News & Commentary

Content posted in November 2015
Page 1 / 2   >   >>
State & Local Government Hit By Malware, Ransomware More Than SMBs
News  |  11/30/2015  | 
Localities and education networks suffered twice as many infections of the infamous CyptoWall ransomware than other sectors.
How Facebook Bakes Security Into Corporate Culture
Commentary  |  11/30/2015  | 
Security is everyone's responsibility at the famous social network. These five ingredients are what make up the secret sauce.
Security Geek Gift Guide
Slideshows  |  11/30/2015  | 
Whether you're looking for a gift to give at the IT department's holiday party, for your science-loving kids, or for a genuine friend in the cube beside you, these gifts are sure winners.
Hilton Data Breach Focuses Attention On Growing POS Malware Threat
News  |  11/25/2015  | 
Analysts expect an increase in POS attacks against retailers and others during this holiday shopping season.
The Youthful Side Of Hacking
Commentary  |  11/25/2015  | 
If the iconic 1955 movie Rebel Without a Cause was remade today, would James Dean be a computer hacker?
Cyber Monday: What Retailers & Shoppers Should Watch For
News  |  11/24/2015  | 
Attackers have a variety of ways to commit fraud and may take advantage of busy time to sneak in a data breach.
RSA Warns Of Zero Detection Trojan
News  |  11/24/2015  | 
GlassRAT has remained undetected for more than three years while stealthily targeting victims, security firm says.
Cisco Cert Tracker Offline After Pearson VUE Breach
News  |  11/24/2015  | 
Third-party certification credential manager used by Cisco and others is taken down after malware infection.
Stealthy ModPOS Is 'Most Sophisticated PoS Malware' Ever
News  |  11/24/2015  | 
More than just a point-of-sale card scraper, it's modular malware, and every module is a rootkit.
Dell Hands Hackers Keys To Customer Systems
News  |  11/24/2015  | 
Dell installs root certificate with associated private keys to create its very own Superfish scenario.
Parsing What Is Reasonable In Security, Post FTC v Wyndham
Commentary  |  11/24/2015  | 
In today's regulatory climate, companies can no longer depend on technology solutions alone for example, SIEM -- to protect corporate data and customer privacy. Here's why.
Black Friday Security: Brick-and-Mortar Retailers Have Cyber Threats, Too
News  |  11/23/2015  | 
PoS malware, ways to trick new payment technology, and zero tolerance for down-time or slow-time make for a stressful combination.
SAFECode Releases Framework For Assessing Security Of Software
News  |  11/23/2015  | 
Guide for evaluating how software companies are adopting secure coding and security support practices.
A Comprehensive Look At China's Cybercrime Culture
News  |  11/23/2015  | 
Trend Micro report offers a full view of espionage and theft perpetrated by Chinese hackers.
Where Is Ransomware Going?
Partner Perspectives  |  11/23/2015  | 
As PCs and servers get better protected and employees more knowledgeable about the ransomware threat, criminals will go after less secure systems such as smart TVs, conferencing equipment, or other unsecured devices.
We Need A New Word For Cyber
Commentary  |  11/23/2015  | 
Its time to find an alternative for 'cyber' (an adjective or noun) before the term like 'google' -- becomes a verb.
Russian Cybergangs Stole Some $790 Million Over 3 Years
News  |  11/20/2015  | 
More than $500 million of that is from victims located outside the borders of the former USSR, Kaspersky Lab reveals.
Starwood Hotels Hit With PoS Malware, Payment Card Info Exposed
Quick Hits  |  11/20/2015  | 
More than 50 Sheraton, Westin, other hotel chains in North America affected.
Introducing RITA for Real Intelligence Threat Analysis
Commentary  |  11/20/2015  | 
SANS' free, new framework can help teams hunt for attackers by extending traditional signature analysis to blacklisted IP addresses and accounts that have multiple concurrent logons to multiple systems.
Why The Java Deserialization Bug Is A Big Deal
News  |  11/19/2015  | 
Millions of app servers are potentially open to compromise due to how they handle serialized Java apps, researchers say.
4 Tricks For Getting The Most Out Of User Behavior Analytics
News  |  11/19/2015  | 
First thing's first: establish what 'normal' metrics look like.
US-China Security Review Commission Discusses 'Hack-Back' Laws
Quick Hits  |  11/19/2015  | 
Commission's annual report to Congress recommends a closer look at whether companies should be allowed to launch counterattacks on hackers.
And Now, A Cyber Arms Race Towards Critical Infrastructure Attacks
Commentary  |  11/19/2015  | 
As traditional explosives give way to 'logic bombs,' the need to protect our industrial networks and systems has never been more important.
'Xindi' Online Ad Fraud Botnet Exposed
News  |  11/18/2015  | 
Billions of dollars in ad revenue overall could be lost to botnet that exploits 'Amnesia' bug.
Siris Lockscreen Bypass A Growing Privacy Issue For iOS Users
News  |  11/18/2015  | 
In less than 30 seconds, anyone with access to an Apple iPhone or iPad can extract a lot of personal data using Siri, Trend Micro says.
Exploit Kit Explosion Will Keep Victims Off Kilter
News  |  11/18/2015  | 
Exploit kit C&C infrastructure expanded by 75% in Q3.
DDoS And The Internet's Liability Problem
Commentary  |  11/18/2015  | 
It's past time for an improved liability model to disrupt DDoS.
Attack Attempt Numbers Down, But PoS Malware & Angler Up in Q3
News  |  11/17/2015  | 
Politically motivated cyberespionage groups also hard at work between July and September, according to Trend Micro.
Must Automation Remain A Four-Letter Word?
Partner Perspectives  |  11/17/2015  | 
It doesnt have to. We just need to apply the compensating safeguards and automated controls selectively so CISOs and their security teams can comfortably embrace it.
Microsoft Invests $1 Billion In 'Holistic' Security Strategy
News  |  11/17/2015  | 
Executives detail strategic and cultural shift at Microsoft to an integrated security approach across its software and services, and announce new managed services group and cyber defense operation center.
5 Reasons Enterprises Don't Get Enough Value From Threat Intelligence
News  |  11/17/2015  | 
Maturity levels still keeping threat intelligence efficacy stunted.
IBM Report: Ransomware, Malicious Insiders On The Rise
News  |  11/16/2015  | 
X-Force's top four cyber threat trends also names upper management's increasing interest in infosec.
Dont Toy With The Dark Web, Harness It
Commentary  |  11/16/2015  | 
The Dark Webs sinister allure draws outsized attention, but time-strapped security teams would benefit from knowing what's already circulating in places they don't need Tor or I2P to find.
Dark Reading Radio: A Cybersecurity Generation Gap
Commentary  |  11/16/2015  | 
Millennials--especially young women--not pursuing careers in cybersecurity due to lack of both awareness and interest.
Google Study Finds Email Security A Mixed Bag
News  |  11/13/2015  | 
The use of encryption and authentication mechanisms by Google, Yahoo, and Microsoft has improved security -- but problems remain.
More Ransomware Being Spread Via Malvertising
Quick Hits  |  11/13/2015  | 
Magnitude exploit kit has popped up in new malvertising campaign and dropping CryptoWall.
Healthcare Apps, WordPress Most Popular Web Attack Targets
News  |  11/12/2015  | 
No application escaped without a Shellshock attack in 2015, either, report finds.
Cherry Picker POS Malware Has Remained Hidden For Four Years
News  |  11/12/2015  | 
Sophisticated obfuscation techniques have allowed malware to evade AV systems and security vendors for a long time, says Trustwave.
Solving Security: If You Want Something New, Stop Doing Something Old
News  |  11/12/2015  | 
Black Hat Europe keynoter Haroon Meer tells security pros to work smarter, think out of the box, and speak out to the C-suite.
Incidence-Response Imperative: Take Immediate Action
Partner Perspectives  |  11/12/2015  | 
Something malicious this way comes. A fast reaction can reduce your risk.
Point of Entry: The Missing Link in the Security Hiring Gap
Commentary  |  11/12/2015  | 
How misguided notions of capability and lack of access to enterprise tools discourage diversity in Infosec.
Federal Government Most Prone To Repeat Breaches
News  |  11/11/2015  | 
It isn't just the White House that gets compromised more than once. Also, in a shifting trend, malicious insider attacks don't cut quite as deep as outsiders' do, report finds.
Tool Controls Botnet With Twitter Direct Messages
News  |  11/11/2015  | 
'Twittor' exploits the expanded capacity of Twitter DMs to replace traditional botnet command-and-control server infrastructure.
Machine Learning: Perception Problem? Maybe. Pipe Dream? No Way!
Commentary  |  11/11/2015  | 
Guided by an organization's internal security experts,'algorithmic assistants' provide a powerful new way to find anomalies and patterns for detecting cyberthreat activity.
Privileged Account Control Still Weak In Most Organizations
News  |  11/11/2015  | 
Two studies this week show there's a long way to go in securing credentials for risky accounts.
JP Morgan Breach Only One Piece Of Vast Criminal Enterprise, Indictments Reveal
News  |  11/10/2015  | 
Three men at the head of 'diversified criminal conglomerate' used hacking to commit and enhance their securities fraud, illegal online gambling, illegal Bitcoin exchange, and illegal payment processing businesses, 23-count indictment alleges.
Adobe Flash Bug Discovery Leads To New Attack Mitigation Method
News  |  11/10/2015  | 
Prototype aims to prevent exploits that employ 'use after free' bugs in Windows, Linux, OS X software.
Why Threat Intelligence Feels Like A Game Of Connect Four
Commentary  |  11/10/2015  | 
In real life, solving the cybersecurity puzzle has many challenges. But shared wisdom and community defense models are making it easier to connect the dots.
New 4G LTE Hacks Punch Holes In Privacy
News  |  11/9/2015  | 
Black Hat Europe researchers to demonstrate newly found flaws in 4G mobile that expose privacy and disrupt phone service.
NSA Discloses 91 Percent Of Vulns It Finds, But How Quickly?
News  |  11/9/2015  | 
NSA says 'vast majority' of flaws it finds are reported to vendors, but keeps mum on how long it takes--offering enterprises another reason for remaining vigilant with their own internal security.
Page 1 / 2   >   >>


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15572
PUBLISHED: 2018-08-20
The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.
CVE-2018-15573
PUBLISHED: 2018-08-20
** DISPUTED ** An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata parameter and a pathname in the lf...
CVE-2018-15574
PUBLISHED: 2018-08-20
** DISPUTED ** An issue was discovered in the license editor in Reprise License Manager (RLM) through 12.2BL2. It is a cross-site scripting vulnerability in the /goform/edit_lf_get_data lf parameter via GET or POST. NOTE: the vendor has stated "We do not consider this a vulnerability."
CVE-2018-15570
PUBLISHED: 2018-08-20
In waimai Super Cms 20150505, there is stored XSS via the /admin.php/Foodcat/editsave fcname parameter.
CVE-2018-15564
PUBLISHED: 2018-08-20
An issue was discovered in daveismyname simple-cms through 2014-03-11. There is a CSRF vulnerability that can delete any page via admin/?delpage=8.