Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in January 2012
Jury Still Out On Mobile Adware
News  |  1/31/2012  | 
Malicious software or not? Defining the threat on mobile platforms becomes more difficult as some advertising software enters a gray area
Researchers Postpone Release Of Free Smart Meter Security Testing Tool
News  |  1/31/2012  | 
Amid smart grid vendor's concerns about ShmooCon talk, public disclosure of research into smart meter infrared ports put on hold
Big Data's Dark Side: Compliance Issues
News  |  1/31/2012  | 
The bigger data sets grow, the harder compliance could become.
10 SharePoint Security Mistakes You Probably Make
News  |  1/31/2012  | 
Bradley Manning allegedly stole sensitive government cables destined for WikiLeaks from a SharePoint server. Are your information security controls tighter than the Army's were?
Cloud Means More Secure Remote Access
News  |  1/30/2012  | 
Connecting hosts running remote-access services directly to the Internet is so last decade. Instead, companies look to move to cloud-enabled services or virtual desktop infrastructure.
Google, Microsoft Say DMARC Spec Stops Phishing
News  |  1/27/2012  | 
New email authentication framework called DMARC, backed by major email and security tool providers, aims to make spoofed domains in messages a thing of the past.
U.S. Intel Chief: Insider Leaks A Top Priority
News  |  1/26/2012  | 
Strategies to prevent another Wikileaks will take years to perfect, but the cloud could save time and money, says director of national intelligence James Clapper.
Symantec: Users Should Disable PCAnywhere Now
News  |  1/26/2012  | 
Symantec moves into damage-control mode after LulzSec leader tweets the remote-access software may be used to launch exploits.
Pwn2Own Hacking Contest Gets Facelift
News  |  1/25/2012  | 
Popular competition will up the ante with longer contest, fewer targets, more payout for first-, second-, third-place winners--plus an extra Google bounty for cracking Chrome.
Anonymous Calls Anonyupload A Scam
News  |  1/25/2012  | 
Megaupload alternative promises "100% anonymous" platform for sharing files, providing it gets the required funds.
Videoconferencing Systems Vulnerable To Hackers
News  |  1/25/2012  | 
Take these steps to secure your videoconferencing system and prevent outsiders from spying on your company.
Microsoft Names Alleged Kelihos Botnet Operator
News  |  1/25/2012  | 
Suspect worked for antivirus and software development firms in Russia.
Videoconferencing Can Be The Bug In The Boardroom
News  |  1/24/2012  | 
Recent research underscores that insecure video conferencing systems can allow hackers to listen into a company's confidential discussions. Firms should take steps to evaluate their systems and secure them
9 Ways To Minimize Data Breach Fallout
Commentary  |  1/24/2012  | 
Symantec just revealed that attackers stole source code to its flagship Norton software in 2006, highlighting today's array of sharply different approaches to owning up to data breaches. Consider these essential policies.
9 Password Security Policies For SMBs
News  |  1/23/2012  | 
Does your company have strong password practices? Here's expert advice on how to help SMB employees minimize risks.
Famed Hacking Contest Gets Facelift
News  |  1/23/2012  | 
'Pwn2Own' will up the ante with more prolonged contest, fewer targets, more payout for first-, second-, third-place winners -- plus an extra Google bounty for cracking Chrome
Third-Party Vulnerability Counts Down? Not Quite
News  |  1/19/2012  | 
Trend data from Frost & Sullivan shows that vulnerabilities reported by third parties were lower in 2011, but companies such as Secunia and TippingPoint are seeing greater demand
McAfee SaaS Antivirus Spews Spam
News  |  1/19/2012  | 
Spammers are actively exploiting a hole in the antivirus software to create spam relays; McAfee says patch is forthcoming.
Oracle Scorned For Paltry Database Patches
News  |  1/19/2012  | 
With only two of many reported vulnerabilities fixed in Oracle's latest update, the database security community questions Oracle's patch bottleneck.
New Version Of Carberp Trojan Targets Facebook Users
Quick Hits  |  1/19/2012  | 
Malware attempts to steal money by duping the user into divulging an e-cash voucher
Zappos Breach Renews Calls For Stronger Passwords
News  |  1/18/2012  | 
Passwords are the go-to security technique for retailers, but businesses must balance password strength and consumer ease of use.
Victim Businesses Teaming Up To Fight Cybercriminals
News  |  1/17/2012  | 
Major global corporations call for more collaboration among organizations hit by cyberattacks, but the devil's in the details
Tilde-D Detection Focuses On Coding Anomalies
News  |  1/17/2012  | 
An open-source tool from the Laboratory of Cryptography and System Security hunts for Duqu using telltale signs left behind by the Tilde-D creation toolkit
Zappos Hack Exposes Passwords
News  |  1/17/2012  | 
Zappos tells 24 million customers to change passwords; special password-reset website was unavailable to non-U.S. customers.
How To Monitor Employees Without Being A Perv
Commentary  |  1/15/2012  | 
While we need to monitor our employees to protect organization secrets, there's no need to turn the workplace into a bad episode of Big Brother
10 Security Trends To Watch In 2012
News  |  1/13/2012  | 
From cyber espionage to Android malware, expect to see a greater variety and quantity of attacks than ever before.
Hackers Say Indian Intelligence Has U.S. Passwords
News  |  1/13/2012  | 
A hacktivist group has released troves of emails, spy memos, and U.S. government server access credentials. While not all are genuine, the breach points to cyber spying as the new norm.
Sykipot Malware Steals Pentagon Smart-Card Credentials
News  |  1/13/2012  | 
Malware out of China challenges two-factor authentication schemes used by Defense Department, other organizations.
Does NoSQL Mean No Security?
News  |  1/12/2012  | 
Biggest benefits of NoSQL databases--scalability and flexibility-- also give security experts the biggest headaches.
Hack Attacks Now Leading Cause Of Data Breaches
News  |  1/12/2012  | 
Exclusive: Identity Theft Resource Center identifies hacking, followed by data lost in transit and insider attacks, as the leading data breach culprits in 2011.
Top SMB Security Worries: Intellectual Property, Mobile
News  |  1/11/2012  | 
An expert security researcher shares his top security concerns for SMBs in 2012 and offers advice on how smaller companies can manage risks.
2012 Will Be The Year Of The...
Commentary  |  1/11/2012  | 
After a rough 2011 for many large organizations, here's a look at what the world of advanced threats will bring in 2012
When Someone Else's Insider Is Your Threat
News  |  1/11/2012  | 
As Symantec recently learned, your intellectual property could be at risk from third parties with whom you do business.
When Someone Else's Insider Is Your Threat
News  |  1/10/2012  | 
Contract language and enforcement are necessary to protect your IP in another company's network. Just ask Symantec, which had its source code stolen from a third party by hackers.
Hackers Claim Breach Of Norton Antivirus Source Code; Experts Say Claims Are Exaggerated
News  |  1/7/2012  | 
Symantec says disclosure poses 'no threat' to the security of its AV products or their customers
New Denial Of Service Attack Cripples Servers Slowly
News  |  1/6/2012  | 
'Slow Read' proof-of-concept and tool released Thursday.
AntiSec Hacks NY, California Law Enforcement
News  |  1/5/2012  | 
Breaches show database insecurity is still the norm, despite rash of attacks by hacktivists.
SQL Injection Hack Infects 1 Million Web Pages
News  |  1/5/2012  | 
SANS warns of uptick in 'Lilupophilupop' attack, but Cisco said total number of infected Web pages likely lower.
Four Takeaways From The Stuxnet-Duqu Connection
News  |  1/3/2012  | 
Lessons learned from the latest findings in the Stuxnet and Duqu attacks


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19033
PUBLISHED: 2019-11-21
Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account, by using any username and the hardcoded dev password.
CVE-2019-19191
PUBLISHED: 2019-11-21
Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user (the shibd account) after installation. This allows the user to escalate to root by pointing symlinks to files such as /etc/shadow.
CVE-2019-15511
PUBLISHED: 2019-11-21
An exploitable local privilege escalation vulnerability exists in the GalaxyClientService installed by GOG Galaxy. Due to Improper Access Control, an attacker can send unauthenticated local TCP packets to the service to gain SYSTEM privileges in Windows system where GOG Galaxy software is installed....
CVE-2019-16405
PUBLISHED: 2019-11-21
Centreon Web 19.04.4 allows Remote Code Execution by an administrator who can modify Macro Expression location settings.
CVE-2019-16406
PUBLISHED: 2019-11-21
Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron.