Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in November 2009
Security Gets Top Billing On Cyber Monday
Quick Hits  |  11/30/2009  | 
FBI, others offer tips to protect shoppers during online shopping season
Heap Spraying: Attackers' Latest Weapon Of Choice
News  |  11/30/2009  | 
Difficult to detect reliably, heap spraying was behind an exploit of IE and Adobe Reader
Spammer Gets Four Years In Slammer
News  |  11/25/2009  | 
'Godfather of Spam' Alan Ralsky and three associates sentenced for stock fraud spam scheme
CSI Annual Report: Financial Fraud, Malware On The Increase
News  |  11/24/2009  | 
Security pros generally happy with products; not so much with awareness programs
Microsoft Issues Internet Explorer Security Advisory
News  |  11/24/2009  | 
Users of Internet Explorer 6 and 7 may be vulnerable to a malware attack.
Report: China's After U.S. Secrets, Technology
News  |  11/24/2009  | 
U.S.-China Economic and Security Review Commission notes a 'marked increase in cyber intrusions originating in China and targeting U.S. government and defense-related computer system'
Jailbroken iPhones Vulnerable To 'Duh' Worm
News  |  11/23/2009  | 
Cybersecurity companies are warning that new malware can turn modified iPhones and iPods into zombies.
Microsoft: 'TaterF' Worm Top Malware Threat So Far This Month
News  |  11/20/2009  | 
Software giant reveals November stats from Malicious Software Removal Tool
Tech Insight: 3 Factors To Assess Before Doing Your Own Penetration Testing
News  |  11/20/2009  | 
What you need to know about bringing penetration testing in-house
New IBM Database Flaw Could Affect Several Other Vendors' Products
News  |  11/19/2009  | 
Denial-of-service (DoS) attack vulnerability in IBM's SolidDB affects HP OpenView
Penetration Testing Grows Up
News  |  11/18/2009  | 
Metasploit's expected entry into the commercial penetration testing market is the latest step toward making pen testing more mainstream
Survey: Patient Data At Risk From Healthcare Partners
News  |  11/18/2009  | 
About a third of healthcare business associates are not aware they needed to comply with HIPAA's security and privacy provisions
New Metasploit Version Released
News  |  11/17/2009  | 
Version 3.3 is faster and includes support for Windows 7
Healthcare Affiliates Unprepared For Data Breaches
News  |  11/17/2009  | 
Patient privacy is at risk from the companies that healthcare providers do business with, study says.
Big-Name Vendors Team On Disaster Preparedness, Recovery
News  |  11/17/2009  | 
IT can play a major role in boosting the effectiveness of response efforts, say alliance sponsors that include Microsoft, Google, Yahoo
Most Security Products Fail Initial Certification Tests
News  |  11/16/2009  | 
A study based on the testing of thousands of security products over 20 years finds that most require several rounds of testing before achieving certification.
Most Security Products Don't Initially Work As Intended, Study Says
News  |  11/16/2009  | 
In certification tests, many products fail in functionality or logging, ICSA/Verizon reports
Myth-Busting: Quelling 7 Cloud Computing Fears
News  |  11/16/2009  | 
Concerned about data privacy and single points of failure, among other cloud worries? Get ready to put your fears to rest
OWASP Issues New Top 10 Web Application Security Risks List
News  |  11/13/2009  | 
List now focuses on actual risk, not weaknesses and flaws in Websites
Microsoft Investigating Zero-Day Windows 7 Flaw
News  |  11/12/2009  | 
The vulnerability was released the day after Microsoft issued its November patches.
Stopping Insider Attacks
Commentary  |  11/12/2009  | 
There is no single thing you can do to prevent an attack from the inside. The concept of defense-in-depth applies here as it does to all areas of security. No single solution is going to make you secure. Only by putting many defense measures together will you be secure, and those measures must encompass both preventive and detective measures.
Adobe Flash Security Model Permits Malware
News  |  11/12/2009  | 
Web sites that allow user-generated content could be risking attack due to Flash's permissive security model.
Measuring Insider Risk
Commentary  |  11/11/2009  | 
The key thing to remember when dealing with insiders is they have access and, in most cases, will exploit the weakest link that gives them the greatest chance of access, while minimizing the chances that they get caught. Why try to break through a firewall and gain access to a system with a private address when you can find someone behind the firewall with full access to the system?
Researcher Takes Step Toward Integrating Penetration Test Tools
News  |  11/11/2009  | 
Will release free tools Thursday at OWASP conference
Blue Cross Blue Shield Data Breach Investigated
News  |  11/11/2009  | 
Connecticut's attorney general is looking for tougher protection for healthcare providers after records, which could be useful to identity thieves, were lost.
Microsoft Demands Takedown Of Bing Cash Exploit
News  |  11/10/2009  | 
A flaw Microsoft's Bing cashback program allowed startup co-founder Samir Meghani get credit for over $2,000 in rebate cash through fake purchases.
Microsoft Patch Brings Windows Kernel Warning
News  |  11/10/2009  | 
A Windows kernel vulnerability addressed in a November security bulletin should be patched immediately, Microsoft recommends.
Apple Issues Patch For 40 Vulnerabilities In Snow Leopard OS
News  |  11/10/2009  | 
Among security flaws addressed by Mac OS X 10.6.2 is login bypass vulnerability
Majority Of Web Apps Have Severe Vulnerabilities
News  |  11/10/2009  | 
Flaws 'could potentially lead to the exposure of sensitive or confidential user information during transactions,' according to new report from Cenzic
Apple Releases Snow Leopard Security Patch
News  |  11/9/2009  | 
Mac OS X 10.6.2 addresses security and stability issues, and resolves a file deletion bug involving Guest accounts.
9 In 10 Web Apps Have Serious Flaws
News  |  11/9/2009  | 
The 10 most severe software vulnerabilities during the first half of 2009 affected software from Apache, Citrix, IBM, SAP, Sun, and Symantec, among other organizations.
Microsoft Forensics Tool For Law Enforcement Leaked Online
News  |  11/9/2009  | 
Security experts worry cybercriminals will figure out ways to circumvent the tool, which was discovered in a file-sharing forum
eEye Announces Retina CS
News  |  11/9/2009  | 
Retina CS boasts simplified navigation and a newly designed Web 2.0 interface
Microsoft Says Sophos Overhypes Windows 7 Malware Threat
News  |  11/9/2009  | 
Says Sophos' methodology was flawed, in part because the testers did not take advantage of Microsoft security tools
Microsoft: Windows 7 Malware Threat 'Sensationalized'
News  |  11/9/2009  | 
Software maker claims tests by security vendor don't tell the whole story.
Healthcare Providers Face Security Challenges
News  |  11/9/2009  | 
Three-quarters of organizations that conduct formal risk assessments have found patient data at risk, study says.
Insider Threat Reality Check
Commentary  |  11/9/2009  | 
Organizations tend to think once they hire an employee or a contractor, that person is now part of a trusted group of people. Although an organization might give an employee additional access that an ordinary person would not have, why should it trust that person?
New Spamming Botnet On The Rise
News  |  11/6/2009  | 
'Festi' quickly jumps from sending about 1 percent of all spam to 5 to 6 percent, MessageLabs researchers say
Major SSL Flaw Find Prompts Protocol Update
News  |  11/5/2009  | 
Vendors, IETF, have been working on a fix since last month for a newly discovered vulnerability in the SSL protocol that spans browsers, servers, smart cards, and other products
Little-Known Hole Lets Attacker Hit Main Website Domain Via Its Subdomains
Quick Hits  |  11/5/2009  | 
Proof-of-concept demonstrates how exploits on Google, Expedia, Chase Manhattan subdomains could lead to compromises of their main sites
Practical Analysis: The Fastest-Growing Security Threat
Commentary  |  11/5/2009  | 
SQL injections, more than any other exploit, can land your company in trouble. So why aren't you worried about them?
Serious SSL Vulnerability Found
News  |  11/5/2009  | 
A vulnerability in the most common data security protocol on the Internet could allow secure Web sessions to be hijacked.
Is Antivirus Software Dead?
News  |  11/5/2009  | 
Always-on Internet connectivity is keeping malware concerns alive and well. We examine whether antivirus software is up to the task, or whether it's a security solution of the past.
New Trojan Kills The Zeus Trojan
Quick Hits  |  11/2/2009  | 
'Opachki' Trojan hijacks links for cash and deletes Zeus malware from the infected machine


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
6 Top Nontechnical Degrees for Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/21/2019
Anatomy of a BEC Scam
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15593
PUBLISHED: 2019-11-22
GitLab 12.2.3 contains a security vulnerability that allows a user to affect the availability of the service through a Denial of Service attack in Issue Comments.
CVE-2019-16285
PUBLISHED: 2019-11-22
If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive.
CVE-2019-16286
PUBLISHED: 2019-11-22
An attacker may be able to bypass the OS application filter meant to restrict applications that can be executed by changing browser preferences to launch a separate process that in turn can execute arbitrary commands.
CVE-2019-16287
PUBLISHED: 2019-11-22
An attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed commands with elevated privileges.
CVE-2019-18909
PUBLISHED: 2019-11-22
The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges.