Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in October 2013
Page 1 / 2   >   >>
Shortage Of Women Hurting IT Security Industry, Study Finds
Quick Hits  |  10/31/2013  | 
(ISC)2 survey indicates that women have the skills and attitudes most needed in infosec
Naming And Shaming Unlikely To Work For Cyberespionage
News  |  10/30/2013  | 
Why a whistleblower's evidence of widespread surveillance by the NSA has caused the U.S. government to react, but Mandiant's revelations about Chinese espionage fail to curb that nation's efforts
Social Engineers Pwn The 'Human Network' In Major Firms
News  |  10/30/2013  | 
Apple, General Motors, Home Depot, Johnson & Johnson, Chevron, Boeing, and other major corporations easily fall to social engineers in recent contest, new report shows
MongoHQ To Customers: Change Database Passwords
News  |  10/30/2013  | 
Following security breach, MongoDB hosting firm advises customers to change database passwords as it locks down systems and bolsters security defenses.
Attackers Crib Exploit Code, But Net Benefit For Defenders
News  |  10/29/2013  | 
Researcher finds that the top 20 crime packs copy exploit code from security researchers and sophisticated attackers, but doing away with public disclosure is no solution
Google Captcha Dumps Distorted Text Images
News  |  10/29/2013  | 
Tired of reading those wavy words? Changes to Google's reCaptcha system -- which doubles as quality control for its book and newspaper scanning projects -- prioritize bot-busting puzzles based on numbers.
Microsoft Software, Overall Operating System Vulnerability Disclosures Rise
News  |  10/29/2013  | 
Windows XP machines six times more likely to be infected by malware than newer versions of the OS, according to new Microsoft Security Intelligence Report (SIR)
Syrian Hackers Attack Obama's Website
News  |  10/29/2013  | 
Pro-Syrian regime hackers gain ability to redirect Twitter and Facebook short links because staff failed to use Google two-factor authentication.
Failure To Deploy: Aided And Abetted By Shelfware
Commentary  |  10/28/2013  | 
It takes more than technology acquisition to protect against the insider threat -- just ask the NSA
LinkedIn Defends 'Intro' Email Security
News  |  10/28/2013  | 
LinkedIn responds to user and security expert concerns about new email feature, cites measures it took to make LinkedIn Intro safe.
Chinese Antivirus Firm NQ Called 'Massive Fraud'
News  |  10/25/2013  | 
Mobile anti-malware software developer NQ Mobile denies charges that it inflates its market share and makes spyware.
To Determine Threat Level, Context Matters
News  |  10/24/2013  | 
Computers communicating with the Amazon cloud, users logging in after hours, and the risk posed by Java; without context, evaluating threats is nearly impossible
Experian Breach Fallout: ID Theft Nightmares Continue
Commentary  |  10/24/2013  | 
Data brokers amassing gigantic data stores of people's valuable personal information are too big to not fail. Why are consumers getting stuck with the mess?
Browser Fingerprinting: 9 Facts
News  |  10/24/2013  | 
Tracking technology that can identify individual identities and devices is improving faster than consumers might realize, warn privacy researchers.
LinkedIn Intro Service Triggers Security, Privacy Fears
News  |  10/24/2013  | 
LinkedIn wants to scans your emails to add more information about the sender, raising the hackles of security and privacy advocates.
Google Project Shield Promises DDoS Attack Prevention
News  |  10/22/2013  | 
Project Shield service is designed to keep static websites for human rights, election and news groups online, but it might presage a commercial Google DDoS defense service.
Catching Malware With DNS As A Service
News  |  10/21/2013  | 
A cloud provider used to be the low-cost option for domain-name system (DNS) services, but the ability to act as a security proxy has convinced many that cloud is better
How To Avoid Breaches Where You Least Expect Them
News  |  10/21/2013  | 
Vulnerabilities and threats could lurk in the most mundane of systems
Experian Sold Data To Vietnamese ID Theft Ring
News  |  10/21/2013  | 
Fake private investigation firm tricked data broker into divulging numerous Americans' names, social security numbers, birthdates and bank account numbers.
Forget Captcha, Try Inkblots
News  |  10/17/2013  | 
Researchers propose using an inkblot-matching scheme, dubbed Gotcha, to defeat dictionary-based hacks of the Captcha system.
User-Selected Passwords Still Getting Cracked
News  |  10/16/2013  | 
Educating people about good password selection has largely failed as graphics-processor-enabled cracking crunches through billions of possibilities every second
'Project SHINE' Illuminates Sad State Of SCADA/ICS Security On The Net
News  |  10/16/2013  | 
One million ICS/SCADA devices -- and counting -- found exposed on the public Internet, researchers say
Oracle Issues Massive Security Patch For Java, Databases
News  |  10/16/2013  | 
Oracle's quarterly update includes 127 security patches, including fixes for remotely exploitable Java flaws.
Windows XP Holdouts Hold On
Quick Hits  |  10/15/2013  | 
New data shows nearly half of XP machines still alive and well among 1 million machines managed by one vendor
Adobe Source Code Theft Unlikely To Cause Spike In Exploits
News  |  10/15/2013  | 
Access to the firm's code for Acrobat, ColdFusion, and Publisher products will make flaws easer to find, but experts disagree whether exploitation will also be easier
Anonymous Targets Alleged Rapists In Maryville, Mo.
News  |  10/15/2013  | 
Hacktivists launch "#OpMaryville," charge that justice wasn't served and rape case should be reopened.
D-Link Router Vulnerable To Authentication Bypass
News  |  10/14/2013  | 
Multiple D-Link, Planex and Virgin Mobile routers have a firmware vulnerability that attackers could exploit to directly access and alter the devices.
Flaw In Chrome May Leave Users' Personal Information At Risk
Quick Hits  |  10/13/2013  | 
Vulnerability in Chrome browser could enable attackers to collect data from history files, Identity Finder says
We're All The APT
Commentary  |  10/12/2013  | 
XKeyscore, FoxAcid: APT lines are blurring
Cyberthreats Grow More Ominous: Former NSA Chief
News  |  10/11/2013  | 
Microsoft's Craig Mundie, former NSA and CIA chief Gen. Michael Hayden and other experts say cybersecurity attacks are getting more dangerous.
'Spaf' On Security
News  |  10/10/2013  | 
Internet security pioneer Eugene Spafford talks about why security has struggled even after its first big wake-up call 25 years ago, the Morris worm
Google To Reward Fixes For Open Source Software
News  |  10/10/2013  | 
Google expands its bug bounty program, plans to pay programmers who help patch the open-source projects it cares about.
Advertisers Evade 'Do Not Track' With Supercookies
News  |  10/10/2013  | 
Many popular sites use JavaScript and Flash font probes to track users and their browsing habits across multiple devices, researchers say.
Creating And Maintaining A Custom Threat Profile
Quick Hits  |  10/10/2013  | 
Threat intelligence is only useful if it's tailored to your specific organization. Here are some tips on how to customize
Microsoft Patches Two Internet Explorer Bugs
News  |  10/9/2013  | 
Microsoft and Adobe this week release a slew of fixes, including patches for zero-day vulnerabilities and remote code execution flaws.
LulzSec Hackers Evade Irish Jail Time
News  |  10/9/2013  | 
In Ireland's first-ever successful computer crime prosecution, two hackers with ties to LulzSec and Anonymous get probation and fines -- but so far no extradition to face charges in the U.S.
Embrace Your Inner Risk Adviser
Quick Hits  |  10/8/2013  | 
Bridging the gap between security and IT and the business side requires teamwork on building a risk profile
'Blackhole' Activity Dips Amid Reports Of Bust
News  |  10/8/2013  | 
Reports point to possible arrest of Blackhole crimeware author, but changing of the guard is already under way as other kits gain a foothold
Sidestepping SDN Security Woes
News  |  10/7/2013  | 
SDN does hold potential security upsides, but organizations should also look out for pitfalls
Infrastructure Cybersecurity: Carrots And Sticks
News  |  10/7/2013  | 
As lawmakers and private industry leaders wrangle over how to best protect our nation's critical infrastructure from cyberattack, existing anti-terror legislation could offer a promising start.
5 Obamacare Health Site Security Warnings
News  |  10/7/2013  | 
Early shakedowns of the health insurance exchange websites show they are vulnerable to cross-site request forgery, clickjacking and cookie attacks, among other risks.
Firms, Researchers Seek Better Ways To Detect Evasive Threats
News  |  10/4/2013  | 
As defenders increasing use dynamic analysis and sandboxes, attackers have adopted a number of evasion techniques forcing security firms and researchers to adapt
Next-Gen Spam: Quality Over Quantity
Commentary  |  10/3/2013  | 
The industry has been remarkably innovative in developing business models to extract money from the unwary.
Stratfor Hacker: FBI Entrapment Shaped My Case
Commentary  |  10/3/2013  | 
Hacker Jeremy Hammond asks for leniency before sentencing, citing the role of FBI informant Sabu in his case. How far can the FBI go with suspected computer criminals?
CISO Shares Strategies For Surviving The Inevitability Of Attacks
News  |  10/3/2013  | 
Looping in application and network teams can help spot threats and attacks before they do harm.
Securing More Vulnerabilities By Patching Less
News  |  10/2/2013  | 
Companies need to focus on not just fixing known vulnerabilities, but closing potential attack vectors
Silk Road Founder Arrested
News  |  10/2/2013  | 
Infamous online black market alleged to have generated $1.2 billion in sales of illegal products and services since 2011.
WordPress Attacks: Time To Wake Up
Commentary  |  10/1/2013  | 
The latest WordPress hacks highlight our continued laziness when implementing online security, a problem made worse by free, easy-to-use sites.
5 Reasons Every Company Should Have A Honeypot
News  |  10/1/2013  | 
A staple of the computer-security toolbox for more than two decades, honeypots can provide companies with unique benefits
Researchers Unite To #ScanAllTheThings
News  |  10/1/2013  | 
'Project Sonar' community project launched for sharing Internet-scanning data, tools, and analysis
Page 1 / 2   >   >>


HackerOne Drops Mobile Voting App Vendor Voatz
Dark Reading Staff 3/30/2020
Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
Curtis Franklin Jr., Senior Editor at Dark Reading,  3/31/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11547
PUBLISHED: 2020-04-05
PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server itself (CPU usage, memory, Windows version, and internal statistics) via an HTTP request, as demonstrated by type=probes to login.htm or index.htm.
CVE-2020-11548
PUBLISHED: 2020-04-05
The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. The attacker could achieve remote code execution via CSV injection if a wp-admin/index.php?page=search-meter Export is performed.
CVE-2020-11542
PUBLISHED: 2020-04-04
3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authentication Bypass via CMD.HTM?CMD= because authentication depends on the client side's interpretation of the <KEY>MYKEY</KEY> substring.
CVE-2020-11533
PUBLISHED: 2020-04-04
Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to obtain sensitive information (keying material).
CVE-2020-11529
PUBLISHED: 2020-04-04
Common/Grav.php in Grav before 1.6.23 has an Open Redirect.