News & Commentary
Content posted in September 2015
|
DHS Funds Project For Open Source 'Invisible Clouds'
Cloud Security Alliance and Waverley Labs to build software-defined perimeter (SDP) to protect cloud and critical infrastructure from DDoS attacks.
A Father’s Perspective On The Gender Gap In Cybersecurity
There are multiple reasons for the dearth of women in infosec when the field is so rich with opportunity. The big question is what the industry is going to do about it.
State Trooper Vehicles Hacked
Car-hacking research initiative in Virginia shows how even older vehicles could be targeted in cyberattacks.
New Tactic Finds RAT Operators Fast
Low tolerance for latency makes RAT operators less likely to use proxies, easier to track back home.
3 Steps To Knowing Your Network
Managing your IT assets is a daily effort requiring vigilance and persistence.
Why Many Organizations Still Don't Use Threat Intelligence Portals
New data shows definite interest in adopting threat intel offerings, but also concerns about costs, resources.
The 'Remediation Gap:' A 4-Month Invitation To Attack
Organizations set out the welcome mat for cyberattackers by taking an average of 120 days to patch flaws.
The Unintended Attack Surface Of The Internet Of Things
How a vulnerability in a common consumer WiFi device is challenging today’s enterprise security.
10 Password Managers For Business Use
Beyond helping end users keep track of their logins, some password managers can integrate with Active Directory and generate compliance reports.
Deconstructing The Challenges Of Software Assurance For Connected Cars
Ensuring software security in the auto industry will entail careful attention to all aspects of software development: design, coding standards, testing, verification and run-time assurance.
New Data Finds Women Still Only 10% Of Security Workforce
But more women hold governance, risk and compliance (GRC) roles than men, new (ISC)2 report finds.
China, US Agree To Not Conduct Cyberespionage For Economic Gain
Pledge applies to stealing trade secrets but stops short of banning traditional espionage via hacking.
Google, Others Seek to Make Cybercrime Costlier For Criminals
Most effective long-term strategy is to target the support infrastructure and financial services used by criminals, Google says
FTC v. Wyndham: ‘Naughty 9’ Security Fails to Avoid
The Federal Trade Commission’s fair trade suit against Wyndham hotels offers insight into the brave new world of cybersecurity regulation of consumer data.
Chinese Military Behind South China Sea Cyber Espionage Attacks
An infamous advanced persistent threat hacking group known as Naikon is actually China's PLA Unit 78020 and a military intelligence expert there, traced to the attacks via his social media and other activity.
4 IoT Cybersecurity Issues You Never Thought About
Government, industry and security professionals problem-solve the daunting challenges of the Internet of Things.
Cisco Offers Free Tool To Detect SYNful Knock Router Malware
Tool helps businesses detect routers running known version of newly discovered malicious implant.
Shellshock’s Cumulative Risk One Year Later
How long does it take to patch an entire distribution and bring it up to date? Longer than you think.
Healthcare Organizations Twice As Likely To Experience Data Theft
Bad guys very willing to invest in attacking medical data, but healthcare not very willing to invest in defending it.
Cloud Security Visibility Gap Dogs Deployments
SANS says visibility is the top cloud security concern.
Gartner: Global Security Spending Rises Nearly 5% Despite 'Commoditization'
Security market to hit $75.4 billion in 2015, but endpoint and consumer software segments slowing due to saturation.
OPM Finds Another 4 Million Fingerprints Stolen In Hack
Fallout from the data breach at the Office of Personnel Management continues to swell.
Healthcare Biggest Offender In 10 Years Of Data Breaches
Missing devices and untrustworthy insiders made the healthcare industry responsible for more (reported) data breaches than any other sector all decade.
Free Tool Helps Companies Measure And Map Their Bug Reporting Programs
The new Vulnerability Coordination Maturity Model (VCMM) created by HackerOne's Katie Moussouris, includes an assessment tool, key elements, and best practices in a vulnerability coordination program.
The Common Core Of Application Security
Why you will never succeed by teaching to the test.
Why It’s Insane To Trust Static Analysis
If you care about achieving application security at scale, then your highest priority should be to move to tools that empower everyone, not just security experts.
