Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in December 2009
2010 Security Outlook: Reply Hazy, Try Again
News  |  12/30/2009  | 
Security researchers, experts don't show much agreement on the coming year's threats
Adobe To Surpass Microsoft As Hacker Target
News  |  12/30/2009  | 
McAfee says Adobe Reader and Flash will top Microsoft Office as the favorite target of cybercriminals in 2010.
Hacker Breaks GSM Mobile Phone Code
News  |  12/29/2009  | 
A German computer scientist has cracked the encryption algorithm that secures 80% of the world's mobile phones, but it's far from a practical attack.
After Hacks, Louisiana Restaurants Sue POS Companies
Quick Hits  |  12/29/2009  | 
More than 100,000 credit cards exposed by keylogger attack, Secret Service says
Top 10 Security Challenges For 2010
News  |  12/24/2009  | 
Cloud-hosted malware, bot blasts, compromised smartphones, and privacy-busting malvertising are a few of the security pitfalls we can expect this year.
4 Factors To Consider Before Firing Up That DLP Solution
News  |  12/21/2009  | 
There's an ugly truth that DLP vendors don't like to talk about
Lab Test Results: Symantec, Kaspersky Lab, PC Tools, AVG, Detect The Most Zero-Day Attacks
News  |  12/17/2009  | 
AV-Test finds detection rates of 83 to 90 percent, but rival lab says rates are actually 29 to 64 percent
Government Grapples With EMR Security, Privacy
News  |  12/15/2009  | 
Healthcare providers aren't stepping up to protect privacy of electronic medical records. Can the government provide adequate data security?
Hackers Take Aim At COFEE With DECAF
News  |  12/14/2009  | 
Anti-forensics tool promises to inhibit popular law enforcement software
Strong Authentication Not Strong Enough
News  |  12/14/2009  | 
Cyber thieves are defeating two-factor authentication systems. Gartner recommends defense-in-depth.
Product Watch: Core Adds Wireless To Penetration Test Tool
News  |  12/13/2009  | 
Impact Version 10 adds support for wireless support, more Web vulnerabilities
Report: Enterprise Endpoints Behaving Badly
Quick Hits  |  12/11/2009  | 
Scan of 100,000 endpoints at 25 different enterprises reveals unauthorized P2P activity, missing application agents, misconfigured or missing antivirus
Facebook Christmas Worm Spreads Holiday Infection
News  |  12/9/2009  | 
Koobface, the worm that has plagued Facebook, Twitter and other social sites, is back.
IPSes Require Custom-Tuning For Best Results, Lab Tests Find
News  |  12/9/2009  | 
Intrusion prevention system products often don't operate at their promised throughput, NSS Labs report finds
Cyber Attacks Take On A New Hue
News  |  12/8/2009  | 
Cisco paints the current online environment in a light orange hue -- that's 7.2 on a scale of 1 to 10
Hacker Exposes Unfixed Security Flaws In Pentagon Website
News  |  12/8/2009  | 
Romanian hacker posts proof-of-concept attacks for Pentagon's public Website
Cisco Security Report Sees Social Media Risk
News  |  12/8/2009  | 
Bad passwords, inconsistent patching, excessive information sharing, and outdated AV software are key ingredients in what Cisco calls a security "nightmare formula."
A Real Insider Threat Story
Commentary  |  12/8/2009  | 
I was sitting at my desk when my phone rang. I answered, and it was a large pharmaceutical company that was interested in consulting services. It had noticed a trend with one of its foreign competitors. Every time it went to release a new product (in this particular case a new drug), one of its competitors would release a similar drug with a similar name, several weeks before it, beating it to market.
Microsoft Warns Of Malware-Laced Counterfeit Software
News  |  12/7/2009  | 
Complaints about counterfeit software infected with malware doubled in past two years
Black Hat, Dark Reading To Hold 'Future Of Security' Event On Wednesday
Quick Hits  |  12/7/2009  | 
'Security: The Next Decade' features full slate of presentations from top security researchers, experts
Most Enterprises Ignoring Mobile Voice Security, Study Says
Quick Hits  |  12/4/2009  | 
Fear of call interception runs high, but only 18 percent of organizations currently encrypt mobile voice calls
Bank Phishing Attacks Snare Few Victims But Tally Major Damage
News  |  12/3/2009  | 
Live phishing attack data on major banks shows just a small percentage of victims translates into big profits for bad guys and big losses for bank customers
Northrop Grumman, Universities Team In Effort To Get Ahead Of Cybersecurity Threats
Quick Hits  |  12/3/2009  | 
New Northrop Grumman Cybersecurity Research Consortium (NGCRC) includes labs from Carnegie Mellon, MIT, Purdue
More Than Half Of Laptops At Risk In U.K. Organizations
Quick Hits  |  12/2/2009  | 
Survey finds 54 percent of organizations don't have data encryption tools on their business laptops and half don't run antivirus
Microsoft Says Patch Isn't Cause Of Black Screen
News  |  12/1/2009  | 
Black screen issues are not widespread and may be caused by malware, Microsoft insists.


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10854
PUBLISHED: 2019-11-22
cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. A flaw was found in CloudForms's v2v infrastructure mapping delete feature. A stored cross-site scripting due to improper sanitization of user input in Name field.
CVE-2019-13157
PUBLISHED: 2019-11-22
nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive.
CVE-2012-2079
PUBLISHED: 2019-11-22
A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal.
CVE-2019-11325
PUBLISHED: 2019-11-21
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
CVE-2019-18887
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel.