Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in June 2013
<<   <   Page 3 / 3
Study: Rogue Employees Are Top Concern For Security Pros
Quick Hits  |  6/10/2013  | 
Insider threat tops list of worries for security pros; malware, unauthorized software also cause concern
Obama Defends NSA Prism, Google Denies Back Door
News  |  6/7/2013  | 
You can't have 100% security, 100% privacy and 0% inconvenience, insists President Obama.
Putting Vulnerabilities And Threats Into Context
Commentary  |  6/7/2013  | 
Advanced security research should play a role in your security program and be ready when science projects become weaponized attacks
Glasgow City Council Fined For Security Lapses
News  |  6/7/2013  | 
Stolen laptops and repeated cases of unencrypted data top the list of the City of Glasgow's security failings.
NSA PRISM Creates Stir, But Appears Legal
News  |  6/7/2013  | 
Massive information-sharing program involves Google, Facebook and other technology heavyweights, top secret document details. But NSA looks to have acted inside the law.
Google Ups Bug Bounty Awards
Quick Hits  |  6/7/2013  | 
Researchers now can get up to $7,500 per vulnerability they discover in Google applications
Microsoft, FBI Slam Door On Thousands Of Citadel Botnets
News  |  6/6/2013  | 
The feds say Citadel is responsible for more than $500 million in losses worldwide
China To America: You Hack Us, Too
News  |  6/6/2013  | 
Difference is China doesn't point fingers, says head of China's computer emergency response team, even though it has "mountains" of evidence that U.S. snoops.
Police Bust $200 Million Data Theft Ring
News  |  6/6/2013  | 
U.S., British and Vietnamese authorities accuse men of selling 1.1 million stolen credit cards via Gmail and Facebook accounts.
Microsoft, FBI Trumpet Citadel Botnet Takedowns
News  |  6/6/2013  | 
Joint operation is first in which law enforcement and private sector use civil seizure warrant to disrupt massive malware attack.
Building And Enforcing An Endpoint Security Strategy
Quick Hits  |  6/6/2013  | 
Endpoint technologies, defenses, and threats are changing rapidly. Here are some tips for keeping up
What To Ask Your Penetration Tester
Commentary  |  6/5/2013  | 
The importance of manual pen testing
Negligence, Glitches Push Up Cost Of Breaches Worldwide
News  |  6/5/2013  | 
But U.S. breach costs on downward trajectory, reports eighth annual Ponemon study
Zeus Bank Malware Surges On Facebook
News  |  6/5/2013  | 
Old threat makes a comeback, targeting Facebook users' bank credentials and more.
ZeuS Malware Returns, Targets SMBs
News  |  6/5/2013  | 
ZeuS banking Trojan again puts small and midsize businesses at high risk. Here's what you need to know.
Mistakes Approach Malice As Data Breach Cause
News  |  6/5/2013  | 
Malicious attacks are the leading cause of data breaches, but employee and contractor errors are a growing reason, study finds.
Is Security Professional Development Too Expensive?
News  |  6/5/2013  | 
Paid trainings and certificates serve vital role, but open-source-style security education offerings could make the entire security education field more complete and affordable
No Java Patch For You: 93 Percent Of Users Run Older Versions Of The App
Quick Hits  |  6/4/2013  | 
Many end users stuck with older Java to run certain apps, Websense finds
'NetTraveler' Cyberespionage Campaign Uncovered
News  |  6/4/2013  | 
Nearly decade-old attack also has links to other APT groups, infrastructure
Anonymous Targets Turkish Government Websites
News  |  6/4/2013  | 
Hacktivists launch #OpTurkey DDoS campaign to support protests against government of Turkish prime minister Tayyip Erdogan.
DoS-in Your Database
Commentary  |  6/4/2013  | 
The re-emergence of database denial-of-service attacks
LinkedIn, Evernote Add Two-Factor Authentication
News  |  6/4/2013  | 
Will LinkedIn and Evernote improve upon Apple and Twitter two-factor security systems, which have been widely criticized?
Moving Safely From Detection To Automated Action
News  |  6/4/2013  | 
Companies that fail to make the most use of automation put themselves at risk, yet doing it wrong can lead to business disruptions
Are Businesses Knowingly Infecting Their Web Visitors?
News  |  6/3/2013  | 
Even after being informed of infrastructure serving up malware, some organizations still don't act to clean up their online messes
Building An Effective Security Architecture: No Piece Of Cake
Commentary  |  6/3/2013  | 
Enterprises need to put more thought, fewer products into their cyberdefense strategies
Can't Fix What You Hide
Commentary  |  6/3/2013  | 
Willful ignorance may be bliss, but rarely is it compliant
Oracle Promises Enterprise Java Security Tweaks
News  |  6/3/2013  | 
Critics say Oracle hasn't done enough to address ongoing security and code quality problems in the Java browser plug-in.
When Colleges Use Twitter As Help Desk
Commentary  |  6/3/2013  | 
Education IT leaders, your users are turning to Twitter to complain about the campus network and IT services. Are you responding effectively?
Strengthening Enterprise Defenses With Threat Intelligence
Quick Hits  |  6/3/2013  | 
By integrating security monitoring with threat intelligence, organizations can build a smarter defense
Fidelis Expands Into Malware Detection And Analysis
Quick Hits  |  6/1/2013  | 
New appliance for the Fortune 1000, SMB space
<<   <   Page 3 / 3


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27180
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail (aka WorldClient). It can be exploited via a GET request. It allows performing any action with the privileges of the attacked user.
CVE-2021-27181
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the application. Having the va...
CVE-2021-27182
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail (aka WorldClient). It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user.
CVE-2021-27183
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location of the filesystem, or he may be able to modify existing files. This vulnerability may directly lead...
CVE-2021-29449
PUBLISHED: 2021-04-14
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details.