Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in October 2013
Page 1 / 2   >   >>
Shortage Of Women Hurting IT Security Industry, Study Finds
Quick Hits  |  10/31/2013  | 
(ISC)2 survey indicates that women have the skills and attitudes most needed in infosec
Naming And Shaming Unlikely To Work For Cyberespionage
News  |  10/30/2013  | 
Why a whistleblower's evidence of widespread surveillance by the NSA has caused the U.S. government to react, but Mandiant's revelations about Chinese espionage fail to curb that nation's efforts
Social Engineers Pwn The 'Human Network' In Major Firms
News  |  10/30/2013  | 
Apple, General Motors, Home Depot, Johnson & Johnson, Chevron, Boeing, and other major corporations easily fall to social engineers in recent contest, new report shows
MongoHQ To Customers: Change Database Passwords
News  |  10/30/2013  | 
Following security breach, MongoDB hosting firm advises customers to change database passwords as it locks down systems and bolsters security defenses.
Attackers Crib Exploit Code, But Net Benefit For Defenders
News  |  10/29/2013  | 
Researcher finds that the top 20 crime packs copy exploit code from security researchers and sophisticated attackers, but doing away with public disclosure is no solution
Google Captcha Dumps Distorted Text Images
News  |  10/29/2013  | 
Tired of reading those wavy words? Changes to Google's reCaptcha system -- which doubles as quality control for its book and newspaper scanning projects -- prioritize bot-busting puzzles based on numbers.
Microsoft Software, Overall Operating System Vulnerability Disclosures Rise
News  |  10/29/2013  | 
Windows XP machines six times more likely to be infected by malware than newer versions of the OS, according to new Microsoft Security Intelligence Report (SIR)
Syrian Hackers Attack Obama's Website
News  |  10/29/2013  | 
Pro-Syrian regime hackers gain ability to redirect Twitter and Facebook short links because staff failed to use Google two-factor authentication.
Failure To Deploy: Aided And Abetted By Shelfware
Commentary  |  10/28/2013  | 
It takes more than technology acquisition to protect against the insider threat -- just ask the NSA
LinkedIn Defends 'Intro' Email Security
News  |  10/28/2013  | 
LinkedIn responds to user and security expert concerns about new email feature, cites measures it took to make LinkedIn Intro safe.
Chinese Antivirus Firm NQ Called 'Massive Fraud'
News  |  10/25/2013  | 
Mobile anti-malware software developer NQ Mobile denies charges that it inflates its market share and makes spyware.
To Determine Threat Level, Context Matters
News  |  10/24/2013  | 
Computers communicating with the Amazon cloud, users logging in after hours, and the risk posed by Java; without context, evaluating threats is nearly impossible
Experian Breach Fallout: ID Theft Nightmares Continue
Commentary  |  10/24/2013  | 
Data brokers amassing gigantic data stores of people's valuable personal information are too big to not fail. Why are consumers getting stuck with the mess?
Browser Fingerprinting: 9 Facts
News  |  10/24/2013  | 
Tracking technology that can identify individual identities and devices is improving faster than consumers might realize, warn privacy researchers.
LinkedIn Intro Service Triggers Security, Privacy Fears
News  |  10/24/2013  | 
LinkedIn wants to scans your emails to add more information about the sender, raising the hackles of security and privacy advocates.
Google Project Shield Promises DDoS Attack Prevention
News  |  10/22/2013  | 
Project Shield service is designed to keep static websites for human rights, election and news groups online, but it might presage a commercial Google DDoS defense service.
Catching Malware With DNS As A Service
News  |  10/21/2013  | 
A cloud provider used to be the low-cost option for domain-name system (DNS) services, but the ability to act as a security proxy has convinced many that cloud is better
How To Avoid Breaches Where You Least Expect Them
News  |  10/21/2013  | 
Vulnerabilities and threats could lurk in the most mundane of systems
Experian Sold Data To Vietnamese ID Theft Ring
News  |  10/21/2013  | 
Fake private investigation firm tricked data broker into divulging numerous Americans' names, social security numbers, birthdates and bank account numbers.
Forget Captcha, Try Inkblots
News  |  10/17/2013  | 
Researchers propose using an inkblot-matching scheme, dubbed Gotcha, to defeat dictionary-based hacks of the Captcha system.
User-Selected Passwords Still Getting Cracked
News  |  10/16/2013  | 
Educating people about good password selection has largely failed as graphics-processor-enabled cracking crunches through billions of possibilities every second
'Project SHINE' Illuminates Sad State Of SCADA/ICS Security On The Net
News  |  10/16/2013  | 
One million ICS/SCADA devices -- and counting -- found exposed on the public Internet, researchers say
Oracle Issues Massive Security Patch For Java, Databases
News  |  10/16/2013  | 
Oracle's quarterly update includes 127 security patches, including fixes for remotely exploitable Java flaws.
Windows XP Holdouts Hold On
Quick Hits  |  10/15/2013  | 
New data shows nearly half of XP machines still alive and well among 1 million machines managed by one vendor
Adobe Source Code Theft Unlikely To Cause Spike In Exploits
News  |  10/15/2013  | 
Access to the firm's code for Acrobat, ColdFusion, and Publisher products will make flaws easer to find, but experts disagree whether exploitation will also be easier
Anonymous Targets Alleged Rapists In Maryville, Mo.
News  |  10/15/2013  | 
Hacktivists launch "#OpMaryville," charge that justice wasn't served and rape case should be reopened.
D-Link Router Vulnerable To Authentication Bypass
News  |  10/14/2013  | 
Multiple D-Link, Planex and Virgin Mobile routers have a firmware vulnerability that attackers could exploit to directly access and alter the devices.
Flaw In Chrome May Leave Users' Personal Information At Risk
Quick Hits  |  10/13/2013  | 
Vulnerability in Chrome browser could enable attackers to collect data from history files, Identity Finder says
We're All The APT
Commentary  |  10/12/2013  | 
XKeyscore, FoxAcid: APT lines are blurring
Cyberthreats Grow More Ominous: Former NSA Chief
News  |  10/11/2013  | 
Microsoft's Craig Mundie, former NSA and CIA chief Gen. Michael Hayden and other experts say cybersecurity attacks are getting more dangerous.
'Spaf' On Security
News  |  10/10/2013  | 
Internet security pioneer Eugene Spafford talks about why security has struggled even after its first big wake-up call 25 years ago, the Morris worm
Google To Reward Fixes For Open Source Software
News  |  10/10/2013  | 
Google expands its bug bounty program, plans to pay programmers who help patch the open-source projects it cares about.
Advertisers Evade 'Do Not Track' With Supercookies
News  |  10/10/2013  | 
Many popular sites use JavaScript and Flash font probes to track users and their browsing habits across multiple devices, researchers say.
Creating And Maintaining A Custom Threat Profile
Quick Hits  |  10/10/2013  | 
Threat intelligence is only useful if it's tailored to your specific organization. Here are some tips on how to customize
Microsoft Patches Two Internet Explorer Bugs
News  |  10/9/2013  | 
Microsoft and Adobe this week release a slew of fixes, including patches for zero-day vulnerabilities and remote code execution flaws.
LulzSec Hackers Evade Irish Jail Time
News  |  10/9/2013  | 
In Ireland's first-ever successful computer crime prosecution, two hackers with ties to LulzSec and Anonymous get probation and fines -- but so far no extradition to face charges in the U.S.
Embrace Your Inner Risk Adviser
Quick Hits  |  10/8/2013  | 
Bridging the gap between security and IT and the business side requires teamwork on building a risk profile
'Blackhole' Activity Dips Amid Reports Of Bust
News  |  10/8/2013  | 
Reports point to possible arrest of Blackhole crimeware author, but changing of the guard is already under way as other kits gain a foothold
Sidestepping SDN Security Woes
News  |  10/7/2013  | 
SDN does hold potential security upsides, but organizations should also look out for pitfalls
Infrastructure Cybersecurity: Carrots And Sticks
News  |  10/7/2013  | 
As lawmakers and private industry leaders wrangle over how to best protect our nation's critical infrastructure from cyberattack, existing anti-terror legislation could offer a promising start.
5 Obamacare Health Site Security Warnings
News  |  10/7/2013  | 
Early shakedowns of the health insurance exchange websites show they are vulnerable to cross-site request forgery, clickjacking and cookie attacks, among other risks.
Firms, Researchers Seek Better Ways To Detect Evasive Threats
News  |  10/4/2013  | 
As defenders increasing use dynamic analysis and sandboxes, attackers have adopted a number of evasion techniques forcing security firms and researchers to adapt
Next-Gen Spam: Quality Over Quantity
Commentary  |  10/3/2013  | 
The industry has been remarkably innovative in developing business models to extract money from the unwary.
Stratfor Hacker: FBI Entrapment Shaped My Case
Commentary  |  10/3/2013  | 
Hacker Jeremy Hammond asks for leniency before sentencing, citing the role of FBI informant Sabu in his case. How far can the FBI go with suspected computer criminals?
CISO Shares Strategies For Surviving The Inevitability Of Attacks
News  |  10/3/2013  | 
Looping in application and network teams can help spot threats and attacks before they do harm.
Securing More Vulnerabilities By Patching Less
News  |  10/2/2013  | 
Companies need to focus on not just fixing known vulnerabilities, but closing potential attack vectors
Silk Road Founder Arrested
News  |  10/2/2013  | 
Infamous online black market alleged to have generated $1.2 billion in sales of illegal products and services since 2011.
WordPress Attacks: Time To Wake Up
Commentary  |  10/1/2013  | 
The latest WordPress hacks highlight our continued laziness when implementing online security, a problem made worse by free, easy-to-use sites.
5 Reasons Every Company Should Have A Honeypot
News  |  10/1/2013  | 
A staple of the computer-security toolbox for more than two decades, honeypots can provide companies with unique benefits
Researchers Unite To #ScanAllTheThings
News  |  10/1/2013  | 
'Project Sonar' community project launched for sharing Internet-scanning data, tools, and analysis
Page 1 / 2   >   >>


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
6 Top Nontechnical Degrees for Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/21/2019
Anatomy of a BEC Scam
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3654
PUBLISHED: 2019-11-22
Authentication Bypass vulnerability in the Microsoft Windows client in McAfee Client Proxy (MCP) prior to 3.0.0 allows local user to bypass scanning of web traffic and gain access to blocked sites for a short period of time via generating an authorization key on the client which should only be gener...
CVE-2014-2214
PUBLISHED: 2019-11-22
Multiple cross-site scripting (XSS) vulnerabilities in POSH (aka Posh portal or Portaneo) 3.0 through 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) error parameter to /includes/plugins/mobile/scripts/login.php or (2) id parameter to portal/openrssarticle.php
CVE-2014-6310
PUBLISHED: 2019-11-22
Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function.
CVE-2014-6311
PUBLISHED: 2019-11-22
generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges.
CVE-2019-16763
PUBLISHED: 2019-11-22
In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized for data URIs (or vbscript:), allowing for potential XSS attacks. Such an attack would require a user to click on a hot spot to execute and would require an attacker-provided configuration. The most plausible potential attack would be if ...