Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in January 2011
Veracode Launches Free XSS Bug Scanning Service
News  |  1/31/2011  | 
Offering detects cross-site scripting flaws in Java applications, provides reports, remediation information
Trend Micro Unveils IBM Security Suite
News  |  1/31/2011  | 
ScanMail Suite for 64-bit Lotus Domino platforms uses a cloud-based database to detect threats, including those generated by URL-shortening services recently linked to the spread of malware.
Data-Leak Flaw Found In Newest Version Of Google Android
News  |  1/28/2011  | 
'Gingerbread,' or Version 2.3, contains similar flaw as previous versions
Lab Discovers 50 Millionth Virus
Quick Hits  |  1/27/2011  | 
AV-Test's malware repository numbers illustrate the malware explosion
Researcher To Release Smartphone Botnet Proof-Of-Concept Code
News  |  1/26/2011  | 
Rootkit, SMS text messages used to build a botnet of smartphones
Schwartz On Security: Slouching Toward Smartphone, Apple Armageddon
Commentary  |  1/26/2011  | 
Every new year brings fresh warnings that the next smartphone botnet or Apple "I Love You" virus is imminent, while real attacks keep escalating.
Mozilla Blocks Buggy Skype Toolbar
News  |  1/21/2011  | 
Responsible for over 40,000 Firefox crashes last week, the Skype Toolbar has been temporarily blocked.
Widgets Are Prime Targets For Site Infection, Researcher Says
Quick Hits  |  1/21/2011  | 
Popular third-party site elements could be single point of infection, according to Dasient
Next-Generation Threats: The Inside Story
News  |  1/21/2011  | 
Cutting-edge attacks like Stuxnet and Zeus will be the everyday security challenges of tomorrow. Here's what you need to know.
Google Acknowledges Web Spam Complaints
News  |  1/21/2011  | 
Low-quality content has some Internet users worried about the relevance of Google search results.
Tech Insight: Layering Up For Malware Protection
News  |  1/21/2011  | 
No one layer of threat detection technology can sufficiently protect the enterprise today from malicious code—a look at five best practices
Malware, Mobile Lead SMB Security Threats
News  |  1/20/2011  | 
Online marketing and blogs are another key attack vector that small and midsize businesses need to guard, says Blue Coat Security researcher.
A Job Applicant? Nope, It's A Malware Attack
Quick Hits  |  1/20/2011  | 
Cybercriminals burying malicious code in responses to job postings, IC3 says
Smartphone Hack Highlights More GSM Woes
News  |  1/19/2011  | 
Researcher exploits new bugs in firmware to wrest control of vulnerable iPhone, Android devices
Schwartz on Security: Bling Botnets Sell Gangster Lifestyle
Commentary  |  1/19/2011  | 
As profit-driven attack toolkits and their supporting botnets muscle up, organizations need more than technology to defend themselves.
Malware Volume Doubled In 2010
News  |  1/19/2011  | 
A new threat appears more than once each second, as attackers increasingly turn their attention to social networks, reported Sophos.
Malware Toolkits Generate Majority Of Online Attacks
News  |  1/18/2011  | 
Crimeware is growing more automated and effective, lowering the bar for criminals looking to cash in, says Symantec report.
The Relative Risk Of Malware
Commentary  |  1/18/2011  | 
Trend Micro reports there are 3.5 new malware released every second, up from 1 new malware every 1.5 seconds a year ago. But what's your actual risk?
'Ransomware' Threats Growing
News  |  1/18/2011  | 
The malware typically encrypts data or disables master boot records, then extorts money to undo damage and restore access.
Cyber Warfare Risks Overblown
News  |  1/18/2011  | 
Calls for military oversight of cybersecurity distract from protecting against legitimate threats, said the Organization for Economic Cooperation and Development.
Botnets Make Early Splash In New Year
News  |  1/17/2011  | 
As Rustock and Waledac begin pumping spam again, botnet experts say the bad guys will be up to their old tricks -- with some new twists -- in 2011
Spectrum Analyzer Catches Cell Phone Cheats In Taiwan
News  |  1/14/2011  | 
Anti-cheating use aside, security experts say spectrum analysis tools could be a new data breach threat vector.
Defying Skeptics, Wikipedia Thrives
News  |  1/14/2011  | 
Rather than being overwhelmed by vandalism, Wikipedia has managed to remain one of the more vital, if not always 100% accurate, sources of information online.
Botnets Resurge After Holiday Break
News  |  1/14/2011  | 
After going dark for about a week, the Waledac and Rustock botnets suddenly resurfaced and began unleashing large quantities of pharmaceutical spam.
China Industrial Control Software Vulnerable To Trojan Attack
News  |  1/13/2011  | 
Bug could allow an attacker to take control of a widely used Chinese SCADA system by using a Stuxnet-type exploit.
Hackers Could Game Wall Street With Network Latency
News  |  1/12/2011  | 
Even a few extra milliseconds would give an attacker enough time to execute trades ahead of the competition, warns a security researcher.
Schwartz On Security: Hack My Ride
Commentary  |  1/12/2011  | 
Car security exploits are fast, cheap, and out of control. Why don't automotive manufacturers do more to secure their vehicles?
Microsoft's January Patch Missing Fixes For Five Flaws
News  |  1/11/2011  | 
The company's patch process seems slow to respond to known vulnerabilities.
Java Attacks Spiking
News  |  1/11/2011  | 
Researchers see increase in malicious Trojans favoring built-in Java functionality over application-related vulnerabilities.
Facebook Virus Spread Via Photo Albums
News  |  1/10/2011  | 
Attacks, survey scams, and hoaxes, including one alleging the social network will shut down in March, running in high gear.
Cell Phones Vulnerable To 'SMS Of Death'
News  |  1/10/2011  | 
A single text can shut down and knock low-end handsets -- from Nokia, LG, Samsung, Motorola, Sony Ericsson, and Micromax -- off of a cell phone network, say researchers.
Researcher Exposes More Holes In GSM Crypto
Quick Hits  |  1/7/2011  | 
Popular mobile communications encryption algorithm is crackable, Karsten Nohl says
Tech Insight: Six Security Threats You Need To Know About
News  |  1/7/2011  | 
Security pros will have their hands full with revamped versions of current threats, while new ones also will bubble to the top
Google Researcher's IE 8 Bug Flaw Find Confirmed
News  |  1/7/2011  | 
US-CERT warns of critical 'use-after-free' browser flaw
Microsoft To Patch Three Vulnerabilities Tuesday
News  |  1/7/2011  | 
January's software update won't fix two zero-day bugs being exploited by attackers.
Security Researcher Defeats Adobe Flash Sandbox
News  |  1/7/2011  | 
Flash expert Billy Rios bypassed Flash Player feature meant to prevent malicious attacks.
Zero Day IE Vulnerability Confirmed
News  |  1/6/2011  | 
No patch yet available for Internet Explorer flaw, as Microsoft and Google researcher trade barbs over bug's disclosure.
Sourcefire Buys Cloud Security Firm
News  |  1/5/2011  | 
Immunet's cloud-based anti-malware model to boost Sourcefire's enterprise endpoint offerings
Report: More Than A Third Of All Malware In History Was Created In 2010
Quick Hits  |  1/5/2011  | 
Banking Trojans still dominate the new wave of malware, PandaLabs says
Attackers Broke Malware Records In 2010
News  |  1/5/2011  | 
Over the past year, online criminals created one-third of all viruses and 34% of all malware ever seen.
Spam Attack Captures Government Data
News  |  1/5/2011  | 
A Zeus botnet variant disguised as a White House electronic greeting card netted numerous documents from U.S. agencies.
Microsoft Warns Of Windows Graphics Vulnerability
News  |  1/4/2011  | 
Disclosed last month, a flaw in the Windows Graphics Rendering Engine could be used to execute malicious code.
New Stealth Rootkit Steals Windows 7, Server 2008 User Privileges 'On The Fly'
News  |  1/4/2011  | 
Researcher plans to hand off code to antivirus vendors, and then to EC-Council for ethical hacking training
7 Ways To Save Microsoft In 2011
Commentary  |  1/4/2011  | 
If Redmond can't adapt to the most competitive landscape in decades, it will fall further behind Apple and Google in key growth markets like phones and tablets.
IE Zero Day Flaw Leaked To Google Search
News  |  1/4/2011  | 
Log from security researcher's fuzzing engine found someone at a Chinese IP address searching for the exact Microsoft Internet Explorer attack signature.
Accidental Leak Reveals Chinese Hackers Have IE Zero Day
News  |  1/3/2011  | 
Google researcher's new fuzzer finds vulnerabilities in all browsers
Top 10 Security Predictions For 2011
News  |  1/3/2011  | 
More malware, botnets, and mayhem, including online protests and political attacks, are in store for this year, according to security experts.
For Hackers, 2011 Looks Like A Prosperous New Year
News  |  1/3/2011  | 
If you're an attacker, the new year is a target-rich environment. Here are five areas where you should shore up your defenses


US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
Preventing PTSD and Burnout for Cybersecurity Professionals
Craig Hinkley, CEO, WhiteHat Security,  9/16/2019
NetCAT Vulnerability Is Out of the Bag
Dark Reading Staff 9/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-13552
PUBLISHED: 2019-09-18
In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution.
CVE-2019-15301
PUBLISHED: 2019-09-18
A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.Const() in Terrasoft Bpm'online CRM-System SDK 7.13 allows attackers to execute arbitrary SQL commands via the value parameter.
CVE-2019-5042
PUBLISHED: 2019-09-18
An exploitable Use-After-Free vulnerability exists in the way FunctionType 0 PDF elements are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free. An attacker can send a malicious PDF to trigger this vulnerability.
CVE-2019-5066
PUBLISHED: 2019-09-18
An exploitable use-after-free vulnerability exists in the way LZW-compressed streams are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free condition. To trigger this vulnerability, a specifically crafted PDF document needs ...
CVE-2019-5067
PUBLISHED: 2019-09-18
An uninitialized memory access vulnerability exists in the way Aspose.PDF 19.2 for C++ handles invalid parent object pointers. A specially crafted PDF can cause a read and write from uninitialized memory, resulting in memory corruption and possibly arbitrary code execution. To trigger this vulnerabi...