Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in January 2015
Page 1 / 2   >   >>
Google Paid Over $1.5 Million In Bug Bounties In 2014
Quick Hits  |  1/30/2015  | 
Mobile apps developed by Google now included in its Vulnerability Reward Program.
How The Skills Shortage Is Killing Defense in Depth
Commentary  |  1/30/2015  | 
It used to be easy to sell specialized security gizmos but these days when a point product gets pitched to a CSO, the response is likely looks nifty, but I dont have the staff to deploy it.
Takeaways from International Data Privacy Day: The Internet of Things
Partner Perspectives  |  1/30/2015  | 
Event looks at the future of data use and how we can and should protect personal privacy.
ZeroAccess Click-Fraud Botnet Back In Action Again
News  |  1/29/2015  | 
After a six-month hiatus, the much-diminished P2P botnet is up to its old tricks.
Why Iran Hacks
Commentary  |  1/29/2015  | 
Iran is using its increasingly sophisticated cyber capabilities to minimize Western influence and establish itself as the dominant power in the Middle East.
'Ghost' Not So Scary After All
Quick Hits  |  1/28/2015  | 
The latest open-source Linux vulnerability is serious but some security experts say it's not that easy to abuse and use in an attack.
Small Changes Can Make A Big Difference In Tech Diversity
Commentary  |  1/28/2015  | 
Theres no doubt that many employers feel most comfortable hiring people like themselves. But in InfoSec, this approach can lead to stagnation.
Half Of Enterprises Worldwide Hit By DDoS Attacks, Report Says
News  |  1/27/2015  | 
New data illustrates how distributed denial-of-service (DDoS) attacks remain a popular attack weapon -- and continue to evolve.
WiIl Millennials Be The Death Of Data Security?
Commentary  |  1/27/2015  | 
Millennials, notoriously promiscuous with data and devices, this year will become the largest generation in the workforce. Is your security team prepared?
NFL Mobile Sports App Contains Super Bowl-Sized Vulns
News  |  1/27/2015  | 
Lack of protections puts users at risk of exposed information by way of man-in-the-middle attacks.
Gas Stations Urged To Secure Internet-Exposed Fuel Tank Devices
News  |  1/26/2015  | 
Researchers find more than 5,000 US gas stations' automated tank gauges unprotected on the public Internet and open to hackers.
Power Consumption Technology Could Help Enterprises Identify Counterfeit Devices
Commentary  |  1/26/2015  | 
Understanding a device's "power fingerprint" might make it possible to detect security anomalies in Internet of Things as well, startup says
Security Skills Shortage? Dont Panic!
Partner Perspectives  |  1/26/2015  | 
Focus your energies on building a comprehensive security strategy and turning to experts for guidance.
Adobe Fixes Second Flash Flaw Exploited By Angler
News  |  1/26/2015  | 
Second 0-day fix addresses UAF vulnerability.
Building A Cybersecurity Program: 3 Tips
Commentary  |  1/26/2015  | 
Getting from we need to we have a cybersecurity program is an investment in time and resources thats well worth the effort.
Growing Open Source Use Heightens Enterprise Security Risks
News  |  1/23/2015  | 
Companies often have little clue about the extent of third-party code in the enterprise or the risks it poses, security experts say
Why Russia Hacks
Commentary  |  1/23/2015  | 
Conventional wisdom holds that Russia hacks primarily for financial gain. But equally credible is the belief that the Russians engage in cyberwarfare to further their geopolitical ambitions.
Diverse White Hat Community Leads To Diverse Vuln Disclosures
News  |  1/22/2015  | 
Researchers at Penn State find that courting new bug hunters is just as important as rewarding seasoned ones.
The Internet of Abused Things
Partner Perspectives  |  1/22/2015  | 
We need to find ways to better secure the Internet of Things, or be prepared to face the consequences.
NSA Report: How To Defend Against Destructive Malware
Quick Hits  |  1/22/2015  | 
In the wake of the Sony breach, spy agency's Information Assurance Directorate (IAD) arm provides best practices to mitigate damage of data annihilation attacks.
What Government Can (And Cant) Do About Cybersecurity
Commentary  |  1/22/2015  | 
In his 2015 State of the Union address, President Obama introduced a number of interesting, if not terribly novel, proposals. Here are six that will have minimal impact.
Protect Yourself by Protecting Others
Partner Perspectives  |  1/22/2015  | 
How the consumerization of IT is affecting endpoint security.
President's Plan To Crack Down On Hacking Could Hurt Good Hackers
News  |  1/21/2015  | 
Security experts critical of President Obama's new proposed cybersecurity legislation.
Security Budgets Going Up, Thanks To Mega-Breaches
News  |  1/21/2015  | 
Sixty percent of organizations have increased their security spending by one-third -- but many security managers still don't think that's enough, Ponemon study finds.
Adobe Investigating New Flash Zero-Day Spotted In Crimeware Kit
Quick Hits  |  1/21/2015  | 
Researcher Kafeine's 0day discovery confirmed by Malwarebytes.
Facebook Messenger: Classically Bad AppSec
Commentary  |  1/21/2015  | 
Facebook offers a textbook example of what the software industry needs to do to put application security in the forefront of software development.
Could The Sony Attacks Happen Again? Join The Conversation
Commentary  |  1/21/2015  | 
Check out Dark Reading Radio's interview and live chat with CrowdStrike founder and CEO George Kurtz and Shape Security executive Neal Mueller.
Ransomware Leads Surge In 2014 Mobile Malware Onslaught
News  |  1/20/2015  | 
Mobile malware increases 75 percent in U.S.
'123456' & 'Password' Are The 2 Most Common Passwords, Again
Quick Hits  |  1/20/2015  | 
New entrants to the top 25 show that bad password creators are fans of sports, superheroes, dragons, and NSFW numeral combos.
New Technology Detects Cyberattacks By Their Power Consumption
News  |  1/20/2015  | 
Startup's "power fingerprinting" approach catches stealthy malware within milliseconds in DOE test.
Recruit, Reward & Retain Cybersecurity Experts
Partner Perspectives  |  1/20/2015  | 
How to create a better working environment for security professionals.
A Lot of Security Purchases Remain Shelfware
News  |  1/16/2015  | 
Companies may be investing more in security, but many are either underutilizing their new purchases or not using them at all, an Osterman Research survey shows.
Security MIA In Car Insurance Dongle
News  |  1/16/2015  | 
A researcher finds security holes in Flo the Progressive Girl's Snapshot insurance policy product.
The Truth About Malvertising
Commentary  |  1/16/2015  | 
Malvertising accounts for huge amounts of cyberfraud and identity theft. Yet there is still no consensus on who is responsible for addressing these threats.
In Wake Of Violence, France Reports Spike In Cyberattacks
News  |  1/15/2015  | 
19,000 French websites have been attacked since Jan. 7.
Why North Korea Hacks
Commentary  |  1/15/2015  | 
The motivation behind Democratic Peoples Republic of Korea hacking is rooted in a mix of retribution, paranoia, and the immature behavior of an erratic leader.
Anatomy Of A 'Cyber-Physical' Attack
News  |  1/14/2015  | 
Inflicting major or physical harm in ICS/SCADA environments takes more than malware.
Bank Fraud Toolkit Circumvents 2FA & Device Identification
News  |  1/14/2015  | 
KL-Remote is giving Brazilian fraudsters a user-friendly "virtual mugging" platform.
Majority Of Enterprises Finally Recognize Users As Endpoint's Weakest Vulnerability
News  |  1/14/2015  | 
The Ponemon State of the Endpoint report shows endpoint management continues to grow more difficult.
4 Mega-Vulnerabilities Hiding in Plain Sight
Commentary  |  1/14/2015  | 
How four recently discovered, high-impact vulnerabilities provided god mode access to 90% of the Internet for 15 years, and what that means for the future.
New Data Illustrates Reality Of Widespread Cyberattacks
Quick Hits  |  1/13/2015  | 
All retailers, healthcare & pharmaceutical firms in new study suffered cyber attacks in the first half of 2014, FireEye found.
US CENTCOM Twitter Hijack 'Purely' Vandalism
News  |  1/13/2015  | 
Though not a real data breach, nor attributable to ISIS, the incident serves as a reminder to security professionals about the risks of sharing account credentials.
Insider Threats in the Cloud: 6 Harrowing Tales
Commentary  |  1/13/2015  | 
The cloud has vastly expanded the scope of rogue insiders. Read on to discover the latest threat actors and scenarios.
2015: The Year Of The Security Startup – Or Letdown
Commentary  |  1/13/2015  | 
While stealth startup Ionic and other newcomers promise to change the cyber security game, ISC8 may be the first of many to head for the showers.
Obama Calls For 30-Day Breach Notification Policy For Hacked Companies
News  |  1/12/2015  | 
But chances of this becoming a mandatory national breach notification law are no sure thing, even in the wake of the past year's high-profile hacks, experts say.
'Skeleton Key' Malware Bypasses Active Directory
News  |  1/12/2015  | 
Malware lets an attacker log in as any user, without needing to know or change the user's password, and doesn't raise any IDS alarms.
Cloud Services Adoption: Rates, Reasons & Security Fears
Commentary  |  1/12/2015  | 
Concern over data breaches and privacy are two reasons enterprises in the European Union didnt increase their use of cloud services in 2014, according to the EUs recent Eurostat report.
Insider Threat, Shadow IT Concerns Spur Cloud Security
News  |  1/12/2015  | 
Surveys show cloud tops 2015 priorities.
Microsoft Software Flaws Increase Sharply But Majority Affect IE
News  |  1/9/2015  | 
The number of reported flaws in core Windows components in 2014 were lower compared to the year before.
Chick-fil-A Breach: Avoiding 5 Common Security Mistakes
Commentary  |  1/9/2015  | 
On the surface these suggestions may seem simplistic. But almost every major retail breach in the last 12 months failed to incorporate at least one of them.
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-41154
PUBLISHED: 2021-10-18
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions an attacker with read access to a "SVN core" repository could execute arbitrary SQL queries. The following versions contain the fix: Tuleap Community Edition 11.1...
CVE-2021-41155
PUBLISHED: 2021-10-18
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following versions contain the fix...
CVE-2021-41152
PUBLISHED: 2021-10-18
OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In affected versions by manipulating the HTTP request an attacker can modify the path of a requested file download in the folder component to point to anywhere on t...
CVE-2021-41153
PUBLISHED: 2021-10-18
The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In `evm` crate `< 0.31.0`, `JUMPI` opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. Thi...
CVE-2021-41156
PUBLISHED: 2021-10-18
anuko/timetracker is an, open source time tracking system. In affected versions Time Tracker uses browser_today hidden control on a few pages to collect the today's date from user browsers. Because of not checking this parameter for sanity in versions prior to 1.19.30.5601, it was possible to craft ...