Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in November 2012
Ransomware, Social Scams Lead 2013 SMB Security Fears
News  |  11/30/2012  | 
Expect the bad guys to spend more time pursuing small and midsize business (SMB) targets on mobile, cloud, and social platforms, Symantec says.
Microsoft Security Essentials Loses AV Certification
News  |  11/30/2012  | 
Independent German AV-Test firm pulls seal of approval for Microsoft's free antivirus software, saying it detected only 64% of zero-day threats on Windows 7.
Syria Hits Internet Kill Switch; Blackout Continues
News  |  11/30/2012  | 
For more than 24 hours, Internet access has been disabled for nearly all of Syria. Anonymous has renewed its attack on Syrian government websites.
iPhone, iPad Email Attack Could Compromise Routers
News  |  11/30/2012  | 
Legitimate-looking email messages opened on iPhone, iPad or OS X systems can be used by hackers to gain control of routers, reports security researcher.
Should LulzSec Suspect Face Life In Prison?
Commentary  |  11/29/2012  | 
Computer hacking, identity theft, and fraudulent credit card charges could add up to 30 years to life for alleged Stratfor hacker Jeremy Hammond.
US-CERT: Samsung Printer Firmware Contains Backdoor
Quick Hits  |  11/29/2012  | 
Samsung printers contain a hard-coded account that could allow a remote attacker to take control
Financial Malware Detects Remote Desktop Environments To Evade Researchers
News  |  11/28/2012  | 
'Shylock' malware joins the list of malicious programs enhancing their defenses to avoid analysis by researchers
Samsung Printers Have Hidden Security Risk
News  |  11/28/2012  | 
Some Samsung printers, and Dell-branded printers manufactured by Samsung, can be remotely accessed by attackers. Here's how.
White House Issues Insider Threat Policy
News  |  11/28/2012  | 
Policy sets minimum standards to deter, detect and respond to insider threats in federal government.
Thanksgiving SCADA Bug Hunt
Quick Hits  |  11/27/2012  | 
Researcher scares up more than 20 SCADA vulnerabilities -- one in just seven minutes -- on Thanksgiving Day
Accused LulzSec Hacker Could Face Life Imprisonment
News  |  11/27/2012  | 
Judge calls alleged Stratfor data breach mastermind 'flight risk,' denies bail; defense attorney suggests FBI entrapment.
Malware Corrupts Iranian Financial Databases
News  |  11/26/2012  | 
Iran downplays threat of Narilam financial malware, saying it dates from 2009 to 2010, and doesn't bear comparisons to Stuxnet, Duqu or Flame.
A More Courteous Kidnapper? Ransomware Changes Tactics
News  |  11/21/2012  | 
With an eye to the short term, cybercriminals turn to ransomware, forcing users to pay up or face long clean-up times -- but forgo the full encryption of data that made past attacks so vicious
Anonymous Steps Into Gaza Crisis
News  |  11/21/2012  | 
Website defacing and Anonymous DDoS campaign pale next to ongoing cyberattacks apparently launched from Iran and Palestine, security experts say.
Half Of Machines Shopping On Cyber Monday Likely Contain Vulnerabilities
Quick Hits  |  11/20/2012  | 
Meanwhile, businesses more worried about productivity than security threats
Facebook Gift Scams: How They Work
News  |  11/20/2012  | 
Beware complex scams that promote Costco, Starbucks vouchers, while making it tough for authorities to track down perpetrators.
RSA Upgrades Malware Defenses For Bank Transactions
News  |  11/20/2012  | 
Latest adaptive authentication technology adds new Trojan and man-in-the-middle defenses, plus risk assessment for ATM machine transactions.
Four Ways To Turn Insiders Into Assets
News  |  11/20/2012  | 
Stop thinking about employees as threats and train them to make your company harder to attack
Facebook Adopts Secure Web Pages By Default
News  |  11/19/2012  | 
Facebook has finally started using HTTPS by default, following a 2010 FTC demand and in the distant footsteps of Google, Twitter, and Hotmail.
Tech Insight: Better Defense Through Open-Source Intelligence
News  |  11/18/2012  | 
Corporate defenders can use the same publicly available information sources that attackers do, but to better secure their data
Windows 8 Compatibility Plagues Antivirus Tools
News  |  11/16/2012  | 
Don't try installing free tools from popular antivirus developer Avira on Windows 8 systems yet.
All Security Technologies Are Not Data Loss Prevention
Commentary  |  11/15/2012  | 
While security technologies may share the common goal of protecting an organization's sensitive data, not all can -- or should -- be called data loss prevention
Stolen NASA Laptop Had Unencrypted Employee Data
News  |  11/15/2012  | 
Data breach drives NASA to now require that at minimum, all sensitive files stored on laptops be encrypted.
Most Organizations Unprepared For DDoS Attacks, Study Says
Quick Hits  |  11/15/2012  | 
Nearly two-thirds of companies have experienced at least three denial-of-service attacks in the past year, Ponemon study reports
Obama Secret Order Authorizes Cybersecurity Strikebacks
News  |  11/14/2012  | 
Secret policy details how military units may be used to launch offensive cyber operations in the wake of online attacks against the United States.
