News & Commentary

Content posted in May 2015
Page 1 / 2   >   >>
Home Routers Being Targeted in DNS Hijacking Attack, Trend Micro Says
News  |  5/29/2015  | 
Attackers attempting to steal sensitive data by diverting home router traffic to malicious domains, security firm says.
How I Would Secure The Internet With $4 Billion
Commentary  |  5/29/2015  | 
In an open letter to President Obama, a member of the Open Web Application Security Project tells why pending legislation on threat-intel sharing doesnt go far enough.
UN Report Warns Encryption Backdoors Violate Human Rights
News  |  5/28/2015  | 
Report says States should be promoting strong encryption and anonymity tools, not restricting them.
IRS Attack Demonstrates How Breaches Beget More Breaches
News  |  5/28/2015  | 
Weak authentication validation assumed only taxpayers would know their Social Security Numbers and other information that criminals have been stealing for years.
Small-to Mid-sized Organizations Targeted By 'Grabit' Cyberspies
News  |  5/28/2015  | 
Rare SMB-focused cyber espionage campaign hitting small firms worldwide.
'Tox' Offers Ransomware As A Service
News  |  5/28/2015  | 
The ransomware is free to use but site retains 20 percent of any ransom that is collected, McAfee researcher says.
What Are You Doing During The Golden Hour After An Attack?
Partner Perspectives  |  5/28/2015  | 
Take the time to detect the attack, isolate the infected machines, and restore them to a known state.
FUD Watch: The Marketing Of Security Vulnerabilities
Commentary  |  5/28/2015  | 
Im all for raising awareness, but making designer vulnerabilities, catchy logos and content part of the disclosure process is a step in the wrong direction.
Data Theft The Goal Of BlackEnergy Attacks On Industrial Control Systems, Researchers Say
News  |  5/28/2015  | 
CyberX analysis of BlackEnergy module reveals most likely motive behind sophisticated multi-year attack campaign.
Oracle PeopleSoft In The Crosshairs
News  |  5/27/2015  | 
Presenter at Hack In The Box says PeopleSoft is in worse security shape than SAP was five years ago.
Moose Malware Uses Linux Routers For Social Network Fraud
News  |  5/27/2015  | 
Linux/Moose is sophisticated enough to do DNS hijacks, DDoSes, and deep network penetration...so why is it wasting its time on Instagram?
Escalating Cyberattacks Threaten US Healthcare Systems
Commentary  |  5/27/2015  | 
Electronic health records are prime targets because healthcare organizations lack the resources, processes, and technologies to protect them. And its only going to get worse.
What Data Breaches Now Cost And Why
News  |  5/27/2015  | 
New Ponemon report says the cost of a data breach has increased by 23% and healthcare and education breaches are the most pricey.
IRS Breach Exposes 100,000 Taxpayers' Tax Returns, Other Data
Quick Hits  |  5/26/2015  | 
Online 'Get Transcript' service accessed from February to mid-May.
Profile Of A Cybercrime Petty Thief
News  |  5/26/2015  | 
Trend Micro provides peek at methods of amateur, lone-wolf carder.
A Threat Intelligence-Sharing Reality-Check
News  |  5/26/2015  | 
Many organizations employ sharing one-way (gathering) and mainly for 'CYA,' experts say.
State-Sponsored Cybercrime: A Growing Business Threat
Commentary  |  5/26/2015  | 
You dont have to be the size of Sony -- or even mock North Korea -- to be a target.
DR Radio: Incident Response War-Gaming
Commentary  |  5/25/2015  | 
Learn how to practice the post-breach panicking.
Google: Account Recovery Security Questions Not Very Secure
News  |  5/22/2015  | 
An analysis of millions of answers to security questions show many are predictable and easily guessable, says Google.
Cyber Threat Analysis: A Call for Clarity
Commentary  |  5/22/2015  | 
The general public deserves less hyperbole and more straight talk
Hacking Virginia State Trooper Cruisers
News  |  5/22/2015  | 
Working group of federal agencies and private industry launched by the state of Virginia is studying car vulnerabilities and building tools to detect and protect against vehicle hacking and tampering.
Data Encryption In The Cloud: Square Pegs In Round Holes
Commentary  |  5/21/2015  | 
Conventional encryption is a surefire solution for protecting sensitive data -- except when it breaks cloud applications. Format-preserving encryption could change all that.
Half Of Retail, Healthcare Sites 'Always Vulnerable'
News  |  5/21/2015  | 
Finding vulnerabilities in custom web applications isn't the major problem; fixing them in a timely fashion is, a new report from WhiteHat Security finds.
1.1 Million Hit In Another BlueCross BlueShield Breach
Quick Hits  |  5/20/2015  | 
CareFirst BCBS announces breach, two months after Premera Blue Cross disclosed a breach of 11 million records.
Logjam Encryption Flaw Threatens Secure Communications On Web
News  |  5/20/2015  | 
Most major browsers, websites that support export ciphers impacted
The Cloud Revolution Requires High-Performance Attack Prevention
Partner Perspectives  |  5/20/2015  | 
Where there is traffic, there are bandits.
Planes, Tweets & Possible Hacks From Seats
News  |  5/20/2015  | 
There are conflicting reports over whether security researcher Chris Roberts hacked into flight controls and manipulated a plane.
5 Signs Credentials In Your Network Are Being Compromised
Commentary  |  5/20/2015  | 
Where should you start to keep ahead of attackers using insiders to steal corporate secrets or personal identifiable information? Check out these common scenarios.
Retailers Take 197 Days To Detect Advanced Threat, Study Says
News  |  5/19/2015  | 
Most common method of identifying them as advanced threats is a "gut feeling."
3 'Old' Attack Trends That Dominated Q1
News  |  5/19/2015  | 
What's old is new as attackers recycle their attack patterns.
Hacking Airplanes: No One Benefits When Lives Are Risked To Prove A Point
Commentary  |  5/19/2015  | 
In the brave new world of self-driving cars and Wifi-enabled pacemakers, everything we do as information security professionals, everything we hack, every joke we make on Twitter, has real, quantifiable consequences.
Every 4 Seconds New Malware Is Born
News  |  5/18/2015  | 
New report shows rate of new malware strains discovered increased by 77 percent in 2014.
Experts Urge InfoSec Info Sharing At Columbia-GCIG Conference
News  |  5/18/2015  | 
'It all starts at the bar with a beer.'
Why We Can't Afford To Give Up On Cybersecurity Defense
Commentary  |  5/18/2015  | 
There is no quick fix, but organizations can massively reduce the complexity of building secure applications by empowering developers with four basic practices.
Polish Security Firm Discloses Unpatched Security Flaws in Google App Engine
News  |  5/15/2015  | 
Google was given enough time to respond researcher says.
Drinking from the Malware Fire Hose
Partner Perspectives  |  5/15/2015  | 
Take a staged approach to processing malware in bulk so that scarce and time-limited resources can be prioritized for only those threats that truly require them.
The Cybercrime Carnival in Brazil: Loose Cyberlaws Make for Loose Cybercriminals
Commentary  |  5/15/2015  | 
Brazil loses over $8 billion a year to Internet crime, making it the second-largest cybercrime generator in the world.
Experts' Opinions Mixed On VENOM Vulnerability
News  |  5/14/2015  | 
Some say the virtualization vuln could be worse than Heartbleed, while others advise to patch, but don't panic.
When Encrypted Communication Is Not Good Enough
Commentary  |  5/14/2015  | 
For the vast majority of conversations -- on paper, by phone or computer -- encryption is a perfectly adequate form of protection. Unless, of course, a life or livelihood is at stake.
Cloud Security Alliance, Waverley Labs Collaborate On Open-Source Software-Defined Perimeter Spec
News  |  5/13/2015  | 
SDPs offer enterprises an alternative to traditional perimeter tools for protecting network assets, says CSA, Waverley
Teaming Up to Educate and Enable Better Defense Against Phishing
Partner Perspectives  |  5/13/2015  | 
Companies need to both educate their employees and implement prevention technology.
Oil & Gas Firms Hit By Cyberattacks That Forgo Malware
News  |  5/13/2015  | 
New spin on the 'Nigerian scam' scams crude oil buyers out of money with bait-and-switch.
Taking A Security Program From Zero To Hero
Commentary  |  5/13/2015  | 
Breaking the enigma of InfoSec into smaller bites is a proven method for building up an organizations security capabilities. Here are six steps to get you started.
VENOM Zero-Day May Affect Thousands Of Cloud, Virtualization Products
News  |  5/13/2015  | 
Critical vulnerability in the open-source QEMU hypervisor lets attackers break out of a virtual machine, execute code on a host machine and access all the other VMs on the host.
Verizon 2015 Data Breach Cover Puzzler Solved: Defending Champs Win
News  |  5/12/2015  | 
The 2015 DBIR Cover Challenge is as highly anticipated by some as the DBIR report itself.
Vulnerability Disclosure Deja Vu: Prosecute Crime Not Research
Commentary  |  5/12/2015  | 
There is a lesson to be learned from a locksmith living 150 years ago: Attackers and criminals are the only parties who benefit when security researchers fear the consequences for reporting issues.
First Example Of SAP Breach Surfaces
News  |  5/12/2015  | 
USIS attack in 2013 stealing background check information about government personnel with classified clearance came by way of an SAP exploit.
Protecting The Data Lifecycle From Network To Cloud
Commentary  |  5/12/2015  | 
Enterprises are pushing more sensitive and regulated data into the public cloud than ever before. But the journey carries many new risks.
10 Security Questions To Ask A Cloud Service Provider
Slideshows  |  5/12/2015  | 
Help the business assess the risks of cloud services with these handy questions.
What Does China-Russia 'No Hack' Pact Mean For US?
News  |  5/11/2015  | 
It could be an Internet governance issue or a response to the U.S. DoD's new cyber strategy, but one thing is certain: it doesn't really mean China and Russia aren't spying on one another anymore.
Page 1 / 2   >   >>


More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark Reading,  5/24/2018
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11471
PUBLISHED: 2018-05-25
Cockpit 0.5.5 has XSS via a collection, form, or region.
CVE-2018-11472
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php).
CVE-2018-11473
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration).
CVE-2018-11474
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at admin/index.php?id=users&action=edit&user_id=1 does not invalidate a session that is open in a different browser.
CVE-2018-11475
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1/edit does not invalidate a session that is open in a different browser.