS Warns Contractors About Breach Of Its Web Portal
News  |  1/22/2014  | 
More than 100 organizations got some bad news from DHS recently when it was revealed that hundreds of documents had been accessed without authorization
Target Mocks, Not Helps, Its Data Breach Victims
Commentary  |  1/22/2014  | 
The only thing consumers did wrong is to shop at Target. Why are they being blamed for the retailer's security failings?
Politically Motivated Cyberattackers Adopt New Tactics
News  |  1/22/2014  | 
Organized cybergroups from China, Syria, and Russia are finding new ways to breach enterprises, CrowdStrike reports.
Power Utility Substations At Risk
News  |  1/22/2014  | 
"Project Robus" so far has exposed dozens of security flaws in software using popular ICS/SCADA network protocol, but several vendors still have not patched.
Target Breach: 5 Unanswered Security Questions
Commentary  |  1/22/2014  | 
Investigators have yet to explain how Target was hacked, whether BlackPOS malware infected its payment servers, and whether the same gang also struck other retailers.
Google Chrome Allows Eavesdropping, Researcher Claims
News  |  1/22/2014  | 
Google doesn't recognize the browser behavior as a security issue.
No Easy Solution To Stop Amplification Attacks
News  |  1/22/2014  | 
Denial-of-service attacks powered by NTP amplification interrupted online-gaming services over the past month, renewing efforts to find solutions to the vulnerabilities
Security Startups Take Shape Out Of Stealth
Quick Hits  |  1/22/2014  | 
Former Google, Barracuda Networks executives behind new security companies launched yesterday
Power Utility Substations At Risk
News  |  1/21/2014  | 
'Project Robus' so far has exposed dozens of security flaws in software using popular ICS/SCADA network protocol, but several vendors still have not patched
Page 1 / 3   >   >>


Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27254
PUBLISHED: 2021-03-05
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encrypti...
CVE-2021-27255
PUBLISHED: 2021-03-05
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results from a lack of...
CVE-2021-27256
PUBLISHED: 2021-03-05
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists wit...
CVE-2021-27257
PUBLISHED: 2021-03-05
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via...
CVE-2021-26705
PUBLISHED: 2021-03-05
An issue was discovered in SquareBox CatDV Server through 9.2. An attacker can invoke sensitive RMI methods such as getConnections without authentication, the results of which can be used to generate valid authentication tokens. These tokens can then be used to invoke administrative tasks within the...