Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in March 2014
<<   <   Page 2 / 3   >   >>
Metadata Poses Both Risks And Rewards
News  |  3/19/2014  | 
For companies, metadata can both be an opportunity to better secure the business and a threat that leaks sensitive data
PandaLabs: 2013 Broke Malware Record
News  |  3/18/2014  | 
70 percent of new malware strains last year were Trojans
Milton Security Integrates Two-Factor Authentication With Cloud Authentication Security Applianc
News  |  3/18/2014  | 
Introduces both cloud-based and locally hosted two-factor authentication
Finjan Holdings Subsidiary Issued New U.S. Patent For Malicious Mobile Code Protection
News  |  3/18/2014  | 
Patent issuance relates to a proprietary malicious mobile code runtime monitoring systems and methods
Attackers Hit Clearinghouse Selling Stolen Target Data
News  |  3/18/2014  | 
Hackers interrupt and deface sites of black-market forums selling credit card data stolen from Target and other retailers.
Many Organizations Don't Go Public With Data Breaches Or Share Intel
News  |  3/18/2014  | 
Some 60 percent of organizations worldwide have an incident response team and plan in place to prepare for an attack, new report finds
Malware Used To Attack More Than 500,000 Computers Daily After 25,000 UNIX Servers Hijacked By Backdoor Trojan
News  |  3/18/2014  | 
The attack infects the computers that visit them and steals information from victims
TrustWave Acquires Application Scanning Vendor Cenzic
News  |  3/18/2014  | 
As a result of the acquisition, Trustwave will deliver both static and dynamic security testing as integrated, subscription-based services
Barracuda Labs Launches Threatglass To Share And Research Malicious Websites
News  |  3/18/2014  | 
Threatglass allows users to graphically browse Web site infections
Voice, Proximity Key To Cutting
E-Payment Fraud
Commentary  |  3/18/2014  | 
While we wait for EMV, US companies should lay the groundwork for strong security.
IBM: We'll Stand Up To NSA
News  |  3/18/2014  | 
IBM says it does not share customer information with U.S. government
Windows XP Holdouts: 6 Top Excuses
News  |  3/17/2014  | 
Microsoft cuts support for Windows XP in less than a month, but millions still use the OS. Are these rationales worth the risk?
DDoS Attacks Hit NATO, Ukrainian Media Outlets
News  |  3/17/2014  | 
As pro-Russia hackers continue DDoS campaigns, Anonymous-branded propaganda reports "imminent US invasion of the Ukraine"
Target Breach: Where The Weak Points Were
News  |  3/17/2014  | 
What played out with the Target breach is another example that, in security, the technology is the easy part
DDoS Attacks Hit NATO, Ukrainian Media Outlets
News  |  3/17/2014  | 
As pro-Russia hackers continue DDoS campaigns, Anonymous-branded propaganda reports "imminent US invasion of the Ukraine."
EMV Is Coming. But Is It Too Little, Too Late?
Commentary  |  3/17/2014  | 
The Target/Neiman Marcus/Michael's Stores breach trifecta may have finally galvanized the US card payment industry. Too bad consumers are poised to change the game.
Target Ignored Data Breach Alarms
Quick Hits  |  3/17/2014  | 
Target's security team reviewed -- and ignored -- urgent warnings from threat-detection tool about unknown malware spotted on the network
Cyberespionage Worm May Have Ties To Multiple Spy Campaigns
News  |  3/14/2014  | 
Researchers at Kaspersky Lab have traced links between Agent.btz and notorious cyberespionage malware, such as Flame
Safe Harbor, Lavabit & The Future Of Cloud Security
Commentary  |  3/14/2014  | 
For cloud computing to grow, we need a balance between individual privacy and control of data, and the government's ability to fight crime and terrorism. Persistent encryption may be the answer.
7 Behaviors That Could Indicate A Security Breach
News  |  3/14/2014  | 
Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.
Target Ignored Data Breach Alarms
News  |  3/14/2014  | 
Target's security team reviewed -- and ignored -- urgent warnings from threat-detection tool about unknown malware spotted on the network.
Defense Department Adopts NIST Security Standards
News  |  3/14/2014  | 
DOD replaces longstanding information assurance process with NIST's holistic "built-in, not bolt-on," risk-focused security approach
NSA Disputes Report On Program To Automate Infection Of 'Millions' Of Machines
Quick Hits  |  3/13/2014  | 
Latest Snowden leaks show details of NSA TURBINE operation, and Facebook founder speaks out
Apple iPhones Could Thwart Thieves, Attackers
News  |  3/13/2014  | 
Apple patent application suggests the company is looking to add personal security features to its mobile devices
Samsung Galaxy Security Alert: Android Backdoor Discovered
News  |  3/13/2014  | 
Samsung's flavor of Android has a backdoor that can be remotely exploited by attackers, Android developers warn
Samsung Galaxy Security Alert: Android Backdoor Discovered
News  |  3/13/2014  | 
Samsung's flavor of Android has a backdoor that can be remotely exploited by attackers, Android developers warn.
CrowdStrike Launches Free Toolkit For Incident Response
Quick Hits  |  3/13/2014  | 
New, free CrowdResponse platform will be Swiss army knife for incident response, CrowdStrike says
Your Cloud Was Breached. Now What?
Commentary  |  3/12/2014  | 
Youre not happy. You just experienced a breach. Heres how to keep calm and secure your cloud.
Bitcoin, Meet Darwin: Crypto Currency's Future
News  |  3/12/2014  | 
First-movers rarely survive, but some experts see a real future for government-issued crypto currency
Windows XP Security Issues: Fact Vs. Fiction
News  |  3/12/2014  | 
Are you prepared for the end of Microsoft support for Windows XP next month?
Bitcoin, Meet Darwin: Crypto Currency's Future
News  |  3/12/2014  | 
First-movers rarely survive, but some experts see a real future for government-issued crypto currency.
Retail Industry May Pool Intel To Stop Breaches
News  |  3/12/2014  | 
Target and other shopper-data breaches turn up the heat on retail industry to establish a cyberthreat Information-Sharing and Analysis Center.
Snowden, Bitcoin, Data Breaches Foretell New Regulations
Commentary  |  3/12/2014  | 
It's inevitable that more businesses will be penalized for breaking customer trust. Is your enterprise prepared for new security laws?
Experian ID Theft Exposed 200M Consumer Records
Quick Hits  |  3/12/2014  | 
ID theft ring sold database with 200 million consumers' private data to 1,300 criminals
Security Services Cater To SMBs
News  |  3/11/2014  | 
Cloud and managed security services are headed down market with simpler interfaces masking their enterprise heritage
Experian ID Theft Exposed 200M Consumer Records
News  |  3/11/2014  | 
ID theft ring sold access to database with 200 million consumers' private data to 1,300 criminals.
Can We Control Our Digital Identities?
Commentary  |  3/11/2014  | 
The web and cloud need an identity layer for people to give us more control over our sprawling digital identities.
Retail Industry Mulls Forming Its Own ISAC For Intel-Sharing
News  |  3/11/2014  | 
Breaches at Target and other retailers sound the alarm for retail industry to establish a cyber-threat Information-Sharing and Analysis Center
IT Generations: Communicating Across The Great Divide
Commentary  |  3/11/2014  | 
At 25 years old, the World Wide Web today presents unique challenges for millennials and crusty curmudgeons alike. Here's how geeks of any age can learn to talk to each other.
Report: Cybercriminals Bank Nearly $4 Billion On Tax Fraud
Quick Hits  |  3/11/2014  | 
Attackers collect almost $4 billion by filing fraudulent tax returns, stealing taxpayer identities, ThreatMetrix report says
Snowden: I'd Do It Again
News  |  3/10/2014  | 
NSA whistleblower fields questions via live video feed at South by Southwest, calls encryption "defense against the dark arts."
Snowden: Encryption Is 'Defense Against The Dark Arts'
News  |  3/10/2014  | 
NSA whistleblower fields questions via live video feed at South by Southwest panel today, says he would definitely leak the surveillance documents all over again
Mt. Gox Chief Stole 100,000 Bitcoins, Hackers Claim
News  |  3/10/2014  | 
Cryptocurrency aficionados' ire stoked by leaked accounts showing 100,000 bitcoins remain missing.
Defending Against Targeted Attacks Requires Human Touch, Speakers Say
Quick Hits  |  3/10/2014  | 
Targeted attacks involve a human element that can be detected and stopped, speakers say at Dark Reading event
Tech Insight: How To Protect Against Attacks Via Your Third-Party Vendors
News  |  3/9/2014  | 
Third-party business connections often provide attackers easy, unfettered access to bigger, richer networks
Black Hat Asia 2014: The Weaponized Web
News  |  3/7/2014  | 
These Black Hat Briefings explore ways the Web can be weaponized -- and how to defend against them
The Case For Browser-Based Access Controls
Commentary  |  3/7/2014  | 
Is "browser-ized" security a better defense against hackers than traditional methods? Check out these two examples.
Oil & Gas Firms Targeted In Web Server Hacks
Quick Hits  |  3/6/2014  | 
'STTEAM' group also attacking Middle East state government sites, General Dynamics Fidelis says
Target CIO's Resignation: 7 Questions
News  |  3/6/2014  | 
After the data breach, why didn't the buck stop with PCI assessors or CEO? Search for accountability reveals flawed system, much finger-pointing.
Target Starts Security, Compliance Makeover
News  |  3/6/2014  | 
With CIO departing, security and compliance get a higher profile at the beleaguered retailer in the wake of its massive data breach.
<<   <   Page 2 / 3   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27180
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail (aka WorldClient). It can be exploited via a GET request. It allows performing any action with the privileges of the attacked user.
CVE-2021-27181
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the application. Having the va...
CVE-2021-27182
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail (aka WorldClient). It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user.
CVE-2021-27183
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location of the filesystem, or he may be able to modify existing files. This vulnerability may directly lead...
CVE-2021-29449
PUBLISHED: 2021-04-14
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details.