Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in December 2009
2010 Security Outlook: Reply Hazy, Try Again
News  |  12/30/2009  | 
Security researchers, experts don't show much agreement on the coming year's threats
Adobe To Surpass Microsoft As Hacker Target
News  |  12/30/2009  | 
McAfee says Adobe Reader and Flash will top Microsoft Office as the favorite target of cybercriminals in 2010.
Hacker Breaks GSM Mobile Phone Code
News  |  12/29/2009  | 
A German computer scientist has cracked the encryption algorithm that secures 80% of the world's mobile phones, but it's far from a practical attack.
After Hacks, Louisiana Restaurants Sue POS Companies
Quick Hits  |  12/29/2009  | 
More than 100,000 credit cards exposed by keylogger attack, Secret Service says
Top 10 Security Challenges For 2010
News  |  12/24/2009  | 
Cloud-hosted malware, bot blasts, compromised smartphones, and privacy-busting malvertising are a few of the security pitfalls we can expect this year.
4 Factors To Consider Before Firing Up That DLP Solution
News  |  12/21/2009  | 
There's an ugly truth that DLP vendors don't like to talk about
Lab Test Results: Symantec, Kaspersky Lab, PC Tools, AVG, Detect The Most Zero-Day Attacks
News  |  12/17/2009  | 
AV-Test finds detection rates of 83 to 90 percent, but rival lab says rates are actually 29 to 64 percent
Government Grapples With EMR Security, Privacy
News  |  12/15/2009  | 
Healthcare providers aren't stepping up to protect privacy of electronic medical records. Can the government provide adequate data security?
Hackers Take Aim At COFEE With DECAF
News  |  12/14/2009  | 
Anti-forensics tool promises to inhibit popular law enforcement software
Strong Authentication Not Strong Enough
News  |  12/14/2009  | 
Cyber thieves are defeating two-factor authentication systems. Gartner recommends defense-in-depth.
Product Watch: Core Adds Wireless To Penetration Test Tool
News  |  12/13/2009  | 
Impact Version 10 adds support for wireless support, more Web vulnerabilities
Report: Enterprise Endpoints Behaving Badly
Quick Hits  |  12/11/2009  | 
Scan of 100,000 endpoints at 25 different enterprises reveals unauthorized P2P activity, missing application agents, misconfigured or missing antivirus
Facebook Christmas Worm Spreads Holiday Infection
News  |  12/9/2009  | 
Koobface, the worm that has plagued Facebook, Twitter and other social sites, is back.
IPSes Require Custom-Tuning For Best Results, Lab Tests Find
News  |  12/9/2009  | 
Intrusion prevention system products often don't operate at their promised throughput, NSS Labs report finds
Cyber Attacks Take On A New Hue
News  |  12/8/2009  | 
Cisco paints the current online environment in a light orange hue -- that's 7.2 on a scale of 1 to 10
Hacker Exposes Unfixed Security Flaws In Pentagon Website
News  |  12/8/2009  | 
Romanian hacker posts proof-of-concept attacks for Pentagon's public Website
Cisco Security Report Sees Social Media Risk
News  |  12/8/2009  | 
Bad passwords, inconsistent patching, excessive information sharing, and outdated AV software are key ingredients in what Cisco calls a security "nightmare formula."
A Real Insider Threat Story
Commentary  |  12/8/2009  | 
I was sitting at my desk when my phone rang. I answered, and it was a large pharmaceutical company that was interested in consulting services. It had noticed a trend with one of its foreign competitors. Every time it went to release a new product (in this particular case a new drug), one of its competitors would release a similar drug with a similar name, several weeks before it, beating it to market.
Microsoft Warns Of Malware-Laced Counterfeit Software
News  |  12/7/2009  | 
Complaints about counterfeit software infected with malware doubled in past two years
Black Hat, Dark Reading To Hold 'Future Of Security' Event On Wednesday
Quick Hits  |  12/7/2009  | 
'Security: The Next Decade' features full slate of presentations from top security researchers, experts
Most Enterprises Ignoring Mobile Voice Security, Study Says
Quick Hits  |  12/4/2009  | 
Fear of call interception runs high, but only 18 percent of organizations currently encrypt mobile voice calls
Bank Phishing Attacks Snare Few Victims But Tally Major Damage
News  |  12/3/2009  | 
Live phishing attack data on major banks shows just a small percentage of victims translates into big profits for bad guys and big losses for bank customers
Northrop Grumman, Universities Team In Effort To Get Ahead Of Cybersecurity Threats
Quick Hits  |  12/3/2009  | 
New Northrop Grumman Cybersecurity Research Consortium (NGCRC) includes labs from Carnegie Mellon, MIT, Purdue
More Than Half Of Laptops At Risk In U.K. Organizations
Quick Hits  |  12/2/2009  | 
Survey finds 54 percent of organizations don't have data encryption tools on their business laptops and half don't run antivirus
Microsoft Says Patch Isn't Cause Of Black Screen
News  |  12/1/2009  | 
Black screen issues are not widespread and may be caused by malware, Microsoft insists.


News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27132
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
CVE-2021-25284
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
CVE-2021-3144
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
CVE-2021-3148
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
CVE-2021-3151
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...