Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in November 2011
Page 1 / 2   >   >>
Major Email Providers Set Phish Trap
News  |  11/30/2011  | 
Agari's Email Trust Fabric finds fans at AOL, Google, Microsoft, and Yahoo. The goal: Stop spoofing of legitimate email domains.
Slide Show: Top 10 Holiday Phishing Scams
Slideshows  |  11/30/2011  | 
The following scams demonstrate the ways attackers are crafting their messages during the holidays
Anonymous Threatens Robin Hood Attacks Against Banks
News  |  11/30/2011  | 
Hacktivist group says it will steal credit card data from commercial banks and use the information to donate to charities and protest groups.
It's Time to Dump The 'Insider Threat'
Commentary  |  11/30/2011  | 
Blaming the "insider threat" merely hides your real security risks
Analyzing Data To Pinpoint Rogue Insiders
News  |  11/29/2011  | 
Companies and universities look for specific algorithms that will help identify malicious insiders and compromised systems that are acting as insiders
Marriott Hacker's Blackmail Goal: An IT Job
News  |  11/29/2011  | 
Hungarian man threatened to expose confidential company information he'd stolen unless the hotel chain offered him a job.
Five Ways To Secure The Consumer IT Invasion At Work
News  |  11/23/2011  | 
Companies have had to deal with increasing amounts of worker-owned device in the networks
DHS, FBI Dispute Illinois Water Hack
News  |  11/23/2011  | 
Feds say their preliminary investigation finds no evidence of stolen credentials or foreign attackers.
Firms Slow To Secure Flaws In Embedded Devices
News  |  11/22/2011  | 
While operating systems and PC applications have evolved fast patch mechanisms, the proliferation of slow-to-patch embedded devices leaves companies vulnerable
Computer Crime Year In Review by Jennifer Granick
News  |  11/21/2011  | 
EFF's Civil Liberties Director, Jennifer Granick's Black Hat talk: Computer Crime Year in Review - MySpace, MBTA, Boston College and more. Granick discusses some special cases and the the application of legal statutes for them.
Fighting Russian Cybercrime Mobsters: by Dmitri Alperovitch and Keith Mularski
News  |  11/21/2011  | 
McAfee Threat Research VP Dmitri Alperovitch and FBI Supervisory Special Agent Keith Mularski discuss the evolution of Russian organized crime into the area of CyberCrime.
Lockpicking Forensics - Black Hat 2009
News  |  11/21/2011  | 
Destruction is still the most common way to break in somewhere. Datagram provides a talk on Lockpicking Forensics at Black Hat, covering how locks and picks work, various techniques, the affect of normal wear, lock and key analysis and investigation.
Hacking The Smart Grid - Black Hat 2009
News  |  11/21/2011  | 
FYRM Associates Principal Tony Flick presents research on hacking the smart grid. He talks about the components of the smart grid, the problems (both found and potential), and finally some solutions.
APT Or Not APT? Discovering Who Is Attacking The Network
News  |  11/21/2011  | 
Corporate networks face a variety of attacks every day, yet pinpointing the most serious attacks are no easy matter
7 Facebook Security Problems Linger
News  |  11/21/2011  | 
Social networking giant might have fixed its porn problem, but it has plenty of other issues to reckon with, experts say.
Android Security Becomes FUD Fest
Commentary  |  11/21/2011  | 
Big scary warnings about Android security just keep on coming. Are you focused on the right MDM questions?
Hacker Apparently Triggers Illinois Water Pump Burnout
News  |  11/21/2011  | 
Attack illustrates the extent to which industrial control systems are Internet-connected, yet lack basic password checks or access controls.
App Freedom Vs. Corporate Security
Commentary  |  11/18/2011  | 
IT has to walk a fine line when securing user-owned mobile devices.
Windows 8 To Streamline Patching Reboots
News  |  11/17/2011  | 
Only one restart per month to coincide with Patch Tuesday
Facebook Porn Spam Appears Unrelated To Anonymous
News  |  11/17/2011  | 
Despite initial reports of a link, Facebook spam carrying pornographic images wasn't related to Fawkes, new malware supposedly developed by Anonymous, security experts say.
GAO Rips IRS Taxpayer Data Security
News  |  11/17/2011  | 
Auditors find holes in the federal revenue agency's database access control and security.
Facebook: Porn, Violent Images Were Self-Inflicted
Quick Hits  |  11/16/2011  | 
Surprising images on Facebook walls are result of "self-cross-site scripting" vulnerability, social media giant says
Romanian Accused Of NASA Hacks
News  |  11/16/2011  | 
A 26-year-old Romanian man stands accused of hacking into NASA servers, modifying data, and restricting access to them last December.
7 Facts On Duqu Malware Attacks
News  |  11/16/2011  | 
Research into Duqu malware finds a component compiled in 2007, but identified successful attacks that occurred as recent as April 2011.
Focus Needed To Stem Increase In Insider Fraud
News  |  11/15/2011  | 
Latest global fraud report shows an overall decrease in fraud, but an increase in insider fraud; companies that take security measures fare best
Encryption Security Lags In Healthcare?
News  |  11/14/2011  | 
Tech leaders warn policymakers that even as more electronic health records flood health IT systems, more encryption is needed.
Computershare Data Theft Underscores Insider Threat Risk
News  |  11/11/2011  | 
Former risk management professional walked off with confidential company data, says lawsuit.
So You Want To Be A Zero Day Exploit Millionaire?
Commentary  |  11/10/2011  | 
On the active market for reporting and selling zero day vulnerabilities, you can make big money. But you'll have to answer difficult ethical questions.
Teaming Up To Take Down Threats
News  |  11/10/2011  | 
Security professionals are leery of one-way public-private partnerships, but Operation Ghost Click shows that the model is necessary to take on international threats
DARPA Seeks New Methods For Biometric Authentication
News  |  11/10/2011  | 
Defense Department invites experts to discuss ways to identify people when they sign into to computers without interrupting their normal activity flow.
Prisons May Be Vulnerable To Stuxnet-Style Attack
News  |  11/10/2011  | 
Researchers found easy-to-write malware could subvert prison control systems, cause spontaneous opening of all cell doors.
Public Cloud Security Credentials Flunk A Research Test
News  |  11/10/2011  | 
Researchers who grabbed security credentials via Google code search advise caution regarding sensitive data and public cloud services.
Cloud Services Credentials Easily Stolen Via Google Code Search
News  |  11/9/2011  | 
Public cloud services are not safe for storing sensitive data, researchers say
Why Patches Don't Stop Most Attacks
News  |  11/9/2011  | 
Verizon's annual breach report shows few attacks exploit patchable vulnerabilities. Do you need to re-evaluate your security policies?
The Curious Case Of Unpatchable Vulnerabilities
News  |  11/8/2011  | 
Verizon's annual breach investigations reports have consistently shown that fewer -- and in the most recent edition, only five of 381 -- attacks exploit vulnerabilities that could have been patched. Should companies re-evaluate their priorities?
Report: Security From The Inside Out
Quick Hits  |  11/8/2011  | 
New report offers retrospective on recent insider attacks, threats, and defenses
Companies Should Embrace, Not Fear, The iPad
News  |  11/7/2011  | 
The mobile devices bring a different set of threats, but more employees on hard-to-hack tablets means better security
Did Anonymous Crash Israeli Government Websites?
News  |  11/7/2011  | 
Israel blames crash on a server error, but Anonymous said outage was retaliation for the country's blockade of Gaza.
Enterprises Still Ignore Security Risks In New Apps
News  |  11/7/2011  | 
Despite widespread threats and breaches, most enterprises treat security issues in new apps as an afterthought, says Ernst & Young survey.
U.S., Europe Do First Joint Exercise On Cybersecurity
News  |  11/4/2011  | 
Cyber Atlantic 2011 Exercise involved more than 20 nations that responded to two simulated cyber attacks.
Will Cloud Signaling Contain DDoS Attacks?
News  |  11/4/2011  | 
Arbor Networks' "Bat-signal" for distributed denial of service attacks culls your network service provider's resources to help stop it.
Product Watch: New Free Duqu Scanner Released
News  |  11/4/2011  | 
NSS Labs offers open-source tool for finding new Duqu drivers
SMB Security: Don't Get Held For Cyber Ransom
News  |  11/4/2011  | 
Targeted attacks aren't just the bane of big business. Here's an expert take on how SMBs can prevent cyber crooks from hijacking their data and other corporate assets.
Microsoft Details Duqu Workaround
News  |  11/4/2011  | 
Patch Tuesday next week won't have a fix for the newly discovered zero-day vulnerability, but Microsoft says it will deliver one as soon as it can.
DDI Announces Discovery Of IBM Websphere Application Server Vulnerability
News  |  11/3/2011  | 
Security issue was revealed using NIRV
Feds Cite Chinese Cyber Army Capability
News  |  11/3/2011  | 
U.S. government report blames China and Russia for cyber theft of U.S. economic secrets, but one expert questions China's actual hacking capabilities.
Cloud Security Doubted By Most IT Executives
News  |  11/3/2011  | 
Two-thirds of IT pros don't believe they can secure cloud infrastructure as well as on-premises environments, research says.
Duqu Malware: Still No Patch
News  |  11/2/2011  | 
Malware exploits Microsoft Windows kernel zero-day vulnerability. Installer file is a Word document.
Testing Your Endpoints Against Advanced Threats
Commentary  |  11/2/2011  | 
Why your pen-test efforts probably aren't preparing you for the worst by testing endpoint resilience
Big Names Fail Social Engineering Security Test
News  |  11/1/2011  | 
DefCon 'capture the flag' contest succeeded in taking data from employees at 14 major companies, including Apple, Oracle, and United Airlines.
Page 1 / 2   >   >>


AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4147
PUBLISHED: 2019-09-16
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.
CVE-2019-5481
PUBLISHED: 2019-09-16
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
CVE-2019-5482
PUBLISHED: 2019-09-16
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
CVE-2019-15741
PUBLISHED: 2019-09-16
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
CVE-2019-16370
PUBLISHED: 2019-09-16
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.