News & Commentary
Content posted in June 2015
|
Securing Critical Infrastructure
Protecting the Industrial Internet of Things from cyberthreats is a national priority.
Cisco 'Everywhere': Networking Giant To Buy OpenDNS For $635 Million
OpenDNS, which provides threat intelligence via a software-as-a-service offering, expected to enhance Cisco's existing cloud security offerings.
Getting To Yes: Negotiating Technology Innovation & Security Risk
As enterprises look for ways to leverage the cloud, mobility, Big Data, and social media for competitive advantage, CISOs can no longer give blanket refusals to IT experimentation.
4 Signs Your Board Thinks Security Readiness Is Better Than It Is
Ponemon Institute survey shows a gap in perception between boards of directors and IT executives when it comes to IT risk posture.
Gas Stations In the Bullseye
White hats at Black Hat USA will release free honeypot tool for monitoring attacks against gas tank monitoring systems.
Clever CryptoWall Spreading Via New Attacks
Top ransomware doesn't waste time jumping on the latest Flash zero-day, and hops rides on click fraud campaigns, too.
CSA Announces New Working Group For Cloud Security API Standards
CipherCloud, Deloitte, InfoSys, Intel Security and SAP all on board to start developing vendor-neutral guidelines that could further accelerate CASB growth
Cyber Resilience And Spear Phishing
Balanced security capability, defense in depth, integrated countermeasures, and a threat-intelligence strategy are critical to defending your business from spear-phishing attacks.
Social Engineering & Black Hat: Do As I Do Not As I Say
Yes, I will be at Black Hat, where people will yell at me about NOT giving my PII to anyone, especially if they ask me for it via email.
4 Ways Cloud Usage Is Putting Health Data At Risk
A huge shadow IT problem is just one of the risks of uncontrolled cloud usage in healthcare organizations, new study shows.
3 Simple Steps For Minimizing Ransomware Exposure
If your data is important enough to pay a ransom, why wasn't it important enough to properly backup and protect in the first place?
Stealthy Fobber Malware Takes Anti-Analysis To New Heights
Built off the Tinba banking Trojan and distributed through the elusive HanJuan exploit kit, Fobber info-stealer defies researchers with layers upon layers of encryption.
FireEye Report Prompts Reported SEC Probe Of FIN4 Hacking Gang
Security vendor's report from last year had warned about group targeting insider data from illegal trading.
5 Things You Probably Missed In The Verizon DBIR
A look at a few of the lesser-noticed but meaty nuggets in the annual Verizon Data Breach Investigations Report (DBIR).
What Do You Mean My Security Tools Don’t Work on APIs?!!
SAST and DAST scanners haven’t advanced much in 15 years. But the bigger problem is that they were designed for web apps, not to test the security of an API.
Breach Defense Playbook: Cybersecurity Governance
Time to leave the island: Integrate cybersecurity into your risk management strategy.
How To Avoid Collateral Damage In Cybercrime Takedowns
Internet pioneer and DNS expert Paul Vixie says 'passive DNS' is way to shut down malicious servers and infrastructure without affecting innocent users.
Breach Defense Playbook: Incident Response Readiness (Part 2)
Will your incident response plan work when a real-world situation occurs?
User Monitoring Not Keeping Up With Risk Managers' Needs
Biggest concern is negligence, but monitoring capabilities can't detect this type of activity within most applications.
FBI: CryptoWall Ransomware Cost US Users $18 Million
Increasing pace of ransomware innovation likely to keep that number going up.
The Secret Of War Lies In The Communications --Napoleon
DXL helps organizations keep an eye on external and internal threats using relevant information in real time.
Why China Wants Your Sensitive Data
Since May 2014, the Chinese government has been amassing a 'Facebook for human intelligence.' Here's what it's doing with the info.
Child Exploitation & Assassins For Hire On The Deep Web
'Census report' of the unindexed parts of the Internet unearths everything from Bitcoin-laundering services to assassins for hire.
Banks Targeted By Hackers Three Times More Than Other Sectors
Active targeted attacks on financial services firms in quest for lucrative data -- and of course, money.
Breach Defense Playbook: Incident Response Readiness (Part 1)
Will your incident response plan work when a real-world situation occurs?
Government, Healthcare Particularly Lackluster In Application Security
Veracode's State of Software Security Report lays out industry-specific software security metrics.
The Dark Web: An Untapped Source For Threat Intelligence
Most organizations already have the tools for starting a low-cost, high-return Dark Web cyber intelligence program within their existing IT and cybersecurity teams. Here’s how.
3 Clues That Collaboration And File Sharing Tools Are Cloud Security's Weak Link
Cloud collaboration and file sharing applications continue to raise CISOs' blood pressure.
Report: NSA, GCHQ Actively Targeted Kaspersky Lab, Other Security Vendors
Snowden documents reveal government intelligence agencies were working to subvert security software. Kaspersky Lab calls nation-states' targeting of security companies 'extremely worrying.'
FitBit, Acer Liquid Leap Fail In Security Fitness
Transmissions to the cloud are secured with these Internet of Things devices, but wristband-to-phone comms are open to eavesdropping.
What You Probably Missed In Verizon's Latest DBIR
Tune in to Dark Reading Radio at 1pm ET/11am Pacific on Wednesday, June 24, when Verizon Data Breach Investigations Report co-author Marc Spitler discusses some of the possibly lesser-noticed nuggets in the industry's popular report on real-world attacks.
Breach Defense Playbook: Open Source Intelligence
Do you know what information out there is putting you at risk?
Security Surveys: Read With Caution
I’m skeptical of industry surveys that tell security practitioners what they already know. Don’t state the obvious. Tell us the way forward.
US Hosts The Most Botnet Servers
More malicious command and control servers are based in the US than anywhere else, and China is home to the most bots.
7 Top Security Quotes From London Technology Week
Tech events across the city hit on IoT, smart cities, mobility and Legos.
9 Questions For A Healthy Application Security Program
Teams often struggle with building secure software because fundamental supporting practices aren't in place. But those practices don't require magic, just commitment.
An Effective Community Is More Than Just An Online Forum
It is important to develop a strong base of contributors who can communicate effectively, answer questions, and summarize issues.
Houston Astros' Breach A 'Wake-Up Call' On Industrial Cyber Espionage
The St. Louis Cardinals' alleged breach of the Astros' proprietary database raises concern over the possibility of US companies hacking their rivals for intel.
New Apple iOS, OS X Flaws Pose Serious Risk
Security vulnerabilities could expose passwords for Apple iCloud, email, and bank accounts, and other sensitive information, researchers say.
Breach Defense Playbook: Reviewing Your Cybersecurity Program (Part 2)
Cybersecurity requires a combination of people, process, and technology in a coordinated implementation leveraging a defense-in-depth methodology.
Cybersecurity Advice From A Former White House CIO
Today's playbook demands 'human-centered' user education that assumes people will share passwords, forget them, and do unsafe things to get their jobs done.
No End In Sight For Exposed Internet Of Things, Other Devices
New data from an Internet-scanning project shows vulnerable consumer and enterprise systems remain a big problem on the public Net.
Breach Defense Playbook: Reviewing Your Cybersecurity Program (Part 1)
How does your cybersecurity program compare to your industry peers?
Smart Cities', IoT's Key Challenges: Security, Lack of Standards
London Technology Week: At IFSEC, futurologist Simon Moores asks who's responsible when a smart city crashes.
Time to Focus on Data Integrity
Information security efforts have historically centered on data theft. But cybercriminals who alter corporate records and personal information can also cause serious harm.
New Malware Found Hiding Inside Image Files
Dell SecureWorks CTU researchers say Stegoloader is third example in a year of malware using digital steganography as a detection countermeasure.
Is Your Security Operation Hooked On Malware?
It may seem counterintuitive, but an overzealous focus on malware may be preventing you from detecting even bigger threats.
FBI Investigating St. Louis Cardinals For Allegedly Hacking Houston Astros
Cyber criminals, nation-states, and now professional baseball teams are apparently getting into the hacking game.
Password Manager LastPass Hacked
LastPass says user account email addresses, password reminders, server per user salts, and authentication hashes compromised.
London Tech Week Kicks Off
Before IFSEC and Interop get underway, tech events are scattered about town in the unlikeliest places.
|
White Papers
Video
0 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Some people never learn, he clicked on another Democrat phishing link again!
Latest Comment: Some people never learn, he clicked on another Democrat phishing link again!
Current Issue
Flash Poll
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security — even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-18381
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
From DHS/US-CERT's National Vulnerability Database CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.
CVE-2018-18375PUBLISHED: 2018-10-16
goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, number, username, and password) via the rand parameter.
CVE-2018-18376PUBLISHED: 2018-10-16
goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 allows remote attackers to discover information about currently connected devices (hostnames, IP addresses, MAC addresses, and connection time) via the rand parameter.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This