News & Commentary

Content posted in February 2014
Page 1 / 3   >   >>
Today's Network Security Challenges: No Easy Answers
News  |  2/28/2014  | 
The BYOD trend and proliferation of mobile devices are making life hard for security teams, but solutions are elusive, panelists say at RSA Conference 2014
Fresh Target Breach Cards Hitting Black Market
News  |  2/28/2014  | 
A Bitcoin-powered marketplace is selling stolen card data in small batches, offering card validity guarantees, an RSA presentation reveals.
DDoS Attack! Is Regulation The Answer?
Commentary  |  2/28/2014  | 
Four security experts weigh in on why theres been little progress in combating DDoS attacks and how companies can start fighting back.
Boeing Unveils Self-Destructing Smartphone
Quick Hits  |  2/28/2014  | 
Rugged and super-secure Boeing Black smartphone targets government agencies involved with defense and homeland security
Verizon Shares Glimpse Into Upcoming 2014 Data Breach Investigations Report
News  |  2/28/2014  | 
Breach data for upcoming Verizon report comes from some 50 contributing organizations from 95 nations, including Eastern European and Latin American CERTs
Big Data A Big Focus Of Security Analytics Products
News  |  2/27/2014  | 
At the RSA Conference this week, vendors pitched big the importance of properly leveraging big data to improve security
IBM Software Vulnerabilities Spiked In 2013
News  |  2/27/2014  | 
Most code flaws still involve non-Microsoft products, and overall patching speed has improved, study presented at RSA conference finds
5 Reasons Security Certifications Matter
Quick Hits  |  2/27/2014  | 
There's a lot of buzz around how certs aren't important. I'm calling BS, and here's why
IBM Software Vulnerabilities Spiked In 2013
News  |  2/27/2014  | 
Most code flaws still involve non-Microsoft products, and overall patching speed has improved, study presented at RSA conference finds.
Bitcoin-Stealing Malware: Now In 100 Flavors
News  |  2/27/2014  | 
Specialized malware empties electronic wallets of digital currency, and antivirus often misses it, say researchers at RSA Conference.
More Than 100 Flavors Of Malware Are Stealing Bitcoins
News  |  2/26/2014  | 
Specialized form of malware empties electronic wallets of digital currency, and antivirus often misses it
Apple Patches Mavericks SSL Flaw: Update Now
News  |  2/26/2014  | 
Security update patches "goto fail" flaw that enables attackers to intercept communications, but won't help the 23% of Macs running older OS
RSA: Juniper Security Chief Blasts Apathy
News  |  2/26/2014  | 
In RSA keynote, Juniper Networks security exec Nawaf Bitar urges more innovation and active defense.
Compliance Is Not Hard
Commentary  |  2/26/2014  | 
Compliance requires a new set of healthy habits and the self-discipline to make those habits stick
Juniper Security Chief Takes Swipe At Security Apathy
News  |  2/26/2014  | 
RSA keynote urges more innovation and active defense
Apple Patches Mavericks SSL Flaw: Update Now
News  |  2/26/2014  | 
Security update patches "goto fail" flaw that enables attackers to intercept communications, but won't help the 23% of Macs running older OS X.
RSA Chairman: NSA Work Is 'Public Record'
News  |  2/26/2014  | 
Art Coviello calls for global intelligence community reforms, says RSA's work with NSA was never secret.
Lessons Learned From The Target Breach
Commentary  |  2/26/2014  | 
The time is ripe for organizations to take a long, hard look at how they manage employee access and secure sensitive data in cloud environments
Microsoft Beefs Up EMET
Quick Hits  |  2/25/2014  | 
Early release of anti-exploit tool shuts down bypass methods created by Bromium Labs
Coviello: RSA Security's Work With NSA 'A Matter Of Public Record'
News  |  2/25/2014  | 
RSA chairman calls for global intelligence community reforms, spinning IAD off from NSA
Apple SSL Vulnerability: 6 Facts
News  |  2/25/2014  | 
SSL vulnerability that's been patched in iOS -- but not yet for OS X -- lets attackers intercept email and FaceTime communications, plus push malicious software updates
NSA Spying Scandal Darkens Cloud Discussions At RSA
News  |  2/25/2014  | 
From Europe's efforts to create regulations for data localization to worries over the security of the cloud, the leaks of the past eight months have cast a shadow over cloud providers
Apple SSL Vulnerability: 6 Facts
News  |  2/25/2014  | 
SSL vulnerability that's been patched in iOS -- but not yet for OS X -- lets attackers intercept email and FaceTime communications, plus push malicious software updates.
Cisco-Sourcefire Integration Takes Shape
News  |  2/25/2014  | 
Integration includes adding Sourcefire's AMP technology into its email and Web security appliances
Healthcare Devices: Security Researchers Sound Alarms
Quick Hits  |  2/25/2014  | 
Default usernames, weak passwords, and widespread Windows XP Embedded systems are cause for concern, SANS Institute researchers say
How I Secure My Personal Cloud
Commentary  |  2/24/2014  | 
As global cloud traffic grows exponentially, IT pros face the daunting task of securing their personal cloud, data, and workloads.
Researchers Bypass Protections In Microsoft's EMET Security Tool
News  |  2/23/2014  | 
Bromium Labs researchers create exploit that the Enhanced Mitigation Experience Toolkit (EMET) 4.1 can't detect
Is The Hypervisor Security's Goldilocks Zone?
News  |  2/21/2014  | 
RSA presentation to put virtualization forward as a tool to fix security's architectural problems
Solving The Security Workforce Shortage
Commentary  |  2/21/2014  | 
To solve the skills shortage, the industry will need to attract a wider group of people and create an entirely new sort of security professional
Study: 96 Percent Of Applications Have Security Vulnerabilities
Quick Hits  |  2/20/2014  | 
Nearly all applications tested have security flaws, Cenzic study says; information leakage is chief culprit
Vulnerability In Tinder Dating App Exposed Users' Location
News  |  2/20/2014  | 
Security flaw made it possible to pinpoint users of Tinder online dating app within 100 feet, researchers say
IT Pros Okay With Government's Role In Cybersecurity
Quick Hits  |  2/20/2014  | 
Most U.S. IT pros see feds' involvement in security a positive, new Dell survey shows
Microsoft Issues Emergency Fix For Internet Explorer Zero-Day
News  |  2/20/2014  | 
'Fix-it' shipped in the wake of at least two targeted attack campaigns exploiting a newly found bug in IE10
Boutique Malware & Hackers For Hire
Commentary  |  2/20/2014  | 
Heads up! Small groups of cyber-mercenaries are now conducting targeted hit-and-run attacks for anyone willing to pay the price.
Securing Data In 4 (Relatively) Easy Steps
Commentary  |  2/20/2014  | 
The key to success in information security is finding the 'right' information in all the data you aim to protect.
Windows Crash Reports Reveal New APT, POS Attacks
News  |  2/20/2014  | 
Researchers discover zero-day attacks after studying the contents of various "Dr. Watson" error reports.
Microsoft Windows Crash Reports Reveal New APT, POS Attacks
News  |  2/19/2014  | 
Researchers discover zero-day attacks after studying the contents of various "Dr. Watson" error reports
U.S. Running Out Of Allies On Cyber Battlefield
News  |  2/19/2014  | 
International cyber policy and enforcement, and ownership over the Internet are thorny topics that will be tackled at the 2014 RSA Conference next week
WebView Exploit Affects Most Android Phones
News  |  2/19/2014  | 
Critical bug affects devices running Jelly Bean (4.2) and earlier Android OSs, including fully updated versions of Google Glass, says Metasploit.
New Zeus Variant Targets Salesforce.com
News  |  2/19/2014  | 
New attack shows the adaptability of Zeus and the challenges of policing an ever-expanding network perimeter
'Connect': A Modern Approach To Mobile, Cloud Identity
Commentary  |  2/19/2014  | 
A new protocol from the OpenID Foundation promises enterprises federated single sign-on that can scale.
5 Tactics To Help Triage Patching
News  |  2/19/2014  | 
Refine risk measurements to better prioritize the patching of vulnerabilities
Former Israeli Military Intel Agents Launch Security Startup
Quick Hits  |  2/19/2014  | 
Cybereason focuses on attacker's activity, behavior
FBI, International Law Enforcement Officials Share Insights On Fighting Cybercrime
News  |  2/18/2014  | 
Officials from the FBI, Netherlands, Interpol, and other agencies on the fight to track and catch cybercriminals around the globe
Bye, Bitcoin: Criminals Seek Other Crypto Currency
News  |  2/18/2014  | 
Law enforcement crackdowns, hack attacks, and market volatility drive Russian fraudsters to mint their own virtual currency systems.
FIDO Alliance Releases Authentication Standards, Unveils Products
News  |  2/18/2014  | 
Proponents say the new specifications will pave the way for the replacement of passwords, which are frequently lost, stolen, or hacked.
Why FIDO Alliance Standards Will Kill Passwords
Why FIDO Alliance Standards Will Kill Passwords
Dark Reading Videos  |  2/18/2014  | 
Phillip Dunkelberger of Nok Nok Labs tells why the time is finally ripe for a password-free computing experience.
FIDO Alliance Publishes Authentication Standards; First Products Unveiled
Quick Hits  |  2/17/2014  | 
FIDO Alliance issues specs for "authentication plumbing;" Nok Nok ships first implementation
Why FIDO Alliance Standards Will Kill Passwords
Why FIDO Alliance Standards Will Kill Passwords
Dark Reading Videos  |  2/17/2014  | 
Phillip Dunkelberger of Nok Nok Labs tells why the time is finally ripe for a password-free computing experience.
Abusing Cloud Services For Cybercrime
News  |  2/14/2014  | 
At the upcoming RSA conference, researchers will discuss how a lack of anti-automation protections allow attackers to take advantage of free cloud services
Page 1 / 3   >   >>


RIP, 'IT Security'
Kevin Kurzawa, Senior Information Security Auditor,  11/13/2018
Empathy: The Next Killer App for Cybersecurity?
Shay Colson, CISSP, Senior Manager, CyberClarity360,  11/13/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I spy, you spy, we all spy...a spy...
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19367
PUBLISHED: 2018-11-20
Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case.
CVE-2018-19335
PUBLISHED: 2018-11-20
Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug reports.
CVE-2018-19334
PUBLISHED: 2018-11-20
Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axis) can be used to obtain sensitive information about the content of bug reports.
CVE-2018-10099
PUBLISHED: 2018-11-20
Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated columns) can be used to obtain sensitive information about the content of bug reports.
CVE-2018-17906
PUBLISHED: 2018-11-19
Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to compromise a component of the system.