Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in January 2013
Page 1 / 2   >   >>
Did Chinese Hackers Hit NY Times?
News  |  1/31/2013  | 
Some evidence suggests Chinese involvement in recent attack on The New York Times. Meanwhile, Symantec goes into damage-control mode over failure to block hackers.
Firefox Moves To Block Java, Silverlight, Adobe Reader
News  |  1/31/2013  | 
Mozilla's "click to play" move will block all plug-ins from executing without explicit user authorization.
Legitimate Sites Are Most Likely To Serve Up Malware, Cisco Study Says
Quick Hits  |  1/31/2013  | 
About a third of all malware is encountered in the U.S., Cisco annual security study finds
Millions Of Networked Devices In Harm's Way
News  |  1/29/2013  | 
Unplug Universal Plug And Play (UPnP) to protect routers, storage devices, media players from getting hacked over the Internet, Rapid7 says
Unplug Universal Plug And Play: Security Warning
News  |  1/29/2013  | 
Tens of millions of devices with UPnP are remotely exploitable, warns Metasploit creator. New tool detects vulnerable devices, which include 6,900 different product versions spanning 1,500 vendors.
iOS 6.1 Fixes 27 Vulnerabilities
News  |  1/29/2013  | 
20 remote code execution errors in the WebKit browser engine, a staple of Apple security updates, are fixed in the new release for iPhones, iPads, and iPod Touches. Some of the bugs fixed are quite old, with one reported in 2011
AMD Suit Offers Lessons On Punishing Insider Thieves
News  |  1/28/2013  | 
Theft of 150,000 documents by AMD employees defecting to nVidia and subsequent lawsuit shows value of monitoring and forensics spend
HP Disputes Printer Security Vulnerabilities
News  |  1/28/2013  | 
Weaknesses in printer networking software could be used to bypass authentication, deny service and retrieve documents from any user, Spanish researcher says.
6 Steps To Better Customer Data Protection
News  |  1/28/2013  | 
Privacy isn't a concern just for the Googles and Facebooks of the world. Here are six ways small and midsize businesses (SMB) can better protect their customers -- and themselves.
Combatting Advanced Threats In 2013 Through Basics
Commentary  |  1/28/2013  | 
Focus on fixing the problems of a past generation before focusing on the next
Java Security Work Remains, Bug Hunter Says
News  |  1/28/2013  | 
Proof-of-concept attack can be used to run arbitrary Java apps, despite Oracle's recent security fix.
Anonymous DDoS Attackers In Britain Sentenced
News  |  1/25/2013  | 
Two men receive jail time for botnet attacks on PayPal, MasterCard, Visa and the British anti-piracy lobby as part of Operation Payback.
SCADA Security 2.0
News  |  1/24/2013  | 
Siemens will consider whether to offer a bug bounty program as security experts look at new approaches to tackling SCADA security woes
China Accused Of Java, IE Zero Day Attacks
News  |  1/24/2013  | 
Human rights groups have been victims of "watering hole" attacks using recently discovered -- and patched -- flaws in Java and Internet Explorer, security researcher says.
Twitter Flaw Exposes Direct Messages To Third-Party Applications
Quick Hits  |  1/24/2013  | 
Applications can view Twitter DMs even without users' permission, researcher says
Supply Chain Uncertainties Complicate Security
News  |  1/23/2013  | 
Los Alamos National Laboratory's move to oust Chinese hardware without any evidence of backdoors highlights how supply-chain insecurities are difficult to manage
Alleged Gozi Trojan Creator Among Three Charged by Authorities
News  |  1/23/2013  | 
Three people are facing decades behind bars if convicted of having roles in the malware's spread
Playing In The Sandbox Helps Developers Learn About Bugs
News  |  1/23/2013  | 
Using virtual environments, two start-up projects create different ways of showing -- not telling -- developers how and why to prevent bugs
Report: 70% Of Exploit Kits Out Of Russia
Quick Hits  |  1/22/2013  | 
Most vulnerabilities used in kits employ older exploits
SCADA Password-Cracking Tool For Siemens S7 PLCs Released
News  |  1/22/2013  | 
Siemens says no bug involved so no patch needed, and is working on simplifying patching overall for its customers
Virut Malware Botnet Torpedoed By Security Researchers
News  |  1/22/2013  | 
Spamhaus group scuttles command and control systems for Russian botnet controlling an estimated 300,000 zombie PCs per day.
Java Hacker Uncovers Two Flaws In Latest Update
News  |  1/22/2013  | 
Expert Java bug hunter says Oracle's latest Java 7 update, released last week, has two sandbox-bypass bugs.
Java Security 'Fix' Is Disguised Malware Attack
News  |  1/18/2013  | 
Security researchers spot malware masquerading as a Java security update. Users urged to download Java updates directly from Oracle.
Java Security Warnings: Cut Through The Confusion
Commentary  |  1/18/2013  | 
Recent warnings to deactivate Java are raising additional questions: What about JavaScript, EJB, JavaFX, Android and any other use of the programming language?
SCADA Hackers Go On Defense
News  |  1/17/2013  | 
ReVuln building SCADA 'shield,' and rolls out SCADA custom-patch service for its customers
Vulnerable APIs Continue To Pose Threat To Cloud
News  |  1/16/2013  | 
From banks to Instagram, weaknesses in online APIs have caused problems in the last year, with security experts warning that poorly implemented or designed Web APIs could put company data at risk
McAfee's Escape From Belize Turns Movie
News  |  1/16/2013  | 
Tale of eccentric antivirus founder John McAfee's escape to Guatemala and Miami set to be adapted by the team behind Crazy, Stupid, Love.
Another Java Zero-Day Vulnerability Hits Black Market
News  |  1/16/2013  | 
Just 24 hours after Oracle patched two critical flaws in Java, online vulnerability vendor starts selling never-seen Java bug.
The SCADA Patch Problem
News  |  1/15/2013  | 
Industrial control systems vendors are starting to patch security bugs, but actually installing the fixes can invite more trouble
10 Facts: Secure Java For Business Use
News  |  1/15/2013  | 
Businesses that rely on Java must now take additional steps to keep employees safe. Here's where to start.
Cloud's Privileged Identity Gap Intensifies Insider Threats
News  |  1/15/2013  | 
Organizations need to rein in shared accounts and do a better job tracking user activity across cloud architectures
Java Fallout: 4 SMB Security Resolutions
News  |  1/14/2013  | 
Fixing this kind of security issue doesn't require going head-to-head with organized crime rings or hacktivist groups. It just requires some human elbow grease.
Anonymous Hacks MIT In Aaron Swartz Tribute
News  |  1/14/2013  | 
Hacktivist group leaves defaced Web page calling for reform of computer crime and intellectual property laws.
Red October Espionage Network Rivals Flame
News  |  1/14/2013  | 
Newly discovered espionage malware infrastructure largely targets organizations in Eastern Europe and Asia.
Cartoon: Forgot Password? Click Here
Commentary  |  1/14/2013  | 
Oracle Fixes Zero Day Java Flaws: Patch Now
News  |  1/14/2013  | 
Java 7 update, released Sunday, fixes bugs widely targeted by crimeware toolkits. Other critical bug updates coming later this week from Oracle and Microsoft.
How Cybercriminals Choose Their Targets And Tactics
Quick Hits  |  1/13/2013  | 
Targeted attacks are becoming pervasive. Here's a look at how those targets are chosen -- and how your organization might avoid being one of them
Monitoring Bank DDoS Attacks Tough Task For Third Parties
News  |  1/11/2013  | 
While data is not readily available on the attacks hitting financial institutions, defenders dealing with the incidents say that the attacks are effective and costly
Anonymous Says DDoS Attacks Like Free Speech
News  |  1/11/2013  | 
Hacktivist collective Anonymous petitions the White House to make DDoS attacks part of First Amendment protections. Shutdown attacks are akin to Occupy protests, group argues.
Java Under Attack Again, Disable Now
News  |  1/11/2013  | 
Java zero-day vulnerability is under attack by at least four active campaigns. Oracle has yet to respond. Here's what to do.
Attack Code, Metasploit Module Released For Serious Ruby On Rails Bugs
News  |  1/10/2013  | 
Drop everything and patch Ruby on Rails apps now, security experts say
Bank Attacker Iran Ties Questioned By Security Pros
News  |  1/10/2013  | 
U.S. government officials continue to blame Iran for launching attacks against U.S. banks, but some information security experts see only circumstantial evidence.
U.K. Armed Forces Leaving Cyber Back Door Open?
News  |  1/10/2013  | 
Huge resources have been promised to beef up country's cyber warfare defense, but little has actually been sent to armed forces, bipartisan report says.
Apple Targets App Store Bait And Switch Scammers
News  |  1/10/2013  | 
Apple will lock down app screenshots after approval to stem a spate of sellers hawking fake apps.
Expect Less Targeting From This Year's Targeted Attacks
News  |  1/10/2013  | 
Broader spearphishing campaigns and watering-hole attacks look to compromise and gather intelligence on broader classes of targets
How Well Do You Know Your Data?
Commentary  |  1/9/2013  | 
The more you know about your data, the more effectively you can protect it
McAfee Takes Belize: Social Engineering Lesson
Commentary  |  1/9/2013  | 
Eccentric antivirus firm founder John McAfee says he tricked people with spyware -- using free laptops. Social engineering attacks remain cheap, easy and effective.
Critical Ruby On Rails Issue Threatens 240,000 Websites
News  |  1/9/2013  | 
Bug allows attackers to execute arbitrary code on any version of Ruby published in the last six years.
U.S. Bank Hack Attack Techniques Identified
News  |  1/9/2013  | 
Security researchers detail how poorly secured, hosted servers helped launch botnet-based attacks; U.S. government continues to blame Iran.
Deep Dive With David Litchfield
News  |  1/8/2013  | 
Renowned database security researcher chats up shark-diving, bug-hunting -- and how Sandra Bullock killed his zoology degree
Page 1 / 2   >   >>

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Practical Network Security Approaches for a Multicloud, Hybrid IT World
The report covers areas enterprises should focus on for their multicloud/hybrid cloud security strategy: -increase visibility over the environment -learning cloud-specific skills -relying on established security frameworks -re-architecting the network
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-05-09
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
PUBLISHED: 2022-05-09
In Solana rBPF versions 0.2.26 and 0.2.27 are affected by Incorrect Calculation which is caused by improper implementation of sdiv instruction. This can lead to the wrong execution path, resulting in huge loss in specific cases. For example, the result of a sdiv instruction may decide whether to tra...
PUBLISHED: 2022-05-08
ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.
PUBLISHED: 2022-05-08
marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor.
PUBLISHED: 2022-05-08
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.