Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Security Monitoring posted in January 2014
Super Bowl Tech: A Supersized Role For Security
Commentary  |  1/31/2014  | 
The cold weather has been the strongest story line throughout the entire NFL season. Sundays game will be no exception -- behind the scenes and on the field.
Yahoo Mail Passwords: Act Now
News  |  1/31/2014  | 
Yahoo suffers hack attack, eyes third-party database and reused credentials as likely culprits, may enforce two-factor authentication to help users recover accounts.
Finding The Balance Between Compliance & Security
Commentary  |  1/30/2014  | 
IT departments can reduce security risks by combining the flexibility of ISO 27000 with the stringent requirements of PCI. Heres how.
Angry Birds Site Toppled After Surveillance Report
News  |  1/29/2014  | 
Syrian Electronic Army ally allegedly defaces Rovio's Angry Birds website over reports that company shared user data with US and UK surveillance agencies.
Feds Arrest Bitcoin Celebrity In Money Laundering Case
News  |  1/28/2014  | 
Bitcoin Foundation vice chair Charlie Shrem accused of changing $1 million into bitcoins for users of Silk Road marketplace.
How To Defend Point-Of-Sale Systems
News  |  1/27/2014  | 
US-CERT gives advice on defending POS systems against attacks like those against Target, Neiman Marcus.
Michaels Stores Investigates Data Breach
News  |  1/27/2014  | 
Arts-and-crafts retailer goes into damage-control mode after banks report fraud possibly tied to shoppers' credit cards.
Neiman Marcus Data Breach: 1.1M Cards Exposed
News  |  1/24/2014  | 
Debit and credit card details 'scraped' during transactions in stores.
China Blames Massive Internet Blackout On Hackers
News  |  1/23/2014  | 
Evidence about the 45-minute outage points to botched censorship operation, not hackers, security experts say.
Target Mocks, Not Helps, Its Data Breach Victims
Commentary  |  1/22/2014  | 
The only thing consumers did wrong is to shop at Target. Why are they being blamed for the retailer's security failings?
Politically Motivated Cyberattackers Adopt New Tactics
News  |  1/22/2014  | 
Organized cybergroups from China, Syria, and Russia are finding new ways to breach enterprises, CrowdStrike reports.
Power Utility Substations At Risk
News  |  1/22/2014  | 
"Project Robus" so far has exposed dozens of security flaws in software using popular ICS/SCADA network protocol, but several vendors still have not patched.
Target Breach: 5 Unanswered Security Questions
Commentary  |  1/22/2014  | 
Investigators have yet to explain how Target was hacked, whether BlackPOS malware infected its payment servers, and whether the same gang also struck other retailers.
Target, Neiman Marcus Malware Creators Identified
News  |  1/21/2014  | 
Eastern European team developed memory-scraping Kaptoxa (BlackPOS) malware, sold it at least 40 times, says cyber-intelligence firm.
Target Malware Origin Details Emerge
News  |  1/17/2014  | 
Kaptoxa POS malware cited as culprit behind sophisticated, two-stage operation that moved 11 GB of stolen Target data via FTP to a hijacked server in Russia.
Java 'Icefog' Malware Variant Infects US Businesses
News  |  1/15/2014  | 
APT attack campaign uses tough-to-detect Java backdoor to compromise US oil company and two other organizations.
Blackphone Promises To Block Snooping
News  |  1/15/2014  | 
Geeksphone and Silent Circle promise their new smartphone will lock out spies. But the details, including how it works, aren't clear.
What Healthcare Can Teach Us About App Security
Commentary  |  1/15/2014  | 
The Centers for Disease Control protects people from health threats and increases the health security of our nation. Its a mission thats not so different from InfoSec.
Target Breach: 8 Facts On Memory-Scraping Malware
News  |  1/14/2014  | 
Target confirmed that malware compromised its point-of-sale systems. How does such malware work, and how can businesses prevent infections?
Neiman Marcus, Target Data Breaches: 8 Facts
News  |  1/13/2014  | 
A cyberattack campaign, likely coordinated, breached data from Target, Neiman Marcus, and at least three other retailers.
Why IT Security RFPs Are Like Junk Food
Commentary  |  1/13/2014  | 
Buying the latest security technology won't save you if your company isn't carrying out basic health checks.
Fearing NSA Surveillance, 25 Percent Of Firms Plan To Move Data Offshore
Quick Hits  |  1/9/2014  | 
Scandal over NSA privacy violations causes a quarter of companies to change data hosting locations
9 Security Experts Boycott RSA Conference
News  |  1/8/2014  | 
Several leading security experts have pulled out of the RSA conference over unanswered questions concerning the NSA's $10 million payment to RSA.
How Cloud Security Drives Business Agility
Commentary  |  1/7/2014  | 
Cloud computing represents a unique opportunity to re-think enterprise security and risk management.
Name That Toon: Contest Winners Named
Commentary  |  1/6/2014  | 
We enjoyed all the laughs on the road to choosing the winner of our first cartoon caption contest. Check out the funniest entries.
OpenSSL Says Breach Did Not Involve Corrupted Hypervisor
News  |  1/3/2014  | 
Hosting provider's compromised password system, not a hacked hypervisor, led to defacing of OpenSSL.org site, site reps say – after VMware cries foul.
5 Monitoring Initiatives For 2014
News  |  1/3/2014  | 
To get better visibility into the business and potential threats inside their networks, companies should collect more data, use context, and invest more in their employees' expertise
Physical & Network Security: Better Together In 2014
Commentary  |  1/2/2014  | 
How ready are you for the day you discover there are more networked IP security cameras than laptops in your infrastructure – and none adheres to 802.1x standards?


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Incorporating a Prevention Mindset into Threat Detection and Response
Threat detection and response systems, by definition, are reactive because they have to wait for damage to be done before finding the attack. With a prevention-mindset, security teams can proactively anticipate the attacker's next move, rather than reacting to specific threats or trying to detect the latest techniques in real-time. The report covers areas enterprises should focus on: What positive response looks like. Improving security hygiene. Combining preventive actions with red team efforts.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-26773
PUBLISHED: 2022-05-26
A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. An application may be able to delete files for which it does not have permission.
CVE-2022-26774
PUBLISHED: 2022-05-26
A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges.
CVE-2022-26775
PUBLISHED: 2022-05-26
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution.
CVE-2022-26776
PUBLISHED: 2022-05-26
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An attacker may be able to cause unexpected application termination or arbitrary code execution.
CVE-2022-29632
PUBLISHED: 2022-05-26
An arbitrary file upload vulnerability in the component /course/api/upload/pic of Roncoo Education v9.0.0 allows attackers to execute arbitrary code via a crafted file.