Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in October 2014
<<   <   Page 2 / 2
'Hurricane Panda' Cyberspies Used Windows Zero-Day For Months
News  |  10/15/2014  | 
The vulnerability is one of multiple issues patched this week by Microsoft that have been targeted by attackers.
Russian Hackers Made $2.5B Over The Last 12 Months
News  |  10/15/2014  | 
The big bucks are in selling credit card data -- not using it for fraud -- and PoS and ATM attacks are on the rise.
'POODLE' Attacks, Kills Off SSL 3.0
News  |  10/15/2014  | 
A newly discovered design flaw in an older version of SSL encryption protocol could be used for man-in-the-middle attacks -- leading some browser vendors to remove SSL 3.0 for good.
Third-Party Code: Fertile Ground For Malware
Commentary  |  10/15/2014  | 
How big-brand corporate websites are becoming a popular method for mass distribution of exploit kits on vulnerable computers.
CMS Plug-Ins Put Sites At Risk
News  |  10/15/2014  | 
Content management systems are increasingly in attackers' crosshairs, with plug-ins, extensions, and themes broadening the attack surfaces for these platforms.
Cost Of A Data Breach Jumps By 23%
News  |  10/14/2014  | 
Cleanup and resolution after a breach take an average of one month to complete, a new Ponemon Institute report finds.
Mastering Security Analytics
News  |  10/14/2014  | 
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Hundreds Of DropBox Logins For Sale On Pastebin
Quick Hits  |  10/14/2014  | 
Trader says he's got 7 million more where those came from, but Dropbox says the accounts were expired.
Stolen Medical Data Is Now A Hot Commodity
Commentary  |  10/14/2014  | 
While credit cards are selling for a dollar or less on the black market, personal health credentials are commanding as much as $10 per patient. Heres why.
Russian Cyberspies Hit Ukrainian, US Targets With Windows Zero-Day Attack
News  |  10/14/2014  | 
The Sandworm cyber espionage gang out of Russia intensifies its attacks in the wake of the Ukrainian conflict and sanctions against Russia with classic zero-day -- plus a popular cybercrime toolkit.
Shellshock Mayhem Marks The Start Of Malware Mess
News  |  10/13/2014  | 
Existing Mayhem botnet malware kit now includes Shellshock exploit -- and experts say that'll be the model for more enterprising criminals.
In AppSec, Fast Is Everything
Commentary  |  10/13/2014  | 
The world has shifted. The SAST and DAST tools that were invented over a decade ago are no longer viable approaches to application security.
4 ID Management Tips For Better Breach Resistance
News  |  10/13/2014  | 
AT&T insider attack case highlights the need for strong privileged identity management practices.
Dont Get Caught in a Compromising Position
Partner Perspectives  |  10/13/2014  | 
Relying on Indicators of Compromise is necessary, but not sufficient.
Dairy Queen Breach Shines Light On Impact Of 3rd-Party Breaches
News  |  10/10/2014  | 
Yet another retail chain confirms a data breach of customer payment information via a third-party vendor, and Kmart tosses its hat into the breached ring today.
Security Education K Through Life
Commentary  |  10/10/2014  | 
InfoSec professionals of the future need access to the right education and tools early on and throughout their entire work life.
2 Tech Challenges Preventing Online Voting In US
News  |  10/9/2014  | 
A new report explains that online voting in the US is a matter of "if, not when," but problems of anonymity and verifiability must be solved first.
How To Be A 'Compromise-Ready' Organization
News  |  10/9/2014  | 
Incident response pros share tips on how to have all your ducks in a row before the inevitable breach.
MBIA Breach Highlights Need For Tightened Security Ops
News  |  10/9/2014  | 
Configuration change management and better monitoring could have prevented search engine indexing of sensitive financial information.
How Retail Can Win Back Consumer Trust
Commentary  |  10/9/2014  | 
Customer loyalty to their favorite brands is all about trust, which today has everything to do with security and privacy.
Why Don't IT Generalists Understand Security?
Why Don't IT Generalists Understand Security?
Dark Reading Videos  |  10/8/2014  | 
Why doesn't the rest of the IT department understand what encryption and passwords can and can't do? And does it matter?
How One Criminal Hacker Group Stole Credentials for 800,000 Bank Accounts
News  |  10/8/2014  | 
Proofpoint report shows how one Russian-speaking criminal organization hides from security companies.
DHS Anti-Terrorism Program Could Provide Cyberattack Liability Protection
News  |  10/8/2014  | 
The SAFETY Act can offer a layer of legal protection for cyber security vendors, providers, and enterprise security policies in the wake of an attack, an attorney says.
MBIA Leaves Customer Data Exposed On Web
News  |  10/8/2014  | 
The breach was due to a misconfigured server that exposed sensitive data online.
Good Job, Facebook: The Intersection Of Privacy, Identity & Security
Commentary  |  10/8/2014  | 
Birth names and legal names arent always the names people are best known by, concedes Facebook in the wake of a real-name policy usage flap.
Former NSA Director Reflects On Snowden Leaks
News  |  10/8/2014  | 
Gen. Keith Alexander defends NSA's controversial spying programs as lawful.
Yahoo Server Hack: Shellshocked Or Not?
News  |  10/7/2014  | 
Yahoo goes on the record to state that an attack over the weekend was not related to Shellshock, but an independent researcher insists the Bash bug is rearing its head on Yahoo infrastructure.
Hackers Steal Millions In Cash From ATMs, Using Tyupkin Malware
Quick Hits  |  10/7/2014  | 
Attackers add in failsafes to prevent innocents from triggering attack and money mules from going rogue.
Tokenization: 6 Reasons The Card Industry Should Be Wary
Commentary  |  10/7/2014  | 
VISAs new token service aims to provide consumers a simple, fraud-free digital payment experience. Its a worthy goal, but one that may prove to be more aspirational than functional.
HBGary Founder Launches New Security Startup
Quick Hits  |  10/7/2014  | 
Greg Hoglund's new Outlier Security offers SaaS-based security and IR for endpoints.
Heartland CEO On Why Retailers Keep Getting Breached
News  |  10/6/2014  | 
Robert Carr, chairman and CEO of Heartland Payment Systems, says lack of end-to-end encryption and tokenization were factors in recent data breaches.
Apple Makes Move To Shut Down Mac Botnet
News  |  10/6/2014  | 
Cupertino engineers move swiftly to contain a Trojan outbreak reportedly propagated through pirated software.
How Cookie-Cutter Cyber Insurance Falls Short
Commentary  |  10/6/2014  | 
Many off-the-shelf cyber liability policies feature a broad range of exclusions that wont protect your company from a data breach or ransomware attack.
New Mac Botnet Leverages Reddit
News  |  10/3/2014  | 
According to the security firm Dr. Web, the botnet was more than 18,000 strong as of Sept. 29.
To Combat Government Snooping, Encrypt Data Before Putting It In Cloud, Says Interop Speaker
Quick Hits  |  10/3/2014  | 
If Uncle Sam wants your data, make him come directly to you.
83 Million Compromised In JPMorgan Chase Breach
News  |  10/3/2014  | 
Bank says consumers and businesses don't even need to change passwords, but security experts believe attack is more serious than portrayed.
How Retro Malware Feeds the New Threat Wave
Commentary  |  10/3/2014  | 
Old-school exploits used in new ways are placing fresh demands for intel-sharing among infosec pros and their time-tested and next-gen security products.
Cyberinsurance Resurges In The Wake Of Mega-Breaches
News  |  10/2/2014  | 
Insurance policies customized for cyberattack protection are on the rise as businesses worry they could be the next Target.
Shellshock Attacks Spotted Against NAS Devices
News  |  10/2/2014  | 
First in-the-wild exploits found targeting QNAP network-attached storage devices.
Poll: Employees Clueless About Social Engineering
Commentary  |  10/2/2014  | 
Not surprisingly, our latest poll confirms that threats stemming from criminals hacking humans are all too frequently ignored.
Smart Meter Hack Shuts Off The Lights
News  |  10/1/2014  | 
European researchers will reveal major security weaknesses in smart meters that could allow an attacker to order a power blackout.
SuperValu Reports Second Cyberattack
News  |  10/1/2014  | 
So far, no payment card data is known to have been stolen, according to the company.
5 New Truths To Teach Your CIO About Identity
Commentary  |  10/1/2014  | 
When CIOs talk security they often use words like "firewall" and "antivirus." Heres why todays technology landscape needs a different vocabulary.
<<   <   Page 2 / 2


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21195
PUBLISHED: 2021-04-09
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.