Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in December 2013
Page 1 / 3   >   >>
Sticking It To The ATM
Commentary  |  12/31/2013  | 
The folly of not preemptively disabling 'boot from USB' on an ATM
Windows Crash Reports Open To Hijacking
Quick Hits  |  12/31/2013  | 
Attackers -- and the NSA -- can glean valuable intel from unencrypted transmissions
4 Trends In Vulnerabilities That Will Continue In 2014
News  |  12/31/2013  | 
Bounty programs will continue to expand, more researchers will focus on embedded devices and libraries, and security software will find itself under more scrutiny
Slide Show: 8 Effective Data Visualization Methods For Security Teams
Slideshows  |  12/31/2013  | 
Getting the most out of security analytics data sets, large or small, by visualizing the information
Attackers Wage Network Time Protocol-Based DDoS Attacks
Quick Hits  |  12/30/2013  | 
Yet another protocol being abused for flooding targets with unwanted traffic
NSA's TAO
Commentary  |  12/30/2013  | 
NSA's Q-branch upgrades Omega laser watch with Huawei backdoors
NSA Elite Hacking Team Operations Exposed
News  |  12/30/2013  | 
Treasure trove of tools created and used by NSA hackers for planting backdoors via Cisco, Juniper, Apple products unveiled in latest document leaks
Security, Privacy & The Democratization Of Data
Commentary  |  12/30/2013  | 
Data gathering and profiling capabilities that today are only available to nation states will eventually be at the disposal of everyone. What then?
Researchers Reveal Snapchat Security Issues
News  |  12/27/2013  | 
Security researchers release proof-of-concept code for issues they say they disclosed months ago to Snapchat
PINs Stolen In Target Breach
Quick Hits  |  12/27/2013  | 
Target now says customers' encrypted PINs were compromised in the massive credit- and debit-card breach that began Thanksgiving eve
9 Notorious Hackers Of 2013
Slideshows  |  12/27/2013  | 
This year's hacking hall of shame includes members of Anonymous and the Blackhole cybercrime gang, plus state-sponsored groups.
The Coolest Hacks Of 2013
News  |  12/27/2013  | 
Take a look back at security researchers' most extreme, creative, and just plain bizarre hacks this year.
Survey: U.S. Citizens More Worried About ID Theft Than Privacy
Quick Hits  |  12/27/2013  | 
Despite NSA scare, U.S. voters are five times more concerned about hacking than tracking, CCIA study says
Lessons From 5 Advanced Attacks Of 2013
News  |  12/26/2013  | 
From Cryptolocker to the destructive attacks on Korean firms to the massive flood that made Spamhaus inaccessible, attackers delivered some hard lessons in 2013
Target's Christmas Data Breach
Commentary  |  12/26/2013  | 
Why, oh, why would Target be storing debit card PINs?
2013: The Year Of Security Certification Bashing
Commentary  |  12/26/2013  | 
As security professionals argued among themselves about how useless certifications are, organizations that needed security services had no place to turn for good advice.
Study: Mobile Devices Escalating Endpoint Security Risks
Quick Hits  |  12/26/2013  | 
State of the Endpoint study says 75 percent of security pros consider mobile to be the greatest endpoint threat in 2014
RSA Denies Trading Security For NSA Payout
Quick Hits  |  12/23/2013  | 
EMC security subsidiary accused of accepting $10 million from the NSA to purposefully use encryption for which the intelligence agency enjoyed backdoor access
Slide Show: The Coolest Hacks Of 2013
Slideshows  |  12/23/2013  | 
A look back at some of the year's most extreme, creative, and -- in some cases -- just plain bizarre hacks by security researchers
RSA Denies Trading Security For NSA Payout
News  |  12/23/2013  | 
EMC security subsidiary accused of accepting $10 million from the NSA to purposefully use encryption for which the intelligence agency enjoyed backdoor access.
Database Risks Increase As Patch Frequency Decreases
News  |  12/23/2013  | 
Department of Energy breach report offers stark lesson in patch management's relationship with database risk postures
eGestalt To Launch New Risk Management Module For Its Aegify IT Security & Compliance Solution
News  |  12/23/2013  | 
Aegify Risk Manager enables complete work flow automation to comprehensively address and manage business security, compliance, and risk needs
Fraudulent Bot Traffic Surpasses Human Traffic In U.S., Study Says
Quick Hits  |  12/23/2013  | 
More than 50 percent of Web activity in U.S. is suspected to be fraudulent, Solve Media report says
Mobility & Cloud: A Double Whammy For Securing Data
Commentary  |  12/23/2013  | 
In 2014, legacy security solutions like firewalls and intrusion detection systems will no longer be sufficient to protect corporate data against BYOD and cybercrime.
Target Breach Should Spur POS Security, PCI 3.0 Awareness
News  |  12/22/2013  | 
Advanced skimming attack against Target's whole network of point-of-sale devices will likely keep momentum moving forward for improving payment application security
Target Breach: 10 Facts
News  |  12/21/2013  | 
Experts advise consumers not to panic as suspicion falls on point-of-sale terminals used to scan credit cards.
