Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Security Monitoring posted in March 2014
Incident Response Now Shaping Security Operations
News  |  3/28/2014  | 
How an organization reacts to hackers infiltrating its network is becoming the key to damage control for data -- and the corporate image.
Attacks Rise On Network 'Blind' Spot
News  |  3/27/2014  | 
Interop speaker says DDoS attacks are not the only forms of abuse on the Domain Name Server.
Symantec Fires CEO In Surprise Move
News  |  3/21/2014  | 
Analysts question security and storage giant's turnaround after the board fires its second CEO in two years.
Will Target Face FTC Probe?
News  |  3/20/2014  | 
Retailer's security practices remain under scrutiny as regulators ponder FTC investigation. Meanwhile, Sony options rights to Hollywood cyber-thriller based on breach story.
Many Businesses Fail To Disclose Data Breaches
News  |  3/19/2014  | 
Only about 35% of businesses worldwide say they share attack and threat information with others in their industry, even though 77% admit to suffering from a cyberattack.
Linux Takeover Artists Fling 35M Spam Messages Daily
News  |  3/19/2014  | 
"Operation Windigo" server takeover campaign controls 10,000 hacked servers, launches millions of spam, malware, and drive-by exploit kit attacks per day.
Attackers Hit Clearinghouse Selling Stolen Target Data
News  |  3/18/2014  | 
Hackers interrupt and deface sites of black-market forums selling credit card data stolen from Target and other retailers.
7 Behaviors That Could Indicate A Security Breach
News  |  3/14/2014  | 
Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.
Target Ignored Data Breach Alarms
News  |  3/14/2014  | 
Target's security team reviewed -- and ignored -- urgent warnings from threat-detection tool about unknown malware spotted on the network.
Retail Industry May Pool Intel To Stop Breaches
News  |  3/12/2014  | 
Target and other shopper-data breaches turn up the heat on retail industry to establish a cyberthreat Information-Sharing and Analysis Center.
Can We Control Our Digital Identities?
Commentary  |  3/11/2014  | 
The web and cloud need an identity layer for people to give us more control over our sprawling digital identities.
Target CIO's Resignation: 7 Questions
News  |  3/6/2014  | 
After the data breach, why didn't the buck stop with PCI assessors or CEO? Search for accountability reveals flawed system, much finger-pointing.
Target Starts Security, Compliance Makeover
News  |  3/6/2014  | 
With CIO departing, security and compliance get a higher profile at the beleaguered retailer in the wake of its massive data breach.
Data Breach: Persistence Gives Hackers the Upper Hand
Commentary  |  3/5/2014  | 
Hackers are winning on speed and determination. But we can stack the odds in our favor by shifting the time frames of an attack. Here's how.


NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21238
PUBLISHED: 2021-01-21
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping bec...
CVE-2021-21239
PUBLISHED: 2021-01-21
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does not ...
CVE-2021-21253
PUBLISHED: 2021-01-21
OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for attacker...
CVE-2020-4966
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the...
CVE-2020-4968
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427.