Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in January 2012
Jury Still Out On Mobile Adware
News  |  1/31/2012  | 
Malicious software or not? Defining the threat on mobile platforms becomes more difficult as some advertising software enters a gray area
Researchers Postpone Release Of Free Smart Meter Security Testing Tool
News  |  1/31/2012  | 
Amid smart grid vendor's concerns about ShmooCon talk, public disclosure of research into smart meter infrared ports put on hold
Big Data's Dark Side: Compliance Issues
News  |  1/31/2012  | 
The bigger data sets grow, the harder compliance could become.
10 SharePoint Security Mistakes You Probably Make
News  |  1/31/2012  | 
Bradley Manning allegedly stole sensitive government cables destined for WikiLeaks from a SharePoint server. Are your information security controls tighter than the Army's were?
Cloud Means More Secure Remote Access
News  |  1/30/2012  | 
Connecting hosts running remote-access services directly to the Internet is so last decade. Instead, companies look to move to cloud-enabled services or virtual desktop infrastructure.
Google, Microsoft Say DMARC Spec Stops Phishing
News  |  1/27/2012  | 
New email authentication framework called DMARC, backed by major email and security tool providers, aims to make spoofed domains in messages a thing of the past.
U.S. Intel Chief: Insider Leaks A Top Priority
News  |  1/26/2012  | 
Strategies to prevent another Wikileaks will take years to perfect, but the cloud could save time and money, says director of national intelligence James Clapper.
Symantec: Users Should Disable PCAnywhere Now
News  |  1/26/2012  | 
Symantec moves into damage-control mode after LulzSec leader tweets the remote-access software may be used to launch exploits.
Pwn2Own Hacking Contest Gets Facelift
News  |  1/25/2012  | 
Popular competition will up the ante with longer contest, fewer targets, more payout for first-, second-, third-place winners--plus an extra Google bounty for cracking Chrome.
Anonymous Calls Anonyupload A Scam
News  |  1/25/2012  | 
Megaupload alternative promises "100% anonymous" platform for sharing files, providing it gets the required funds.
Videoconferencing Systems Vulnerable To Hackers
News  |  1/25/2012  | 
Take these steps to secure your videoconferencing system and prevent outsiders from spying on your company.
Microsoft Names Alleged Kelihos Botnet Operator
News  |  1/25/2012  | 
Suspect worked for antivirus and software development firms in Russia.
Videoconferencing Can Be The Bug In The Boardroom
News  |  1/24/2012  | 
Recent research underscores that insecure video conferencing systems can allow hackers to listen into a company's confidential discussions. Firms should take steps to evaluate their systems and secure them
9 Ways To Minimize Data Breach Fallout
Commentary  |  1/24/2012  | 
Symantec just revealed that attackers stole source code to its flagship Norton software in 2006, highlighting today's array of sharply different approaches to owning up to data breaches. Consider these essential policies.
9 Password Security Policies For SMBs
News  |  1/23/2012  | 
Does your company have strong password practices? Here's expert advice on how to help SMB employees minimize risks.
Famed Hacking Contest Gets Facelift
News  |  1/23/2012  | 
'Pwn2Own' will up the ante with more prolonged contest, fewer targets, more payout for first-, second-, third-place winners -- plus an extra Google bounty for cracking Chrome
Third-Party Vulnerability Counts Down? Not Quite
News  |  1/19/2012  | 
Trend data from Frost & Sullivan shows that vulnerabilities reported by third parties were lower in 2011, but companies such as Secunia and TippingPoint are seeing greater demand
McAfee SaaS Antivirus Spews Spam
News  |  1/19/2012  | 
Spammers are actively exploiting a hole in the antivirus software to create spam relays; McAfee says patch is forthcoming.
Oracle Scorned For Paltry Database Patches
News  |  1/19/2012  | 
With only two of many reported vulnerabilities fixed in Oracle's latest update, the database security community questions Oracle's patch bottleneck.
New Version Of Carberp Trojan Targets Facebook Users
Quick Hits  |  1/19/2012  | 
Malware attempts to steal money by duping the user into divulging an e-cash voucher
Zappos Breach Renews Calls For Stronger Passwords
News  |  1/18/2012  | 
Passwords are the go-to security technique for retailers, but businesses must balance password strength and consumer ease of use.
Victim Businesses Teaming Up To Fight Cybercriminals
News  |  1/17/2012  | 
Major global corporations call for more collaboration among organizations hit by cyberattacks, but the devil's in the details
Tilde-D Detection Focuses On Coding Anomalies
News  |  1/17/2012  | 
An open-source tool from the Laboratory of Cryptography and System Security hunts for Duqu using telltale signs left behind by the Tilde-D creation toolkit
Zappos Hack Exposes Passwords
News  |  1/17/2012  | 
Zappos tells 24 million customers to change passwords; special password-reset website was unavailable to non-U.S. customers.
How To Monitor Employees Without Being A Perv
Commentary  |  1/15/2012  | 
While we need to monitor our employees to protect organization secrets, there's no need to turn the workplace into a bad episode of Big Brother
10 Security Trends To Watch In 2012
News  |  1/13/2012  | 
From cyber espionage to Android malware, expect to see a greater variety and quantity of attacks than ever before.
Hackers Say Indian Intelligence Has U.S. Passwords
News  |  1/13/2012  | 
A hacktivist group has released troves of emails, spy memos, and U.S. government server access credentials. While not all are genuine, the breach points to cyber spying as the new norm.
Sykipot Malware Steals Pentagon Smart-Card Credentials
News  |  1/13/2012  | 
Malware out of China challenges two-factor authentication schemes used by Defense Department, other organizations.
Does NoSQL Mean No Security?
News  |  1/12/2012  | 
Biggest benefits of NoSQL databases--scalability and flexibility-- also give security experts the biggest headaches.
Hack Attacks Now Leading Cause Of Data Breaches
News  |  1/12/2012  | 
Exclusive: Identity Theft Resource Center identifies hacking, followed by data lost in transit and insider attacks, as the leading data breach culprits in 2011.
Top SMB Security Worries: Intellectual Property, Mobile
News  |  1/11/2012  | 
An expert security researcher shares his top security concerns for SMBs in 2012 and offers advice on how smaller companies can manage risks.
2012 Will Be The Year Of The...
Commentary  |  1/11/2012  | 
After a rough 2011 for many large organizations, here's a look at what the world of advanced threats will bring in 2012
When Someone Else's Insider Is Your Threat
News  |  1/11/2012  | 
As Symantec recently learned, your intellectual property could be at risk from third parties with whom you do business.
When Someone Else's Insider Is Your Threat
News  |  1/10/2012  | 
Contract language and enforcement are necessary to protect your IP in another company's network. Just ask Symantec, which had its source code stolen from a third party by hackers.
Hackers Claim Breach Of Norton Antivirus Source Code; Experts Say Claims Are Exaggerated
News  |  1/7/2012  | 
Symantec says disclosure poses 'no threat' to the security of its AV products or their customers
New Denial Of Service Attack Cripples Servers Slowly
News  |  1/6/2012  | 
'Slow Read' proof-of-concept and tool released Thursday.
AntiSec Hacks NY, California Law Enforcement
News  |  1/5/2012  | 
Breaches show database insecurity is still the norm, despite rash of attacks by hacktivists.
SQL Injection Hack Infects 1 Million Web Pages
News  |  1/5/2012  | 
SANS warns of uptick in 'Lilupophilupop' attack, but Cisco said total number of infected Web pages likely lower.
Four Takeaways From The Stuxnet-Duqu Connection
News  |  1/3/2012  | 
Lessons learned from the latest findings in the Stuxnet and Duqu attacks


AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-14540
PUBLISHED: 2019-09-15
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
CVE-2019-16332
PUBLISHED: 2019-09-15
In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.
CVE-2019-16333
PUBLISHED: 2019-09-15
GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php.
CVE-2019-16334
PUBLISHED: 2019-09-15
In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636.
CVE-2019-16335
PUBLISHED: 2019-09-15
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.