Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in June 2014
How Microsoft Cracks The BYOD Code: 3 Tips
Commentary  |  6/30/2014  | 
Microsofts CISO shares best-practices for balancing employee autonomy and security in todays bring-your-own world.
3 Mobile Security Tips For SMBs
Commentary  |  6/27/2014  | 
Everyone in an organization has to work together to combat intrusions and data loss, but this is especially true for small businesses.
Cloud Security: Think Todays Reality, Not Yesterdays Policy
Commentary  |  6/25/2014  | 
SaaS, BYOD, and mobility are inseparable, yet time and time again companies attempt to compartmentalize the three when they make a move to the cloud. That's a big mistake.
Battling The Bot Nation
News  |  6/24/2014  | 
Online fraudsters and cyber criminals -- and even corporate competitors -- rely heavily on bots, and an emerging startup aims to quickly spot bots in action.
Crowdsourcing & Cyber Security: Who Do You Trust?
Commentary  |  6/24/2014  | 
A collective security defense can definitely tip the balance in favor of the good guys. But challenges remain.
Despite Target, Retailers Still Weak On Third-Party Security
Quick Hits  |  6/24/2014  | 
A new survey from TripWire shows mixed results about retailers' security practices.
P.F. Chang's Breach Went Undetected For Months
Commentary  |  6/23/2014  | 
Early reports indicate that the compromise involved a large number of restaurant locations and dates as far back as September 2013.
Spyware Found On Chinese-Made Smartphone
Quick Hits  |  6/19/2014  | 
Unknown manufacturer ships smartphones loaded with app that could allow a hacker to steal personal data or spy on the user, German researcher says.
Data Security Decisions In A World Without TrueCrypt
Commentary  |  6/18/2014  | 
The last days of TrueCrypt left many unanswered questions. But one thing is certain: When encryption freeware ends its life abruptly, being a freeloader can get you into a load of trouble.
Dark Reading Radio: The Human Side Of Online Attacks
Commentary  |  6/18/2014  | 
Today's DR Radio show offers a look at phishing, social engineering, and the weakest link in the cyber defense chain: humans. Showtime is 1:00 p.m. EDT.
Security Pro File: Spam-Inspired Journey From Physics To Security
News  |  6/17/2014  | 
SANS Internet Storm Center director Johannes Ullrich talks threat tracking, spam, physics -- and his pick for the World Cup.
The Problem With Cyber Insurance
Commentary  |  6/17/2014  | 
Insurers have yet to develop an evidence-based method to assess a company's cyber risk profile. This can result in high premiums, low coverage, and broad exclusions.
A Roadmap for CIOs & CSOs After the Year of the Mega Breach
Commentary  |  6/16/2014  | 
The journey starts with three steps: Engage the C-suite, think like a hacker, and look at the big picture.
Heartbleed & The Long Tail Of Vulnerabilities
Commentary  |  6/13/2014  | 
To this day there are still unpatched systems, still hackers scanning for vulnerable systems, and still cyber criminals using Heartbleed every day to break into companies.
Kids To Hack Corporate Crime Caper Case At DEF CON
News  |  6/12/2014  | 
The Social Engineering Capture the Flag contest for kids is now an official DEF CON contest.
Monitor DNS Traffic & You Just Might Catch A RAT
Commentary  |  6/12/2014  | 
Criminals will exploit any Internet service or protocol when given the opportunity. Here are six signs of suspicious activity to watch for in the DNS.
Microsoft Releases 2 Critical Updates, Patches 59 IE Holes
News  |  6/11/2014  | 
Patch Tuesday resolved 66 vulnerabilities in all, including two that had already been publicly disclosed without patches.
Dont Let Lousy Teachers Sink Security Awareness
Commentary  |  6/11/2014  | 
You can't fix a human problem with a technology solution. Here are three reasons why user education can work and six tips on how to develop a corporate culture of security.
New Commercialized Trojan Takes Fresh Approach To Password-Stealing
News  |  6/10/2014  | 
Unlike most banking malware of today, new Pandemiya skips the Zeus source code and starts from scratch.
Putter Panda: Tip Of The Iceberg
Commentary  |  6/10/2014  | 
What CrowdStrike's outing of Putter Panda -- the second hacking group linked to China's spying on US defense and European satellite and aerospace industries -- means for the security industry.
Dark Reading Radio: Breaking the Glass Ceiling in InfoSec
Commentary  |  6/6/2014  | 
Join the discussion about the challenges and rewards of being a woman in IT security from the vantage point of three accomplished security professionals. Wednesday, June 11, 2014 at 1:00 p.m. ET
TweetDeck Scammers Steal Twitter IDs Via OAuth
News  |  6/6/2014  | 
Users who give up their TweetDeck ID are promised 20 followers for free or 100 to 5,000 new followers a day for five days.
If HTML5 Is The Future, What Happens To Access Control?
Commentary  |  6/5/2014  | 
The solution for multi-device deployment is HTML5. The challenge, for the enterprise, is deploying it correctly. Here are seven tools you will need.
New OpenSSL Flaw Exposes SSL To Man-In-The-Middle Attack
Quick Hits  |  6/5/2014  | 
Security advisory includes fixes for six newly discovered bugs in OpenSSL.
Cleaning Up After GOZeus Takedown
News  |  6/3/2014  | 
Public-private effort shows signs of improvement, but these types of actions are fleeting.
Compliance: The Surprising Gift Of Windows XP
Commentary  |  6/3/2014  | 
The end of Windows XP will force organizations to properly reinvest in a modern and compliant desktop infrastructure that will be easier to maintain and secure.
Researchers: Mobile Applications Pose Rapidly Growing Threat To Enterprises
Quick Hits  |  6/3/2014  | 
The average user has about 200 apps running on his smartphone -- and they're not all safe, Mojave Networks study says.
How The Math Of Biometric Authentication Adds Up
Commentary  |  6/2/2014  | 
Yes, it's true that if your authentication scheme only allows a single fingerprint you only have 10 choices. But there's no rule that says it has to be one, and only one.
SSL: Security's Best Friend Or Worst Enemy?
News  |  6/2/2014  | 
A new report shows that applications using SSL are on the rise in enterprises, putting them at greater risk of attacks that hide in plain sight or use vulnerabilities like Heartbleed.


News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27132
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
CVE-2021-25284
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
CVE-2021-3144
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
CVE-2021-3148
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
CVE-2021-3151
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...