News & Commentary
Content posted in September 2015
|
DHS Funds Project For Open Source 'Invisible Clouds'
Cloud Security Alliance and Waverley Labs to build software-defined perimeter (SDP) to protect cloud and critical infrastructure from DDoS attacks.
A Father’s Perspective On The Gender Gap In Cybersecurity
There are multiple reasons for the dearth of women in infosec when the field is so rich with opportunity. The big question is what the industry is going to do about it.
State Trooper Vehicles Hacked
Car-hacking research initiative in Virginia shows how even older vehicles could be targeted in cyberattacks.
New Tactic Finds RAT Operators Fast
Low tolerance for latency makes RAT operators less likely to use proxies, easier to track back home.
3 Steps To Knowing Your Network
Managing your IT assets is a daily effort requiring vigilance and persistence.
Why Many Organizations Still Don't Use Threat Intelligence Portals
New data shows definite interest in adopting threat intel offerings, but also concerns about costs, resources.
The 'Remediation Gap:' A 4-Month Invitation To Attack
Organizations set out the welcome mat for cyberattackers by taking an average of 120 days to patch flaws.
The Unintended Attack Surface Of The Internet Of Things
How a vulnerability in a common consumer WiFi device is challenging today’s enterprise security.
10 Password Managers For Business Use
Beyond helping end users keep track of their logins, some password managers can integrate with Active Directory and generate compliance reports.
Deconstructing The Challenges Of Software Assurance For Connected Cars
Ensuring software security in the auto industry will entail careful attention to all aspects of software development: design, coding standards, testing, verification and run-time assurance.
New Data Finds Women Still Only 10% Of Security Workforce
But more women hold governance, risk and compliance (GRC) roles than men, new (ISC)2 report finds.
China, US Agree To Not Conduct Cyberespionage For Economic Gain
Pledge applies to stealing trade secrets but stops short of banning traditional espionage via hacking.
Google, Others Seek to Make Cybercrime Costlier For Criminals
Most effective long-term strategy is to target the support infrastructure and financial services used by criminals, Google says
FTC v. Wyndham: ‘Naughty 9’ Security Fails to Avoid
The Federal Trade Commission’s fair trade suit against Wyndham hotels offers insight into the brave new world of cybersecurity regulation of consumer data.
Chinese Military Behind South China Sea Cyber Espionage Attacks
An infamous advanced persistent threat hacking group known as Naikon is actually China's PLA Unit 78020 and a military intelligence expert there, traced to the attacks via his social media and other activity.
4 IoT Cybersecurity Issues You Never Thought About
Government, industry and security professionals problem-solve the daunting challenges of the Internet of Things.
Cisco Offers Free Tool To Detect SYNful Knock Router Malware
Tool helps businesses detect routers running known version of newly discovered malicious implant.
Shellshock’s Cumulative Risk One Year Later
How long does it take to patch an entire distribution and bring it up to date? Longer than you think.
Healthcare Organizations Twice As Likely To Experience Data Theft
Bad guys very willing to invest in attacking medical data, but healthcare not very willing to invest in defending it.
Cloud Security Visibility Gap Dogs Deployments
SANS says visibility is the top cloud security concern.
Gartner: Global Security Spending Rises Nearly 5% Despite 'Commoditization'
Security market to hit $75.4 billion in 2015, but endpoint and consumer software segments slowing due to saturation.
OPM Finds Another 4 Million Fingerprints Stolen In Hack
Fallout from the data breach at the Office of Personnel Management continues to swell.
Healthcare Biggest Offender In 10 Years Of Data Breaches
Missing devices and untrustworthy insiders made the healthcare industry responsible for more (reported) data breaches than any other sector all decade.
Free Tool Helps Companies Measure And Map Their Bug Reporting Programs
The new Vulnerability Coordination Maturity Model (VCMM) created by HackerOne's Katie Moussouris, includes an assessment tool, key elements, and best practices in a vulnerability coordination program.
The Common Core Of Application Security
Why you will never succeed by teaching to the test.
Why It’s Insane To Trust Static Analysis
If you care about achieving application security at scale, then your highest priority should be to move to tools that empower everyone, not just security experts.
