Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in November 2011
Page 1 / 2   >   >>
Major Email Providers Set Phish Trap
News  |  11/30/2011  | 
Agari's Email Trust Fabric finds fans at AOL, Google, Microsoft, and Yahoo. The goal: Stop spoofing of legitimate email domains.
Slide Show: Top 10 Holiday Phishing Scams
Slideshows  |  11/30/2011  | 
The following scams demonstrate the ways attackers are crafting their messages during the holidays
Anonymous Threatens Robin Hood Attacks Against Banks
News  |  11/30/2011  | 
Hacktivist group says it will steal credit card data from commercial banks and use the information to donate to charities and protest groups.
It's Time to Dump The 'Insider Threat'
Commentary  |  11/30/2011  | 
Blaming the "insider threat" merely hides your real security risks
Analyzing Data To Pinpoint Rogue Insiders
News  |  11/29/2011  | 
Companies and universities look for specific algorithms that will help identify malicious insiders and compromised systems that are acting as insiders
Marriott Hacker's Blackmail Goal: An IT Job
News  |  11/29/2011  | 
Hungarian man threatened to expose confidential company information he'd stolen unless the hotel chain offered him a job.
Five Ways To Secure The Consumer IT Invasion At Work
News  |  11/23/2011  | 
Companies have had to deal with increasing amounts of worker-owned device in the networks
DHS, FBI Dispute Illinois Water Hack
News  |  11/23/2011  | 
Feds say their preliminary investigation finds no evidence of stolen credentials or foreign attackers.
Firms Slow To Secure Flaws In Embedded Devices
News  |  11/22/2011  | 
While operating systems and PC applications have evolved fast patch mechanisms, the proliferation of slow-to-patch embedded devices leaves companies vulnerable
Computer Crime Year In Review by Jennifer Granick
News  |  11/21/2011  | 
EFF's Civil Liberties Director, Jennifer Granick's Black Hat talk: Computer Crime Year in Review - MySpace, MBTA, Boston College and more. Granick discusses some special cases and the the application of legal statutes for them.
Fighting Russian Cybercrime Mobsters: by Dmitri Alperovitch and Keith Mularski
News  |  11/21/2011  | 
McAfee Threat Research VP Dmitri Alperovitch and FBI Supervisory Special Agent Keith Mularski discuss the evolution of Russian organized crime into the area of CyberCrime.
Lockpicking Forensics - Black Hat 2009
News  |  11/21/2011  | 
Destruction is still the most common way to break in somewhere. Datagram provides a talk on Lockpicking Forensics at Black Hat, covering how locks and picks work, various techniques, the affect of normal wear, lock and key analysis and investigation.
Hacking The Smart Grid - Black Hat 2009
News  |  11/21/2011  | 
FYRM Associates Principal Tony Flick presents research on hacking the smart grid. He talks about the components of the smart grid, the problems (both found and potential), and finally some solutions.
APT Or Not APT? Discovering Who Is Attacking The Network
News  |  11/21/2011  | 
Corporate networks face a variety of attacks every day, yet pinpointing the most serious attacks are no easy matter
7 Facebook Security Problems Linger
News  |  11/21/2011  | 
Social networking giant might have fixed its porn problem, but it has plenty of other issues to reckon with, experts say.
Android Security Becomes FUD Fest
Commentary  |  11/21/2011  | 
Big scary warnings about Android security just keep on coming. Are you focused on the right MDM questions?
Hacker Apparently Triggers Illinois Water Pump Burnout
News  |  11/21/2011  | 
Attack illustrates the extent to which industrial control systems are Internet-connected, yet lack basic password checks or access controls.
App Freedom Vs. Corporate Security
Commentary  |  11/18/2011  | 
IT has to walk a fine line when securing user-owned mobile devices.
Windows 8 To Streamline Patching Reboots
News  |  11/17/2011  | 
Only one restart per month to coincide with Patch Tuesday
Facebook Porn Spam Appears Unrelated To Anonymous
News  |  11/17/2011  | 
Despite initial reports of a link, Facebook spam carrying pornographic images wasn't related to Fawkes, new malware supposedly developed by Anonymous, security experts say.
GAO Rips IRS Taxpayer Data Security
News  |  11/17/2011  | 
Auditors find holes in the federal revenue agency's database access control and security.
Facebook: Porn, Violent Images Were Self-Inflicted
Quick Hits  |  11/16/2011  | 
Surprising images on Facebook walls are result of "self-cross-site scripting" vulnerability, social media giant says
Romanian Accused Of NASA Hacks
News  |  11/16/2011  | 
A 26-year-old Romanian man stands accused of hacking into NASA servers, modifying data, and restricting access to them last December.
7 Facts On Duqu Malware Attacks
News  |  11/16/2011  | 
Research into Duqu malware finds a component compiled in 2007, but identified successful attacks that occurred as recent as April 2011.
Focus Needed To Stem Increase In Insider Fraud
News  |  11/15/2011  | 
Latest global fraud report shows an overall decrease in fraud, but an increase in insider fraud; companies that take security measures fare best
Encryption Security Lags In Healthcare?
News  |  11/14/2011  | 
Tech leaders warn policymakers that even as more electronic health records flood health IT systems, more encryption is needed.
Computershare Data Theft Underscores Insider Threat Risk
News  |  11/11/2011  | 
Former risk management professional walked off with confidential company data, says lawsuit.
So You Want To Be A Zero Day Exploit Millionaire?
Commentary  |  11/10/2011  | 
On the active market for reporting and selling zero day vulnerabilities, you can make big money. But you'll have to answer difficult ethical questions.
Teaming Up To Take Down Threats
News  |  11/10/2011  | 
Security professionals are leery of one-way public-private partnerships, but Operation Ghost Click shows that the model is necessary to take on international threats
DARPA Seeks New Methods For Biometric Authentication
News  |  11/10/2011  | 
Defense Department invites experts to discuss ways to identify people when they sign into to computers without interrupting their normal activity flow.
Prisons May Be Vulnerable To Stuxnet-Style Attack
News  |  11/10/2011  | 
Researchers found easy-to-write malware could subvert prison control systems, cause spontaneous opening of all cell doors.
Public Cloud Security Credentials Flunk A Research Test
News  |  11/10/2011  | 
Researchers who grabbed security credentials via Google code search advise caution regarding sensitive data and public cloud services.
Cloud Services Credentials Easily Stolen Via Google Code Search
News  |  11/9/2011  | 
Public cloud services are not safe for storing sensitive data, researchers say
Why Patches Don't Stop Most Attacks
News  |  11/9/2011  | 
Verizon's annual breach report shows few attacks exploit patchable vulnerabilities. Do you need to re-evaluate your security policies?
The Curious Case Of Unpatchable Vulnerabilities
News  |  11/8/2011  | 
Verizon's annual breach investigations reports have consistently shown that fewer -- and in the most recent edition, only five of 381 -- attacks exploit vulnerabilities that could have been patched. Should companies re-evaluate their priorities?
Report: Security From The Inside Out
Quick Hits  |  11/8/2011  | 
New report offers retrospective on recent insider attacks, threats, and defenses
Companies Should Embrace, Not Fear, The iPad
News  |  11/7/2011  | 
The mobile devices bring a different set of threats, but more employees on hard-to-hack tablets means better security
Did Anonymous Crash Israeli Government Websites?
News  |  11/7/2011  | 
Israel blames crash on a server error, but Anonymous said outage was retaliation for the country's blockade of Gaza.
Enterprises Still Ignore Security Risks In New Apps
News  |  11/7/2011  | 
Despite widespread threats and breaches, most enterprises treat security issues in new apps as an afterthought, says Ernst & Young survey.
U.S., Europe Do First Joint Exercise On Cybersecurity
News  |  11/4/2011  | 
Cyber Atlantic 2011 Exercise involved more than 20 nations that responded to two simulated cyber attacks.
Will Cloud Signaling Contain DDoS Attacks?
News  |  11/4/2011  | 
Arbor Networks' "Bat-signal" for distributed denial of service attacks culls your network service provider's resources to help stop it.
Product Watch: New Free Duqu Scanner Released
News  |  11/4/2011  | 
NSS Labs offers open-source tool for finding new Duqu drivers
SMB Security: Don't Get Held For Cyber Ransom
News  |  11/4/2011  | 
Targeted attacks aren't just the bane of big business. Here's an expert take on how SMBs can prevent cyber crooks from hijacking their data and other corporate assets.
Microsoft Details Duqu Workaround
News  |  11/4/2011  | 
Patch Tuesday next week won't have a fix for the newly discovered zero-day vulnerability, but Microsoft says it will deliver one as soon as it can.
DDI Announces Discovery Of IBM Websphere Application Server Vulnerability
News  |  11/3/2011  | 
Security issue was revealed using NIRV
Feds Cite Chinese Cyber Army Capability
News  |  11/3/2011  | 
U.S. government report blames China and Russia for cyber theft of U.S. economic secrets, but one expert questions China's actual hacking capabilities.
Cloud Security Doubted By Most IT Executives
News  |  11/3/2011  | 
Two-thirds of IT pros don't believe they can secure cloud infrastructure as well as on-premises environments, research says.
Duqu Malware: Still No Patch
News  |  11/2/2011  | 
Malware exploits Microsoft Windows kernel zero-day vulnerability. Installer file is a Word document.
Testing Your Endpoints Against Advanced Threats
Commentary  |  11/2/2011  | 
Why your pen-test efforts probably aren't preparing you for the worst by testing endpoint resilience
Big Names Fail Social Engineering Security Test
News  |  11/1/2011  | 
DefCon 'capture the flag' contest succeeded in taking data from employees at 14 major companies, including Apple, Oracle, and United Airlines.
Page 1 / 2   >   >>


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
6 Top Nontechnical Degrees for Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/21/2019
Anatomy of a BEC Scam
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15593
PUBLISHED: 2019-11-22
GitLab 12.2.3 contains a security vulnerability that allows a user to affect the availability of the service through a Denial of Service attack in Issue Comments.
CVE-2019-16285
PUBLISHED: 2019-11-22
If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive.
CVE-2019-16286
PUBLISHED: 2019-11-22
An attacker may be able to bypass the OS application filter meant to restrict applications that can be executed by changing browser preferences to launch a separate process that in turn can execute arbitrary commands.
CVE-2019-16287
PUBLISHED: 2019-11-22
An attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed commands with elevated privileges.
CVE-2019-18909
PUBLISHED: 2019-11-22
The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges.