Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in October 2011
Page 1 / 2   >   >>
Major Companies 'Fail' Social Engineering Test
News  |  10/31/2011  | 
Report details results of major social-engineering 'capture the flag' contest that targeted 14 companies in retail, airlines, food service, technology, and mobile services
Data Breach Costs: Beware Vendor Contract Fine Print
News  |  10/31/2011  | 
Organizations often end up paying the consequential costs of data breaches when third-party vendor contracts aren't scrutinized.
3 Steps To Make Your Database More Secure
News  |  10/28/2011  | 
Database security often takes a backseat to performance and other concerns. Here's how to strike a balance that works.
Social Malice: One In 60 Facebook Posts Are Malicious
News  |  10/28/2011  | 
LinkedIn users feel safest, according to new social networking data gathered by Barracuda networks--but not for long.
Innovative Attacks Treat Mobile Phones As Sensors
News  |  10/27/2011  | 
Recent research showed that a phone's accelerometer could detect vibrations from key presses on a nearby keyboard
SSL Servers No Match For Laptop-Based Hack
News  |  10/27/2011  | 
Tool lets hackers launch a denial-of-service attack from a single PC over a DSL connection.
6 Deadly Enterprise Security Mistakes
News  |  10/27/2011  | 
These small, subtle security mistakes can have big data breach consequences.
Stolen iPads A Special Problem For Fed Agencies
News  |  10/26/2011  | 
Mobile devices will inevitably go missing, as a recent theft at the VA shows. So security and device management work continues.
Tool Lets Single Laptop Take Down An SSL Server
News  |  10/25/2011  | 
Yet another strike against SSL security
UBS Finds Risk Management Stress Test Costly
Commentary  |  10/25/2011  | 
UBS failed to stop a single rogue trader from racking up $2 billion in losses. Yet, some experts argue that banks overall may be better than others at managing risk.
Nasdaq Server Breach: 3 Expected Findings
News  |  10/25/2011  | 
While federal investigators remain quiet about the ongoing investigation, experts say that the Directors Desk data breach is even worse than thought.
Hackers Likely Have Japanese Warplane, Nuclear Data
News  |  10/25/2011  | 
Attackers likely accessed sensitive data relating to military aircraft, missiles, and nuclear power plant designs and safety systems, said Japanese defense officials.
Pocket Guide To Securing Mobile Devices
News  |  10/24/2011  | 
With workers bringing their own smartphones and tablets into the company, IT security needs to focus on creating a more secure environment, not on securing each device
TDL4 Botnet Now Even Harder To Kill
News  |  10/24/2011  | 
Infamous botnet revamped to make its malware even more difficult for enterprises, security researchers, to detect
XML Encryption Flaw Leaves Web Services Vulnerable
News  |  10/24/2011  | 
Apache, Red Hat, IBM, Microsoft, and other major XML framework providers will need to adopt new standard, say German researchers who found the flaw.
Top FBI Cyber Cop Recommends New Secure Internet
News  |  10/24/2011  | 
Shawn Henry says current Internet will never be secure enough to beat hackers or meet the security needs of critical infrastructure providers.
Anonymous Attacks Child Pornography Websites
News  |  10/24/2011  | 
Hacktivist group disables numerous darknet child pornography sites, publishes 1,500 related usernames, and invites FBI and Interpol to investigate.
Metasploit For The Masses
News  |  10/21/2011  | 
New version of free Metasploit tool aimed at 'newbie' penetration testers
Does Cybercrime Pay?
Commentary  |  10/21/2011  | 
Turning a profit in today's underground economy remains tough. Here's why.
The Three Most Frequently Attacked Mobile Devices
News  |  10/21/2011  | 
Android devices, tablets, and jailbroken devices top list of riskiest mobile products in the enterprise setting.
Facebook: Latest 'Hack' Was Old, Invalid User IDs
News  |  10/21/2011  | 
Hacking group "Team Swastika" released apparent Facebook usernames and passwords, but the social network says the data isn't tied to live accounts.
NSA Chief Plays Offense on Cloud, Cybersecurity
News  |  10/20/2011  | 
Cloud has become a key part of the NSA's IT strategy, said Gen. Keith Alexander. Coming soon: A DOD offensive strategy for responses to cyberattacks and threats.
Are Your IT Pros Abusing Admin Passwords?
News  |  10/19/2011  | 
One in four IT professionals know of a coworker who has used privileged credentials to snoop. Worse, 25% of superuser passwords don't pass basic security test.
Banking Trojans Adapting To Cheat Out-of-Band Security
News  |  10/18/2011  | 
As financial institutions adopt out-of-band security, attackers quickly adapt
Researchers: 'Precursor' To Son Of Stuxnet Spotted In The Wild
Quick Hits  |  10/18/2011  | 
Process-control vendors, certificate authorities among those in the bull's eye for what might be prelude to a new Stuxnet attack, Symantec and McAfee say
Can Anonymous Cripple Critical U.S. Infrastructure?
News  |  10/18/2011  | 
Homeland Security says Anonymous can cause DDoS attacks, but says chance of attack on scale of Stuxnet is slim.
Slide Show: Signs That Malware Could Be On Your Mobile Device
News  |  10/17/2011  | 
Even healthy mobile phones can exhibit dodgy behavior, but there are some telltale signs that malicious software could be on board
Finding And Securing Sensitive Data In The Enterprise
News  |  10/14/2011  | 
Your organization's most valuable data may be stored in scattered – and insecure – locations. Here are some tips for identifying that data and making sure it doesn't leak out
Evolving Security Threats: Is Your SMB Ready?
News  |  10/14/2011  | 
A mix of common sense, employee education, and security tools can help SMBs identify and prevent social engineering scams and other emerging threats.
Blackhole Crimeware Goes 'Prime Time'
News  |  10/14/2011  | 
New HP OfficeJet phishing emails peaked at around 36,000 per minute on Wednesday.
New Version Of Zeus Leverages Peer-To-Peer Technology
News  |  10/14/2011  | 
Update could make it more difficult to take down fraud operations, researcher says.
VeriSign Withdraws Request To Suspend Malicious Domains
News  |  10/13/2011  | 
Proposed plan to scan domains and suspend those found to be malicious now dead in the water
New Version Of Zeus Leverages Peer-To-Peer Technology
News  |  10/13/2011  | 
Update could make it more difficult to take down fraud operations, researcher says
More Exploits For Sale Means Better Security
News  |  10/13/2011  | 
Selling exploits can help companies test their systems, but is there room for an independent market?
Air Force Says Drone Virus Is No Threat
News  |  10/13/2011  | 
An attack on the network that controls U.S. military unmanned aerial vehicles was only a "nuisance," military arm claims.
Advanced Threats And Scenario-Based Penetration Testing
Commentary  |  10/12/2011  | 
Why your pen-test efforts probably aren't preparing you for the worst
More Exploits For Sale Means Better Security
News  |  10/11/2011  | 
Selling exploits can help companies test their systems, but is there room for an independent market?
Your Other Compliance Problem: Third Party Vendors
News  |  10/11/2011  | 
All your internal compliance initiatives may be for naught if third parties that touch your regulated data expose vulnerabilities.
Social Media Can Hurt You In A Lawsuit
News  |  10/10/2011  | 
Social media postings could soon join email as a common part of the legal discovery process. Here's what SMBs need to know to protect themselves.
Feds Tighten Cybersecurity Policies To Stop Insider Threats
News  |  10/7/2011  | 
White House order aims to avoid another Cablegate by creating more agency oversight and security for data stored on classified networks.
Feds: Cloud Computing Doesn't Increase Security Risk
News  |  10/6/2011  | 
Administration officials tell Congress cloud security problems are no worse than other IT risks.
Steve Jobs And Tech Security
Commentary  |  10/6/2011  | 
Apple's products continue to highlight what relatively secure operating system environments look like.
Are Users Too Dumb For Security Awareness Training?
News  |  10/5/2011  | 
Too many security pros blame users for failing to remember the fundamentals that security awareness training teaches, but the real problem is that these programs just aren't very good
Most Businesses Don't Spot Hack Attacks
News  |  10/5/2011  | 
Congress hears testimony that most businesses are told by government agencies and law enforcement that they've been hacked, and that better security data sharing is needed.
Anonymous Threatens New York Stock Exchange Attack
News  |  10/5/2011  | 
Calls for distributed denial-of-service attack as part of the Occupy Wall Street protests.
6 SharePoint Security Challenges
News  |  10/5/2011  | 
Even Microsoft recommends locking down its popular and widely used collaboration, file sharing, and online publishing platform.
Microsoft: No Resurrection For Dead Botnets
News  |  10/4/2011  | 
The shutdown of Waledac 2.0 by Microsoft and Kaspersky aims to send a message, but also raises questions
Federal Cybersecurity Incidents Rocket 650% In 5 Years
News  |  10/4/2011  | 
As Obama administration declares October a time to focus on stopping cybersecurity threats, GAO releases a report indicating weaknesses.
Microsoft Still Mistaking Google Chrome For Zeus Malware
News  |  10/4/2011  | 
Despite Microsoft's emergency Security Essentials update, some users saw continued trouble Monday with Chrome reinstalls.
Military Health Plan Data Breach Threatens 4.9 Million
News  |  10/4/2011  | 
Tricare says lost backup tapes fall under FTC jurisdiction, not HIPAA, so only offers 90 days of fraud protection.
Page 1 / 2   >   >>


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10854
PUBLISHED: 2019-11-22
cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. A flaw was found in CloudForms's v2v infrastructure mapping delete feature. A stored cross-site scripting due to improper sanitization of user input in Name field.
CVE-2019-13157
PUBLISHED: 2019-11-22
nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive.
CVE-2012-2079
PUBLISHED: 2019-11-22
A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal.
CVE-2019-11325
PUBLISHED: 2019-11-21
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
CVE-2019-18887
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel.