News & Commentary
Content posted in November 2015
|
State & Local Government Hit By Malware, Ransomware More Than SMBs
Localities and education networks suffered twice as many infections of the infamous CyptoWall ransomware than other sectors.
How Facebook Bakes Security Into Corporate Culture
Security is everyone's responsibility at the famous social network. These five ingredients are what make up the secret sauce.
Security Geek Gift Guide
Whether you're looking for a gift to give at the IT department's holiday party, for your science-loving kids, or for a genuine friend in the cube beside you, these gifts are sure winners.
Hilton Data Breach Focuses Attention On Growing POS Malware Threat
Analysts expect an increase in POS attacks against retailers and others during this holiday shopping season.
The Youthful Side Of Hacking
If the iconic 1955 movie Rebel Without a Cause was remade today, would James Dean be a computer hacker?
Cyber Monday: What Retailers & Shoppers Should Watch For
Attackers have a variety of ways to commit fraud and may take advantage of busy time to sneak in a data breach.
RSA Warns Of Zero Detection Trojan
GlassRAT has remained undetected for more than three years while stealthily targeting victims, security firm says.
Cisco Cert Tracker Offline After Pearson VUE Breach
Third-party certification credential manager used by Cisco and others is taken down after malware infection.
Stealthy ModPOS Is 'Most Sophisticated PoS Malware' Ever
More than just a point-of-sale card scraper, it's modular malware, and every module is a rootkit.
Dell Hands Hackers Keys To Customer Systems
Dell installs root certificate with associated private keys to create its very own Superfish scenario.
Parsing What Is ‘Reasonable’ In Security, Post FTC v Wyndham
In today's regulatory climate, companies can no longer depend on technology solutions alone – for example, SIEM -- to protect corporate data and customer privacy. Here's why.
Black Friday Security: Brick-and-Mortar Retailers Have Cyber Threats, Too
PoS malware, ways to trick new payment technology, and zero tolerance for down-time or slow-time make for a stressful combination.
SAFECode Releases Framework For Assessing Security Of Software
Guide for evaluating how software companies are adopting secure coding and security support practices.
A Comprehensive Look At China's Cybercrime Culture
Trend Micro report offers a full view of espionage and theft perpetrated by Chinese hackers.
Where Is Ransomware Going?
As PCs and servers get better protected and employees more knowledgeable about the ransomware threat, criminals will go after less secure systems such as smart TVs, conferencing equipment, or other unsecured devices.
We Need A New Word For Cyber
It’s time to find an alternative for 'cyber' (an adjective or noun) before the term – like 'google' -- becomes a verb.
Russian Cybergangs Stole Some $790 Million Over 3 Years
More than $500 million of that is from victims located outside the borders of the former USSR, Kaspersky Lab reveals.
Starwood Hotels Hit With PoS Malware, Payment Card Info Exposed
More than 50 Sheraton, Westin, other hotel chains in North America affected.
Introducing ‘RITA’ for Real Intelligence Threat Analysis
SANS' free, new framework can help teams hunt for attackers by extending traditional signature analysis to blacklisted IP addresses and accounts that have multiple concurrent logons to multiple systems.
Why The Java Deserialization Bug Is A Big Deal
Millions of app servers are potentially open to compromise due to how they handle serialized Java apps, researchers say.
4 Tricks For Getting The Most Out Of User Behavior Analytics
First thing's first: establish what 'normal' metrics look like.
US-China Security Review Commission Discusses 'Hack-Back' Laws
Commission's annual report to Congress recommends a closer look at whether companies should be allowed to launch counterattacks on hackers.
And Now, A Cyber Arms Race Towards Critical Infrastructure Attacks
As traditional explosives give way to 'logic bombs,' the need to protect our industrial networks and systems has never been more important.
'Xindi' Online Ad Fraud Botnet Exposed
Billions of dollars in ad revenue overall could be lost to botnet that exploits 'Amnesia' bug.
Siri’s Lockscreen Bypass A Growing Privacy Issue For iOS Users
In less than 30 seconds, anyone with access to an Apple iPhone or iPad can extract a lot of personal data using Siri, Trend Micro says.
Exploit Kit Explosion Will Keep Victims Off Kilter
Exploit kit C&C infrastructure expanded by 75% in Q3.
DDoS And The Internet's Liability Problem
It's past time for an improved liability model to disrupt DDoS.
Attack Attempt Numbers Down, But PoS Malware & Angler Up in Q3
Politically motivated cyberespionage groups also hard at work between July and September, according to Trend Micro.
Must Automation Remain A Four-Letter Word?
It doesn’t have to. We just need to apply the compensating safeguards and automated controls selectively so CISOs and their security teams can comfortably embrace it.
