Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in January 2012
Jury Still Out On Mobile Adware
News  |  1/31/2012  | 
Malicious software or not? Defining the threat on mobile platforms becomes more difficult as some advertising software enters a gray area
Researchers Postpone Release Of Free Smart Meter Security Testing Tool
News  |  1/31/2012  | 
Amid smart grid vendor's concerns about ShmooCon talk, public disclosure of research into smart meter infrared ports put on hold
Big Data's Dark Side: Compliance Issues
News  |  1/31/2012  | 
The bigger data sets grow, the harder compliance could become.
10 SharePoint Security Mistakes You Probably Make
News  |  1/31/2012  | 
Bradley Manning allegedly stole sensitive government cables destined for WikiLeaks from a SharePoint server. Are your information security controls tighter than the Army's were?
Cloud Means More Secure Remote Access
News  |  1/30/2012  | 
Connecting hosts running remote-access services directly to the Internet is so last decade. Instead, companies look to move to cloud-enabled services or virtual desktop infrastructure.
Google, Microsoft Say DMARC Spec Stops Phishing
News  |  1/27/2012  | 
New email authentication framework called DMARC, backed by major email and security tool providers, aims to make spoofed domains in messages a thing of the past.
U.S. Intel Chief: Insider Leaks A Top Priority
News  |  1/26/2012  | 
Strategies to prevent another Wikileaks will take years to perfect, but the cloud could save time and money, says director of national intelligence James Clapper.
Symantec: Users Should Disable PCAnywhere Now
News  |  1/26/2012  | 
Symantec moves into damage-control mode after LulzSec leader tweets the remote-access software may be used to launch exploits.
Pwn2Own Hacking Contest Gets Facelift
News  |  1/25/2012  | 
Popular competition will up the ante with longer contest, fewer targets, more payout for first-, second-, third-place winners--plus an extra Google bounty for cracking Chrome.
Anonymous Calls Anonyupload A Scam
News  |  1/25/2012  | 
Megaupload alternative promises "100% anonymous" platform for sharing files, providing it gets the required funds.
Videoconferencing Systems Vulnerable To Hackers
News  |  1/25/2012  | 
Take these steps to secure your videoconferencing system and prevent outsiders from spying on your company.
Microsoft Names Alleged Kelihos Botnet Operator
News  |  1/25/2012  | 
Suspect worked for antivirus and software development firms in Russia.
Videoconferencing Can Be The Bug In The Boardroom
News  |  1/24/2012  | 
Recent research underscores that insecure video conferencing systems can allow hackers to listen into a company's confidential discussions. Firms should take steps to evaluate their systems and secure them
9 Ways To Minimize Data Breach Fallout
Commentary  |  1/24/2012  | 
Symantec just revealed that attackers stole source code to its flagship Norton software in 2006, highlighting today's array of sharply different approaches to owning up to data breaches. Consider these essential policies.
9 Password Security Policies For SMBs
News  |  1/23/2012  | 
Does your company have strong password practices? Here's expert advice on how to help SMB employees minimize risks.
Famed Hacking Contest Gets Facelift
News  |  1/23/2012  | 
'Pwn2Own' will up the ante with more prolonged contest, fewer targets, more payout for first-, second-, third-place winners -- plus an extra Google bounty for cracking Chrome
Third-Party Vulnerability Counts Down? Not Quite
News  |  1/19/2012  | 
Trend data from Frost & Sullivan shows that vulnerabilities reported by third parties were lower in 2011, but companies such as Secunia and TippingPoint are seeing greater demand
McAfee SaaS Antivirus Spews Spam
News  |  1/19/2012  | 
Spammers are actively exploiting a hole in the antivirus software to create spam relays; McAfee says patch is forthcoming.
Oracle Scorned For Paltry Database Patches
News  |  1/19/2012  | 
With only two of many reported vulnerabilities fixed in Oracle's latest update, the database security community questions Oracle's patch bottleneck.
New Version Of Carberp Trojan Targets Facebook Users
Quick Hits  |  1/19/2012  | 
Malware attempts to steal money by duping the user into divulging an e-cash voucher
Zappos Breach Renews Calls For Stronger Passwords
News  |  1/18/2012  | 
Passwords are the go-to security technique for retailers, but businesses must balance password strength and consumer ease of use.
Victim Businesses Teaming Up To Fight Cybercriminals
News  |  1/17/2012  | 
Major global corporations call for more collaboration among organizations hit by cyberattacks, but the devil's in the details
Tilde-D Detection Focuses On Coding Anomalies
News  |  1/17/2012  | 
An open-source tool from the Laboratory of Cryptography and System Security hunts for Duqu using telltale signs left behind by the Tilde-D creation toolkit
Zappos Hack Exposes Passwords
News  |  1/17/2012  | 
Zappos tells 24 million customers to change passwords; special password-reset website was unavailable to non-U.S. customers.
How To Monitor Employees Without Being A Perv
Commentary  |  1/15/2012  | 
While we need to monitor our employees to protect organization secrets, there's no need to turn the workplace into a bad episode of Big Brother
10 Security Trends To Watch In 2012
News  |  1/13/2012  | 
From cyber espionage to Android malware, expect to see a greater variety and quantity of attacks than ever before.
Hackers Say Indian Intelligence Has U.S. Passwords
News  |  1/13/2012  | 
A hacktivist group has released troves of emails, spy memos, and U.S. government server access credentials. While not all are genuine, the breach points to cyber spying as the new norm.
Sykipot Malware Steals Pentagon Smart-Card Credentials
News  |  1/13/2012  | 
Malware out of China challenges two-factor authentication schemes used by Defense Department, other organizations.
Does NoSQL Mean No Security?
News  |  1/12/2012  | 
Biggest benefits of NoSQL databases--scalability and flexibility-- also give security experts the biggest headaches.
Hack Attacks Now Leading Cause Of Data Breaches
News  |  1/12/2012  | 
Exclusive: Identity Theft Resource Center identifies hacking, followed by data lost in transit and insider attacks, as the leading data breach culprits in 2011.
Top SMB Security Worries: Intellectual Property, Mobile
News  |  1/11/2012  | 
An expert security researcher shares his top security concerns for SMBs in 2012 and offers advice on how smaller companies can manage risks.
2012 Will Be The Year Of The...
Commentary  |  1/11/2012  | 
After a rough 2011 for many large organizations, here's a look at what the world of advanced threats will bring in 2012
When Someone Else's Insider Is Your Threat
News  |  1/11/2012  | 
As Symantec recently learned, your intellectual property could be at risk from third parties with whom you do business.
When Someone Else's Insider Is Your Threat
News  |  1/10/2012  | 
Contract language and enforcement are necessary to protect your IP in another company's network. Just ask Symantec, which had its source code stolen from a third party by hackers.
Hackers Claim Breach Of Norton Antivirus Source Code; Experts Say Claims Are Exaggerated
News  |  1/7/2012  | 
Symantec says disclosure poses 'no threat' to the security of its AV products or their customers
New Denial Of Service Attack Cripples Servers Slowly
News  |  1/6/2012  | 
'Slow Read' proof-of-concept and tool released Thursday.
AntiSec Hacks NY, California Law Enforcement
News  |  1/5/2012  | 
Breaches show database insecurity is still the norm, despite rash of attacks by hacktivists.
SQL Injection Hack Infects 1 Million Web Pages
News  |  1/5/2012  | 
SANS warns of uptick in 'Lilupophilupop' attack, but Cisco said total number of infected Web pages likely lower.
Four Takeaways From The Stuxnet-Duqu Connection
News  |  1/3/2012  | 
Lessons learned from the latest findings in the Stuxnet and Duqu attacks


How Attackers Could Use Azure Apps to Sneak into Microsoft 365
Kelly Sheridan, Staff Editor, Dark Reading,  3/24/2020
Malicious USB Drive Hides Behind Gift Card Lure
Dark Reading Staff 3/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10940
PUBLISHED: 2020-03-27
Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.
CVE-2020-10939
PUBLISHED: 2020-03-27
Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.
CVE-2020-6095
PUBLISHED: 2020-03-27
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2020-10817
PUBLISHED: 2020-03-27
The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued.
CVE-2020-10952
PUBLISHED: 2020-03-27
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.