Update Now! A Holiday Carol
Commentary  |  12/20/2013  | 
In the spirit of the holidays, a cautionary tale set to the tune of a classic Christmas song
Tech Insight: 'Tis The Season To Be Hacked
News  |  12/20/2013  | 
Holiday and 'busy' seasons bring lax employee security practices and increased chances attacks will go unnoticed
Target Confirms Massive Breach Affects 40 Million Customers
News  |  12/20/2013  | 
Target says data breach issue 'has been resolved,' but customers are up in arms
7 Reasons Why Bitcoin Attacks Will Continue
Quick Hits  |  12/20/2013  | 
Cryptographic currency's rising value makes it an appealing target for cybercrime gangs and crimeware toolkit developers
Yes, In The Internet Of Everything, Things Will Have Passwords
Commentary  |  12/20/2013  | 
Things would have no problem remembering passwords like "[email protected]" But even for things, passwords are less than ideal.
Using NetFlow Data For More Robust Network Security
News  |  12/19/2013  | 
NetFlow can prove a powerful tool for spotting dangerous traffic patterns
7 Reasons Why Bitcoin Attacks Will Continue
News  |  12/19/2013  | 
Cryptographic currency's rising value makes it an appealing target for cybercrime gangs and crimeware toolkit developers.
Target Confirms Hackers Stole 40 Million Credit Cards
News  |  12/19/2013  | 
Hackers' 19-day heist scoops up all ingredients required to make counterfeit cards.
Secure Code Starts With Measuring What Developers Know
Commentary  |  12/19/2013  | 
I recently discovered Ive been teaching blindly about application security. I assumed that I know what students need to learn. Nothing could be further from the truth.
Washington Post Servers Infiltrated, Employee Credentials Stolen
Quick Hits  |  12/18/2013  | 
Newspaper suffers second major breach in three years, Chinese espionage suspected
Intelligence Panel: NSA Should Stop Bulk Storage Of Telephone Metadata
News  |  12/18/2013  | 
Leaks about NSA surveillance during the past year have raised concerns about the agency's practices, but a review panel's recommendations may change the game
Bitcoin Hit By Gameover Malware, Chinese Crackdown
News  |  12/18/2013  | 
China gets tough with exchanges trading Bitcoins, while new malware variant targets Bitcoin customers.
My 5 Wishes For Security In 2014
Commentary  |  12/18/2013  | 
Security skeptic Dave Piscitello tells why his end-of-year InfoSec predictions are like a fine wine.
Android AV Improves But Still Can't Nuke Malware
News  |  12/18/2013  | 
Google doesn't let Android antivirus app makers automatically quarantine and zap malware. Until then it's up to users to stay on their toes to prevent infectio
'ChewBacca' Malware Taps Tor Network
News  |  12/18/2013  | 
Malicious Trojan sporting a Star Wars theme uses Tor anonymizing network to disguise its command-and-control communications.
Cybersecurity Accelerator Set To Fast-Track A New Round Of Startups
Quick Hits  |  12/18/2013  | 
Mach37 accelerator opens a new season of business and funding assistance for cybersecurity startups
5 Ways Cloud Services Can Soothe Security Fears In 2014
News  |  12/17/2013  | 
Companies need cloud providers to delineate responsibilities for the security of data, provide better security information, and encrypt data everywhere
Android AV Improves But Still Can't Nuke Malware
News  |  12/17/2013  | 
Google doesn't let Android antivirus app makers automatically quarantine and zap malware. Until then it's up to users to stay on their toes to prevent infection.
Advanced Power Botnet: Firefox Users, Beware
Quick Hits  |  12/17/2013  | 
Malicious Firefox plugin scans websites for exploitable SQL injection vulnerabilities
Is Mob-Busting RICO Overkill For Combating Cybercrime?
Commentary  |  12/17/2013  | 
The milestone conviction of 22-year-old David Camez for his participation in a Russian-run "carder" forum raises legitimate questions about the role of RICO in taking down cybercrime.
Moving Beyond SIEM For Strong Security Analytics
News  |  12/16/2013  | 
SIEM still a useful tool for infosec, but many argue it shouldn't be the main platform for analytics programs
How To Safely Retire Mobile Devices
News  |  12/16/2013  | 
Once employees bring their new iPads, Androids, to work after Christmas, their older mobile devices must be decommissioned to protect company data
Advanced Power Botnet: Firefox Users, Beware
News  |  12/16/2013  | 
Malicious Firefox plugin scans websites for exploitable SQL injection vulnerabilities.
The State of IT Security: Its Broken
Commentary  |  12/16/2013  | 
Its time to move past the hyperbole of next-gen security and look to new approaches that show enterprises how to understand and assess their unique risks.
Page 1 / 3   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23416
PUBLISHED: 2021-07-28
This affects all versions of package curly-bracket-parser. When used as a template library, it does not properly sanitize the user input.
CVE-2021-23417
PUBLISHED: 2021-07-28
All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function.
CVE-2021-23415
PUBLISHED: 2021-07-28
This affects the package elFinder.AspNet before 1.1.1. The user-controlled file name is not properly sanitized before it is used to create a file system path.
CVE-2020-4974
PUBLISHED: 2021-07-28
IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.
CVE-2020-5004
PUBLISHED: 2021-07-28
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957.