Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in October 2011
Page 1 / 2   >   >>
Major Companies 'Fail' Social Engineering Test
News  |  10/31/2011  | 
Report details results of major social-engineering 'capture the flag' contest that targeted 14 companies in retail, airlines, food service, technology, and mobile services
Data Breach Costs: Beware Vendor Contract Fine Print
News  |  10/31/2011  | 
Organizations often end up paying the consequential costs of data breaches when third-party vendor contracts aren't scrutinized.
3 Steps To Make Your Database More Secure
News  |  10/28/2011  | 
Database security often takes a backseat to performance and other concerns. Here's how to strike a balance that works.
Social Malice: One In 60 Facebook Posts Are Malicious
News  |  10/28/2011  | 
LinkedIn users feel safest, according to new social networking data gathered by Barracuda networks--but not for long.
Innovative Attacks Treat Mobile Phones As Sensors
News  |  10/27/2011  | 
Recent research showed that a phone's accelerometer could detect vibrations from key presses on a nearby keyboard
SSL Servers No Match For Laptop-Based Hack
News  |  10/27/2011  | 
Tool lets hackers launch a denial-of-service attack from a single PC over a DSL connection.
6 Deadly Enterprise Security Mistakes
News  |  10/27/2011  | 
These small, subtle security mistakes can have big data breach consequences.
Stolen iPads A Special Problem For Fed Agencies
News  |  10/26/2011  | 
Mobile devices will inevitably go missing, as a recent theft at the VA shows. So security and device management work continues.
Tool Lets Single Laptop Take Down An SSL Server
News  |  10/25/2011  | 
Yet another strike against SSL security
UBS Finds Risk Management Stress Test Costly
Commentary  |  10/25/2011  | 
UBS failed to stop a single rogue trader from racking up $2 billion in losses. Yet, some experts argue that banks overall may be better than others at managing risk.
Nasdaq Server Breach: 3 Expected Findings
News  |  10/25/2011  | 
While federal investigators remain quiet about the ongoing investigation, experts say that the Directors Desk data breach is even worse than thought.
Hackers Likely Have Japanese Warplane, Nuclear Data
News  |  10/25/2011  | 
Attackers likely accessed sensitive data relating to military aircraft, missiles, and nuclear power plant designs and safety systems, said Japanese defense officials.
Pocket Guide To Securing Mobile Devices
News  |  10/24/2011  | 
With workers bringing their own smartphones and tablets into the company, IT security needs to focus on creating a more secure environment, not on securing each device
TDL4 Botnet Now Even Harder To Kill
News  |  10/24/2011  | 
Infamous botnet revamped to make its malware even more difficult for enterprises, security researchers, to detect
XML Encryption Flaw Leaves Web Services Vulnerable
News  |  10/24/2011  | 
Apache, Red Hat, IBM, Microsoft, and other major XML framework providers will need to adopt new standard, say German researchers who found the flaw.
Top FBI Cyber Cop Recommends New Secure Internet
News  |  10/24/2011  | 
Shawn Henry says current Internet will never be secure enough to beat hackers or meet the security needs of critical infrastructure providers.
Anonymous Attacks Child Pornography Websites
News  |  10/24/2011  | 
Hacktivist group disables numerous darknet child pornography sites, publishes 1,500 related usernames, and invites FBI and Interpol to investigate.
Metasploit For The Masses
News  |  10/21/2011  | 
New version of free Metasploit tool aimed at 'newbie' penetration testers
Does Cybercrime Pay?
Commentary  |  10/21/2011  | 
Turning a profit in today's underground economy remains tough. Here's why.
The Three Most Frequently Attacked Mobile Devices
News  |  10/21/2011  | 
Android devices, tablets, and jailbroken devices top list of riskiest mobile products in the enterprise setting.
Facebook: Latest 'Hack' Was Old, Invalid User IDs
News  |  10/21/2011  | 
Hacking group "Team Swastika" released apparent Facebook usernames and passwords, but the social network says the data isn't tied to live accounts.
NSA Chief Plays Offense on Cloud, Cybersecurity
News  |  10/20/2011  | 
Cloud has become a key part of the NSA's IT strategy, said Gen. Keith Alexander. Coming soon: A DOD offensive strategy for responses to cyberattacks and threats.
Are Your IT Pros Abusing Admin Passwords?
News  |  10/19/2011  | 
One in four IT professionals know of a coworker who has used privileged credentials to snoop. Worse, 25% of superuser passwords don't pass basic security test.
Banking Trojans Adapting To Cheat Out-of-Band Security
News  |  10/18/2011  | 
As financial institutions adopt out-of-band security, attackers quickly adapt
Researchers: 'Precursor' To Son Of Stuxnet Spotted In The Wild
Quick Hits  |  10/18/2011  | 
Process-control vendors, certificate authorities among those in the bull's eye for what might be prelude to a new Stuxnet attack, Symantec and McAfee say
Can Anonymous Cripple Critical U.S. Infrastructure?
News  |  10/18/2011  | 
Homeland Security says Anonymous can cause DDoS attacks, but says chance of attack on scale of Stuxnet is slim.
Slide Show: Signs That Malware Could Be On Your Mobile Device
News  |  10/17/2011  | 
Even healthy mobile phones can exhibit dodgy behavior, but there are some telltale signs that malicious software could be on board
Finding And Securing Sensitive Data In The Enterprise
News  |  10/14/2011  | 
Your organization's most valuable data may be stored in scattered – and insecure – locations. Here are some tips for identifying that data and making sure it doesn't leak out
Evolving Security Threats: Is Your SMB Ready?
News  |  10/14/2011  | 
A mix of common sense, employee education, and security tools can help SMBs identify and prevent social engineering scams and other emerging threats.
Blackhole Crimeware Goes 'Prime Time'
News  |  10/14/2011  | 
New HP OfficeJet phishing emails peaked at around 36,000 per minute on Wednesday.
New Version Of Zeus Leverages Peer-To-Peer Technology
News  |  10/14/2011  | 
Update could make it more difficult to take down fraud operations, researcher says.
VeriSign Withdraws Request To Suspend Malicious Domains
News  |  10/13/2011  | 
Proposed plan to scan domains and suspend those found to be malicious now dead in the water
New Version Of Zeus Leverages Peer-To-Peer Technology
News  |  10/13/2011  | 
Update could make it more difficult to take down fraud operations, researcher says
More Exploits For Sale Means Better Security
News  |  10/13/2011  | 
Selling exploits can help companies test their systems, but is there room for an independent market?
Air Force Says Drone Virus Is No Threat
News  |  10/13/2011  | 
An attack on the network that controls U.S. military unmanned aerial vehicles was only a "nuisance," military arm claims.
Advanced Threats And Scenario-Based Penetration Testing
Commentary  |  10/12/2011  | 
Why your pen-test efforts probably aren't preparing you for the worst
More Exploits For Sale Means Better Security
News  |  10/11/2011  | 
Selling exploits can help companies test their systems, but is there room for an independent market?
Your Other Compliance Problem: Third Party Vendors
News  |  10/11/2011  | 
All your internal compliance initiatives may be for naught if third parties that touch your regulated data expose vulnerabilities.
Social Media Can Hurt You In A Lawsuit
News  |  10/10/2011  | 
Social media postings could soon join email as a common part of the legal discovery process. Here's what SMBs need to know to protect themselves.
Feds Tighten Cybersecurity Policies To Stop Insider Threats
News  |  10/7/2011  | 
White House order aims to avoid another Cablegate by creating more agency oversight and security for data stored on classified networks.
Feds: Cloud Computing Doesn't Increase Security Risk
News  |  10/6/2011  | 
Administration officials tell Congress cloud security problems are no worse than other IT risks.
Steve Jobs And Tech Security
Commentary  |  10/6/2011  | 
Apple's products continue to highlight what relatively secure operating system environments look like.
Are Users Too Dumb For Security Awareness Training?
News  |  10/5/2011  | 
Too many security pros blame users for failing to remember the fundamentals that security awareness training teaches, but the real problem is that these programs just aren't very good
Most Businesses Don't Spot Hack Attacks
News  |  10/5/2011  | 
Congress hears testimony that most businesses are told by government agencies and law enforcement that they've been hacked, and that better security data sharing is needed.
Anonymous Threatens New York Stock Exchange Attack
News  |  10/5/2011  | 
Calls for distributed denial-of-service attack as part of the Occupy Wall Street protests.
6 SharePoint Security Challenges
News  |  10/5/2011  | 
Even Microsoft recommends locking down its popular and widely used collaboration, file sharing, and online publishing platform.
Microsoft: No Resurrection For Dead Botnets
News  |  10/4/2011  | 
The shutdown of Waledac 2.0 by Microsoft and Kaspersky aims to send a message, but also raises questions
Federal Cybersecurity Incidents Rocket 650% In 5 Years
News  |  10/4/2011  | 
As Obama administration declares October a time to focus on stopping cybersecurity threats, GAO releases a report indicating weaknesses.
Microsoft Still Mistaking Google Chrome For Zeus Malware
News  |  10/4/2011  | 
Despite Microsoft's emergency Security Essentials update, some users saw continued trouble Monday with Chrome reinstalls.
Military Health Plan Data Breach Threatens 4.9 Million
News  |  10/4/2011  | 
Tricare says lost backup tapes fall under FTC jurisdiction, not HIPAA, so only offers 90 days of fraud protection.
Page 1 / 2   >   >>


Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7227
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.