Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in November 2009
Security Gets Top Billing On Cyber Monday
Quick Hits  |  11/30/2009  | 
FBI, others offer tips to protect shoppers during online shopping season
Heap Spraying: Attackers' Latest Weapon Of Choice
News  |  11/30/2009  | 
Difficult to detect reliably, heap spraying was behind an exploit of IE and Adobe Reader
Spammer Gets Four Years In Slammer
News  |  11/25/2009  | 
'Godfather of Spam' Alan Ralsky and three associates sentenced for stock fraud spam scheme
CSI Annual Report: Financial Fraud, Malware On The Increase
News  |  11/24/2009  | 
Security pros generally happy with products; not so much with awareness programs
Microsoft Issues Internet Explorer Security Advisory
News  |  11/24/2009  | 
Users of Internet Explorer 6 and 7 may be vulnerable to a malware attack.
Report: China's After U.S. Secrets, Technology
News  |  11/24/2009  | 
U.S.-China Economic and Security Review Commission notes a 'marked increase in cyber intrusions originating in China and targeting U.S. government and defense-related computer system'
Jailbroken iPhones Vulnerable To 'Duh' Worm
News  |  11/23/2009  | 
Cybersecurity companies are warning that new malware can turn modified iPhones and iPods into zombies.
Microsoft: 'TaterF' Worm Top Malware Threat So Far This Month
News  |  11/20/2009  | 
Software giant reveals November stats from Malicious Software Removal Tool
Tech Insight: 3 Factors To Assess Before Doing Your Own Penetration Testing
News  |  11/20/2009  | 
What you need to know about bringing penetration testing in-house
New IBM Database Flaw Could Affect Several Other Vendors' Products
News  |  11/19/2009  | 
Denial-of-service (DoS) attack vulnerability in IBM's SolidDB affects HP OpenView
Penetration Testing Grows Up
News  |  11/18/2009  | 
Metasploit's expected entry into the commercial penetration testing market is the latest step toward making pen testing more mainstream
Survey: Patient Data At Risk From Healthcare Partners
News  |  11/18/2009  | 
About a third of healthcare business associates are not aware they needed to comply with HIPAA's security and privacy provisions
New Metasploit Version Released
News  |  11/17/2009  | 
Version 3.3 is faster and includes support for Windows 7
Healthcare Affiliates Unprepared For Data Breaches
News  |  11/17/2009  | 
Patient privacy is at risk from the companies that healthcare providers do business with, study says.
Big-Name Vendors Team On Disaster Preparedness, Recovery
News  |  11/17/2009  | 
IT can play a major role in boosting the effectiveness of response efforts, say alliance sponsors that include Microsoft, Google, Yahoo
Most Security Products Fail Initial Certification Tests
News  |  11/16/2009  | 
A study based on the testing of thousands of security products over 20 years finds that most require several rounds of testing before achieving certification.
Most Security Products Don't Initially Work As Intended, Study Says
News  |  11/16/2009  | 
In certification tests, many products fail in functionality or logging, ICSA/Verizon reports
Myth-Busting: Quelling 7 Cloud Computing Fears
News  |  11/16/2009  | 
Concerned about data privacy and single points of failure, among other cloud worries? Get ready to put your fears to rest
OWASP Issues New Top 10 Web Application Security Risks List
News  |  11/13/2009  | 
List now focuses on actual risk, not weaknesses and flaws in Websites
Microsoft Investigating Zero-Day Windows 7 Flaw
News  |  11/12/2009  | 
The vulnerability was released the day after Microsoft issued its November patches.
Stopping Insider Attacks
Commentary  |  11/12/2009  | 
There is no single thing you can do to prevent an attack from the inside. The concept of defense-in-depth applies here as it does to all areas of security. No single solution is going to make you secure. Only by putting many defense measures together will you be secure, and those measures must encompass both preventive and detective measures.
Adobe Flash Security Model Permits Malware
News  |  11/12/2009  | 
Web sites that allow user-generated content could be risking attack due to Flash's permissive security model.
Measuring Insider Risk
Commentary  |  11/11/2009  | 
The key thing to remember when dealing with insiders is they have access and, in most cases, will exploit the weakest link that gives them the greatest chance of access, while minimizing the chances that they get caught. Why try to break through a firewall and gain access to a system with a private address when you can find someone behind the firewall with full access to the system?
Researcher Takes Step Toward Integrating Penetration Test Tools
News  |  11/11/2009  | 
Will release free tools Thursday at OWASP conference
Blue Cross Blue Shield Data Breach Investigated
News  |  11/11/2009  | 
Connecticut's attorney general is looking for tougher protection for healthcare providers after records, which could be useful to identity thieves, were lost.
Microsoft Demands Takedown Of Bing Cash Exploit
News  |  11/10/2009  | 
A flaw Microsoft's Bing cashback program allowed startup co-founder Samir Meghani get credit for over $2,000 in rebate cash through fake purchases.
Microsoft Patch Brings Windows Kernel Warning
News  |  11/10/2009  | 
A Windows kernel vulnerability addressed in a November security bulletin should be patched immediately, Microsoft recommends.
Apple Issues Patch For 40 Vulnerabilities In Snow Leopard OS
News  |  11/10/2009  | 
Among security flaws addressed by Mac OS X 10.6.2 is login bypass vulnerability
Majority Of Web Apps Have Severe Vulnerabilities
News  |  11/10/2009  | 
Flaws 'could potentially lead to the exposure of sensitive or confidential user information during transactions,' according to new report from Cenzic
Apple Releases Snow Leopard Security Patch
News  |  11/9/2009  | 
Mac OS X 10.6.2 addresses security and stability issues, and resolves a file deletion bug involving Guest accounts.
9 In 10 Web Apps Have Serious Flaws
News  |  11/9/2009  | 
The 10 most severe software vulnerabilities during the first half of 2009 affected software from Apache, Citrix, IBM, SAP, Sun, and Symantec, among other organizations.
Microsoft Forensics Tool For Law Enforcement Leaked Online
News  |  11/9/2009  | 
Security experts worry cybercriminals will figure out ways to circumvent the tool, which was discovered in a file-sharing forum
eEye Announces Retina CS
News  |  11/9/2009  | 
Retina CS boasts simplified navigation and a newly designed Web 2.0 interface
Microsoft Says Sophos Overhypes Windows 7 Malware Threat
News  |  11/9/2009  | 
Says Sophos' methodology was flawed, in part because the testers did not take advantage of Microsoft security tools
Microsoft: Windows 7 Malware Threat 'Sensationalized'
News  |  11/9/2009  | 
Software maker claims tests by security vendor don't tell the whole story.
Healthcare Providers Face Security Challenges
News  |  11/9/2009  | 
Three-quarters of organizations that conduct formal risk assessments have found patient data at risk, study says.
Insider Threat Reality Check
Commentary  |  11/9/2009  | 
Organizations tend to think once they hire an employee or a contractor, that person is now part of a trusted group of people. Although an organization might give an employee additional access that an ordinary person would not have, why should it trust that person?
New Spamming Botnet On The Rise
News  |  11/6/2009  | 
'Festi' quickly jumps from sending about 1 percent of all spam to 5 to 6 percent, MessageLabs researchers say
Major SSL Flaw Find Prompts Protocol Update
News  |  11/5/2009  | 
Vendors, IETF, have been working on a fix since last month for a newly discovered vulnerability in the SSL protocol that spans browsers, servers, smart cards, and other products
Little-Known Hole Lets Attacker Hit Main Website Domain Via Its Subdomains
Quick Hits  |  11/5/2009  | 
Proof-of-concept demonstrates how exploits on Google, Expedia, Chase Manhattan subdomains could lead to compromises of their main sites
Practical Analysis: The Fastest-Growing Security Threat
Commentary  |  11/5/2009  | 
SQL injections, more than any other exploit, can land your company in trouble. So why aren't you worried about them?
Serious SSL Vulnerability Found
News  |  11/5/2009  | 
A vulnerability in the most common data security protocol on the Internet could allow secure Web sessions to be hijacked.
Is Antivirus Software Dead?
News  |  11/5/2009  | 
Always-on Internet connectivity is keeping malware concerns alive and well. We examine whether antivirus software is up to the task, or whether it's a security solution of the past.
New Trojan Kills The Zeus Trojan
Quick Hits  |  11/2/2009  | 
'Opachki' Trojan hijacks links for cash and deletes Zeus malware from the infected machine


AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4147
PUBLISHED: 2019-09-16
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.
CVE-2019-5481
PUBLISHED: 2019-09-16
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
CVE-2019-5482
PUBLISHED: 2019-09-16
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
CVE-2019-15741
PUBLISHED: 2019-09-16
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
CVE-2019-16370
PUBLISHED: 2019-09-16
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.