Attacks/Breaches
11/29/2011
01:31 PM
Dark Reading
Dark Reading
Slideshows
50%
50%

Ten Big Breaches In 2011

No one was immune: not social networks, not financial institutions, and not even security firms
Previous
1 of 10
Next


What happened: An attacker stole the username and password belonging to a Comodo trusted partner and used the credentials to register nine SSL certificates for seven high-value domains, including Google, Skype, and Yahoo. An Iranian hacker takes credit for the attack -- and a later attack on DigiNotar -- on Pastebin.

Losses: Nine certificates for high-quality domains and the unquestioning trust that many users had in the system of certificate authorities.

Previous
1 of 10
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
senmeister0204
50%
50%
senmeister0204,
User Rank: Apprentice
4/17/2013 | 7:10:31 AM
re: Ten Big Breaches In 2011
Excellent visual guide
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0196
Published: 2015-06-29
CRLF injection vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 before 7.0.0.8 Cumulative iFix 2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

CVE-2015-0545
Published: 2015-06-29
EMC Unisphere for VMAX 8.x before 8.0.3.4 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors.

CVE-2015-1900
Published: 2015-06-29
IBM InfoSphere DataStage 8.1, 8.5, 8.7, 9.1, and 11.3 through 11.3.1.2 on UNIX allows local users to write to executable files, and consequently obtain root privileges, via unspecified vectors.

CVE-2014-4768
Published: 2015-06-28
IBM Unified Extensible Firmware Interface (UEFI) on Flex System x880 X6, System x3850 X6, and System x3950 X6 devices allows remote authenticated users to cause an unspecified temporary denial of service by using privileged access to enable a legacy boot mode.

CVE-2014-6198
Published: 2015-06-28
Cross-site request forgery (CSRF) vulnerability in IBM Security Network Protection 5.3 before 5.3.1 allows remote attackers to hijack the authentication of arbitrary users.

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report