Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in November 2012
Ransomware, Social Scams Lead 2013 SMB Security Fears
News  |  11/30/2012  | 
Expect the bad guys to spend more time pursuing small and midsize business (SMB) targets on mobile, cloud, and social platforms, Symantec says.
Microsoft Security Essentials Loses AV Certification
News  |  11/30/2012  | 
Independent German AV-Test firm pulls seal of approval for Microsoft's free antivirus software, saying it detected only 64% of zero-day threats on Windows 7.
Syria Hits Internet Kill Switch; Blackout Continues
News  |  11/30/2012  | 
For more than 24 hours, Internet access has been disabled for nearly all of Syria. Anonymous has renewed its attack on Syrian government websites.
iPhone, iPad Email Attack Could Compromise Routers
News  |  11/30/2012  | 
Legitimate-looking email messages opened on iPhone, iPad or OS X systems can be used by hackers to gain control of routers, reports security researcher.
Should LulzSec Suspect Face Life In Prison?
Commentary  |  11/29/2012  | 
Computer hacking, identity theft, and fraudulent credit card charges could add up to 30 years to life for alleged Stratfor hacker Jeremy Hammond.
US-CERT: Samsung Printer Firmware Contains Backdoor
Quick Hits  |  11/29/2012  | 
Samsung printers contain a hard-coded account that could allow a remote attacker to take control
Financial Malware Detects Remote Desktop Environments To Evade Researchers
News  |  11/28/2012  | 
'Shylock' malware joins the list of malicious programs enhancing their defenses to avoid analysis by researchers
Samsung Printers Have Hidden Security Risk
News  |  11/28/2012  | 
Some Samsung printers, and Dell-branded printers manufactured by Samsung, can be remotely accessed by attackers. Here's how.
White House Issues Insider Threat Policy
News  |  11/28/2012  | 
Policy sets minimum standards to deter, detect and respond to insider threats in federal government.
Thanksgiving SCADA Bug Hunt
Quick Hits  |  11/27/2012  | 
Researcher scares up more than 20 SCADA vulnerabilities -- one in just seven minutes -- on Thanksgiving Day
Accused LulzSec Hacker Could Face Life Imprisonment
News  |  11/27/2012  | 
Judge calls alleged Stratfor data breach mastermind 'flight risk,' denies bail; defense attorney suggests FBI entrapment.
Malware Corrupts Iranian Financial Databases
News  |  11/26/2012  | 
Iran downplays threat of Narilam financial malware, saying it dates from 2009 to 2010, and doesn't bear comparisons to Stuxnet, Duqu or Flame.
A More Courteous Kidnapper? Ransomware Changes Tactics
News  |  11/21/2012  | 
With an eye to the short term, cybercriminals turn to ransomware, forcing users to pay up or face long clean-up times -- but forgo the full encryption of data that made past attacks so vicious
Anonymous Steps Into Gaza Crisis
News  |  11/21/2012  | 
Website defacing and Anonymous DDoS campaign pale next to ongoing cyberattacks apparently launched from Iran and Palestine, security experts say.
Half Of Machines Shopping On Cyber Monday Likely Contain Vulnerabilities
Quick Hits  |  11/20/2012  | 
Meanwhile, businesses more worried about productivity than security threats
Facebook Gift Scams: How They Work
News  |  11/20/2012  | 
Beware complex scams that promote Costco, Starbucks vouchers, while making it tough for authorities to track down perpetrators.
RSA Upgrades Malware Defenses For Bank Transactions
News  |  11/20/2012  | 
Latest adaptive authentication technology adds new Trojan and man-in-the-middle defenses, plus risk assessment for ATM machine transactions.
Four Ways To Turn Insiders Into Assets
News  |  11/20/2012  | 
Stop thinking about employees as threats and train them to make your company harder to attack
Facebook Adopts Secure Web Pages By Default
News  |  11/19/2012  | 
Facebook has finally started using HTTPS by default, following a 2010 FTC demand and in the distant footsteps of Google, Twitter, and Hotmail.
Tech Insight: Better Defense Through Open-Source Intelligence
News  |  11/18/2012  | 
Corporate defenders can use the same publicly available information sources that attackers do, but to better secure their data
Windows 8 Compatibility Plagues Antivirus Tools
News  |  11/16/2012  | 
Don't try installing free tools from popular antivirus developer Avira on Windows 8 systems yet.
All Security Technologies Are Not Data Loss Prevention
Commentary  |  11/15/2012  | 
While security technologies may share the common goal of protecting an organization's sensitive data, not all can -- or should -- be called data loss prevention
Stolen NASA Laptop Had Unencrypted Employee Data
News  |  11/15/2012  | 
Data breach drives NASA to now require that at minimum, all sensitive files stored on laptops be encrypted.
Most Organizations Unprepared For DDoS Attacks, Study Says
Quick Hits  |  11/15/2012  | 
Nearly two-thirds of companies have experienced at least three denial-of-service attacks in the past year, Ponemon study reports
Obama Secret Order Authorizes Cybersecurity Strikebacks
News  |  11/14/2012  | 
Secret policy details how military units may be used to launch offensive cyber operations in the wake of online attacks against the United States.
Petraeus Mission Impossible: Cloaking Email, Online Identities
Commentary  |  11/14/2012  | 
So-called security experts making basic information security errors isn't a new occurrence. Arguably, it even led to the rise of the Anonymous hacktivist collective.
Skype Deals With Account Hijacking Exploit
News  |  11/14/2012  | 
Months after being notified of a vulnerability described as "child's play" to exploit, Skype has temporarily addressed the issue by disabling password resets.
The Petraeus Affair: Surveillance State Stopper?
Commentary  |  11/13/2012  | 
Lawmakers, now reminded of their own vulnerability, need to strengthen email privacy protections. Companies need to do more to help customers protect content.
Petraeus Fallout: 5 Gmail Security Facts
News  |  11/13/2012  | 
Where did the former CIA director and the woman with whom he was having an affair go wrong? Learn from his experience with Gmail.
McAfee Founder Says Belize Framing Him For Murder
News  |  11/13/2012  | 
Millionaire John McAfee, who founded the eponymous antivirus vendor -- since bought by Intel -- says he's being framed by Belizean authorities in a murder case and is now on the run.
Cyber Weapon Friendly Fire: Chevron Stuxnet Fallout
News  |  11/12/2012  | 
Malware's jump from Iranian uranium enrichment facility to energy giant highlights the downside to custom-made espionage malware -- its capability to infect friends as well as foes.
Espionage Malware Network Targets Israel, Palestine
News  |  11/12/2012  | 
Botnet operators have been infecting multiple targets for more than a year using phishing attacks and Xtreme RAT, reports security firm.
Finding Rootkits By Monitoring For 'Black Sheep'
News  |  11/9/2012  | 
Looking for kernel changes among flocks of computers can help organizations detect rootkits, according to team of researchers
Google Blocked In China
News  |  11/9/2012  | 
Google gets gagged as China goes through a leadership change.
Windows 8, RT Get First Security Fixes
News  |  11/9/2012  | 
Microsoft's first set of Windows 8 and Windows RT patches for critical vulnerabilities hits next week.
Twitter Password Security: 5 Things To Know
News  |  11/9/2012  | 
Twitter's response to compromised accounts teaches us lessons in social (networking) security.
Companies Need Defenses Against Mobile Malware
News  |  11/8/2012  | 
While infection rates -- at least in the U.S. -- remain low, cybercriminals are writing more malware for Android, Symbian, and other platforms. At some point, they'll find the right recipe for profit
Sophos AV Teardown Reveals Critical Vulnerabilities
News  |  11/7/2012  | 
Antivirus vendor says it's patched all software flaws disclosed by researcher, some of which could be used to remotely control Windows, Mac, or Linux system.
Malware Tools Get Smarter To Nab Financial Data
News  |  11/7/2012  | 
New versions of the Gh0st RAT Trojan -- believed to be used by China -- and the Citadel cybercrime kit both advance the malicious state of the art.
Spooky Link Found Between Gh0st RAT, DDoS Botnet
Quick Hits  |  11/6/2012  | 
FireEye researchers detail findings of a combination cyberespionage-DDoS Trojan infection
SCADA Security In A Post-Stuxnet World
News  |  11/6/2012  | 
More SCADA bugs, exploits in the wake of Stuxnet, but gradually improving security in some products, new data shows
More VMware Source Code Leaks To Internet
News  |  11/6/2012  | 
Does the second release -- in less than a year -- of stolen VMware ESX source code put users at risk?
Hackers Hit Symantec, ImageShack, But Not PayPal
News  |  11/6/2012  | 
Despite threats, Anonymous did not take down Facebook or Zynga on Monday. But other hackers detailed their own exploits, releasing employee credentials and source code.
Preventing Infrastructure From Becoming An Insider Attack
News  |  11/6/2012  | 
Vulnerable technology supply chains have become a concern of security professionals and politicians alike, but a few steps could help minimize the possibility of attacks
Ex-NSA Official Heads New Global Consortium Issuing Attack-Driven Security Controls
News  |  11/5/2012  | 
'Volunteer army' issues Top 20 Critical Security Controls that public- and private-sector organizations should use for locking down their environments from the latest attacks
Tech Insight: Five Steps To Implementing Security Intelligence
News  |  11/4/2012  | 
Building an initiative to collect and analyze threat and risk information takes some planning. Here's a look at the key steps toward making it happen
Apache Server Setting Mistakes Can Aid Hackers
News  |  11/2/2012  | 
Numerous large companies that use free Apache server software leave internal status pages visible, which can help hackers exploit networks.
9 Facts: Play Offense Against Security Breaches
News  |  11/2/2012  | 
Striking back by hacking hackers is a legal and corporate no-no. But IT and security managers can shore up defenses and trick attackers into revealing their identities.

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The 10 Most Impactful Types of Vulnerabilities for Enterprises Today
Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-03-27
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation.
PUBLISHED: 2023-03-27
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code.
PUBLISHED: 2023-03-27
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation.
PUBLISHED: 2023-03-27
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.
PUBLISHED: 2023-03-27
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0.