Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in December 2009
2010 Security Outlook: Reply Hazy, Try Again
News  |  12/30/2009  | 
Security researchers, experts don't show much agreement on the coming year's threats
Adobe To Surpass Microsoft As Hacker Target
News  |  12/30/2009  | 
McAfee says Adobe Reader and Flash will top Microsoft Office as the favorite target of cybercriminals in 2010.
Hacker Breaks GSM Mobile Phone Code
News  |  12/29/2009  | 
A German computer scientist has cracked the encryption algorithm that secures 80% of the world's mobile phones, but it's far from a practical attack.
After Hacks, Louisiana Restaurants Sue POS Companies
Quick Hits  |  12/29/2009  | 
More than 100,000 credit cards exposed by keylogger attack, Secret Service says
Top 10 Security Challenges For 2010
News  |  12/24/2009  | 
Cloud-hosted malware, bot blasts, compromised smartphones, and privacy-busting malvertising are a few of the security pitfalls we can expect this year.
4 Factors To Consider Before Firing Up That DLP Solution
News  |  12/21/2009  | 
There's an ugly truth that DLP vendors don't like to talk about
Lab Test Results: Symantec, Kaspersky Lab, PC Tools, AVG, Detect The Most Zero-Day Attacks
News  |  12/17/2009  | 
AV-Test finds detection rates of 83 to 90 percent, but rival lab says rates are actually 29 to 64 percent
Government Grapples With EMR Security, Privacy
News  |  12/15/2009  | 
Healthcare providers aren't stepping up to protect privacy of electronic medical records. Can the government provide adequate data security?
Hackers Take Aim At COFEE With DECAF
News  |  12/14/2009  | 
Anti-forensics tool promises to inhibit popular law enforcement software
Strong Authentication Not Strong Enough
News  |  12/14/2009  | 
Cyber thieves are defeating two-factor authentication systems. Gartner recommends defense-in-depth.
Product Watch: Core Adds Wireless To Penetration Test Tool
News  |  12/13/2009  | 
Impact Version 10 adds support for wireless support, more Web vulnerabilities
Report: Enterprise Endpoints Behaving Badly
Quick Hits  |  12/11/2009  | 
Scan of 100,000 endpoints at 25 different enterprises reveals unauthorized P2P activity, missing application agents, misconfigured or missing antivirus
Facebook Christmas Worm Spreads Holiday Infection
News  |  12/9/2009  | 
Koobface, the worm that has plagued Facebook, Twitter and other social sites, is back.
IPSes Require Custom-Tuning For Best Results, Lab Tests Find
News  |  12/9/2009  | 
Intrusion prevention system products often don't operate at their promised throughput, NSS Labs report finds
Cyber Attacks Take On A New Hue
News  |  12/8/2009  | 
Cisco paints the current online environment in a light orange hue -- that's 7.2 on a scale of 1 to 10
Hacker Exposes Unfixed Security Flaws In Pentagon Website
News  |  12/8/2009  | 
Romanian hacker posts proof-of-concept attacks for Pentagon's public Website
Cisco Security Report Sees Social Media Risk
News  |  12/8/2009  | 
Bad passwords, inconsistent patching, excessive information sharing, and outdated AV software are key ingredients in what Cisco calls a security "nightmare formula."
A Real Insider Threat Story
Commentary  |  12/8/2009  | 
I was sitting at my desk when my phone rang. I answered, and it was a large pharmaceutical company that was interested in consulting services. It had noticed a trend with one of its foreign competitors. Every time it went to release a new product (in this particular case a new drug), one of its competitors would release a similar drug with a similar name, several weeks before it, beating it to market.
Microsoft Warns Of Malware-Laced Counterfeit Software
News  |  12/7/2009  | 
Complaints about counterfeit software infected with malware doubled in past two years
Black Hat, Dark Reading To Hold 'Future Of Security' Event On Wednesday
Quick Hits  |  12/7/2009  | 
'Security: The Next Decade' features full slate of presentations from top security researchers, experts
Most Enterprises Ignoring Mobile Voice Security, Study Says
Quick Hits  |  12/4/2009  | 
Fear of call interception runs high, but only 18 percent of organizations currently encrypt mobile voice calls
Bank Phishing Attacks Snare Few Victims But Tally Major Damage
News  |  12/3/2009  | 
Live phishing attack data on major banks shows just a small percentage of victims translates into big profits for bad guys and big losses for bank customers
Northrop Grumman, Universities Team In Effort To Get Ahead Of Cybersecurity Threats
Quick Hits  |  12/3/2009  | 
New Northrop Grumman Cybersecurity Research Consortium (NGCRC) includes labs from Carnegie Mellon, MIT, Purdue
More Than Half Of Laptops At Risk In U.K. Organizations
Quick Hits  |  12/2/2009  | 
Survey finds 54 percent of organizations don't have data encryption tools on their business laptops and half don't run antivirus
Microsoft Says Patch Isn't Cause Of Black Screen
News  |  12/1/2009  | 
Black screen issues are not widespread and may be caused by malware, Microsoft insists.


US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He's too shy to invite me out face to face!"
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-9405
PUBLISHED: 2019-09-20
The wp-piwik plugin before 1.0.5 for WordPress has XSS.
CVE-2015-9407
PUBLISHED: 2019-09-20
The xpinner-lite plugin through 2.2 for WordPress has xpinner-lite.php XSS.
CVE-2015-9408
PUBLISHED: 2019-09-20
The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS.
CVE-2019-16533
PUBLISHED: 2019-09-20
On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product.
CVE-2019-16534
PUBLISHED: 2019-09-20
On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. NOTE: this is an end-of-life product.