Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in January 2015
Google Paid Over $1.5 Million In Bug Bounties In 2014
Quick Hits  |  1/30/2015  | 
Mobile apps developed by Google now included in its Vulnerability Reward Program.
WiIl Millennials Be The Death Of Data Security?
Commentary  |  1/27/2015  | 
Millennials, notoriously promiscuous with data and devices, this year will become the largest generation in the workforce. Is your security team prepared?
NFL Mobile Sports App Contains Super Bowl-Sized Vulns
News  |  1/27/2015  | 
Lack of protections puts users at risk of exposed information by way of man-in-the-middle attacks.
Gas Stations Urged To Secure Internet-Exposed Fuel Tank Devices
News  |  1/26/2015  | 
Researchers find more than 5,000 US gas stations' automated tank gauges unprotected on the public Internet and open to hackers.
Why Russia Hacks
Commentary  |  1/23/2015  | 
Conventional wisdom holds that Russia hacks primarily for financial gain. But equally credible is the belief that the Russians engage in cyberwarfare to further their geopolitical ambitions.
Diverse White Hat Community Leads To Diverse Vuln Disclosures
News  |  1/22/2015  | 
Researchers at Penn State find that courting new bug hunters is just as important as rewarding seasoned ones.
What Government Can (And Cant) Do About Cybersecurity
Commentary  |  1/22/2015  | 
In his 2015 State of the Union address, President Obama introduced a number of interesting, if not terribly novel, proposals. Here are six that will have minimal impact.
President's Plan To Crack Down On Hacking Could Hurt Good Hackers
News  |  1/21/2015  | 
Security experts critical of President Obama's new proposed cybersecurity legislation.
Adobe Investigating New Flash Zero-Day Spotted In Crimeware Kit
Quick Hits  |  1/21/2015  | 
Researcher Kafeine's 0day discovery confirmed by Malwarebytes.
Facebook Messenger: Classically Bad AppSec
Commentary  |  1/21/2015  | 
Facebook offers a textbook example of what the software industry needs to do to put application security in the forefront of software development.
Ransomware Leads Surge In 2014 Mobile Malware Onslaught
News  |  1/20/2015  | 
Mobile malware increases 75 percent in U.S.
New Technology Detects Cyberattacks By Their Power Consumption
News  |  1/20/2015  | 
Startup's "power fingerprinting" approach catches stealthy malware within milliseconds in DOE test.
Security MIA In Car Insurance Dongle
News  |  1/16/2015  | 
A researcher finds security holes in Flo the Progressive Girl's Snapshot insurance policy product.
The Truth About Malvertising
Commentary  |  1/16/2015  | 
Malvertising accounts for huge amounts of cyberfraud and identity theft. Yet there is still no consensus on who is responsible for addressing these threats.
Why North Korea Hacks
Commentary  |  1/15/2015  | 
The motivation behind Democratic Peoples Republic of Korea hacking is rooted in a mix of retribution, paranoia, and the immature behavior of an erratic leader.
Anatomy Of A 'Cyber-Physical' Attack
News  |  1/14/2015  | 
Inflicting major or physical harm in ICS/SCADA environments takes more than malware.
Majority Of Enterprises Finally Recognize Users As Endpoint's Weakest Vulnerability
News  |  1/14/2015  | 
The Ponemon State of the Endpoint report shows endpoint management continues to grow more difficult.
4 Mega-Vulnerabilities Hiding in Plain Sight
Commentary  |  1/14/2015  | 
How four recently discovered, high-impact vulnerabilities provided god mode access to 90% of the Internet for 15 years, and what that means for the future.
Insider Threats in the Cloud: 6 Harrowing Tales
Commentary  |  1/13/2015  | 
The cloud has vastly expanded the scope of rogue insiders. Read on to discover the latest threat actors and scenarios.
Obama Calls For 30-Day Breach Notification Policy For Hacked Companies
News  |  1/12/2015  | 
But chances of this becoming a mandatory national breach notification law are no sure thing, even in the wake of the past year's high-profile hacks, experts say.
Insider Threat, Shadow IT Concerns Spur Cloud Security
News  |  1/12/2015  | 
Surveys show cloud tops 2015 priorities.
Microsoft Software Flaws Increase Sharply But Majority Affect IE
News  |  1/9/2015  | 
The number of reported flaws in core Windows components in 2014 were lower compared to the year before.
Chick-fil-A Breach: Avoiding 5 Common Security Mistakes
Commentary  |  1/9/2015  | 
On the surface these suggestions may seem simplistic. But almost every major retail breach in the last 12 months failed to incorporate at least one of them.
How NOT To Be The Next Sony: Defending Against Destructive Attacks
News  |  1/8/2015  | 
When an attacker wants nothing more than to bring ruin upon your business, you can't treat them like just any other criminal.
Banking Trojans Disguised As ICS/SCADA Software Infecting Plants
News  |  1/8/2015  | 
Researcher spots spike in traditional financial malware hitting ICS/SCADA networks -- posing as popular GE, Siemens, and Advantech HMI products.
Nation-State Cyberthreats: Why They Hack
Commentary  |  1/8/2015  | 
All nations are not created equal and, like individual hackers, each has a different motivation and capability.
Using Free Tools To Detect Attacks On ICS/SCADA Networks
News  |  1/8/2015  | 
ICS/SCADA experts say open-source network security monitoring software is a simple and cheap way to catch hackers targeting plant operations.
CryptoWall 2.0 Has Some New Tricks
Quick Hits  |  1/6/2015  | 
New ransomware variant uses TOR on command-and-control traffic and can execute 64-bit code from its 32-bit dropper.
Deconstructing The Sony Hack: What I Know From Inside The Military
Commentary  |  1/6/2015  | 
Don't get caught up in the guessing game on attribution. The critical task is to understand the threat data and threat actor tactics to ensure you are not vulnerable to the same attack.
Threat Intelligence: Sink or Swim?
Partner Perspectives  |  1/6/2015  | 
The coming flood of threat-intelligence data from the Internet of Things and new classes of endpoints has organizations seriously evaluating their strategies.


Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: We need more votes, check the obituaries.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3317
PUBLISHED: 2021-01-26
KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of the source parameter.
CVE-2013-2512
PUBLISHED: 2021-01-26
The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic.
CVE-2021-3165
PUBLISHED: 2021-01-26
SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser account via the /#/CampaignManager/users URI.
CVE-2021-1070
PUBLISHED: 2021-01-26
NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, L4T versions prior to 32.5, contains a vulnerability in the apply_binaries.sh script used to install NVIDIA components into the root file system image, in which improper access control is applied, which may lead to an un...
CVE-2021-1071
PUBLISHED: 2021-01-26
NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper access control may lead to unauthorized users gaining access to system power usage data, which may lead to...