Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in September 2014
Page 1 / 2   >   >>
How A Major Bank Hacked Its Java Security
News  |  9/30/2014  | 
Deutsche Bank London helped create a new application self-defense tool to lock down and virtually patch its Java-based enterprise applications -- even the oldest ones.
Retailers Realize EMV Won't Save Them From Fraudsters
News  |  9/30/2014  | 
Fraudsters hit retailers harder than ever in 2014 and many recognize that even though EMV's chip-and-pin authentication will stem skimming, breaches and other forms of fraud will persist.
Software Assurance: Time to Raise the Bar on Static Analysis
Commentary  |  9/30/2014  | 
The results from tools studies suggest that using multiple tools together can produce more powerful analytics and more accurate results.
How To Hack A Human
Commentary  |  9/30/2014  | 
Check out social engineering expert and founder of the DEF CON Social Engineering Capture the Flag contest Chris Hadnagy's recent interview on Dark Reading Radio.
Be Aware: 8 Tips for Security Awareness Training
Slideshows  |  9/29/2014  | 
Hint: One giant security training session to rule them all is not the way to go.
New Bash Bugs Surface
News  |  9/29/2014  | 
Time to patch again: Newly discovered flaws in Bash put Linux-based systems at risk.
Making Sense Of Shellshock Attack Chaos
News  |  9/29/2014  | 
Attacks against the Bash bug increase in volume and variety, with an emphasis on information gathering and botnet building.
Can We Talk? Finding A Common Security Language
Commentary  |  9/29/2014  | 
How engineers can get beyond the crippling vocabulary and semantic barrier of infosec and actually communicate about cyber risk with bosses and business colleagues.
When Layers On Layers Of Security Equals LOL Security
News  |  9/29/2014  | 
Defense-in-depth is often poorly executed when architecture is not carefully considered.
Apple: Majority Of Mac OS X Users Not At Risk To 'Shellshock'
News  |  9/26/2014  | 
According to Apple, Mac OS X systems are not exposed to remote exploits of Bash unless users have certain UNIX services configured.
Breach Awareness Made Easy
Breach Awareness Made Easy
Dark Reading Videos  |  9/26/2014  | 
What if companies had to disclose breach history in the same way food companies display nutritional information?
Shellshocked: A Future Of Hair On Fire Bugs
Commentary  |  9/26/2014  | 
Most computers affected by Bash will be updated within 10 years. The rest will be vulnerable for the lifespans of all humans now living. This should concern us. But then, global warming should also concern us.
Breached Retailers Harden PoS, For Now
News  |  9/25/2014  | 
Yet another point-of-sale (POS) breach at a major retail chain, and the victim adds encryption.
Malvertising Could Rival Exploit Kits
News  |  9/25/2014  | 
Spate of malvertising campaigns gain steam in recent months, including the Kyle and Stan network, which researchers now believe is nine times bigger than initially estimated.
'Shellshock' Bash Bug Impacts Basically Everything, Exploits Appear In Wild
News  |  9/25/2014  | 
CGI-based web servers are the biggest target, but other web servers, hosting services, embedded systems, Mac OSX, and IoT endpoints are all at risk.
'BERserk' Bug Uncovered In Mozilla NSS Crypto Library Impacts Firefox, Chrome
News  |  9/25/2014  | 
Attackers can exploit the bug to create forged RSA certificates -- it affects versions of Firefox, Thunderbird, Chrome, and SeaMonkey.
How SaaS Adoption Is Changing Cloud Security
Commentary  |  9/25/2014  | 
Sanctioning cloud-based services requires a new approach to security that "assumes breach" and accounts for the limitations of endpoint and perimeter defenses.
Bash Bug May Be Worse Than Heartbleed
News  |  9/24/2014  | 
Linux, Unix, and Internet of Things devices affected by critical vulnerability.
Jimmy John's Gourmet Sandwiches POS Systems Hacked
Quick Hits  |  9/24/2014  | 
Sandwich chain is the latest data breach victim, with credit and debit card data breached in 216 of its restaurants.
Incident Response Fail
News  |  9/24/2014  | 
Fortune 500 companies with incident response teams and plans in place are pessimistic about their effectiveness amid a climate of data breach domination.
From Securities To Security: Why The SEC Is Bringing Cyber To The Boardroom
Commentary  |  9/24/2014  | 
The SEC is emerging as a key proponent of corporate cyber security responsibility and diligence. What does that mean for the CISO?
Are Directories The On-Premises Sacred Cow?
News  |  9/23/2014  | 
As a server orchestration startup reengineers itself into a directory-as-a-service play, the question is why the market hasn't moved to say goodbye to Active Directory and LDAP.
ISIS Cyber Threat To US Under Debate
News  |  9/23/2014  | 
ICS/SCADA systems and networks hackable but not easily cyber-sabotaged without industrial engineering know-how, experts say.
Creating A DDoS Response Playbook
News  |  9/23/2014  | 
A new report details challenges posed by DDoS attacks that you might not have considered.
'Hand-To-Hand Digital Combat' With Threat Actors
Quick Hits  |  9/23/2014  | 
CrowdStrike CEO and co-founder George Kurtz explains how to fight attackers, not fight malware.
Hacking Hackers: Taking Matters Into Private Hands
News  |  9/23/2014  | 
Private groups are fighting back against foreign sources of malware and credit fraud. But methodologies put these digital crusaders and their employers at serious legal risk.
Dark Reading Radio: Trends In Application Security
Commentary  |  9/23/2014  | 
How can we get more security baked into applications? Join us for a discussion today, Wednesday, September 24, at 1:00 p.m. New York, 10 a.m. San Francisco time.
Mobile-Only Employee Trend Could Break Security Models
News  |  9/22/2014  | 
One-third of employees exclusively use mobile devices for work, but security organizations still aren't shifting their risk management focus.
The Truth About Ransomware: Youre On Your Own
Commentary  |  9/22/2014  | 
What should enterprises do when faced with ransomware? The answer is, it depends.
5 Ways To Think Outside The PCI Checkbox
News  |  9/19/2014  | 
New PCI Council GM plans to help organizations move their practices beyond compliance mentality into risk-based security.
Home Depot Breach Surpasses Target In Scope
News  |  9/19/2014  | 
New details have emerged about the breach affecting Home Depot, which exposed 56 million payment cards in stores in the US and Canada and utilized custom malware.
Mobile Device Security Isn't All About Devices
Mobile Device Security Isn't All About Devices
Dark Reading Videos  |  9/19/2014  | 
Roberto Medrano, executive vice president of SOA Software, explains why securing mobile applications and APIs is so essential.
An AppSec Report Card: Developers Barely Passing
Commentary  |  9/19/2014  | 
A new study reveals that application developers are getting failing grades when it comes to their knowledge of critical security such as how to protect sensitive data, Web services, and threat modeling.
Is Enterprise IT Security Ready For iOS 8?
News  |  9/19/2014  | 
Apple bakes in more security features, but iOS 8 won't come without security ops headaches.
5 Ways To Monitor DNS Traffic For Security Threats
Commentary  |  9/18/2014  | 
Check out these examples of how to implement real-time or offline traffic monitoring using common commercial or open source security products.
Google Backs New Effort To Simplify Security
Quick Hits  |  9/18/2014  | 
New organization Simply Secure aims to promote and shape more user-friendly security and privacy technologies on the Internet.
US Military In The Dark On Cyberattacks Against Contractors
News  |  9/18/2014  | 
A lack of communication between military contractors and government agencies about Chinese cyber espionage attacks is revealed in a new Senate report.
7 Reasons To Love Passwords
Slideshows  |  9/17/2014  | 
Passwords are often ridiculed, but there are some reasons they should be your nearest and dearest authentication factor.
Cyberspies Resuscitate Citadel Trojan For Petrochemical Attacks
News  |  9/17/2014  | 
The Citadel Trojan is a rare and odd choice of malware for cyber espionage purposes, experts say.
Data Privacy Etiquette: It's Not Just For Kids
Commentary  |  9/17/2014  | 
Children are the innocent victims of the worst effects of social media. Thats why its vital for adults to establish privacy values that are safe for them -- and the rest of us.
Meet The Next Next-Gen Firewall
News  |  9/16/2014  | 
Or at least the latest iteration of one of the oldest-running security tools that continues to evolve and transform with the times.
Browser Vulnerability 'Privacy Disaster' For 3 Of 4 Android Users
Quick Hits  |  9/16/2014  | 
An exploit of an unsupported Android browser bypasses the ever-important Same Origin Policy.
New CVE Naming Convention Could Break Vulnerability Management
News  |  9/16/2014  | 
MITRE sets deadline for releasing new CVEs with different ID format syntax, regardless of how many vulnerabilities we see in 2014.
DR Radio: A Grown-Up Conversation About Passwords
Commentary  |  9/16/2014  | 
Cormac Herley of Microsoft Research will challenge everything you think you know about password management.
In Defense Of Passwords
Commentary  |  9/16/2014  | 
Long live the password (as long as you use it correctly along with something else).
Worm Illuminates Potential NAS Nightmare
News  |  9/15/2014  | 
A researcher at Black Hat Europe hopes to demonstrate a homegrown, self-replicating worm to illustrate major threats to popular network-attached storage systems.
Internet Of Things Devices Are Doomed
News  |  9/15/2014  | 
Security researchers hack Canon printer firmware to run the classic 90s video game Doom as well as to wreak havoc with other manipulations.
5 Myths: Why We Are All Data Security Risks
Commentary  |  9/15/2014  | 
I am absolutely sure that I could be tricked by a well-crafted spear phishing attack, and I am equally sure I could do the same to you.
Security Ops Confidence Levels Drop
News  |  9/12/2014  | 
Survey shows most organizations unable to keep up with new and emerging threats from state-sponsored attackers.
Why Email Is Worth Saving
Commentary  |  9/12/2014  | 
What if an Internet-scale, federated policy, authentication, and enforcement framework for trusted email delivery were available? It is.
Page 1 / 2   >   >>


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-2079
PUBLISHED: 2019-11-22
A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal.
CVE-2019-11325
PUBLISHED: 2019-11-21
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
CVE-2019-18887
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel.
CVE-2019-18888
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. T...
CVE-2019-18889
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache.