Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in November 2009
Security Gets Top Billing On Cyber Monday
Quick Hits  |  11/30/2009  | 
FBI, others offer tips to protect shoppers during online shopping season
Heap Spraying: Attackers' Latest Weapon Of Choice
News  |  11/30/2009  | 
Difficult to detect reliably, heap spraying was behind an exploit of IE and Adobe Reader
Spammer Gets Four Years In Slammer
News  |  11/25/2009  | 
'Godfather of Spam' Alan Ralsky and three associates sentenced for stock fraud spam scheme
CSI Annual Report: Financial Fraud, Malware On The Increase
News  |  11/24/2009  | 
Security pros generally happy with products; not so much with awareness programs
Microsoft Issues Internet Explorer Security Advisory
News  |  11/24/2009  | 
Users of Internet Explorer 6 and 7 may be vulnerable to a malware attack.
Report: China's After U.S. Secrets, Technology
News  |  11/24/2009  | 
U.S.-China Economic and Security Review Commission notes a 'marked increase in cyber intrusions originating in China and targeting U.S. government and defense-related computer system'
Jailbroken iPhones Vulnerable To 'Duh' Worm
News  |  11/23/2009  | 
Cybersecurity companies are warning that new malware can turn modified iPhones and iPods into zombies.
Microsoft: 'TaterF' Worm Top Malware Threat So Far This Month
News  |  11/20/2009  | 
Software giant reveals November stats from Malicious Software Removal Tool
Tech Insight: 3 Factors To Assess Before Doing Your Own Penetration Testing
News  |  11/20/2009  | 
What you need to know about bringing penetration testing in-house
New IBM Database Flaw Could Affect Several Other Vendors' Products
News  |  11/19/2009  | 
Denial-of-service (DoS) attack vulnerability in IBM's SolidDB affects HP OpenView
Penetration Testing Grows Up
News  |  11/18/2009  | 
Metasploit's expected entry into the commercial penetration testing market is the latest step toward making pen testing more mainstream
Survey: Patient Data At Risk From Healthcare Partners
News  |  11/18/2009  | 
About a third of healthcare business associates are not aware they needed to comply with HIPAA's security and privacy provisions
New Metasploit Version Released
News  |  11/17/2009  | 
Version 3.3 is faster and includes support for Windows 7
Healthcare Affiliates Unprepared For Data Breaches
News  |  11/17/2009  | 
Patient privacy is at risk from the companies that healthcare providers do business with, study says.
Big-Name Vendors Team On Disaster Preparedness, Recovery
News  |  11/17/2009  | 
IT can play a major role in boosting the effectiveness of response efforts, say alliance sponsors that include Microsoft, Google, Yahoo
Most Security Products Fail Initial Certification Tests
News  |  11/16/2009  | 
A study based on the testing of thousands of security products over 20 years finds that most require several rounds of testing before achieving certification.
Most Security Products Don't Initially Work As Intended, Study Says
News  |  11/16/2009  | 
In certification tests, many products fail in functionality or logging, ICSA/Verizon reports
Myth-Busting: Quelling 7 Cloud Computing Fears
News  |  11/16/2009  | 
Concerned about data privacy and single points of failure, among other cloud worries? Get ready to put your fears to rest
OWASP Issues New Top 10 Web Application Security Risks List
News  |  11/13/2009  | 
List now focuses on actual risk, not weaknesses and flaws in Websites
Microsoft Investigating Zero-Day Windows 7 Flaw
News  |  11/12/2009  | 
The vulnerability was released the day after Microsoft issued its November patches.
Stopping Insider Attacks
Commentary  |  11/12/2009  | 
There is no single thing you can do to prevent an attack from the inside. The concept of defense-in-depth applies here as it does to all areas of security. No single solution is going to make you secure. Only by putting many defense measures together will you be secure, and those measures must encompass both preventive and detective measures.
Adobe Flash Security Model Permits Malware
News  |  11/12/2009  | 
Web sites that allow user-generated content could be risking attack due to Flash's permissive security model.
Measuring Insider Risk
Commentary  |  11/11/2009  | 
The key thing to remember when dealing with insiders is they have access and, in most cases, will exploit the weakest link that gives them the greatest chance of access, while minimizing the chances that they get caught. Why try to break through a firewall and gain access to a system with a private address when you can find someone behind the firewall with full access to the system?
Researcher Takes Step Toward Integrating Penetration Test Tools
News  |  11/11/2009  | 
Will release free tools Thursday at OWASP conference
Blue Cross Blue Shield Data Breach Investigated
News  |  11/11/2009  | 
Connecticut's attorney general is looking for tougher protection for healthcare providers after records, which could be useful to identity thieves, were lost.
Microsoft Demands Takedown Of Bing Cash Exploit
News  |  11/10/2009  | 
A flaw Microsoft's Bing cashback program allowed startup co-founder Samir Meghani get credit for over $2,000 in rebate cash through fake purchases.
Microsoft Patch Brings Windows Kernel Warning
News  |  11/10/2009  | 
A Windows kernel vulnerability addressed in a November security bulletin should be patched immediately, Microsoft recommends.
Apple Issues Patch For 40 Vulnerabilities In Snow Leopard OS
News  |  11/10/2009  | 
Among security flaws addressed by Mac OS X 10.6.2 is login bypass vulnerability
Majority Of Web Apps Have Severe Vulnerabilities
News  |  11/10/2009  | 
Flaws 'could potentially lead to the exposure of sensitive or confidential user information during transactions,' according to new report from Cenzic
Apple Releases Snow Leopard Security Patch
News  |  11/9/2009  | 
Mac OS X 10.6.2 addresses security and stability issues, and resolves a file deletion bug involving Guest accounts.
9 In 10 Web Apps Have Serious Flaws
News  |  11/9/2009  | 
The 10 most severe software vulnerabilities during the first half of 2009 affected software from Apache, Citrix, IBM, SAP, Sun, and Symantec, among other organizations.
Microsoft Forensics Tool For Law Enforcement Leaked Online
News  |  11/9/2009  | 
Security experts worry cybercriminals will figure out ways to circumvent the tool, which was discovered in a file-sharing forum
eEye Announces Retina CS
News  |  11/9/2009  | 
Retina CS boasts simplified navigation and a newly designed Web 2.0 interface
Microsoft Says Sophos Overhypes Windows 7 Malware Threat
News  |  11/9/2009  | 
Says Sophos' methodology was flawed, in part because the testers did not take advantage of Microsoft security tools
Microsoft: Windows 7 Malware Threat 'Sensationalized'
News  |  11/9/2009  | 
Software maker claims tests by security vendor don't tell the whole story.
Healthcare Providers Face Security Challenges
News  |  11/9/2009  | 
Three-quarters of organizations that conduct formal risk assessments have found patient data at risk, study says.
Insider Threat Reality Check
Commentary  |  11/9/2009  | 
Organizations tend to think once they hire an employee or a contractor, that person is now part of a trusted group of people. Although an organization might give an employee additional access that an ordinary person would not have, why should it trust that person?
New Spamming Botnet On The Rise
News  |  11/6/2009  | 
'Festi' quickly jumps from sending about 1 percent of all spam to 5 to 6 percent, MessageLabs researchers say
Major SSL Flaw Find Prompts Protocol Update
News  |  11/5/2009  | 
Vendors, IETF, have been working on a fix since last month for a newly discovered vulnerability in the SSL protocol that spans browsers, servers, smart cards, and other products
Little-Known Hole Lets Attacker Hit Main Website Domain Via Its Subdomains
Quick Hits  |  11/5/2009  | 
Proof-of-concept demonstrates how exploits on Google, Expedia, Chase Manhattan subdomains could lead to compromises of their main sites
Practical Analysis: The Fastest-Growing Security Threat
Commentary  |  11/5/2009  | 
SQL injections, more than any other exploit, can land your company in trouble. So why aren't you worried about them?
Serious SSL Vulnerability Found
News  |  11/5/2009  | 
A vulnerability in the most common data security protocol on the Internet could allow secure Web sessions to be hijacked.
Is Antivirus Software Dead?
News  |  11/5/2009  | 
Always-on Internet connectivity is keeping malware concerns alive and well. We examine whether antivirus software is up to the task, or whether it's a security solution of the past.
New Trojan Kills The Zeus Trojan
Quick Hits  |  11/2/2009  | 
'Opachki' Trojan hijacks links for cash and deletes Zeus malware from the infected machine


COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Malware Attacks Declined But Became More Evasive in Q2
Jai Vijayan, Contributing Writer,  9/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15216
PUBLISHED: 2020-09-29
In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revisio...
CVE-2020-4607
PUBLISHED: 2020-09-29
IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.
CVE-2020-24565
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25770
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25771
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...