Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in October 2011
Page 1 / 2   >   >>
Major Companies 'Fail' Social Engineering Test
News  |  10/31/2011  | 
Report details results of major social-engineering 'capture the flag' contest that targeted 14 companies in retail, airlines, food service, technology, and mobile services
Data Breach Costs: Beware Vendor Contract Fine Print
News  |  10/31/2011  | 
Organizations often end up paying the consequential costs of data breaches when third-party vendor contracts aren't scrutinized.
3 Steps To Make Your Database More Secure
News  |  10/28/2011  | 
Database security often takes a backseat to performance and other concerns. Here's how to strike a balance that works.
Social Malice: One In 60 Facebook Posts Are Malicious
News  |  10/28/2011  | 
LinkedIn users feel safest, according to new social networking data gathered by Barracuda networks--but not for long.
Innovative Attacks Treat Mobile Phones As Sensors
News  |  10/27/2011  | 
Recent research showed that a phone's accelerometer could detect vibrations from key presses on a nearby keyboard
SSL Servers No Match For Laptop-Based Hack
News  |  10/27/2011  | 
Tool lets hackers launch a denial-of-service attack from a single PC over a DSL connection.
6 Deadly Enterprise Security Mistakes
News  |  10/27/2011  | 
These small, subtle security mistakes can have big data breach consequences.
Stolen iPads A Special Problem For Fed Agencies
News  |  10/26/2011  | 
Mobile devices will inevitably go missing, as a recent theft at the VA shows. So security and device management work continues.
Tool Lets Single Laptop Take Down An SSL Server
News  |  10/25/2011  | 
Yet another strike against SSL security
UBS Finds Risk Management Stress Test Costly
Commentary  |  10/25/2011  | 
UBS failed to stop a single rogue trader from racking up $2 billion in losses. Yet, some experts argue that banks overall may be better than others at managing risk.
Nasdaq Server Breach: 3 Expected Findings
News  |  10/25/2011  | 
While federal investigators remain quiet about the ongoing investigation, experts say that the Directors Desk data breach is even worse than thought.
Hackers Likely Have Japanese Warplane, Nuclear Data
News  |  10/25/2011  | 
Attackers likely accessed sensitive data relating to military aircraft, missiles, and nuclear power plant designs and safety systems, said Japanese defense officials.
Pocket Guide To Securing Mobile Devices
News  |  10/24/2011  | 
With workers bringing their own smartphones and tablets into the company, IT security needs to focus on creating a more secure environment, not on securing each device
TDL4 Botnet Now Even Harder To Kill
News  |  10/24/2011  | 
Infamous botnet revamped to make its malware even more difficult for enterprises, security researchers, to detect
XML Encryption Flaw Leaves Web Services Vulnerable
News  |  10/24/2011  | 
Apache, Red Hat, IBM, Microsoft, and other major XML framework providers will need to adopt new standard, say German researchers who found the flaw.
Top FBI Cyber Cop Recommends New Secure Internet
News  |  10/24/2011  | 
Shawn Henry says current Internet will never be secure enough to beat hackers or meet the security needs of critical infrastructure providers.
Anonymous Attacks Child Pornography Websites
News  |  10/24/2011  | 
Hacktivist group disables numerous darknet child pornography sites, publishes 1,500 related usernames, and invites FBI and Interpol to investigate.
Metasploit For The Masses
News  |  10/21/2011  | 
New version of free Metasploit tool aimed at 'newbie' penetration testers
Does Cybercrime Pay?
Commentary  |  10/21/2011  | 
Turning a profit in today's underground economy remains tough. Here's why.
The Three Most Frequently Attacked Mobile Devices
News  |  10/21/2011  | 
Android devices, tablets, and jailbroken devices top list of riskiest mobile products in the enterprise setting.
Facebook: Latest 'Hack' Was Old, Invalid User IDs
News  |  10/21/2011  | 
Hacking group "Team Swastika" released apparent Facebook usernames and passwords, but the social network says the data isn't tied to live accounts.
NSA Chief Plays Offense on Cloud, Cybersecurity
News  |  10/20/2011  | 
Cloud has become a key part of the NSA's IT strategy, said Gen. Keith Alexander. Coming soon: A DOD offensive strategy for responses to cyberattacks and threats.
Are Your IT Pros Abusing Admin Passwords?
News  |  10/19/2011  | 
One in four IT professionals know of a coworker who has used privileged credentials to snoop. Worse, 25% of superuser passwords don't pass basic security test.
Banking Trojans Adapting To Cheat Out-of-Band Security
News  |  10/18/2011  | 
As financial institutions adopt out-of-band security, attackers quickly adapt
Researchers: 'Precursor' To Son Of Stuxnet Spotted In The Wild
Quick Hits  |  10/18/2011  | 
Process-control vendors, certificate authorities among those in the bull's eye for what might be prelude to a new Stuxnet attack, Symantec and McAfee say
Can Anonymous Cripple Critical U.S. Infrastructure?
News  |  10/18/2011  | 
Homeland Security says Anonymous can cause DDoS attacks, but says chance of attack on scale of Stuxnet is slim.
Slide Show: Signs That Malware Could Be On Your Mobile Device
News  |  10/17/2011  | 
Even healthy mobile phones can exhibit dodgy behavior, but there are some telltale signs that malicious software could be on board
Finding And Securing Sensitive Data In The Enterprise
News  |  10/14/2011  | 
Your organization's most valuable data may be stored in scattered – and insecure – locations. Here are some tips for identifying that data and making sure it doesn't leak out
Evolving Security Threats: Is Your SMB Ready?
News  |  10/14/2011  | 
A mix of common sense, employee education, and security tools can help SMBs identify and prevent social engineering scams and other emerging threats.
Blackhole Crimeware Goes 'Prime Time'
News  |  10/14/2011  | 
New HP OfficeJet phishing emails peaked at around 36,000 per minute on Wednesday.
New Version Of Zeus Leverages Peer-To-Peer Technology
News  |  10/14/2011  | 
Update could make it more difficult to take down fraud operations, researcher says.
VeriSign Withdraws Request To Suspend Malicious Domains
News  |  10/13/2011  | 
Proposed plan to scan domains and suspend those found to be malicious now dead in the water
New Version Of Zeus Leverages Peer-To-Peer Technology
News  |  10/13/2011  | 
Update could make it more difficult to take down fraud operations, researcher says
More Exploits For Sale Means Better Security
News  |  10/13/2011  | 
Selling exploits can help companies test their systems, but is there room for an independent market?
Air Force Says Drone Virus Is No Threat
News  |  10/13/2011  | 
An attack on the network that controls U.S. military unmanned aerial vehicles was only a "nuisance," military arm claims.
Advanced Threats And Scenario-Based Penetration Testing
Commentary  |  10/12/2011  | 
Why your pen-test efforts probably aren't preparing you for the worst
More Exploits For Sale Means Better Security
News  |  10/11/2011  | 
Selling exploits can help companies test their systems, but is there room for an independent market?
Your Other Compliance Problem: Third Party Vendors
News  |  10/11/2011  | 
All your internal compliance initiatives may be for naught if third parties that touch your regulated data expose vulnerabilities.
Social Media Can Hurt You In A Lawsuit
News  |  10/10/2011  | 
Social media postings could soon join email as a common part of the legal discovery process. Here's what SMBs need to know to protect themselves.
Feds Tighten Cybersecurity Policies To Stop Insider Threats
News  |  10/7/2011  | 
White House order aims to avoid another Cablegate by creating more agency oversight and security for data stored on classified networks.
Feds: Cloud Computing Doesn't Increase Security Risk
News  |  10/6/2011  | 
Administration officials tell Congress cloud security problems are no worse than other IT risks.
Steve Jobs And Tech Security
Commentary  |  10/6/2011  | 
Apple's products continue to highlight what relatively secure operating system environments look like.
Are Users Too Dumb For Security Awareness Training?
News  |  10/5/2011  | 
Too many security pros blame users for failing to remember the fundamentals that security awareness training teaches, but the real problem is that these programs just aren't very good
Most Businesses Don't Spot Hack Attacks
News  |  10/5/2011  | 
Congress hears testimony that most businesses are told by government agencies and law enforcement that they've been hacked, and that better security data sharing is needed.
Anonymous Threatens New York Stock Exchange Attack
News  |  10/5/2011  | 
Calls for distributed denial-of-service attack as part of the Occupy Wall Street protests.
6 SharePoint Security Challenges
News  |  10/5/2011  | 
Even Microsoft recommends locking down its popular and widely used collaboration, file sharing, and online publishing platform.
Microsoft: No Resurrection For Dead Botnets
News  |  10/4/2011  | 
The shutdown of Waledac 2.0 by Microsoft and Kaspersky aims to send a message, but also raises questions
Federal Cybersecurity Incidents Rocket 650% In 5 Years
News  |  10/4/2011  | 
As Obama administration declares October a time to focus on stopping cybersecurity threats, GAO releases a report indicating weaknesses.
Microsoft Still Mistaking Google Chrome For Zeus Malware
News  |  10/4/2011  | 
Despite Microsoft's emergency Security Essentials update, some users saw continued trouble Monday with Chrome reinstalls.
Military Health Plan Data Breach Threatens 4.9 Million
News  |  10/4/2011  | 
Tricare says lost backup tapes fall under FTC jurisdiction, not HIPAA, so only offers 90 days of fraud protection.
Page 1 / 2   >   >>


US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He's too shy to invite me out face to face!"
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15138
PUBLISHED: 2019-09-20
The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL.
CVE-2019-6145
PUBLISHED: 2019-09-20
Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs ...
CVE-2019-6649
PUBLISHED: 2019-09-20
F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings.
CVE-2019-6650
PUBLISHED: 2019-09-20
F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 may expose sensitive information and allow the system configuration to be modified when using non-default settings.
CVE-2014-10396
PUBLISHED: 2019-09-20
The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php.