Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in January 2014
Yahoo Mail Passwords: Act Now
News  |  1/31/2014  | 
Yahoo suffers hack attack, eyes third-party database and reused credentials as likely culprits, may enforce two-factor authentication to help users recover accounts.
Chip-and-PIN Security Push To Pit Retailers Against Banks
News  |  1/30/2014  | 
While the cost of breaches typically falls on the merchants, card issuers and banks would foot much of the bill for improving the security of the payment-card system
Target Hackers Tapped Vendor Credentials
News  |  1/30/2014  | 
Investigators suspect that BMC software, Microsoft configuration management tools, and SQL injection were used as hacking tools and techniques in Target's massive data breach.
4 Hurdles That Trip Security Analytics Efforts
News  |  1/29/2014  | 
Don't let these people and process problems get in the way of security analytics effectiveness.
Angry Birds Site Toppled After Surveillance Report
News  |  1/29/2014  | 
Syrian Electronic Army ally allegedly defaces Rovio's Angry Birds website over reports that company shared user data with US and UK surveillance agencies.
The Scariest End-User Security Question: What Changed?
Commentary  |  1/29/2014  | 
Hitting employees over the head with fear, uncertainty, and doubt does little to help protect them from security threats. Is multi-factor authentication "by force" a better approach?
Feds Arrest Bitcoin Celebrity In Money Laundering Case
News  |  1/28/2014  | 
Bitcoin Foundation vice chair Charlie Shrem accused of changing $1 million into bitcoins for users of Silk Road marketplace.
How To Defend Point-Of-Sale Systems
News  |  1/27/2014  | 
US-CERT gives advice on defending POS systems against attacks like those against Target, Neiman Marcus.
Michaels Stores Investigates Data Breach
News  |  1/27/2014  | 
Arts-and-crafts retailer goes into damage-control mode after banks report fraud possibly tied to shoppers' credit cards.
How & Why Cloud Security Will Empower Users
How & Why Cloud Security Will Empower Users
Dark Reading Videos  |  1/27/2014  | 
Cloud computing growth means big changes for enterprises of all sizes and in all markets.
Target Breach: Why Smartcards Wont Stop Hackers
Commentary  |  1/24/2014  | 
"Chip and PIN" smartcard adoption in the United States is long overdue. But the security improvement wouldn't have stopped Targets BlackPOS malware attackers.
Neiman Marcus Data Breach: 1.1M Cards Exposed
News  |  1/24/2014  | 
Debit and credit card details 'scraped' during transactions in stores.
Google Dismisses Chrome Browser Microphone Snooping Exploit
News  |  1/23/2014  | 
A researcher has released an exploit that abuses flaws he discovered in Chrome that could allow an attacker to snoop on phone calls or other conversations at your desktop, but Google says it's compliant with W3C
Future Shock: The Internet of Compromised Things
Commentary  |  1/23/2014  | 
Its doubtful that the average consumer would be aware that his or her refrigerator was participating in a DDoS attack. Even fewer would have any idea how to stop it.
China Blames Massive Internet Blackout On Hackers
News  |  1/23/2014  | 
Evidence about the 45-minute outage points to botched censorship operation, not hackers, security experts say.
Microsoft Maps Out Malware Haves And Have-Nots
News  |  1/22/2014  | 
Some countries suffer disproportionately from malware infections and cybercrime, and Windows XP could exacerbate the problem
Target Mocks, Not Helps, Its Data Breach Victims
Commentary  |  1/22/2014  | 
The only thing consumers did wrong is to shop at Target. Why are they being blamed for the retailer's security failings?
Politically Motivated Cyberattackers Adopt New Tactics
News  |  1/22/2014  | 
Organized cybergroups from China, Syria, and Russia are finding new ways to breach enterprises, CrowdStrike reports.
Power Utility Substations At Risk
News  |  1/22/2014  | 
"Project Robus" so far has exposed dozens of security flaws in software using popular ICS/SCADA network protocol, but several vendors still have not patched.
Target Breach: 5 Unanswered Security Questions
Commentary  |  1/22/2014  | 
Investigators have yet to explain how Target was hacked, whether BlackPOS malware infected its payment servers, and whether the same gang also struck other retailers.
Google Chrome Allows Eavesdropping, Researcher Claims
News  |  1/22/2014  | 
Google doesn't recognize the browser behavior as a security issue.
Security Startups Take Shape Out Of Stealth
Quick Hits  |  1/22/2014  | 
Former Google, Barracuda Networks executives behind new security companies launched yesterday
Power Utility Substations At Risk
News  |  1/21/2014  | 
'Project Robus' so far has exposed dozens of security flaws in software using popular ICS/SCADA network protocol, but several vendors still have not patched
Target, Neiman Marcus Malware Creators Identified
News  |  1/21/2014  | 
Eastern European team developed memory-scraping Kaptoxa (BlackPOS) malware, sold it at least 40 times, says cyber-intelligence firm.
Malware: More Hype Than Reality
Commentary  |  1/17/2014  | 
Sure, malware exists, but is it really as bad as the news suggests?
Target Malware Origin Details Emerge
News  |  1/17/2014  | 
Kaptoxa POS malware cited as culprit behind sophisticated, two-stage operation that moved 11 GB of stolen Target data via FTP to a hijacked server in Russia.
Microsoft Delays Windows XP Antivirus Doomsday
News  |  1/16/2014  | 
Security Essentials for XP gets 15-month extension, but some antivirus vendors promise updates through 2017 and beyond.
Feds Fail To Secure Mobile Devices
News  |  1/15/2014  | 
New study finds one-third of government workers use public WiFi and one-fourth don't password-protect the devices.
Java 'Icefog' Malware Variant Infects US Businesses
News  |  1/15/2014  | 
APT attack campaign uses tough-to-detect Java backdoor to compromise US oil company and two other organizations.
Blackphone Promises To Block Snooping
News  |  1/15/2014  | 
Geeksphone and Silent Circle promise their new smartphone will lock out spies. But the details, including how it works, aren't clear.
Target Breach: 8 Facts On Memory-Scraping Malware
News  |  1/14/2014  | 
Target confirmed that malware compromised its point-of-sale systems. How does such malware work, and how can businesses prevent infections?
Neiman Marcus, Target Data Breaches: 8 Facts
News  |  1/13/2014  | 
A cyberattack campaign, likely coordinated, breached data from Target, Neiman Marcus, and at least three other retailers.
Why IT Security RFPs Are Like Junk Food
Commentary  |  1/13/2014  | 
Buying the latest security technology won't save you if your company isn't carrying out basic health checks.
Target Breach Widens: 70 Million Warned
News  |  1/10/2014  | 
Target discovers that personal information -- including names and contact information -- for 70 million customers was compromised in recent data breach.
NSA Fallout: Why Foreign Firms Wont Buy American Tech
Commentary  |  1/10/2014  | 
Mounting evidence points to billions of dollars in lost US business thanks to the NSA's collect-everything mindset.
Q&A: McAfee's CTO On The New Intel Security Brand
Quick Hits  |  1/9/2014  | 
Mike Fey, McAfee enterprise vice president, CTO, and general manager of corporate products, discusses the end of the McAfee brand name
Zero-Day Flaws Found, Patched In Siemens Switches
News  |  1/9/2014  | 
Researcher to release tool to test for the authentication flaws in the Siemens SCALANCE X-200 switch line
9 Security Experts Boycott RSA Conference
News  |  1/8/2014  | 
Several leading security experts have pulled out of the RSA conference over unanswered questions concerning the NSA's $10 million payment to RSA.
Why I Pulled Out Of The RSA Conference
Commentary  |  1/8/2014  | 
Dave Kearns can't abide RSA's reported dealings with the NSA or its suspect security practices.
How Windows 'Crash Dumps' Aid Defenders
News  |  1/7/2014  | 
The NSA is reportedly using crash dumps to collect feedback on its attempts to exploit flaws in targeted companies and networks, but crash dumps still remain a successful defensive technology
Beware PowerLocker Ransomware
News  |  1/7/2014  | 
Chatter on underground forums traces development of Blowfish-based shakedown malware that encrypts infected PCs.
McClure: Hacking Exposed
News  |  1/7/2014  | 
Security researcher-turned-executive Stuart McClure on surviving a plane crash, witnessing the Morris worm firsthand -- and hacking a college buddy's password
Yahoo Ads Hack Spreads Malware
News  |  1/6/2014  | 
Millions of users exposed to drive-by malware attacks that targeted Java bugs to install six types of malicious code.
OpenSSL Says Breach Did Not Involve Corrupted Hypervisor
News  |  1/3/2014  | 
Hosting provider's compromised password system, not a hacked hypervisor, led to defacing of OpenSSL.org site, site reps say – after VMware cries foul.
Snapchat Breach: What's Next
News  |  1/3/2014  | 
App vendor planning new version that lets users opt out of appearing in beleaguered 'Find Friends' feature.
Physical & Network Security: Better Together In 2014
Commentary  |  1/2/2014  | 
How ready are you for the day you discover there are more networked IP security cameras than laptops in your infrastructure – and none adheres to 802.1x standards?


News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7856
PUBLISHED: 2021-04-20
A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient authentication validation.
CVE-2021-28793
PUBLISHED: 2021-04-20
vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration.
CVE-2021-25679
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed....
CVE-2021-25680
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only...
CVE-2021-25681
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. This could allow for exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary data over DNS. NOTE: The aff...