Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in January 2011
Veracode Launches Free XSS Bug Scanning Service
News  |  1/31/2011  | 
Offering detects cross-site scripting flaws in Java applications, provides reports, remediation information
Trend Micro Unveils IBM Security Suite
News  |  1/31/2011  | 
ScanMail Suite for 64-bit Lotus Domino platforms uses a cloud-based database to detect threats, including those generated by URL-shortening services recently linked to the spread of malware.
Data-Leak Flaw Found In Newest Version Of Google Android
News  |  1/28/2011  | 
'Gingerbread,' or Version 2.3, contains similar flaw as previous versions
Lab Discovers 50 Millionth Virus
Quick Hits  |  1/27/2011  | 
AV-Test's malware repository numbers illustrate the malware explosion
Researcher To Release Smartphone Botnet Proof-Of-Concept Code
News  |  1/26/2011  | 
Rootkit, SMS text messages used to build a botnet of smartphones
Schwartz On Security: Slouching Toward Smartphone, Apple Armageddon
Commentary  |  1/26/2011  | 
Every new year brings fresh warnings that the next smartphone botnet or Apple "I Love You" virus is imminent, while real attacks keep escalating.
Mozilla Blocks Buggy Skype Toolbar
News  |  1/21/2011  | 
Responsible for over 40,000 Firefox crashes last week, the Skype Toolbar has been temporarily blocked.
Widgets Are Prime Targets For Site Infection, Researcher Says
Quick Hits  |  1/21/2011  | 
Popular third-party site elements could be single point of infection, according to Dasient
Next-Generation Threats: The Inside Story
News  |  1/21/2011  | 
Cutting-edge attacks like Stuxnet and Zeus will be the everyday security challenges of tomorrow. Here's what you need to know.
Google Acknowledges Web Spam Complaints
News  |  1/21/2011  | 
Low-quality content has some Internet users worried about the relevance of Google search results.
Tech Insight: Layering Up For Malware Protection
News  |  1/21/2011  | 
No one layer of threat detection technology can sufficiently protect the enterprise today from malicious code—a look at five best practices
Malware, Mobile Lead SMB Security Threats
News  |  1/20/2011  | 
Online marketing and blogs are another key attack vector that small and midsize businesses need to guard, says Blue Coat Security researcher.
A Job Applicant? Nope, It's A Malware Attack
Quick Hits  |  1/20/2011  | 
Cybercriminals burying malicious code in responses to job postings, IC3 says
Smartphone Hack Highlights More GSM Woes
News  |  1/19/2011  | 
Researcher exploits new bugs in firmware to wrest control of vulnerable iPhone, Android devices
Schwartz on Security: Bling Botnets Sell Gangster Lifestyle
Commentary  |  1/19/2011  | 
As profit-driven attack toolkits and their supporting botnets muscle up, organizations need more than technology to defend themselves.
Malware Volume Doubled In 2010
News  |  1/19/2011  | 
A new threat appears more than once each second, as attackers increasingly turn their attention to social networks, reported Sophos.
Malware Toolkits Generate Majority Of Online Attacks
News  |  1/18/2011  | 
Crimeware is growing more automated and effective, lowering the bar for criminals looking to cash in, says Symantec report.
The Relative Risk Of Malware
Commentary  |  1/18/2011  | 
Trend Micro reports there are 3.5 new malware released every second, up from 1 new malware every 1.5 seconds a year ago. But what's your actual risk?
'Ransomware' Threats Growing
News  |  1/18/2011  | 
The malware typically encrypts data or disables master boot records, then extorts money to undo damage and restore access.
Cyber Warfare Risks Overblown
News  |  1/18/2011  | 
Calls for military oversight of cybersecurity distract from protecting against legitimate threats, said the Organization for Economic Cooperation and Development.
Botnets Make Early Splash In New Year
News  |  1/17/2011  | 
As Rustock and Waledac begin pumping spam again, botnet experts say the bad guys will be up to their old tricks -- with some new twists -- in 2011
Spectrum Analyzer Catches Cell Phone Cheats In Taiwan
News  |  1/14/2011  | 
Anti-cheating use aside, security experts say spectrum analysis tools could be a new data breach threat vector.
Defying Skeptics, Wikipedia Thrives
News  |  1/14/2011  | 
Rather than being overwhelmed by vandalism, Wikipedia has managed to remain one of the more vital, if not always 100% accurate, sources of information online.
Botnets Resurge After Holiday Break
News  |  1/14/2011  | 
After going dark for about a week, the Waledac and Rustock botnets suddenly resurfaced and began unleashing large quantities of pharmaceutical spam.
China Industrial Control Software Vulnerable To Trojan Attack
News  |  1/13/2011  | 
Bug could allow an attacker to take control of a widely used Chinese SCADA system by using a Stuxnet-type exploit.
Hackers Could Game Wall Street With Network Latency
News  |  1/12/2011  | 
Even a few extra milliseconds would give an attacker enough time to execute trades ahead of the competition, warns a security researcher.
Schwartz On Security: Hack My Ride
Commentary  |  1/12/2011  | 
Car security exploits are fast, cheap, and out of control. Why don't automotive manufacturers do more to secure their vehicles?
Microsoft's January Patch Missing Fixes For Five Flaws
News  |  1/11/2011  | 
The company's patch process seems slow to respond to known vulnerabilities.
Java Attacks Spiking
News  |  1/11/2011  | 
Researchers see increase in malicious Trojans favoring built-in Java functionality over application-related vulnerabilities.
Facebook Virus Spread Via Photo Albums
News  |  1/10/2011  | 
Attacks, survey scams, and hoaxes, including one alleging the social network will shut down in March, running in high gear.
Cell Phones Vulnerable To 'SMS Of Death'
News  |  1/10/2011  | 
A single text can shut down and knock low-end handsets -- from Nokia, LG, Samsung, Motorola, Sony Ericsson, and Micromax -- off of a cell phone network, say researchers.
Researcher Exposes More Holes In GSM Crypto
Quick Hits  |  1/7/2011  | 
Popular mobile communications encryption algorithm is crackable, Karsten Nohl says
Tech Insight: Six Security Threats You Need To Know About
News  |  1/7/2011  | 
Security pros will have their hands full with revamped versions of current threats, while new ones also will bubble to the top
Google Researcher's IE 8 Bug Flaw Find Confirmed
News  |  1/7/2011  | 
US-CERT warns of critical 'use-after-free' browser flaw
Microsoft To Patch Three Vulnerabilities Tuesday
News  |  1/7/2011  | 
January's software update won't fix two zero-day bugs being exploited by attackers.
Security Researcher Defeats Adobe Flash Sandbox
News  |  1/7/2011  | 
Flash expert Billy Rios bypassed Flash Player feature meant to prevent malicious attacks.
Zero Day IE Vulnerability Confirmed
News  |  1/6/2011  | 
No patch yet available for Internet Explorer flaw, as Microsoft and Google researcher trade barbs over bug's disclosure.
Sourcefire Buys Cloud Security Firm
News  |  1/5/2011  | 
Immunet's cloud-based anti-malware model to boost Sourcefire's enterprise endpoint offerings
Report: More Than A Third Of All Malware In History Was Created In 2010
Quick Hits  |  1/5/2011  | 
Banking Trojans still dominate the new wave of malware, PandaLabs says
Attackers Broke Malware Records In 2010
News  |  1/5/2011  | 
Over the past year, online criminals created one-third of all viruses and 34% of all malware ever seen.
Spam Attack Captures Government Data
News  |  1/5/2011  | 
A Zeus botnet variant disguised as a White House electronic greeting card netted numerous documents from U.S. agencies.
Microsoft Warns Of Windows Graphics Vulnerability
News  |  1/4/2011  | 
Disclosed last month, a flaw in the Windows Graphics Rendering Engine could be used to execute malicious code.
New Stealth Rootkit Steals Windows 7, Server 2008 User Privileges 'On The Fly'
News  |  1/4/2011  | 
Researcher plans to hand off code to antivirus vendors, and then to EC-Council for ethical hacking training
7 Ways To Save Microsoft In 2011
Commentary  |  1/4/2011  | 
If Redmond can't adapt to the most competitive landscape in decades, it will fall further behind Apple and Google in key growth markets like phones and tablets.
IE Zero Day Flaw Leaked To Google Search
News  |  1/4/2011  | 
Log from security researcher's fuzzing engine found someone at a Chinese IP address searching for the exact Microsoft Internet Explorer attack signature.
Accidental Leak Reveals Chinese Hackers Have IE Zero Day
News  |  1/3/2011  | 
Google researcher's new fuzzer finds vulnerabilities in all browsers
Top 10 Security Predictions For 2011
News  |  1/3/2011  | 
More malware, botnets, and mayhem, including online protests and political attacks, are in store for this year, according to security experts.
For Hackers, 2011 Looks Like A Prosperous New Year
News  |  1/3/2011  | 
If you're an attacker, the new year is a target-rich environment. Here are five areas where you should shore up your defenses


COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Malware Attacks Declined But Became More Evasive in Q2
Jai Vijayan, Contributing Writer,  9/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15216
PUBLISHED: 2020-09-29
In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revisio...
CVE-2020-4607
PUBLISHED: 2020-09-29
IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.
CVE-2020-24565
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25770
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25771
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...