Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management

News & Commentary

Content tagged with Vulnerabilities / Threats posted in January 2011
Veracode Launches Free XSS Bug Scanning Service
News  |  1/31/2011  | 
Offering detects cross-site scripting flaws in Java applications, provides reports, remediation information
Trend Micro Unveils IBM Security Suite
News  |  1/31/2011  | 
ScanMail Suite for 64-bit Lotus Domino platforms uses a cloud-based database to detect threats, including those generated by URL-shortening services recently linked to the spread of malware.
Data-Leak Flaw Found In Newest Version Of Google Android
News  |  1/28/2011  | 
'Gingerbread,' or Version 2.3, contains similar flaw as previous versions
Lab Discovers 50 Millionth Virus
Quick Hits  |  1/27/2011  | 
AV-Test's malware repository numbers illustrate the malware explosion
Researcher To Release Smartphone Botnet Proof-Of-Concept Code
News  |  1/26/2011  | 
Rootkit, SMS text messages used to build a botnet of smartphones
Schwartz On Security: Slouching Toward Smartphone, Apple Armageddon
Commentary  |  1/26/2011  | 
Every new year brings fresh warnings that the next smartphone botnet or Apple "I Love You" virus is imminent, while real attacks keep escalating.
Mozilla Blocks Buggy Skype Toolbar
News  |  1/21/2011  | 
Responsible for over 40,000 Firefox crashes last week, the Skype Toolbar has been temporarily blocked.
Widgets Are Prime Targets For Site Infection, Researcher Says
Quick Hits  |  1/21/2011  | 
Popular third-party site elements could be single point of infection, according to Dasient
Next-Generation Threats: The Inside Story
News  |  1/21/2011  | 
Cutting-edge attacks like Stuxnet and Zeus will be the everyday security challenges of tomorrow. Here's what you need to know.
Google Acknowledges Web Spam Complaints
News  |  1/21/2011  | 
Low-quality content has some Internet users worried about the relevance of Google search results.
Tech Insight: Layering Up For Malware Protection
News  |  1/21/2011  | 
No one layer of threat detection technology can sufficiently protect the enterprise today from malicious code—a look at five best practices
Malware, Mobile Lead SMB Security Threats
News  |  1/20/2011  | 
Online marketing and blogs are another key attack vector that small and midsize businesses need to guard, says Blue Coat Security researcher.
A Job Applicant? Nope, It's A Malware Attack
Quick Hits  |  1/20/2011  | 
Cybercriminals burying malicious code in responses to job postings, IC3 says
Smartphone Hack Highlights More GSM Woes
News  |  1/19/2011  | 
Researcher exploits new bugs in firmware to wrest control of vulnerable iPhone, Android devices
Schwartz on Security: Bling Botnets Sell Gangster Lifestyle
Commentary  |  1/19/2011  | 
As profit-driven attack toolkits and their supporting botnets muscle up, organizations need more than technology to defend themselves.
Malware Volume Doubled In 2010
News  |  1/19/2011  | 
A new threat appears more than once each second, as attackers increasingly turn their attention to social networks, reported Sophos.
Malware Toolkits Generate Majority Of Online Attacks
News  |  1/18/2011  | 
Crimeware is growing more automated and effective, lowering the bar for criminals looking to cash in, says Symantec report.
The Relative Risk Of Malware
Commentary  |  1/18/2011  | 
Trend Micro reports there are 3.5 new malware released every second, up from 1 new malware every 1.5 seconds a year ago. But what's your actual risk?
'Ransomware' Threats Growing
News  |  1/18/2011  | 
The malware typically encrypts data or disables master boot records, then extorts money to undo damage and restore access.
Cyber Warfare Risks Overblown
News  |  1/18/2011  | 
Calls for military oversight of cybersecurity distract from protecting against legitimate threats, said the Organization for Economic Cooperation and Development.
Botnets Make Early Splash In New Year
News  |  1/17/2011  | 
As Rustock and Waledac begin pumping spam again, botnet experts say the bad guys will be up to their old tricks -- with some new twists -- in 2011
Spectrum Analyzer Catches Cell Phone Cheats In Taiwan
News  |  1/14/2011  | 
Anti-cheating use aside, security experts say spectrum analysis tools could be a new data breach threat vector.
Defying Skeptics, Wikipedia Thrives
News  |  1/14/2011  | 
Rather than being overwhelmed by vandalism, Wikipedia has managed to remain one of the more vital, if not always 100% accurate, sources of information online.
Botnets Resurge After Holiday Break
News  |  1/14/2011  | 
After going dark for about a week, the Waledac and Rustock botnets suddenly resurfaced and began unleashing large quantities of pharmaceutical spam.
China Industrial Control Software Vulnerable To Trojan Attack
News  |  1/13/2011  | 
Bug could allow an attacker to take control of a widely used Chinese SCADA system by using a Stuxnet-type exploit.
Hackers Could Game Wall Street With Network Latency
News  |  1/12/2011  | 
Even a few extra milliseconds would give an attacker enough time to execute trades ahead of the competition, warns a security researcher.
Schwartz On Security: Hack My Ride
Commentary  |  1/12/2011  | 
Car security exploits are fast, cheap, and out of control. Why don't automotive manufacturers do more to secure their vehicles?
Microsoft's January Patch Missing Fixes For Five Flaws
News  |  1/11/2011  | 
The company's patch process seems slow to respond to known vulnerabilities.
Java Attacks Spiking
News  |  1/11/2011  | 
Researchers see increase in malicious Trojans favoring built-in Java functionality over application-related vulnerabilities.
Facebook Virus Spread Via Photo Albums
News  |  1/10/2011  | 
Attacks, survey scams, and hoaxes, including one alleging the social network will shut down in March, running in high gear.
Cell Phones Vulnerable To 'SMS Of Death'
News  |  1/10/2011  | 
A single text can shut down and knock low-end handsets -- from Nokia, LG, Samsung, Motorola, Sony Ericsson, and Micromax -- off of a cell phone network, say researchers.
Researcher Exposes More Holes In GSM Crypto
Quick Hits  |  1/7/2011  | 
Popular mobile communications encryption algorithm is crackable, Karsten Nohl says
Tech Insight: Six Security Threats You Need To Know About
News  |  1/7/2011  | 
Security pros will have their hands full with revamped versions of current threats, while new ones also will bubble to the top
Google Researcher's IE 8 Bug Flaw Find Confirmed
News  |  1/7/2011  | 
US-CERT warns of critical 'use-after-free' browser flaw
Microsoft To Patch Three Vulnerabilities Tuesday
News  |  1/7/2011  | 
January's software update won't fix two zero-day bugs being exploited by attackers.
Security Researcher Defeats Adobe Flash Sandbox
News  |  1/7/2011  | 
Flash expert Billy Rios bypassed Flash Player feature meant to prevent malicious attacks.
Zero Day IE Vulnerability Confirmed
News  |  1/6/2011  | 
No patch yet available for Internet Explorer flaw, as Microsoft and Google researcher trade barbs over bug's disclosure.
Sourcefire Buys Cloud Security Firm
News  |  1/5/2011  | 
Immunet's cloud-based anti-malware model to boost Sourcefire's enterprise endpoint offerings
Report: More Than A Third Of All Malware In History Was Created In 2010
Quick Hits  |  1/5/2011  | 
Banking Trojans still dominate the new wave of malware, PandaLabs says
Attackers Broke Malware Records In 2010
News  |  1/5/2011  | 
Over the past year, online criminals created one-third of all viruses and 34% of all malware ever seen.
Spam Attack Captures Government Data
News  |  1/5/2011  | 
A Zeus botnet variant disguised as a White House electronic greeting card netted numerous documents from U.S. agencies.
Microsoft Warns Of Windows Graphics Vulnerability
News  |  1/4/2011  | 
Disclosed last month, a flaw in the Windows Graphics Rendering Engine could be used to execute malicious code.
New Stealth Rootkit Steals Windows 7, Server 2008 User Privileges 'On The Fly'
News  |  1/4/2011  | 
Researcher plans to hand off code to antivirus vendors, and then to EC-Council for ethical hacking training
7 Ways To Save Microsoft In 2011
Commentary  |  1/4/2011  | 
If Redmond can't adapt to the most competitive landscape in decades, it will fall further behind Apple and Google in key growth markets like phones and tablets.
IE Zero Day Flaw Leaked To Google Search
News  |  1/4/2011  | 
Log from security researcher's fuzzing engine found someone at a Chinese IP address searching for the exact Microsoft Internet Explorer attack signature.
Accidental Leak Reveals Chinese Hackers Have IE Zero Day
News  |  1/3/2011  | 
Google researcher's new fuzzer finds vulnerabilities in all browsers
Top 10 Security Predictions For 2011
News  |  1/3/2011  | 
More malware, botnets, and mayhem, including online protests and political attacks, are in store for this year, according to security experts.
For Hackers, 2011 Looks Like A Prosperous New Year
News  |  1/3/2011  | 
If you're an attacker, the new year is a target-rich environment. Here are five areas where you should shore up your defenses


News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7856
PUBLISHED: 2021-04-20
A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient authentication validation.
CVE-2021-28793
PUBLISHED: 2021-04-20
vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration.
CVE-2021-25679
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed....
CVE-2021-25680
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only...
CVE-2021-25681
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. This could allow for exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary data over DNS. NOTE: The aff...