Petraeus Mission Impossible: Cloaking Email, Online Identities
Commentary  |  11/14/2012  | 
So-called security experts making basic information security errors isn't a new occurrence. Arguably, it even led to the rise of the Anonymous hacktivist collective.
Skype Deals With Account Hijacking Exploit
News  |  11/14/2012  | 
Months after being notified of a vulnerability described as "child's play" to exploit, Skype has temporarily addressed the issue by disabling password resets.
The Petraeus Affair: Surveillance State Stopper?
Commentary  |  11/13/2012  | 
Lawmakers, now reminded of their own vulnerability, need to strengthen email privacy protections. Companies need to do more to help customers protect content.
Petraeus Fallout: 5 Gmail Security Facts
News  |  11/13/2012  | 
Where did the former CIA director and the woman with whom he was having an affair go wrong? Learn from his experience with Gmail.
McAfee Founder Says Belize Framing Him For Murder
News  |  11/13/2012  | 
Millionaire John McAfee, who founded the eponymous antivirus vendor -- since bought by Intel -- says he's being framed by Belizean authorities in a murder case and is now on the run.
Cyber Weapon Friendly Fire: Chevron Stuxnet Fallout
News  |  11/12/2012  | 
Malware's jump from Iranian uranium enrichment facility to energy giant highlights the downside to custom-made espionage malware -- its capability to infect friends as well as foes.
Espionage Malware Network Targets Israel, Palestine
News  |  11/12/2012  | 
Botnet operators have been infecting multiple targets for more than a year using phishing attacks and Xtreme RAT, reports security firm.
Finding Rootkits By Monitoring For 'Black Sheep'
News  |  11/9/2012  | 
Looking for kernel changes among flocks of computers can help organizations detect rootkits, according to team of researchers
Google Blocked In China
News  |  11/9/2012  | 
Google gets gagged as China goes through a leadership change.
Windows 8, RT Get First Security Fixes
News  |  11/9/2012  | 
Microsoft's first set of Windows 8 and Windows RT patches for critical vulnerabilities hits next week.
Twitter Password Security: 5 Things To Know
News  |  11/9/2012  | 
Twitter's response to compromised accounts teaches us lessons in social (networking) security.
Companies Need Defenses Against Mobile Malware
News  |  11/8/2012  | 
While infection rates -- at least in the U.S. -- remain low, cybercriminals are writing more malware for Android, Symbian, and other platforms. At some point, they'll find the right recipe for profit
Sophos AV Teardown Reveals Critical Vulnerabilities
News  |  11/7/2012  | 
Antivirus vendor says it's patched all software flaws disclosed by researcher, some of which could be used to remotely control Windows, Mac, or Linux system.
Malware Tools Get Smarter To Nab Financial Data
News  |  11/7/2012  | 
New versions of the Gh0st RAT Trojan -- believed to be used by China -- and the Citadel cybercrime kit both advance the malicious state of the art.
Spooky Link Found Between Gh0st RAT, DDoS Botnet
Quick Hits  |  11/6/2012  | 
FireEye researchers detail findings of a combination cyberespionage-DDoS Trojan infection
SCADA Security In A Post-Stuxnet World
News  |  11/6/2012  | 
More SCADA bugs, exploits in the wake of Stuxnet, but gradually improving security in some products, new data shows
More VMware Source Code Leaks To Internet
News  |  11/6/2012  | 
Does the second release -- in less than a year -- of stolen VMware ESX source code put users at risk?
Hackers Hit Symantec, ImageShack, But Not PayPal
News  |  11/6/2012  | 
Despite threats, Anonymous did not take down Facebook or Zynga on Monday. But other hackers detailed their own exploits, releasing employee credentials and source code.
Preventing Infrastructure From Becoming An Insider Attack
News  |  11/6/2012  | 
Vulnerable technology supply chains have become a concern of security professionals and politicians alike, but a few steps could help minimize the possibility of attacks
Ex-NSA Official Heads New Global Consortium Issuing Attack-Driven Security Controls
News  |  11/5/2012  | 
'Volunteer army' issues Top 20 Critical Security Controls that public- and private-sector organizations should use for locking down their environments from the latest attacks
Tech Insight: Five Steps To Implementing Security Intelligence
News  |  11/4/2012  | 
Building an initiative to collect and analyze threat and risk information takes some planning. Here's a look at the key steps toward making it happen
Apache Server Setting Mistakes Can Aid Hackers
News  |  11/2/2012  | 
Numerous large companies that use free Apache server software leave internal status pages visible, which can help hackers exploit networks.
9 Facts: Play Offense Against Security Breaches
News  |  11/2/2012  | 
Striking back by hacking hackers is a legal and corporate no-no. But IT and security managers can shore up defenses and trick attackers into revealing their identities.


Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19071
PUBLISHED: 2019-11-18
A memory leak in the rsi_send_beacon() function in drivers/net/wireless/rsi/rsi_91x_mgmt.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering rsi_prepare_beacon() failures, aka CID-d563131ef23c.
CVE-2019-19072
PUBLISHED: 2019-11-18
A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-96c5c6e6a5b6.
CVE-2019-19073
PUBLISHED: 2019-11-18
Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, ...
CVE-2019-19074
PUBLISHED: 2019-11-18
A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.
CVE-2019-19075
PUBLISHED: 2019-11-18
A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures, aka CID-6402939ec86e.