News & Commentary

Content posted in January 2014
Page 1 / 3   >   >>
Slide Show: 20 Security Startups To Watch
Slideshows  |  1/31/2014  | 
Cloud security, mobile security, advanced behavioral detection, and a few other surprises mark this latest crop of newcomers
Super Bowl Tech: A Supersized Role For Security
Commentary  |  1/31/2014  | 
The cold weather has been the strongest story line throughout the entire NFL season. Sundays game will be no exception -- behind the scenes and on the field.
Yahoo Mail Passwords: Act Now
News  |  1/31/2014  | 
Yahoo suffers hack attack, eyes third-party database and reused credentials as likely culprits, may enforce two-factor authentication to help users recover accounts.
Point-Of-Sale System Attack Campaign Hits More Than 40 Retailers
News  |  1/30/2014  | 
Tor-camouflaged 'ChewBacca' payment card-stealing Trojan doesn't appear to be related to Target, RSA researchers say
Finding The Balance Between Compliance & Security
Commentary  |  1/30/2014  | 
IT departments can reduce security risks by combining the flexibility of ISO 27000 with the stringent requirements of PCI. Heres how.
Chip-and-PIN Security Push To Pit Retailers Against Banks
News  |  1/30/2014  | 
While the cost of breaches typically falls on the merchants, card issuers and banks would foot much of the bill for improving the security of the payment-card system
Target Hackers Tapped Vendor Credentials
Quick Hits  |  1/30/2014  | 
Investigators suspect that BMC software, Microsoft configuration management tools, and SQL injection were used as hacking tools and techniques in Target's massive data breach
Target Hackers Tapped Vendor Credentials
News  |  1/30/2014  | 
Investigators suspect that BMC software, Microsoft configuration management tools, and SQL injection were used as hacking tools and techniques in Target's massive data breach.
Red Or Blue, I'm Usually The Only Woman On The Team
Commentary  |  1/30/2014  | 
Women are still few and far between in the cybersecurity field
Startup Confer Launches Cyberthreat Prevention Network
Quick Hits  |  1/30/2014  | 
New company Confer takes on endpoint security problem with sensors that feed into threat intelligence network
SpyEye Creator Got 'Sloppy,' Then Got Nabbed
News  |  1/29/2014  | 
Russian national behind the infamous crimeware kit pleads guilty to conspiracy to commit wire and bank fraud in his role as primary developer and distributor of SpyEye
For SMBs: How To Implement PCI DSS 3
Commentary  |  1/29/2014  | 
How PCI DSS v3.0 requirements affect the management of service providers for SMBs
4 Hurdles That Trip Security Analytics Efforts
News  |  1/29/2014  | 
Don't let these people and process problems get in the way of security analytics effectiveness.
Angry Birds Site Toppled After Surveillance Report
News  |  1/29/2014  | 
Syrian Electronic Army ally allegedly defaces Rovio's Angry Birds website over reports that company shared user data with US and UK surveillance agencies.
The Scariest End-User Security Question: What Changed?
Commentary  |  1/29/2014  | 
Hitting employees over the head with fear, uncertainty, and doubt does little to help protect them from security threats. Is multi-factor authentication "by force" a better approach?
Stumbling Blocks That Faceplant Security Analytics Programs
News  |  1/28/2014  | 
Understanding the people and process problems that get in the way of analytics effectiveness
The IPS Makeover
News  |  1/28/2014  | 
Next-gen intrusion-prevention systems have fuller visibility into applications and data. But do newer firewalls make IPS redundant?
Global Shortage Of Security Professionals Amid Raised Threat Level
Quick Hits  |  1/28/2014  | 
Cisco annual security report highlights Web, Java, Android abuse
DDoS Just Won't Die
News  |  1/28/2014  | 
Record-breaking 309 Gbps distributed denial-of-service attack reported, and attackers continue to employ new ways of flooding and overwhelming struggling targets
Feds Arrest Bitcoin Celebrity In Money Laundering Case
News  |  1/28/2014  | 
Bitcoin Foundation vice chair Charlie Shrem accused of changing $1 million into bitcoins for users of Silk Road marketplace.
Data Security: 4 Questions For Road Warriors
Commentary  |  1/28/2014  | 
Traveling with electronic gear containing sensitive data carries a greater security risk today than ever before.
NSA, British Spy Agency Collect Angry Birds Data
News  |  1/28/2014  | 
National Security Agency and Britain's Government Communications Headquarters have collected data from smartphone apps for years, says new report on documents leaked by Edward Snowden
Securing The Distributed Network Perimeter
News  |  1/28/2014  | 
A variety of cloud and managed services can be used to lock down the rapidly expanding corporate network perimeter
Secret Service Investigating Breach At Michael's Retail Chain
Quick Hits  |  1/28/2014  | 
Retail giant Michael's still has not disclosed source or scope of breach; Secret Service called in
Air Force Researchers Plant Rootkit In A PLC
News  |  1/27/2014  | 
Rogue code and malicious activity could go undetected in many of today's programmable logic controllers
How To Defend Point-Of-Sale Systems
News  |  1/27/2014  | 
US-CERT gives advice on defending POS systems against attacks like those against Target, Neiman Marcus.
Michaels Stores Investigates Data Breach
News  |  1/27/2014  | 
Arts-and-crafts retailer goes into damage-control mode after banks report fraud possibly tied to shoppers' credit cards.
How & Why Cloud Security Will Empower Users
How & Why Cloud Security Will Empower Users
Dark Reading Videos  |  1/27/2014  | 
Cloud computing growth means big changes for enterprises of all sizes and in all markets.
Report: Phishing Attacks Enabled SEA To Crack CNN's Social Media
Quick Hits  |  1/27/2014  | 
Syrian Electronic Army fooled at least six CNN employees into giving up passwords, report says
Tech Insight: Defending Point-Of-Sale Systems
News  |  1/24/2014  | 
US-CERT publishes advice on defending POS systems against attacks like those against Target, Neiman Marcus
How & Why Cloud Security Will Empower Users
How & Why Cloud Security Will Empower Users
Dark Reading Videos  |  1/24/2014  | 
Cloud computing growth means big changes for enterprises of all sizes and in all markets.
Target Breach: Why Smartcards Wont Stop Hackers
Commentary  |  1/24/2014  | 
"Chip and PIN" smartcard adoption in the United States is long overdue. But the security improvement wouldn't have stopped Targets BlackPOS malware attackers.
Neiman Marcus Data Breach: 1.1M Cards Exposed
News  |  1/24/2014  | 
Debit and credit card details 'scraped' during transactions in stores.
How To Get The Most Out Of Risk Management Spend
News  |  1/24/2014  | 
Get the most bang for your security buck through risk management investments
1.1 Million Payment Cards Exposed In Neiman Marcus Data Breach
Quick Hits  |  1/23/2014  | 
Debit and credit card details 'scraped' during transactions in stores
Google Dismisses Chrome Browser Microphone Snooping Exploit
News  |  1/23/2014  | 
A researcher has released an exploit that abuses flaws he discovered in Chrome that could allow an attacker to snoop on phone calls or other conversations at your desktop, but Google says it's compliant with W3C
Future Shock: The Internet of Compromised Things
Commentary  |  1/23/2014  | 
Its doubtful that the average consumer would be aware that his or her refrigerator was participating in a DDoS attack. Even fewer would have any idea how to stop it.
China Blames Massive Internet Blackout On Hackers
News  |  1/23/2014  | 
Evidence about the 45-minute outage points to botched censorship operation, not hackers, security experts say
China Blames Massive Internet Blackout On Hackers
News  |  1/23/2014  | 
Evidence about the 45-minute outage points to botched censorship operation, not hackers, security experts say.
Startup Tackles Security Through Microsoft Active Directory
Quick Hits  |  1/23/2014  | 
New company Aorato identifies potential threats by monitoring traffic from ubiquitous Active Directory
Microsoft Maps Out Malware Haves And Have-Nots
News  |  1/22/2014  | 
Some countries suffer disproportionately from malware infections and cybercrime, and Windows XP could exacerbate the problem
DHS Warns Contractors About Breach Of Its Web Portal
News  |  1/22/2014  | 
More than 100 organizations got some bad news from DHS recently when it was revealed that hundreds of documents had been accessed without authorization
Target Mocks, Not Helps, Its Data Breach Victims
Commentary  |  1/22/2014  | 
The only thing consumers did wrong is to shop at Target. Why are they being blamed for the retailer's security failings?
Politically Motivated Cyberattackers Adopt New Tactics
News  |  1/22/2014  | 
Organized cybergroups from China, Syria, and Russia are finding new ways to breach enterprises, CrowdStrike reports.
Power Utility Substations At Risk
News  |  1/22/2014  | 
"Project Robus" so far has exposed dozens of security flaws in software using popular ICS/SCADA network protocol, but several vendors still have not patched.
Target Breach: 5 Unanswered Security Questions
Commentary  |  1/22/2014  | 
Investigators have yet to explain how Target was hacked, whether BlackPOS malware infected its payment servers, and whether the same gang also struck other retailers.
Google Chrome Allows Eavesdropping, Researcher Claims
News  |  1/22/2014  | 
Google doesn't recognize the browser behavior as a security issue.
No Easy Solution To Stop Amplification Attacks
News  |  1/22/2014  | 
Denial-of-service attacks powered by NTP amplification interrupted online-gaming services over the past month, renewing efforts to find solutions to the vulnerabilities
Security Startups Take Shape Out Of Stealth
Quick Hits  |  1/22/2014  | 
Former Google, Barracuda Networks executives behind new security companies launched yesterday
Power Utility Substations At Risk
News  |  1/21/2014  | 
'Project Robus' so far has exposed dozens of security flaws in software using popular ICS/SCADA network protocol, but several vendors still have not patched
Page 1 / 3   >   >>


6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
6 Reasons Why Employees Violate Security Policies
Ericka Chickowski, Contributing Writer, Dark Reading,  10/16/2018
Getting Up to Speed with "Always-On SSL"
Tim Callan, Senior Fellow, Comodo CA,  10/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: Too funny!
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.