Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in October 2008
Page 1 / 2   >   >>
Defense Intelligence Agency Fixes Risky Web Site Code
News  |  10/31/2008  | 
The presence of a call to execute JavaScript code that resides on a Statcounter.com server in Ireland provided a weak link in the security chain that could have been exploited.
Antivirus 'Scareware' is Lucrative
News  |  10/31/2008  | 
Rogue antivirus software circulating on the Web potentially making top distributors millions of dollars a year
Trojan Caught Stealing Data From Hundreds of Thousands
Quick Hits  |  10/31/2008  | 
Sinowal has been capturing data for almost three years without leaving a trace, RSA says
Bono's Bikini Teens Perplex Facebook's Privacy
News  |  10/29/2008  | 
An American fashion student and her British friend's pose with the U2 front man call into question what kinds of rules should be standard on the social network.
Hack Turns Application Code Against Itself
News  |  10/29/2008  | 
New attack uses application flaws to force good code to go rogue
New Malware Technique Bypasses Traditional Defenses
News  |  10/27/2008  | 
Two UC San Diego students have demonstrated a way to turn good computer code into malicious instructions using a technique called "return-oriented programming."
Internet Apps & Social Networking Office Boom Linked to Breaches
News  |  10/27/2008  | 
New study finds that nearly all organizations have employees using Internet apps at work, and 60% use social networking at the office
E-Voting Complaints Heat Up With Early Voting
News  |  10/27/2008  | 
Some people also have complained that the touch screens are overly sensitive and do not separate the choices enough for voters to be sure they're activating the right selection.
FTC Pushes Back 'Red Flag' Deadline
Quick Hits  |  10/24/2008  | 
Companies have another six months to develop identity theft prevention programs
Tech Insight: Digital Forensics & Incident Response Go Live
News  |  10/24/2008  | 
New tools, methods emerge for leveraging forensic data and memory analysis in the wake of an attack
Microsoft Releases Emergency Patch For Windows Vulnerability
News  |  10/23/2008  | 
The out-of-band security update addresses a critical flaw that could allow a remote attacker to take over Windows computers without any user interaction.
Microsoft To Issue Emergency Security Patch On Thursday
News  |  10/23/2008  | 
The out-of-band bulletin will address a vulnerability (or more than one) that is rated "critical" for Windows 2000, Windows Server 2003, and Windows XP.
Halloween Hack Haunts Web Searches
Quick Hits  |  10/23/2008  | 
Legitimate Halloween costume sites infected with rogue antivirus program
Startup Promises to Monitor, Block Text Messaging
News  |  10/23/2008  | 
TextGuard says it can reduce the likelihood of data leaks from a wide variety of mobile devices
7 Fantastic Internet Hoaxes
News  |  10/22/2008  | 
Despite our increasing technological sophistication, we can't help falling for e-mail about Bigfoot, giant mutant cats, doomed tourists, and deadly butt spiders.
Compliance Costs Increasing, Study Says
Quick Hits  |  10/22/2008  | 
Despite progress in compliance projects, most companies spent more in the past year than they did the year before
'Block the Vote' Tactics Go Online This Election
News  |  10/22/2008  | 
Electronic Privacy Information Center predicts potential for spoofed Websites, fake VOIP call blasts, phishing, and DOS - to suppress voters
Computer Keyboards Betray Users' Keystrokes To Radio Eavesdroppers
News  |  10/21/2008  | 
Swiss security researchers demonstrate that even wired keyboards emanate signals that can reveal a user's keystrokes.
Report: Energy Companies Are Top Target of Web-Borne Malware
Quick Hits  |  10/21/2008  | 
ScanSafe questions whether jump indicates that sensitive industries are under organized attack
Microsoft Blue Hat: Researcher Demos No-Hack Attack
News  |  10/21/2008  | 
Wealth of available online data on individuals, businesses can be used in targeted attacks
Hackers Steal Money From French President Sarkozy's Bank Account
News  |  10/20/2008  | 
An investigation is under way and the bank in question could face sanctions if it's found to be responsible, French officials said.
Google Told To Reveal Gmail 'Spybox' Account Info In CTO Espionage Case
News  |  10/20/2008  | 
A former iMerge partner is accused of installing a backdoor server in the company's hosting center to send proprietary and financial information to his Gmail account.
Making ID & Access Management More Accessible
News  |  10/20/2008  | 
New tools automate, simplify the access certification process
When Dates Attack
Quick Hits  |  10/20/2008  | 
Dating 'alert' sites allow women to put an 'ex' on trial without rebuttal
ANSI Launches Guide to Help Calculate Cyber Security Risk
News  |  10/20/2008  | 
Standards body advocates multi-disciplinary approach to security breach planning
Adobe Flash Player Fix Stops 'Clickjacking'
News  |  10/17/2008  | 
Adobe recommends users upgrade to Flash Player version 10.0.12.36 to avoid bugs that could lead to an attack over Internet Explorer, Firefox, Safari, Opera, or Chrome Web browsers.
'Human Error' Exposes Personal Information of 3,300 in Indianapolis
Quick Hits  |  10/17/2008  | 
Spreadsheet sat on city Web server for at least 11 days
SSL VPN Secures iPhone, Extranet Sessions
News  |  10/17/2008  | 
Silicon Valley startup gets more mileage out of its VPN
Inspector General Report: Two IRS Applications Leave Taxpayer Data at Risk
News  |  10/16/2008  | 
IRS knowingly rolled out systems that contained security vulnerabilities
Report: Paper Ballots More Secure, Accurate Than E-Voting
Quick Hits  |  10/16/2008  | 
Fortify Software gives tips for ensuring your vote is actually counted and uncompromised by hackers
Cellphone Botnets, Blackmailing VOIP & a Healthy Cybercrime Economy
News  |  10/15/2008  | 
New report from Georgia Tech Information Security Center highlights the top threats for '09 and beyond
Test Shows Shortcomings of Antivirus Programs
News  |  10/15/2008  | 
Symantec is leader in very weak field of AV products, Secunia study says
Users Know Security Policy & Break It Anyway, Study Says
Quick Hits  |  10/15/2008  | 
Many users feel they need to work around company security rules, according to RSA research
Microsoft's Patch Tuesday Vital For Windows Server 2000 Users
News  |  10/14/2008  | 
While it's the Active Directory vulnerability that is rated "critical," fixes for Windows Server 2008 and Windows Vista show the newer operating systems are not immune from attacks.
Intellectual Property Bill Becomes Law: Critics Say It Goes Too Far
News  |  10/14/2008  | 
New law gives authorities more leeway to prosecute thieves who steal sensitive data for piracy or espionage
Feds Shut Down Major Spam Operation
News  |  10/14/2008  | 
Herbal King gang sent billions of spam messages pushing prescription drugs and phony male-enhancement products
Report: Profiting From Patch Tuesday
Quick Hits  |  10/14/2008  | 
New McAfee research shows by the numbers how attackers could manipulate the stock market
Stolen eBay Account Booty Found
Quick Hits  |  10/13/2008  | 
Over 5,000 pilfered accounts - mostly from newly registered, less active eBay user accounts
World Bank Besieged By Hackers, Or Not
News  |  10/10/2008  | 
According to a media report, the World Bank has experienced at least six major intrusions, two from the same IP address in China, since the summer of 2007.
Microsoft, Apple Address Security Issues
News  |  10/10/2008  | 
Microsoft's upcoming Patch Tuesday will address 11 flaws in software like Active Directory and IE, while Apple is fixing 40 vulnerabilities in its latest update.
World Bank Hacked, Sensitive Data Exposed
News  |  10/10/2008  | 
Hacked Web servers, a stolen administrative account, and lot of unanswered questions
UK Ministry of Defense Loses Hard Drive Containing Data on 700,000
Quick Hits  |  10/10/2008  | 
Officials still not sure whether drive was stolen or misplaced
Metasploit Hacking Tool Now Open for Licensing
News  |  10/9/2008  | 
New Metasploit 3.2 adds new features including DNS, WiFi hacking
Study: 80% of Organizations Suffer Breaches, Most From the Inside
Quick Hits  |  10/9/2008  | 
Breaches originate mainly from mobile devices, the network, mainframe, and paper
Clickjacking Attack Lets Web Sites See, Hear You
News  |  10/8/2008  | 
The technique can be used to hijack a computer's Webcam and microphone to create a malicious surveillance platform.
Sarah Palin E-mail Hack Suspect Indicted
News  |  10/8/2008  | 
A Tennessee Democratic state representative's son faces a maximum of five years in prison, a $250,000 fine, and three years of supervised release if convicted.
Financial Crisis Leaves Bank Branches Open to Social Engineering, Targeted Attacks
News  |  10/8/2008  | 
Social engineer gained access to branch manager's office while he was out - with no questions asked
Palin Hacker Indicted
Quick Hits  |  10/8/2008  | 
Son of Tennessee Democrat goes before grand jury
ISC2 To Offer Certification For Software Lifecycle Security
News  |  10/7/2008  | 
The designation aims to reduce application vulnerabilities by encouraging use of best practices for safeguarding security in software development, deployment, and disposal.
Details of Clickjacking Attack Revealed With Online Spying Demo
News  |  10/7/2008  | 
Adobe releases Flash Player workaround to defend against clickjacking attack
Page 1 / 2   >   >>


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19033
PUBLISHED: 2019-11-21
Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account, by using any username and the hardcoded dev password.
CVE-2019-19191
PUBLISHED: 2019-11-21
Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user (the shibd account) after installation. This allows the user to escalate to root by pointing symlinks to files such as /etc/shadow.
CVE-2019-15511
PUBLISHED: 2019-11-21
An exploitable local privilege escalation vulnerability exists in the GalaxyClientService installed by GOG Galaxy. Due to Improper Access Control, an attacker can send unauthenticated local TCP packets to the service to gain SYSTEM privileges in Windows system where GOG Galaxy software is installed....
CVE-2019-16405
PUBLISHED: 2019-11-21
Centreon Web 19.04.4 allows Remote Code Execution by an administrator who can modify Macro Expression location settings.
CVE-2019-16406
PUBLISHED: 2019-11-21
Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron.