Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in July 2013
<<   <   Page 3 / 3
Microsoft Patch Tuesday Fixes Six Critical Bugs
News  |  7/9/2013  | 
Microsoft issues patches for an unusual number of critical vulnerabilities that encompass the company's entire software ecosystem.
Below The Application: The High Risk Of Low-Level Threats
Quick Hits  |  7/9/2013  | 
In-memory attacks and rootkits may hit your systems below the OS. Here are some tips to help your defense
Experiment Simulated Attacks On Natural Gas Plant
News  |  7/8/2013  | 
ICS/SCADA experts test continuous monitoring approach as a way to spot denial-of-service, malware, and other attacks
Google Android Vs. Apple iOS: The Mobile App Privacy War
News  |  7/8/2013  | 
Ever wonder which smartphone has the most apps with the least respect for your privacy? The answer may surprise you
Encrypted IM Tool Vulnerable To Eavesdropping
News  |  7/8/2013  | 
Bugs in instant messaging encryption tool Cryptocat left users' group chats vulnerable to eavesdropping for over a year, says security researcher.
Study: Nation-States Are Primary Drivers Behind APTs
Quick Hits  |  7/7/2013  | 
Most enterprises still ineffective in defending themselves from sophisticated attacks, Fortinet report says
Controlling The Big 7
Commentary  |  7/7/2013  | 
With limited resources, funding, and expertise, focusing on protecting the Big 7 applications will enable security professionals to reduce a large portion of their attack surface
New Techniques Obfuscate, Optimize SQL Injection Attacks
News  |  7/5/2013  | 
Black Hat researcher to demonstrate new methods for getting around defenses even more quickly to extract database data through SQLi
Doing More Than Paying Risk Management Lip Service
News  |  7/3/2013  | 
How well does your organization execute on its 'commitment' to guiding security practices through risk management?
What's It Take To Trust A Digitally Signed Program?
News  |  7/3/2013  | 
Last week's Opera attack stokes fears over digitally signed programs from potentially compromised vendors
How Cybercriminals Operate
Quick Hits  |  7/3/2013  | 
A look at cybercriminal motives, resources, and processes -- and how they may affect enterprise defense
Child Privacy Online: FTC Updates COPPA Rules
News  |  7/2/2013  | 
Children's Online Privacy Protection Act of 1998 expands to regulate behavioral tracking, plus geolocation data, photos, videos and audio recordings made by kids under 13.
New Gaping Security Holes Found Exposing Servers
News  |  7/2/2013  | 
Researcher HD Moore so far has discovered around 300,000 servers online at serious risk of hacker takeover
License To Ill
Commentary  |  7/2/2013  | 
Unlicensed software exposes SMBs to lawsuits, viruses, and unwelcome guests
Fake Twitter Accounts Remain Multimillion-Dollar Business
News  |  7/2/2013  | 
Barracuda Labs digs into the market for buying Twitter followers
Skype Bug Enables Android Lock Screen Bypass
News  |  7/2/2013  | 
Up to half a billion Android devices that have Skype installed are vulnerable to having their lock screen bypassed and being "attack-dialed."
3 Ways To Virtualize Mobile Devices -- And Why You Should Do So
News  |  7/2/2013  | 
The idea of splitting smartphones and tablets into personal and business partitions is gaining strength, for good reason. But be warned -- iOS shops will have a tougher go of it.
Feds Arrest Alleged Romney Tax Return Hacker
News  |  7/2/2013  | 
"Dr Evil" demanded $1 million in Bitcoins to prevent release of Mitt Romney's tax returns during the 2012 election season.
University Of San Francisco Puts ServiceNow Apps To Work
News  |  7/2/2013  | 
ServiceNow's new app builder tool helps nonprogrammer cobble together solid tracking apps for everyone from campus police to university fundraisers.
Getting The Most From Web Application Testing Results
News  |  7/2/2013  | 
Five tips for communicating with the dev team
How Enterprises Can Use Big Data To Improve Security
Quick Hits  |  7/2/2013  | 
Big data analytics could bring new capabilities to SIEM, security forensics
3 Steps For SMBs To Tame Their Mobile Threats
News  |  7/2/2013  | 
Before jumping into managing employees' smartphones and tablets, companies should try a few other ways of protecting their data from nonbusiness-owned devices
Hacking The Human Side Of The Insider Threat
News  |  7/1/2013  | 
NSA-Snowden affair and the mechanics of tracking human behavior
Snowden's Real Job: Government Hacker
News  |  7/1/2013  | 
NSA whistleblower's bland job title -- infrastructure analyst -- disguised actual responsibilities: Finding new ways to hack into foreign networks and telecommunications systems.
ICS-CERT: Surge In Brute-Force Attacks Against Energy Industry
Quick Hits  |  7/1/2013  | 
Incidents with energy sector in fiscal 2012 included advanced persistent threat (APT)-type attacks, and sophisticated as well as common malware, report says
<<   <   Page 3 / 3


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27180
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail (aka WorldClient). It can be exploited via a GET request. It allows performing any action with the privileges of the attacked user.
CVE-2021-27181
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the application. Having the va...
CVE-2021-27182
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail (aka WorldClient). It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user.
CVE-2021-27183
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location of the filesystem, or he may be able to modify existing files. This vulnerability may directly lead...
CVE-2021-29449
PUBLISHED: 2021-04-14
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details.