Buyer Beware: How To Avoid Getting Sucked Into Shelfware
Three simple questions can help ensure you get the most value out of your information security investments.
Run, Jump, Shoot, Infect: Trojanized Games Invade Google Play
ESET Researchers find Trojan Mapin bundled with games that look like popular titles such as Plants vs. Zombies and Candy Crush.
XcodeGhost Another Crack In Apple's Circle of Trust
On the heels of KeyRaider's attack on jailbroken iPhones, attackers show they can hit non-broken devices too, sneaking 39 weaponized apps onto the official App Store and around Apple's best efforts to lock down its developer environment.
Navigating The Slippery Slope Of Public Security Disclosure
In talking publicly about cybersecurity, CISOs need to portray capability, strength, and confidence, but without offering critical details that could lead to an attack.
Windows PCs Make Up 80% Of Mobile Network Infections
Microsoft Windows PCs -- not smartphones and tablets -- harbor most of the malware on mobile networks, according to a new Alcatel-Lucent report.
Visibility: The Key To Security In The Cloud
You can’t secure what you can’t see. These five best practices will shed some light on how to protect your data from the ground up.
MiniDuke, CosmicDuke APT Group Likely Sponsored By Russia
F-Sure's look at the Dukes' seven years of attack campaigns and impressive portfolio of malware suggests stable financial backing, interest in Russian foreign policy, and no fear of getting caught.
Law Enforcement's Winning Week In Cybercrime
Russian hackers cop to Heartland breach and two men are arrested in connection with a major ransomware scheme -- but meanwhile, the hacking beat goes on.
5 Most Common Firewall Configuration Mistakes
A misconfigured firewall can damage your organization in more ways than you think. Here’s where to look for the holes.
Why Is Endpoint Security Failing?
Endpoint security assurance is not just about detecting threats, but about building a more effective endpoint security program.
Darknet Is Full Of Criminals & Governments Giving TOR A Bad Name
Human traffickers, crowd-sourcing murderers, child pornographers, and governments in the market for juicy zero-days are flooding the Dark Web -- making it hard for the good guys to defend it.
How Is Your Data Getting Out?
It’s 11:00 p.m. Do you know where your data is?
Wordpress Dodges Further Embarassment By Patching Three Vulns
The popular platform for building and running websites fixed two XSS-scripting vulnerabilities and a potential privilege escalation exploit that could have put millions of sites at risk.
AirDrop Exploit Drops Malware On Mac, iPhone, But Not iOS 9
iOS 9 drops today, and includes a patch for the vulnerability that lets attackers bomb any iOS and Mac device within Bluetooth range, via the Airdrop file-sharing feature.
'No-Tell' Motel: Where Hospitality Meets Cybercrime On The Dark Web
In the month of July alone, hundreds of hospitality-related goods and services were offered for sale on the Dark Web including big names like Wyndham, Marriott, Hilton and Starwood.
Fixing IoT Security: Dark Reading Radio Wednesday at 1 P.M. ET
Join us for a conversation about what is being done and what needs to be done to secure the Internet of Things.
Backdoored Business Routers An Emerging Threat
Discovery of malicious implants in 14 Cisco routers, “tip of iceberg” FireEye says
Information Security Lessons From Literature
How classic themes about listening, honesty, and truthfulness can strengthen your organization’s security posture, programs and operations.
|
White Papers
Video
10 Comments
Current Issue
5 Emerging Cyber Threats to Watch for in 2019Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2019-8423
PUBLISHED: 2019-02-18
PUBLISHED: 2019-02-18
PUBLISHED: 2019-02-18
PUBLISHED: 2019-02-18
PUBLISHED: 2019-02-18
From DHS/US-CERT's National Vulnerability Database CVE-2019-8423
PUBLISHED: 2019-02-18
ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.
CVE-2019-8424PUBLISHED: 2019-02-18
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.
CVE-2019-8425PUBLISHED: 2019-02-18
includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages.
CVE-2019-8426PUBLISHED: 2019-02-18
skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter.
CVE-2019-8427PUBLISHED: 2019-02-18
daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2019 UBM, All rights reserved
Tweet This