News & Commentary
Content posted in December 2014
|
Chick-fil-A Investigating Possible Data Breach
Suspicious activity seen with payment cards used at "a few" of its restaurants.
Dear Cyber Criminals: We’re Not Letting Our Guard Down in 2015
Next year, you’ll keep exploiting vulnerabilities, and we’ll make sure our systems are patched, our antivirus is up to date, and our people are too smart to click the links you send them.
Sony Hacked By N. Korea, Hacktivists, Ex-Employee, Or All Of The Above?
FBI gets briefed on ex-Sony employee's possible role in hack as questions remain about who did what and when in epic breach of the entertainment company.
4 Infosec Resolutions For The New Year
Don’t look in the crystal ball, look in the mirror to protect data and defend against threats in 2015.
20 Startups To Watch In 2015
Check our list of security startups sure to start (or continue) making waves in the coming year.
A 2014 Lookback: Predictions vs. Reality
It was a tumultuous year for cyber security, but it drove the adoption of incident response plans and two-factor authentication.
Attackers Leverage IT Tools As Cover
The line between attack and defense tools has blurred.
Why Digital Forensics In Incident Response Matters More Now
By understanding what happened, when, how, and why, security teams can prevent similar breaches from occurring in the future.
JPMorgan Hack: 2FA MIA In Breached Server
Sources close to the breach investigation say a network server missing two-factor authentication let attackers make their way into JPMorgan's servers.
Backoff Malware Validates Targets Through Infected IP Cameras
RSA report on Backoff dives deeper into clues about the POS software and hints at attackers potentially located in India.
How PCI DSS 3.0 Can Help Stop Data Breaches
New Payment Card Industry security standards that took effect January 1 aim to replace checkmark mindsets with business as usual processes. Here are three examples.
North Korea's Internet Restored
Restoration of service weakens arguments that the US was responsible for the outage.
North Korea Experiencing Internet Outages, Raising Questions About US Retaliation
Is it coincidence, or is a DDoS on North Korea's Internet infrastructure a "proportional response" by the US?
The Coolest Hacks Of 2014
TSA baggage scanners, evil USB sticks, and smart homes were among the targets in some of the most creative -- and yes, scary -- hacks this year by security researchers.
CISO Holiday Bookshelf
A selection of interesting security reads perfect as gifts from and to the typical CISO.
Security News No One Saw Coming In 2014
John Dickson shares his list (and checks it twice) of five of the most surprising security headlines of the year.
The Internet's Winter Of Discontent
The new great cybersecurity challenge in trying to sum up the most dangerous weaknesses in the world’s connected economy is that the hits just keep on coming.
Obama: U.S. Will Respond 'Proportionately' To Sony Cyber Attack
President Obama says the United States will take action against North Korea in response to the cyber-attack on Sony.
Time To Rethink Patching Strategies
In 2014, the National Vulnerability Database is expected to log a record-breaking 8,000 vulnerabilities. That's 8,000 reasons to improve software quality at the outset.
SDN And Security: Start Slow, But Start
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul policies
ICANN Hit By Cyberattack
Spear phishing campaign led to attackers gaining administrative access to one system.
Bad Bots On The Rise
Humans remain outnumbered by bots online, new data shows.
Vawtrak: Crimeware Made-To-Order
A compartmentalized botnet with a wide selection of specialized web injects makes it easier to attack bank accounts across the globe.
5 Pitfalls to Avoid When Running Your SOC
The former head of the US Army Cyber Command SOC shares his wisdom and battle scars about playing offense not defense against attackers.
Sony Cancels Movie, US Confirms North Korea Involvement, But Were Bomb Threats Empty?
After the Sony hackers issue threats of physical violence and 9/11-style attacks, The Interview is being killed before it even premieres. But would the attackers have really blown up theaters?
Millions Of Android Phones In China Have Backdoor
An Android backdoor is the topic of one of two advisories this week on mobile threats.
'Grinch' Bug May Affect Most Linux Systems
But newly discovered vulnerability not as urgent as previous open-source bug disclosures.
The New Target for State-Sponsored Cyber Attacks: Applications
Skilled hackers are now using simple web application vulnerabilities like SQL Injection to take over database servers. Are you prepared to defend against this new type of threat actor?
2014's Top Malware: Less Money, Mo' Problems
Here are the five most active malware packages to give attackers a huge ROI on a small investment.
Sony Warns Media About Disclosure, Staff About Fraud, 'Bond' Fans About Spoilers
A wrapup of the latest Sony attack fallout.
2014: The Year of Privilege Vulnerabilities
Of the 30 critical-rated Microsoft Security Bulletins this year, 24 involved vulnerabilities where the age-old best practice of "least privilege" could limit the impact of malware and raise the bar of difficulty for attackers.
Balancing Accounting Policy & Security Strategy
A long-term approach involves focusing on security as a platform, instead of a selection of individual products and point defenses.
Stocking Stuffers For Happy Hacking
Find that perfect gift for your co-workers and much-loved white hats without breaking the bank.
Price Tag Rises For Stolen Identities Sold In The Underground
What cybercriminals now charge for stolen identities, counterfeit identities, hacking tutorials, DDoS, and other services.
Dark Reading Radio: How To Become A CISO
Find out what employers are really looking for in a chief information security officer.
Ekoparty Isn’t The Next Defcon (& It Doesn’t Want To Be)
Unlike American security conferences that offer a buffet of merchandise, meals, and drinks, Ekoparty, in Buenos Aires, is every bit as functional -- with a little less fluff.
Targeted Attacks: A Defender's Playbook
Cyberthreat actors are increasingly going after a single victim. Here are some tips to help your organization get ready.
Attackers Turn Focus To PoS Vendors
The recently reported attack on Charge Anywhere puts the payment solutions provider on a list of PoS vendors attacked this year.
Shadow IT: Not The Risk You Think
Enterprise cloud services such as Box, Office 365, Salesforce, and Google Apps can make a better case for being called sanctioned than many legacy, on-premises, IT-provisioned applications.
Cyberattacks Longer, More Continuous Than Before
A surprisingly large number of organizations experienced cyberattacks lasting more than one month, a new survey found.
Hiring Hackers To Secure The Internet Of Things
How some white hat hackers are changing career paths to help fix security weaknesses in consumer devices and business systems.
FBI Calls For Law Facilitating Security Information Sharing
Uniform breach notification laws and amendments to the Computer Fraud and Abuse Act are also on the list.
Cyber Security Practices Insurance Underwriters Demand
Insurance underwriters aren’t looking for companies impervious to risk. They want clients that understand the threat landscape and have demonstrated abilities to mitigate attacks.
Securing the Internet of Things
Factors specific to IoT devices make them a unique security risk.
Ex-NSA Agents' Security Startup Lands $8 Million In Funding
Area 1 Security, launched in May, uses behavioral data to stop early-stage attacks from going further.
Crypto In The Crosshairs Again
"POODLE" attack extends to newer versions of SSL/TLS encryption as well.
'Inception' Cyber Espionage Campaign Targets PCs, Smartphones
Blue Coat report details sophisticated attacks mainly against Russian targets, and Kaspersky Lab calls new campaign next-generation of Red October cyber spying operation.
Smartphones Get Headlines, But Lax USB Security Is Just As Risky
Most companies use no software to detect or secure sensitive data when it is moved to a USB flash drive, or even check USB drives for viruses or malware.
Universal Multi-Factor Authentication Steps Closer To The Mainstream
The FIDO Alliance today finalized two universal authentication standards and one of its founding members, Nok Nok Labs, closed on $8.5 million of financing.
Employees Still Get More Access Than They Need
Two surveys show how little enterprises enforce and track least-privilege policies.
|
White Papers
Video
8 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Now, we come here to play Paw-ke Man Go!"
Latest Comment: "Now, we come here to play Paw-ke Man Go!"
Current Issue
The Year in Security 2018This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2019-6497
PUBLISHED: 2019-01-20
PUBLISHED: 2019-01-20
PUBLISHED: 2019-01-20
PUBLISHED: 2019-01-18
PUBLISHED: 2019-01-18
From DHS/US-CERT's National Vulnerability Database CVE-2019-6497
PUBLISHED: 2019-01-20
Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter.
CVE-2018-18908PUBLISHED: 2019-01-20
The Sky Go Desktop application 1.0.19-1 through 1.0.23-1 for Windows performs several requests over cleartext HTTP. This makes the data submitted in these requests prone to Man in The Middle (MiTM) attacks, whereby an attacker would be able to obtain the data sent in these requests. Some of the requ...
CVE-2019-6496PUBLISHED: 2019-01-20
The ThreadX-based firmware on Marvell Avastar Wi-Fi devices allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of...
CVE-2019-3773PUBLISHED: 2019-01-18
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
CVE-2019-3774PUBLISHED: 2019-01-18
Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2019 UBM, All rights reserved
Tweet This