Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in December 2009
2010 Security Outlook: Reply Hazy, Try Again
News  |  12/30/2009  | 
Security researchers, experts don't show much agreement on the coming year's threats
Adobe To Surpass Microsoft As Hacker Target
News  |  12/30/2009  | 
McAfee says Adobe Reader and Flash will top Microsoft Office as the favorite target of cybercriminals in 2010.
Hacker Breaks GSM Mobile Phone Code
News  |  12/29/2009  | 
A German computer scientist has cracked the encryption algorithm that secures 80% of the world's mobile phones, but it's far from a practical attack.
After Hacks, Louisiana Restaurants Sue POS Companies
Quick Hits  |  12/29/2009  | 
More than 100,000 credit cards exposed by keylogger attack, Secret Service says
Top 10 Security Challenges For 2010
News  |  12/24/2009  | 
Cloud-hosted malware, bot blasts, compromised smartphones, and privacy-busting malvertising are a few of the security pitfalls we can expect this year.
4 Factors To Consider Before Firing Up That DLP Solution
News  |  12/21/2009  | 
There's an ugly truth that DLP vendors don't like to talk about
Lab Test Results: Symantec, Kaspersky Lab, PC Tools, AVG, Detect The Most Zero-Day Attacks
News  |  12/17/2009  | 
AV-Test finds detection rates of 83 to 90 percent, but rival lab says rates are actually 29 to 64 percent
Government Grapples With EMR Security, Privacy
News  |  12/15/2009  | 
Healthcare providers aren't stepping up to protect privacy of electronic medical records. Can the government provide adequate data security?
Hackers Take Aim At COFEE With DECAF
News  |  12/14/2009  | 
Anti-forensics tool promises to inhibit popular law enforcement software
Strong Authentication Not Strong Enough
News  |  12/14/2009  | 
Cyber thieves are defeating two-factor authentication systems. Gartner recommends defense-in-depth.
Product Watch: Core Adds Wireless To Penetration Test Tool
News  |  12/13/2009  | 
Impact Version 10 adds support for wireless support, more Web vulnerabilities
Report: Enterprise Endpoints Behaving Badly
Quick Hits  |  12/11/2009  | 
Scan of 100,000 endpoints at 25 different enterprises reveals unauthorized P2P activity, missing application agents, misconfigured or missing antivirus
Facebook Christmas Worm Spreads Holiday Infection
News  |  12/9/2009  | 
Koobface, the worm that has plagued Facebook, Twitter and other social sites, is back.
IPSes Require Custom-Tuning For Best Results, Lab Tests Find
News  |  12/9/2009  | 
Intrusion prevention system products often don't operate at their promised throughput, NSS Labs report finds
Cyber Attacks Take On A New Hue
News  |  12/8/2009  | 
Cisco paints the current online environment in a light orange hue -- that's 7.2 on a scale of 1 to 10
Hacker Exposes Unfixed Security Flaws In Pentagon Website
News  |  12/8/2009  | 
Romanian hacker posts proof-of-concept attacks for Pentagon's public Website
Cisco Security Report Sees Social Media Risk
News  |  12/8/2009  | 
Bad passwords, inconsistent patching, excessive information sharing, and outdated AV software are key ingredients in what Cisco calls a security "nightmare formula."
A Real Insider Threat Story
Commentary  |  12/8/2009  | 
I was sitting at my desk when my phone rang. I answered, and it was a large pharmaceutical company that was interested in consulting services. It had noticed a trend with one of its foreign competitors. Every time it went to release a new product (in this particular case a new drug), one of its competitors would release a similar drug with a similar name, several weeks before it, beating it to market.
Microsoft Warns Of Malware-Laced Counterfeit Software
News  |  12/7/2009  | 
Complaints about counterfeit software infected with malware doubled in past two years
Black Hat, Dark Reading To Hold 'Future Of Security' Event On Wednesday
Quick Hits  |  12/7/2009  | 
'Security: The Next Decade' features full slate of presentations from top security researchers, experts
Most Enterprises Ignoring Mobile Voice Security, Study Says
Quick Hits  |  12/4/2009  | 
Fear of call interception runs high, but only 18 percent of organizations currently encrypt mobile voice calls
Bank Phishing Attacks Snare Few Victims But Tally Major Damage
News  |  12/3/2009  | 
Live phishing attack data on major banks shows just a small percentage of victims translates into big profits for bad guys and big losses for bank customers
Northrop Grumman, Universities Team In Effort To Get Ahead Of Cybersecurity Threats
Quick Hits  |  12/3/2009  | 
New Northrop Grumman Cybersecurity Research Consortium (NGCRC) includes labs from Carnegie Mellon, MIT, Purdue
More Than Half Of Laptops At Risk In U.K. Organizations
Quick Hits  |  12/2/2009  | 
Survey finds 54 percent of organizations don't have data encryption tools on their business laptops and half don't run antivirus
Microsoft Says Patch Isn't Cause Of Black Screen
News  |  12/1/2009  | 
Black screen issues are not widespread and may be caused by malware, Microsoft insists.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32812
PUBLISHED: 2021-08-02
Monkshu is an enterprise application server for mobile apps (iOS and Android), responsive HTML 5 apps, and JSON API services. In version 2.90 and earlier, there is a reflected cross-site scripting vulnerability in frontend HTTP server. The attacker can send in a carefully crafted URL along with a kn...
CVE-2021-32787
PUBLISHED: 2021-08-02
Sourcegraph is a code search and navigation engine. Sourcegraph before version 3.30.0 has two potential information leaks. The site-admin area can be accessed by regular users and all information and features are properly protected except for daily usage statistics and code intelligence uploads and ...
CVE-2021-32811
PUBLISHED: 2021-08-02
Zope is an open-source web application server. Zope versions prior to versions 4.6.3 and 5.3 have a remote code execution security issue. In order to be affected, one must use Python 3 for one's Zope deployment, run Zope 4 below version 4.6.3 or Zope 5 below version 5.3, and have the optional `Produ...
CVE-2021-21866
PUBLISHED: 2021-08-02
A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger t...
CVE-2021-27499
PUBLISHED: 2021-08-02
Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application layer encryption of the communication protocol between the Ypsomed mylife App and mylife Cloud uses non-random IVs, which allows man-in-...