Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Security Monitoring posted in January 2014
Super Bowl Tech: A Supersized Role For Security
Commentary  |  1/31/2014  | 
The cold weather has been the strongest story line throughout the entire NFL season. Sundays game will be no exception -- behind the scenes and on the field.
Yahoo Mail Passwords: Act Now
News  |  1/31/2014  | 
Yahoo suffers hack attack, eyes third-party database and reused credentials as likely culprits, may enforce two-factor authentication to help users recover accounts.
Finding The Balance Between Compliance & Security
Commentary  |  1/30/2014  | 
IT departments can reduce security risks by combining the flexibility of ISO 27000 with the stringent requirements of PCI. Heres how.
Angry Birds Site Toppled After Surveillance Report
News  |  1/29/2014  | 
Syrian Electronic Army ally allegedly defaces Rovio's Angry Birds website over reports that company shared user data with US and UK surveillance agencies.
Feds Arrest Bitcoin Celebrity In Money Laundering Case
News  |  1/28/2014  | 
Bitcoin Foundation vice chair Charlie Shrem accused of changing $1 million into bitcoins for users of Silk Road marketplace.
How To Defend Point-Of-Sale Systems
News  |  1/27/2014  | 
US-CERT gives advice on defending POS systems against attacks like those against Target, Neiman Marcus.
Michaels Stores Investigates Data Breach
News  |  1/27/2014  | 
Arts-and-crafts retailer goes into damage-control mode after banks report fraud possibly tied to shoppers' credit cards.
Neiman Marcus Data Breach: 1.1M Cards Exposed
News  |  1/24/2014  | 
Debit and credit card details 'scraped' during transactions in stores.
China Blames Massive Internet Blackout On Hackers
News  |  1/23/2014  | 
Evidence about the 45-minute outage points to botched censorship operation, not hackers, security experts say.
Target Mocks, Not Helps, Its Data Breach Victims
Commentary  |  1/22/2014  | 
The only thing consumers did wrong is to shop at Target. Why are they being blamed for the retailer's security failings?
Politically Motivated Cyberattackers Adopt New Tactics
News  |  1/22/2014  | 
Organized cybergroups from China, Syria, and Russia are finding new ways to breach enterprises, CrowdStrike reports.
Power Utility Substations At Risk
News  |  1/22/2014  | 
"Project Robus" so far has exposed dozens of security flaws in software using popular ICS/SCADA network protocol, but several vendors still have not patched.
Target Breach: 5 Unanswered Security Questions
Commentary  |  1/22/2014  | 
Investigators have yet to explain how Target was hacked, whether BlackPOS malware infected its payment servers, and whether the same gang also struck other retailers.
Target, Neiman Marcus Malware Creators Identified
News  |  1/21/2014  | 
Eastern European team developed memory-scraping Kaptoxa (BlackPOS) malware, sold it at least 40 times, says cyber-intelligence firm.
Target Malware Origin Details Emerge
News  |  1/17/2014  | 
Kaptoxa POS malware cited as culprit behind sophisticated, two-stage operation that moved 11 GB of stolen Target data via FTP to a hijacked server in Russia.
Java 'Icefog' Malware Variant Infects US Businesses
News  |  1/15/2014  | 
APT attack campaign uses tough-to-detect Java backdoor to compromise US oil company and two other organizations.
Blackphone Promises To Block Snooping
News  |  1/15/2014  | 
Geeksphone and Silent Circle promise their new smartphone will lock out spies. But the details, including how it works, aren't clear.
What Healthcare Can Teach Us About App Security
Commentary  |  1/15/2014  | 
The Centers for Disease Control protects people from health threats and increases the health security of our nation. Its a mission thats not so different from InfoSec.
Target Breach: 8 Facts On Memory-Scraping Malware
News  |  1/14/2014  | 
Target confirmed that malware compromised its point-of-sale systems. How does such malware work, and how can businesses prevent infections?
Neiman Marcus, Target Data Breaches: 8 Facts
News  |  1/13/2014  | 
A cyberattack campaign, likely coordinated, breached data from Target, Neiman Marcus, and at least three other retailers.
Why IT Security RFPs Are Like Junk Food
Commentary  |  1/13/2014  | 
Buying the latest security technology won't save you if your company isn't carrying out basic health checks.
Fearing NSA Surveillance, 25 Percent Of Firms Plan To Move Data Offshore
Quick Hits  |  1/9/2014  | 
Scandal over NSA privacy violations causes a quarter of companies to change data hosting locations
9 Security Experts Boycott RSA Conference
News  |  1/8/2014  | 
Several leading security experts have pulled out of the RSA conference over unanswered questions concerning the NSA's $10 million payment to RSA.
How Cloud Security Drives Business Agility
Commentary  |  1/7/2014  | 
Cloud computing represents a unique opportunity to re-think enterprise security and risk management.
Name That Toon: Contest Winners Named
Commentary  |  1/6/2014  | 
We enjoyed all the laughs on the road to choosing the winner of our first cartoon caption contest. Check out the funniest entries.
OpenSSL Says Breach Did Not Involve Corrupted Hypervisor
News  |  1/3/2014  | 
Hosting provider's compromised password system, not a hacked hypervisor, led to defacing of OpenSSL.org site, site reps say – after VMware cries foul.
5 Monitoring Initiatives For 2014
News  |  1/3/2014  | 
To get better visibility into the business and potential threats inside their networks, companies should collect more data, use context, and invest more in their employees' expertise
Physical & Network Security: Better Together In 2014
Commentary  |  1/2/2014  | 
How ready are you for the day you discover there are more networked IP security cameras than laptops in your infrastructure – and none adheres to 802.1x standards?


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3454
PUBLISHED: 2021-10-19
Truncated L2CAP K-frame causes assertion failure. Zephyr versions >= 2.4.0, >= v.2.50 contain Improper Handling of Length Parameter Inconsistency (CWE-130), Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-...
CVE-2021-3455
PUBLISHED: 2021-10-19
Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions >= 2.4.0, >= 2.5.0 contain Use After Free (CWE-416). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp
CVE-2021-41150
PUBLISHED: 2021-10-19
Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough library, prior to 0.12.0, does not properly sanitize delegated role names when caching a repository, or when loading a repository from the filesystem. When the repository is c...
CVE-2021-31378
PUBLISHED: 2021-10-19
In broadband environments, including but not limited to Enhanced Subscriber Management, (CHAP, PPP, DHCP, etc.), on Juniper Networks Junos OS devices where RADIUS servers are configured for managing subscriber access and a subscriber is logged in and then requests to logout, the subscriber may be fo...
CVE-2021-31379
PUBLISHED: 2021-10-19
An Incorrect Behavior Order vulnerability in the MAP-E automatic tunneling mechanism of Juniper Networks Junos OS allows an attacker to send certain malformed IPv4 or IPv6 packets to cause a Denial of Service (DoS) to the PFE on the device which is disabled as a result of the processing of these pac...