Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in January 2012
Jury Still Out On Mobile Adware
News  |  1/31/2012  | 
Malicious software or not? Defining the threat on mobile platforms becomes more difficult as some advertising software enters a gray area
Researchers Postpone Release Of Free Smart Meter Security Testing Tool
News  |  1/31/2012  | 
Amid smart grid vendor's concerns about ShmooCon talk, public disclosure of research into smart meter infrared ports put on hold
Big Data's Dark Side: Compliance Issues
News  |  1/31/2012  | 
The bigger data sets grow, the harder compliance could become.
10 SharePoint Security Mistakes You Probably Make
News  |  1/31/2012  | 
Bradley Manning allegedly stole sensitive government cables destined for WikiLeaks from a SharePoint server. Are your information security controls tighter than the Army's were?
Cloud Means More Secure Remote Access
News  |  1/30/2012  | 
Connecting hosts running remote-access services directly to the Internet is so last decade. Instead, companies look to move to cloud-enabled services or virtual desktop infrastructure.
Google, Microsoft Say DMARC Spec Stops Phishing
News  |  1/27/2012  | 
New email authentication framework called DMARC, backed by major email and security tool providers, aims to make spoofed domains in messages a thing of the past.
U.S. Intel Chief: Insider Leaks A Top Priority
News  |  1/26/2012  | 
Strategies to prevent another Wikileaks will take years to perfect, but the cloud could save time and money, says director of national intelligence James Clapper.
Symantec: Users Should Disable PCAnywhere Now
News  |  1/26/2012  | 
Symantec moves into damage-control mode after LulzSec leader tweets the remote-access software may be used to launch exploits.
Pwn2Own Hacking Contest Gets Facelift
News  |  1/25/2012  | 
Popular competition will up the ante with longer contest, fewer targets, more payout for first-, second-, third-place winners--plus an extra Google bounty for cracking Chrome.
Anonymous Calls Anonyupload A Scam
News  |  1/25/2012  | 
Megaupload alternative promises "100% anonymous" platform for sharing files, providing it gets the required funds.
Videoconferencing Systems Vulnerable To Hackers
News  |  1/25/2012  | 
Take these steps to secure your videoconferencing system and prevent outsiders from spying on your company.
Microsoft Names Alleged Kelihos Botnet Operator
News  |  1/25/2012  | 
Suspect worked for antivirus and software development firms in Russia.
Videoconferencing Can Be The Bug In The Boardroom
News  |  1/24/2012  | 
Recent research underscores that insecure video conferencing systems can allow hackers to listen into a company's confidential discussions. Firms should take steps to evaluate their systems and secure them
9 Ways To Minimize Data Breach Fallout
Commentary  |  1/24/2012  | 
Symantec just revealed that attackers stole source code to its flagship Norton software in 2006, highlighting today's array of sharply different approaches to owning up to data breaches. Consider these essential policies.
9 Password Security Policies For SMBs
News  |  1/23/2012  | 
Does your company have strong password practices? Here's expert advice on how to help SMB employees minimize risks.
Famed Hacking Contest Gets Facelift
News  |  1/23/2012  | 
'Pwn2Own' will up the ante with more prolonged contest, fewer targets, more payout for first-, second-, third-place winners -- plus an extra Google bounty for cracking Chrome
Third-Party Vulnerability Counts Down? Not Quite
News  |  1/19/2012  | 
Trend data from Frost & Sullivan shows that vulnerabilities reported by third parties were lower in 2011, but companies such as Secunia and TippingPoint are seeing greater demand
McAfee SaaS Antivirus Spews Spam
News  |  1/19/2012  | 
Spammers are actively exploiting a hole in the antivirus software to create spam relays; McAfee says patch is forthcoming.
Oracle Scorned For Paltry Database Patches
News  |  1/19/2012  | 
With only two of many reported vulnerabilities fixed in Oracle's latest update, the database security community questions Oracle's patch bottleneck.
New Version Of Carberp Trojan Targets Facebook Users
Quick Hits  |  1/19/2012  | 
Malware attempts to steal money by duping the user into divulging an e-cash voucher
Zappos Breach Renews Calls For Stronger Passwords
News  |  1/18/2012  | 
Passwords are the go-to security technique for retailers, but businesses must balance password strength and consumer ease of use.
Victim Businesses Teaming Up To Fight Cybercriminals
News  |  1/17/2012  | 
Major global corporations call for more collaboration among organizations hit by cyberattacks, but the devil's in the details
Tilde-D Detection Focuses On Coding Anomalies
News  |  1/17/2012  | 
An open-source tool from the Laboratory of Cryptography and System Security hunts for Duqu using telltale signs left behind by the Tilde-D creation toolkit
Zappos Hack Exposes Passwords
News  |  1/17/2012  | 
Zappos tells 24 million customers to change passwords; special password-reset website was unavailable to non-U.S. customers.
How To Monitor Employees Without Being A Perv
Commentary  |  1/15/2012  | 
While we need to monitor our employees to protect organization secrets, there's no need to turn the workplace into a bad episode of Big Brother
10 Security Trends To Watch In 2012
News  |  1/13/2012  | 
From cyber espionage to Android malware, expect to see a greater variety and quantity of attacks than ever before.
Hackers Say Indian Intelligence Has U.S. Passwords
News  |  1/13/2012  | 
A hacktivist group has released troves of emails, spy memos, and U.S. government server access credentials. While not all are genuine, the breach points to cyber spying as the new norm.
Sykipot Malware Steals Pentagon Smart-Card Credentials
News  |  1/13/2012  | 
Malware out of China challenges two-factor authentication schemes used by Defense Department, other organizations.
Does NoSQL Mean No Security?
News  |  1/12/2012  | 
Biggest benefits of NoSQL databases--scalability and flexibility-- also give security experts the biggest headaches.
Hack Attacks Now Leading Cause Of Data Breaches
News  |  1/12/2012  | 
Exclusive: Identity Theft Resource Center identifies hacking, followed by data lost in transit and insider attacks, as the leading data breach culprits in 2011.
Top SMB Security Worries: Intellectual Property, Mobile
News  |  1/11/2012  | 
An expert security researcher shares his top security concerns for SMBs in 2012 and offers advice on how smaller companies can manage risks.
2012 Will Be The Year Of The...
Commentary  |  1/11/2012  | 
After a rough 2011 for many large organizations, here's a look at what the world of advanced threats will bring in 2012
When Someone Else's Insider Is Your Threat
News  |  1/11/2012  | 
As Symantec recently learned, your intellectual property could be at risk from third parties with whom you do business.
When Someone Else's Insider Is Your Threat
News  |  1/10/2012  | 
Contract language and enforcement are necessary to protect your IP in another company's network. Just ask Symantec, which had its source code stolen from a third party by hackers.
Hackers Claim Breach Of Norton Antivirus Source Code; Experts Say Claims Are Exaggerated
News  |  1/7/2012  | 
Symantec says disclosure poses 'no threat' to the security of its AV products or their customers
New Denial Of Service Attack Cripples Servers Slowly
News  |  1/6/2012  | 
'Slow Read' proof-of-concept and tool released Thursday.
AntiSec Hacks NY, California Law Enforcement
News  |  1/5/2012  | 
Breaches show database insecurity is still the norm, despite rash of attacks by hacktivists.
SQL Injection Hack Infects 1 Million Web Pages
News  |  1/5/2012  | 
SANS warns of uptick in 'Lilupophilupop' attack, but Cisco said total number of infected Web pages likely lower.
Four Takeaways From The Stuxnet-Duqu Connection
News  |  1/3/2012  | 
Lessons learned from the latest findings in the Stuxnet and Duqu attacks


COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25821
PUBLISHED: 2020-09-23
** UNSUPPORTED WHEN ASSIGNED ** peg-markdown 0.4.14 has a NULL pointer dereference in process_raw_blocks in markdown_lib.c. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2020-3130
PUBLISHED: 2020-09-23
A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP re...
CVE-2020-3133
PUBLISHED: 2020-09-23
A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper validation of incoming emails. An attacker could exploit t...
CVE-2020-3135
PUBLISHED: 2020-09-23
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (UCM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based...
CVE-2020-3137
PUBLISHED: 2020-09-23
A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because th...