Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in January 2011
Veracode Launches Free XSS Bug Scanning Service
News  |  1/31/2011  | 
Offering detects cross-site scripting flaws in Java applications, provides reports, remediation information
Trend Micro Unveils IBM Security Suite
News  |  1/31/2011  | 
ScanMail Suite for 64-bit Lotus Domino platforms uses a cloud-based database to detect threats, including those generated by URL-shortening services recently linked to the spread of malware.
Data-Leak Flaw Found In Newest Version Of Google Android
News  |  1/28/2011  | 
'Gingerbread,' or Version 2.3, contains similar flaw as previous versions
Lab Discovers 50 Millionth Virus
Quick Hits  |  1/27/2011  | 
AV-Test's malware repository numbers illustrate the malware explosion
Researcher To Release Smartphone Botnet Proof-Of-Concept Code
News  |  1/26/2011  | 
Rootkit, SMS text messages used to build a botnet of smartphones
Schwartz On Security: Slouching Toward Smartphone, Apple Armageddon
Commentary  |  1/26/2011  | 
Every new year brings fresh warnings that the next smartphone botnet or Apple "I Love You" virus is imminent, while real attacks keep escalating.
Mozilla Blocks Buggy Skype Toolbar
News  |  1/21/2011  | 
Responsible for over 40,000 Firefox crashes last week, the Skype Toolbar has been temporarily blocked.
Widgets Are Prime Targets For Site Infection, Researcher Says
Quick Hits  |  1/21/2011  | 
Popular third-party site elements could be single point of infection, according to Dasient
Next-Generation Threats: The Inside Story
News  |  1/21/2011  | 
Cutting-edge attacks like Stuxnet and Zeus will be the everyday security challenges of tomorrow. Here's what you need to know.
Google Acknowledges Web Spam Complaints
News  |  1/21/2011  | 
Low-quality content has some Internet users worried about the relevance of Google search results.
Tech Insight: Layering Up For Malware Protection
News  |  1/21/2011  | 
No one layer of threat detection technology can sufficiently protect the enterprise today from malicious code—a look at five best practices
Malware, Mobile Lead SMB Security Threats
News  |  1/20/2011  | 
Online marketing and blogs are another key attack vector that small and midsize businesses need to guard, says Blue Coat Security researcher.
A Job Applicant? Nope, It's A Malware Attack
Quick Hits  |  1/20/2011  | 
Cybercriminals burying malicious code in responses to job postings, IC3 says
Smartphone Hack Highlights More GSM Woes
News  |  1/19/2011  | 
Researcher exploits new bugs in firmware to wrest control of vulnerable iPhone, Android devices
Schwartz on Security: Bling Botnets Sell Gangster Lifestyle
Commentary  |  1/19/2011  | 
As profit-driven attack toolkits and their supporting botnets muscle up, organizations need more than technology to defend themselves.
Malware Volume Doubled In 2010
News  |  1/19/2011  | 
A new threat appears more than once each second, as attackers increasingly turn their attention to social networks, reported Sophos.
Malware Toolkits Generate Majority Of Online Attacks
News  |  1/18/2011  | 
Crimeware is growing more automated and effective, lowering the bar for criminals looking to cash in, says Symantec report.
The Relative Risk Of Malware
Commentary  |  1/18/2011  | 
Trend Micro reports there are 3.5 new malware released every second, up from 1 new malware every 1.5 seconds a year ago. But what's your actual risk?
'Ransomware' Threats Growing
News  |  1/18/2011  | 
The malware typically encrypts data or disables master boot records, then extorts money to undo damage and restore access.
Cyber Warfare Risks Overblown
News  |  1/18/2011  | 
Calls for military oversight of cybersecurity distract from protecting against legitimate threats, said the Organization for Economic Cooperation and Development.
Botnets Make Early Splash In New Year
News  |  1/17/2011  | 
As Rustock and Waledac begin pumping spam again, botnet experts say the bad guys will be up to their old tricks -- with some new twists -- in 2011
Spectrum Analyzer Catches Cell Phone Cheats In Taiwan
News  |  1/14/2011  | 
Anti-cheating use aside, security experts say spectrum analysis tools could be a new data breach threat vector.
Defying Skeptics, Wikipedia Thrives
News  |  1/14/2011  | 
Rather than being overwhelmed by vandalism, Wikipedia has managed to remain one of the more vital, if not always 100% accurate, sources of information online.
Botnets Resurge After Holiday Break
News  |  1/14/2011  | 
After going dark for about a week, the Waledac and Rustock botnets suddenly resurfaced and began unleashing large quantities of pharmaceutical spam.
China Industrial Control Software Vulnerable To Trojan Attack
News  |  1/13/2011  | 
Bug could allow an attacker to take control of a widely used Chinese SCADA system by using a Stuxnet-type exploit.
Hackers Could Game Wall Street With Network Latency
News  |  1/12/2011  | 
Even a few extra milliseconds would give an attacker enough time to execute trades ahead of the competition, warns a security researcher.
Schwartz On Security: Hack My Ride
Commentary  |  1/12/2011  | 
Car security exploits are fast, cheap, and out of control. Why don't automotive manufacturers do more to secure their vehicles?
Microsoft's January Patch Missing Fixes For Five Flaws
News  |  1/11/2011  | 
The company's patch process seems slow to respond to known vulnerabilities.
Java Attacks Spiking
News  |  1/11/2011  | 
Researchers see increase in malicious Trojans favoring built-in Java functionality over application-related vulnerabilities.
Facebook Virus Spread Via Photo Albums
News  |  1/10/2011  | 
Attacks, survey scams, and hoaxes, including one alleging the social network will shut down in March, running in high gear.
Cell Phones Vulnerable To 'SMS Of Death'
News  |  1/10/2011  | 
A single text can shut down and knock low-end handsets -- from Nokia, LG, Samsung, Motorola, Sony Ericsson, and Micromax -- off of a cell phone network, say researchers.
Researcher Exposes More Holes In GSM Crypto
Quick Hits  |  1/7/2011  | 
Popular mobile communications encryption algorithm is crackable, Karsten Nohl says
Tech Insight: Six Security Threats You Need To Know About
News  |  1/7/2011  | 
Security pros will have their hands full with revamped versions of current threats, while new ones also will bubble to the top
Google Researcher's IE 8 Bug Flaw Find Confirmed
News  |  1/7/2011  | 
US-CERT warns of critical 'use-after-free' browser flaw
Microsoft To Patch Three Vulnerabilities Tuesday
News  |  1/7/2011  | 
January's software update won't fix two zero-day bugs being exploited by attackers.
Security Researcher Defeats Adobe Flash Sandbox
News  |  1/7/2011  | 
Flash expert Billy Rios bypassed Flash Player feature meant to prevent malicious attacks.
Zero Day IE Vulnerability Confirmed
News  |  1/6/2011  | 
No patch yet available for Internet Explorer flaw, as Microsoft and Google researcher trade barbs over bug's disclosure.
Sourcefire Buys Cloud Security Firm
News  |  1/5/2011  | 
Immunet's cloud-based anti-malware model to boost Sourcefire's enterprise endpoint offerings
Report: More Than A Third Of All Malware In History Was Created In 2010
Quick Hits  |  1/5/2011  | 
Banking Trojans still dominate the new wave of malware, PandaLabs says
Attackers Broke Malware Records In 2010
News  |  1/5/2011  | 
Over the past year, online criminals created one-third of all viruses and 34% of all malware ever seen.
Spam Attack Captures Government Data
News  |  1/5/2011  | 
A Zeus botnet variant disguised as a White House electronic greeting card netted numerous documents from U.S. agencies.
Microsoft Warns Of Windows Graphics Vulnerability
News  |  1/4/2011  | 
Disclosed last month, a flaw in the Windows Graphics Rendering Engine could be used to execute malicious code.
New Stealth Rootkit Steals Windows 7, Server 2008 User Privileges 'On The Fly'
News  |  1/4/2011  | 
Researcher plans to hand off code to antivirus vendors, and then to EC-Council for ethical hacking training
7 Ways To Save Microsoft In 2011
Commentary  |  1/4/2011  | 
If Redmond can't adapt to the most competitive landscape in decades, it will fall further behind Apple and Google in key growth markets like phones and tablets.
IE Zero Day Flaw Leaked To Google Search
News  |  1/4/2011  | 
Log from security researcher's fuzzing engine found someone at a Chinese IP address searching for the exact Microsoft Internet Explorer attack signature.
Accidental Leak Reveals Chinese Hackers Have IE Zero Day
News  |  1/3/2011  | 
Google researcher's new fuzzer finds vulnerabilities in all browsers
Top 10 Security Predictions For 2011
News  |  1/3/2011  | 
More malware, botnets, and mayhem, including online protests and political attacks, are in store for this year, according to security experts.
For Hackers, 2011 Looks Like A Prosperous New Year
News  |  1/3/2011  | 
If you're an attacker, the new year is a target-rich environment. Here are five areas where you should shore up your defenses

COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Mobile App Fraud Jumped in Q1 as Attackers Pivot from Browsers
Jai Vijayan, Contributing Writer,  7/10/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...