Buyer Beware: How To Avoid Getting Sucked Into Shelfware
Three simple questions can help ensure you get the most value out of your information security investments.
Run, Jump, Shoot, Infect: Trojanized Games Invade Google Play
ESET Researchers find Trojan Mapin bundled with games that look like popular titles such as Plants vs. Zombies and Candy Crush.
XcodeGhost Another Crack In Apple's Circle of Trust
On the heels of KeyRaider's attack on jailbroken iPhones, attackers show they can hit non-broken devices too, sneaking 39 weaponized apps onto the official App Store and around Apple's best efforts to lock down its developer environment.
Navigating The Slippery Slope Of Public Security Disclosure
In talking publicly about cybersecurity, CISOs need to portray capability, strength, and confidence, but without offering critical details that could lead to an attack.
Windows PCs Make Up 80% Of Mobile Network Infections
Microsoft Windows PCs -- not smartphones and tablets -- harbor most of the malware on mobile networks, according to a new Alcatel-Lucent report.
Visibility: The Key To Security In The Cloud
You can’t secure what you can’t see. These five best practices will shed some light on how to protect your data from the ground up.
MiniDuke, CosmicDuke APT Group Likely Sponsored By Russia
F-Sure's look at the Dukes' seven years of attack campaigns and impressive portfolio of malware suggests stable financial backing, interest in Russian foreign policy, and no fear of getting caught.
Law Enforcement's Winning Week In Cybercrime
Russian hackers cop to Heartland breach and two men are arrested in connection with a major ransomware scheme -- but meanwhile, the hacking beat goes on.
5 Most Common Firewall Configuration Mistakes
A misconfigured firewall can damage your organization in more ways than you think. Here’s where to look for the holes.
Why Is Endpoint Security Failing?
Endpoint security assurance is not just about detecting threats, but about building a more effective endpoint security program.
Darknet Is Full Of Criminals & Governments Giving TOR A Bad Name
Human traffickers, crowd-sourcing murderers, child pornographers, and governments in the market for juicy zero-days are flooding the Dark Web -- making it hard for the good guys to defend it.
How Is Your Data Getting Out?
It’s 11:00 p.m. Do you know where your data is?
Wordpress Dodges Further Embarassment By Patching Three Vulns
The popular platform for building and running websites fixed two XSS-scripting vulnerabilities and a potential privilege escalation exploit that could have put millions of sites at risk.
AirDrop Exploit Drops Malware On Mac, iPhone, But Not iOS 9
iOS 9 drops today, and includes a patch for the vulnerability that lets attackers bomb any iOS and Mac device within Bluetooth range, via the Airdrop file-sharing feature.
'No-Tell' Motel: Where Hospitality Meets Cybercrime On The Dark Web
In the month of July alone, hundreds of hospitality-related goods and services were offered for sale on the Dark Web including big names like Wyndham, Marriott, Hilton and Starwood.
Fixing IoT Security: Dark Reading Radio Wednesday at 1 P.M. ET
Join us for a conversation about what is being done and what needs to be done to secure the Internet of Things.
Backdoored Business Routers An Emerging Threat
Discovery of malicious implants in 14 Cisco routers, “tip of iceberg” FireEye says
Information Security Lessons From Literature
How classic themes about listening, honesty, and truthfulness can strengthen your organization’s security posture, programs and operations.
|
White Papers
Video
0 Comments
Current Issue
Flash Poll
The State of IT and Cybersecurity
IT and security are often viewed as different disciplines - and different departments. Find out what our survey data revealed, read the report today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-15601
PUBLISHED: 2018-08-21
PUBLISHED: 2018-08-21
PUBLISHED: 2018-08-21
PUBLISHED: 2018-08-21
PUBLISHED: 2018-08-21
From DHS/US-CERT's National Vulnerability Database CVE-2018-15601
PUBLISHED: 2018-08-21
apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 performs a urldecode step too late in the "Cannot upload executable files" protection mechanism.
CVE-2018-15603PUBLISHED: 2018-08-21
An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the Author field of the "Leave a Comment" screen.
CVE-2018-15598PUBLISHED: 2018-08-21
Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable.
CVE-2018-15599PUBLISHED: 2018-08-21
The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase.
CVE-2018-0501PUBLISHED: 2018-08-21
The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This