Microsoft Invests $1 Billion In 'Holistic' Security Strategy
Executives detail strategic and cultural shift at Microsoft to an integrated security approach across its software and services, and announce new managed services group and cyber defense operation center.
5 Reasons Enterprises Don't Get Enough Value From Threat Intelligence
Maturity levels still keeping threat intelligence efficacy stunted.
IBM Report: Ransomware, Malicious Insiders On The Rise
X-Force's top four cyber threat trends also names upper management's increasing interest in infosec.
Don’t Toy With The Dark Web, Harness It
The Dark Web’s sinister allure draws outsized attention, but time-strapped security teams would benefit from knowing what's already circulating in places they don't need Tor or I2P to find.
Dark Reading Radio: A Cybersecurity Generation Gap
Millennials--especially young women--not pursuing careers in cybersecurity due to lack of both awareness and interest.
Google Study Finds Email Security A Mixed Bag
The use of encryption and authentication mechanisms by Google, Yahoo, and Microsoft has improved security -- but problems remain.
More Ransomware Being Spread Via Malvertising
Magnitude exploit kit has popped up in new malvertising campaign and dropping CryptoWall.
Healthcare Apps, WordPress Most Popular Web Attack Targets
No application escaped without a Shellshock attack in 2015, either, report finds.
Cherry Picker POS Malware Has Remained Hidden For Four Years
Sophisticated obfuscation techniques have allowed malware to evade AV systems and security vendors for a long time, says Trustwave.
Solving Security: If You Want Something New, Stop Doing Something Old
Black Hat Europe keynoter Haroon Meer tells security pros to work smarter, think out of the box, and speak out to the C-suite.
Incidence-Response Imperative: Take Immediate Action
Something malicious this way comes. A fast reaction can reduce your risk.
Point of Entry: The Missing Link in the Security Hiring Gap
How misguided notions of capability and lack of access to enterprise tools discourage diversity in Infosec.
Federal Government Most Prone To Repeat Breaches
It isn't just the White House that gets compromised more than once. Also, in a shifting trend, malicious insider attacks don't cut quite as deep as outsiders' do, report finds.
Tool Controls Botnet With Twitter Direct Messages
'Twittor' exploits the expanded capacity of Twitter DMs to replace traditional botnet command-and-control server infrastructure.
Machine Learning: Perception Problem? Maybe. Pipe Dream? No Way!
Guided by an organization's internal security experts,'algorithmic assistants' provide a powerful new way to find anomalies and patterns for detecting cyberthreat activity.
Privileged Account Control Still Weak In Most Organizations
Two studies this week show there's a long way to go in securing credentials for risky accounts.
JP Morgan Breach Only One Piece Of Vast Criminal Enterprise, Indictments Reveal
Three men at the head of 'diversified criminal conglomerate' used hacking to commit and enhance their securities fraud, illegal online gambling, illegal Bitcoin exchange, and illegal payment processing businesses, 23-count indictment alleges.
Adobe Flash Bug Discovery Leads To New Attack Mitigation Method
Prototype aims to prevent exploits that employ 'use after free' bugs in Windows, Linux, OS X software.
Why Threat Intelligence Feels Like A Game Of Connect Four
In real life, solving the cybersecurity puzzle has many challenges. But shared wisdom and community defense models are making it easier to connect the dots.
New 4G LTE Hacks Punch Holes In Privacy
Black Hat Europe researchers to demonstrate newly found flaws in 4G mobile that expose privacy and disrupt phone service.
NSA Discloses 91 Percent Of Vulns It Finds, But How Quickly?
NSA says 'vast majority' of flaws it finds are reported to vendors, but keeps mum on how long it takes--offering enterprises another reason for remaining vigilant with their own internal security.
|
White Papers
Video
0 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Shhh! They're watching...
And you have a laptop?
Latest Comment: Shhh! They're watching...
And you have a laptop?
Current Issue
Flash Poll
![[Strategic Security Report] Navigating the Threat Intelligence Maze](https://dsimg.ubm-us.net/asset/393933/543593/DR_ThreatConnect_Report.png)
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2013-3018
PUBLISHED: 2018-05-24
PUBLISHED: 2018-05-24
PUBLISHED: 2018-05-24
PUBLISHED: 2018-05-24
PUBLISHED: 2018-05-24
From DHS/US-CERT's National Vulnerability Database CVE-2013-3018
PUBLISHED: 2018-05-24
The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM X-Force ID: 84354.
CVE-2013-3023PUBLISHED: 2018-05-24
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 might allow remote attackers to obtain sensitive information about Tomcat credentials by sniffing the network for a session in which HTTP is used. IBM X-Force ID: 84361.
CVE-2013-3024PUBLISHED: 2018-05-24
IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362.
CVE-2018-5674PUBLISHED: 2018-05-24
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
CVE-2018-5675PUBLISHED: 2018-05-24
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This