Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in October 2013
Page 1 / 2   >   >>
Shortage Of Women Hurting IT Security Industry, Study Finds
Quick Hits  |  10/31/2013  | 
(ISC)2 survey indicates that women have the skills and attitudes most needed in infosec
Naming And Shaming Unlikely To Work For Cyberespionage
News  |  10/30/2013  | 
Why a whistleblower's evidence of widespread surveillance by the NSA has caused the U.S. government to react, but Mandiant's revelations about Chinese espionage fail to curb that nation's efforts
Social Engineers Pwn The 'Human Network' In Major Firms
News  |  10/30/2013  | 
Apple, General Motors, Home Depot, Johnson & Johnson, Chevron, Boeing, and other major corporations easily fall to social engineers in recent contest, new report shows
MongoHQ To Customers: Change Database Passwords
News  |  10/30/2013  | 
Following security breach, MongoDB hosting firm advises customers to change database passwords as it locks down systems and bolsters security defenses.
Attackers Crib Exploit Code, But Net Benefit For Defenders
News  |  10/29/2013  | 
Researcher finds that the top 20 crime packs copy exploit code from security researchers and sophisticated attackers, but doing away with public disclosure is no solution
Google Captcha Dumps Distorted Text Images
News  |  10/29/2013  | 
Tired of reading those wavy words? Changes to Google's reCaptcha system -- which doubles as quality control for its book and newspaper scanning projects -- prioritize bot-busting puzzles based on numbers.
Microsoft Software, Overall Operating System Vulnerability Disclosures Rise
News  |  10/29/2013  | 
Windows XP machines six times more likely to be infected by malware than newer versions of the OS, according to new Microsoft Security Intelligence Report (SIR)
Syrian Hackers Attack Obama's Website
News  |  10/29/2013  | 
Pro-Syrian regime hackers gain ability to redirect Twitter and Facebook short links because staff failed to use Google two-factor authentication.
Failure To Deploy: Aided And Abetted By Shelfware
Commentary  |  10/28/2013  | 
It takes more than technology acquisition to protect against the insider threat -- just ask the NSA
LinkedIn Defends 'Intro' Email Security
News  |  10/28/2013  | 
LinkedIn responds to user and security expert concerns about new email feature, cites measures it took to make LinkedIn Intro safe.
Chinese Antivirus Firm NQ Called 'Massive Fraud'
News  |  10/25/2013  | 
Mobile anti-malware software developer NQ Mobile denies charges that it inflates its market share and makes spyware.
To Determine Threat Level, Context Matters
News  |  10/24/2013  | 
Computers communicating with the Amazon cloud, users logging in after hours, and the risk posed by Java; without context, evaluating threats is nearly impossible
Experian Breach Fallout: ID Theft Nightmares Continue
Commentary  |  10/24/2013  | 
Data brokers amassing gigantic data stores of people's valuable personal information are too big to not fail. Why are consumers getting stuck with the mess?
Browser Fingerprinting: 9 Facts
News  |  10/24/2013  | 
Tracking technology that can identify individual identities and devices is improving faster than consumers might realize, warn privacy researchers.
LinkedIn Intro Service Triggers Security, Privacy Fears
News  |  10/24/2013  | 
LinkedIn wants to scans your emails to add more information about the sender, raising the hackles of security and privacy advocates.
Google Project Shield Promises DDoS Attack Prevention
News  |  10/22/2013  | 
Project Shield service is designed to keep static websites for human rights, election and news groups online, but it might presage a commercial Google DDoS defense service.
Catching Malware With DNS As A Service
News  |  10/21/2013  | 
A cloud provider used to be the low-cost option for domain-name system (DNS) services, but the ability to act as a security proxy has convinced many that cloud is better
How To Avoid Breaches Where You Least Expect Them
News  |  10/21/2013  | 
Vulnerabilities and threats could lurk in the most mundane of systems
Experian Sold Data To Vietnamese ID Theft Ring
News  |  10/21/2013  | 
Fake private investigation firm tricked data broker into divulging numerous Americans' names, social security numbers, birthdates and bank account numbers.
Forget Captcha, Try Inkblots
News  |  10/17/2013  | 
Researchers propose using an inkblot-matching scheme, dubbed Gotcha, to defeat dictionary-based hacks of the Captcha system.
User-Selected Passwords Still Getting Cracked
News  |  10/16/2013  | 
Educating people about good password selection has largely failed as graphics-processor-enabled cracking crunches through billions of possibilities every second
'Project SHINE' Illuminates Sad State Of SCADA/ICS Security On The Net
News  |  10/16/2013  | 
One million ICS/SCADA devices -- and counting -- found exposed on the public Internet, researchers say
Oracle Issues Massive Security Patch For Java, Databases
News  |  10/16/2013  | 
Oracle's quarterly update includes 127 security patches, including fixes for remotely exploitable Java flaws.
Windows XP Holdouts Hold On
Quick Hits  |  10/15/2013  | 
New data shows nearly half of XP machines still alive and well among 1 million machines managed by one vendor
Adobe Source Code Theft Unlikely To Cause Spike In Exploits
News  |  10/15/2013  | 
Access to the firm's code for Acrobat, ColdFusion, and Publisher products will make flaws easer to find, but experts disagree whether exploitation will also be easier
Anonymous Targets Alleged Rapists In Maryville, Mo.
News  |  10/15/2013  | 
Hacktivists launch "#OpMaryville," charge that justice wasn't served and rape case should be reopened.
D-Link Router Vulnerable To Authentication Bypass
News  |  10/14/2013  | 
Multiple D-Link, Planex and Virgin Mobile routers have a firmware vulnerability that attackers could exploit to directly access and alter the devices.
Flaw In Chrome May Leave Users' Personal Information At Risk
Quick Hits  |  10/13/2013  | 
Vulnerability in Chrome browser could enable attackers to collect data from history files, Identity Finder says
We're All The APT
Commentary  |  10/12/2013  | 
XKeyscore, FoxAcid: APT lines are blurring
Cyberthreats Grow More Ominous: Former NSA Chief
News  |  10/11/2013  | 
Microsoft's Craig Mundie, former NSA and CIA chief Gen. Michael Hayden and other experts say cybersecurity attacks are getting more dangerous.
'Spaf' On Security
News  |  10/10/2013  | 
Internet security pioneer Eugene Spafford talks about why security has struggled even after its first big wake-up call 25 years ago, the Morris worm
Google To Reward Fixes For Open Source Software
News  |  10/10/2013  | 
Google expands its bug bounty program, plans to pay programmers who help patch the open-source projects it cares about.
Advertisers Evade 'Do Not Track' With Supercookies
News  |  10/10/2013  | 
Many popular sites use JavaScript and Flash font probes to track users and their browsing habits across multiple devices, researchers say.
Creating And Maintaining A Custom Threat Profile
Quick Hits  |  10/10/2013  | 
Threat intelligence is only useful if it's tailored to your specific organization. Here are some tips on how to customize
Microsoft Patches Two Internet Explorer Bugs
News  |  10/9/2013  | 
Microsoft and Adobe this week release a slew of fixes, including patches for zero-day vulnerabilities and remote code execution flaws.
LulzSec Hackers Evade Irish Jail Time
News  |  10/9/2013  | 
In Ireland's first-ever successful computer crime prosecution, two hackers with ties to LulzSec and Anonymous get probation and fines -- but so far no extradition to face charges in the U.S.
Embrace Your Inner Risk Adviser
Quick Hits  |  10/8/2013  | 
Bridging the gap between security and IT and the business side requires teamwork on building a risk profile
'Blackhole' Activity Dips Amid Reports Of Bust
News  |  10/8/2013  | 
Reports point to possible arrest of Blackhole crimeware author, but changing of the guard is already under way as other kits gain a foothold
Sidestepping SDN Security Woes
News  |  10/7/2013  | 
SDN does hold potential security upsides, but organizations should also look out for pitfalls
Infrastructure Cybersecurity: Carrots And Sticks
News  |  10/7/2013  | 
As lawmakers and private industry leaders wrangle over how to best protect our nation's critical infrastructure from cyberattack, existing anti-terror legislation could offer a promising start.
5 Obamacare Health Site Security Warnings
News  |  10/7/2013  | 
Early shakedowns of the health insurance exchange websites show they are vulnerable to cross-site request forgery, clickjacking and cookie attacks, among other risks.
Firms, Researchers Seek Better Ways To Detect Evasive Threats
News  |  10/4/2013  | 
As defenders increasing use dynamic analysis and sandboxes, attackers have adopted a number of evasion techniques forcing security firms and researchers to adapt
Next-Gen Spam: Quality Over Quantity
Commentary  |  10/3/2013  | 
The industry has been remarkably innovative in developing business models to extract money from the unwary.
Stratfor Hacker: FBI Entrapment Shaped My Case
Commentary  |  10/3/2013  | 
Hacker Jeremy Hammond asks for leniency before sentencing, citing the role of FBI informant Sabu in his case. How far can the FBI go with suspected computer criminals?
CISO Shares Strategies For Surviving The Inevitability Of Attacks
News  |  10/3/2013  | 
Looping in application and network teams can help spot threats and attacks before they do harm.
Securing More Vulnerabilities By Patching Less
News  |  10/2/2013  | 
Companies need to focus on not just fixing known vulnerabilities, but closing potential attack vectors
Silk Road Founder Arrested
News  |  10/2/2013  | 
Infamous online black market alleged to have generated $1.2 billion in sales of illegal products and services since 2011.
WordPress Attacks: Time To Wake Up
Commentary  |  10/1/2013  | 
The latest WordPress hacks highlight our continued laziness when implementing online security, a problem made worse by free, easy-to-use sites.
5 Reasons Every Company Should Have A Honeypot
News  |  10/1/2013  | 
A staple of the computer-security toolbox for more than two decades, honeypots can provide companies with unique benefits
Researchers Unite To #ScanAllTheThings
News  |  10/1/2013  | 
'Project Sonar' community project launched for sharing Internet-scanning data, tools, and analysis
Page 1 / 2   >   >>


AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4147
PUBLISHED: 2019-09-16
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.
CVE-2019-5481
PUBLISHED: 2019-09-16
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
CVE-2019-5482
PUBLISHED: 2019-09-16
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
CVE-2019-15741
PUBLISHED: 2019-09-16
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
CVE-2019-16370
PUBLISHED: 2019-09-16
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.