Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Michaels Stores Investigates Data Breach
Newest First  |  Oldest First  |  Threaded View
Mathew
Mathew,
User Rank: Apprentice
1/29/2014 | 11:30:31 AM
Re: Promising Career Path

Wait for it, wait for it: Michaels sued over possible data breach.

And yes, "digital forensic investigator" looks like an already hot job prospect that's just going to keep getting hotter.

BobH088
BobH088,
User Rank: Apprentice
1/28/2014 | 1:24:40 PM
data loss
One of the most common causes of data getting in the wrong hands is the loss of mobile devices that often contain a frightening amount of private information. I want to share a protection option that worked for me. Tracer tags let someone who finds your lost stuff contact you directly without exposing your private information.  I use them on almost everything I take when I travel after one of the tags was responsible for getting my lost laptop returned to me in Rome one time. You can get them at mystufflostandfound.com
Ariella
Ariella,
User Rank: Apprentice
1/27/2014 | 3:34:30 PM
Re: Killing debits
@Lorna even before all these huge breaches made the headlines, I was warned that debit cards are not very secure. The only time I ever used one for purchase was by mistake -- the chashier must have entered debit as a default.
D. Henschen
D. Henschen,
User Rank: Apprentice
1/27/2014 | 2:14:01 PM
Promising Career Path
Looking for a promising career path related to the growth of big data and online transactions? Try "digital forensic investigator," as mentioned above. I'm guessing this is a white-hot niche within the already hot, larger category of computer security.
Lorna Garey
Lorna Garey,
User Rank: Ninja
1/27/2014 | 12:44:35 PM
Killing debits
At what point does all this breach news kill the willingness of consumers to enter PIN numbers to use debit cards? I never have done so, and just recently advised several family members to stop using debit.

That will cost banks and retailers -- and ultimately consumers -- money as CCs become the only game in town.  


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Creating an Effective Incident Response Plan
Security teams are realizing their organizations will experience a cyber incident at some point. An effective incident response plan that takes into account their specific requirements and has been tested is critical. This issue of Tech Insights also includes: -a look at the newly signed cyber-incident law, -how organizations can apply behavioral psychology to incident response, -and an overview of the Open Cybersecurity Schema Framework.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-43705
PUBLISHED: 2022-11-27
In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced in Botan 1.11.34 (November 2016).
CVE-2022-45934
PUBLISHED: 2022-11-27
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.
CVE-2022-45931
PUBLISHED: 2022-11-27
A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used.
CVE-2022-45932
PUBLISHED: 2022-11-27
A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java deleteRole function is affected when the API interface /auth/v1/roles/ is used.
CVE-2022-45933
PUBLISHED: 2022-11-27
KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side proj...