Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in December 2014
Page 1 / 2   >   >>
Chick-fil-A Investigating Possible Data Breach
Quick Hits  |  12/31/2014  | 
Suspicious activity seen with payment cards used at "a few" of its restaurants.
Dear Cyber Criminals: Were Not Letting Our Guard Down in 2015
Commentary  |  12/31/2014  | 
Next year, youll keep exploiting vulnerabilities, and well make sure our systems are patched, our antivirus is up to date, and our people are too smart to click the links you send them.
Sony Hacked By N. Korea, Hacktivists, Ex-Employee, Or All Of The Above?
News  |  12/30/2014  | 
FBI gets briefed on ex-Sony employee's possible role in hack as questions remain about who did what and when in epic breach of the entertainment company.
4 Infosec Resolutions For The New Year
Commentary  |  12/30/2014  | 
Dont look in the crystal ball, look in the mirror to protect data and defend against threats in 2015.
20 Startups To Watch In 2015
Slideshows  |  12/29/2014  | 
Check our list of security startups sure to start (or continue) making waves in the coming year.
A 2014 Lookback: Predictions vs. Reality
Commentary  |  12/29/2014  | 
It was a tumultuous year for cyber security, but it drove the adoption of incident response plans and two-factor authentication.
Attackers Leverage IT Tools As Cover
News  |  12/26/2014  | 
The line between attack and defense tools has blurred.
Why Digital Forensics In Incident Response Matters More Now
Commentary  |  12/24/2014  | 
By understanding what happened, when, how, and why, security teams can prevent similar breaches from occurring in the future.
JPMorgan Hack: 2FA MIA In Breached Server
Quick Hits  |  12/24/2014  | 
Sources close to the breach investigation say a network server missing two-factor authentication let attackers make their way into JPMorgan's servers.
Backoff Malware Validates Targets Through Infected IP Cameras
News  |  12/23/2014  | 
RSA report on Backoff dives deeper into clues about the POS software and hints at attackers potentially located in India.
How PCI DSS 3.0 Can Help Stop Data Breaches
Commentary  |  12/23/2014  | 
New Payment Card Industry security standards that took effect January 1 aim to replace checkmark mindsets with business as usual processes. Here are three examples.
North Korea's Internet Restored
Quick Hits  |  12/23/2014  | 
Restoration of service weakens arguments that the US was responsible for the outage.
North Korea Experiencing Internet Outages, Raising Questions About US Retaliation
News  |  12/22/2014  | 
Is it coincidence, or is a DDoS on North Korea's Internet infrastructure a "proportional response" by the US?
The Coolest Hacks Of 2014
News  |  12/22/2014  | 
TSA baggage scanners, evil USB sticks, and smart homes were among the targets in some of the most creative -- and yes, scary -- hacks this year by security researchers.
CISO Holiday Bookshelf
Slideshows  |  12/22/2014  | 
A selection of interesting security reads perfect as gifts from and to the typical CISO.
Security News No One Saw Coming In 2014
Commentary  |  12/22/2014  | 
John Dickson shares his list (and checks it twice) of five of the most surprising security headlines of the year.
The Internet's Winter Of Discontent
Commentary  |  12/19/2014  | 
The new great cybersecurity challenge in trying to sum up the most dangerous weaknesses in the worlds connected economy is that the hits just keep on coming.
Obama: U.S. Will Respond 'Proportionately' To Sony Cyber Attack
News  |  12/19/2014  | 
President Obama says the United States will take action against North Korea in response to the cyber-attack on Sony.
Time To Rethink Patching Strategies
Commentary  |  12/19/2014  | 
In 2014, the National Vulnerability Database is expected to log a record-breaking 8,000 vulnerabilities. That's 8,000 reasons to improve software quality at the outset.
SDN And Security: Start Slow, But Start
News  |  12/19/2014  | 
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul policies
ICANN Hit By Cyberattack
News  |  12/18/2014  | 
Spear phishing campaign led to attackers gaining administrative access to one system.
Bad Bots On The Rise
News  |  12/18/2014  | 
Humans remain outnumbered by bots online, new data shows.
Vawtrak: Crimeware Made-To-Order
Quick Hits  |  12/18/2014  | 
A compartmentalized botnet with a wide selection of specialized web injects makes it easier to attack bank accounts across the globe.
5 Pitfalls to Avoid When Running Your SOC
Commentary  |  12/18/2014  | 
The former head of the US Army Cyber Command SOC shares his wisdom and battle scars about playing offense not defense against attackers.
Sony Cancels Movie, US Confirms North Korea Involvement, But Were Bomb Threats Empty?
News  |  12/17/2014  | 
After the Sony hackers issue threats of physical violence and 9/11-style attacks, The Interview is being killed before it even premieres. But would the attackers have really blown up theaters?
Millions Of Android Phones In China Have Backdoor
News  |  12/17/2014  | 
An Android backdoor is the topic of one of two advisories this week on mobile threats.
'Grinch' Bug May Affect Most Linux Systems
Quick Hits  |  12/17/2014  | 
But newly discovered vulnerability not as urgent as previous open-source bug disclosures.
The New Target for State-Sponsored Cyber Attacks: Applications
Commentary  |  12/17/2014  | 
Skilled hackers are now using simple web application vulnerabilities like SQL Injection to take over database servers. Are you prepared to defend against this new type of threat actor?
2014's Top Malware: Less Money, Mo' Problems
News  |  12/16/2014  | 
Here are the five most active malware packages to give attackers a huge ROI on a small investment.
Sony Warns Media About Disclosure, Staff About Fraud, 'Bond' Fans About Spoilers
Quick Hits  |  12/16/2014  | 
A wrapup of the latest Sony attack fallout.
2014: The Year of Privilege Vulnerabilities
Commentary  |  12/16/2014  | 
Of the 30 critical-rated Microsoft Security Bulletins this year, 24 involved vulnerabilities where the age-old best practice of "least privilege" could limit the impact of malware and raise the bar of difficulty for attackers.
Balancing Accounting Policy & Security Strategy
Partner Perspectives  |  12/16/2014  | 
A long-term approach involves focusing on security as a platform, instead of a selection of individual products and point defenses.
Stocking Stuffers For Happy Hacking
Slideshows  |  12/15/2014  | 
Find that perfect gift for your co-workers and much-loved white hats without breaking the bank.
Price Tag Rises For Stolen Identities Sold In The Underground
News  |  12/15/2014  | 
What cybercriminals now charge for stolen identities, counterfeit identities, hacking tutorials, DDoS, and other services.
Dark Reading Radio: How To Become A CISO
Commentary  |  12/15/2014  | 
Find out what employers are really looking for in a chief information security officer.
Ekoparty Isnt The Next Defcon (& It Doesnt Want To Be)
Commentary  |  12/15/2014  | 
Unlike American security conferences that offer a buffet of merchandise, meals, and drinks, Ekoparty, in Buenos Aires, is every bit as functional -- with a little less fluff.
Targeted Attacks: A Defender's Playbook
News  |  12/15/2014  | 
Cyberthreat actors are increasingly going after a single victim. Here are some tips to help your organization get ready.
Attackers Turn Focus To PoS Vendors
News  |  12/12/2014  | 
The recently reported attack on Charge Anywhere puts the payment solutions provider on a list of PoS vendors attacked this year.
Shadow IT: Not The Risk You Think
Commentary  |  12/12/2014  | 
Enterprise cloud services such as Box, Office 365, Salesforce, and Google Apps can make a better case for being called sanctioned than many legacy, on-premises, IT-provisioned applications.
Cyberattacks Longer, More Continuous Than Before
News  |  12/12/2014  | 
A surprisingly large number of organizations experienced cyberattacks lasting more than one month, a new survey found.
Hiring Hackers To Secure The Internet Of Things
News  |  12/11/2014  | 
How some white hat hackers are changing career paths to help fix security weaknesses in consumer devices and business systems.
FBI Calls For Law Facilitating Security Information Sharing
News  |  12/11/2014  | 
Uniform breach notification laws and amendments to the Computer Fraud and Abuse Act are also on the list.
Cyber Security Practices Insurance Underwriters Demand
Commentary  |  12/11/2014  | 
Insurance underwriters arent looking for companies impervious to risk. They want clients that understand the threat landscape and have demonstrated abilities to mitigate attacks.
Securing the Internet of Things
Partner Perspectives  |  12/11/2014  | 
Factors specific to IoT devices make them a unique security risk.
Ex-NSA Agents' Security Startup Lands $8 Million In Funding
Quick Hits  |  12/10/2014  | 
Area 1 Security, launched in May, uses behavioral data to stop early-stage attacks from going further.
Crypto In The Crosshairs Again
News  |  12/10/2014  | 
"POODLE" attack extends to newer versions of SSL/TLS encryption as well.
'Inception' Cyber Espionage Campaign Targets PCs, Smartphones
News  |  12/10/2014  | 
Blue Coat report details sophisticated attacks mainly against Russian targets, and Kaspersky Lab calls new campaign next-generation of Red October cyber spying operation.
Smartphones Get Headlines, But Lax USB Security Is Just As Risky
Commentary  |  12/10/2014  | 
Most companies use no software to detect or secure sensitive data when it is moved to a USB flash drive, or even check USB drives for viruses or malware.
Universal Multi-Factor Authentication Steps Closer To The Mainstream
News  |  12/9/2014  | 
The FIDO Alliance today finalized two universal authentication standards and one of its founding members, Nok Nok Labs, closed on $8.5 million of financing.
Employees Still Get More Access Than They Need
News  |  12/9/2014  | 
Two surveys show how little enterprises enforce and track least-privilege policies.
Page 1 / 2   >   >>


News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20538
PUBLISHED: 2021-05-10
IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive information or perform actions they should not have access to due to incorrect authorization mechanisms. IBM X-Force ID: 198919.
CVE-2021-20559
PUBLISHED: 2021-05-10
IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199228.
CVE-2021-20577
PUBLISHED: 2021-05-10
IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force I...
CVE-2021-29501
PUBLISHED: 2021-05-10
Ticketer is a command based ticket system cog (plugin) for the red discord bot. A vulnerability allowing discord users to expose sensitive information has been found in the Ticketer cog. Please upgrade to version 1.0.1 as soon as possible. As a workaround users may unload the ticketer cog to disable...
CVE-2020-13529
PUBLISHED: 2021-05-10
An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.