Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in December 2010
Trojan Targeting Android Phones
News  |  12/30/2010  | 
Geinimi malware displaying botnet characteristics can compromise a significant amount of information on a user's smartphone.
Apple, Social Networks Top Cybercrime Targets In 2011
News  |  12/28/2010  | 
McAfee threat predictions for the coming year forecast that Apple's increasing influence in personal computing, smartphones, and tablets will make it a prime target for cybercriminals.
State Department Announces Cybersecurity Post
News  |  12/22/2010  | 
The position, planned before the recent WikiLeaks exposure, will report directly to Secretary of State Hillary Clinton and work to prevent data breaches involving confidential diplomatic information.
100,000 Credit Cards Compromised By Data Breach
News  |  12/22/2010  | 
CitySights NY tour operator was storing card security codes in apparent violation of payment card industry regulations.
OpenBSD Project Finds Two Bugs In Software's IPsec Implementation
News  |  12/22/2010  | 
Up for debate: whether the FBI created a backdoor in the open-source operating system's code base
OpenBSD Founder Believes FBI Built IPsec Backdoor
News  |  12/22/2010  | 
But Theo de Raadt said it is unlikely that the Federal Bureau of Investigation's Internet protocol security code made it into the final operating system.
Gawker Details Missteps Behind Security Breach
News  |  12/21/2010  | 
The Gnosis group apparently faced few defenses in what it called a revenge attack on the prominent online media property.
EU Investigating Intel's Plan To Buy McAfee
News  |  12/20/2010  | 
Sticking point is apparently Intel's stated intention to include previously standalone security features in its microprocessors
Microsoft Overhauls Free Antivirus Software
News  |  12/20/2010  | 
Firewall integration, a better heuristic antivirus scanner, and network traffic inspection added to Microsoft Security Essentials 2.0.
Intel Faces Antitrust Probe On Planned McAfee Acquisition
News  |  12/20/2010  | 
European Commission investigating whether proposed deal would box out competing antivirus products, reports the Wall Street Journal.
DHS Secretary Asserts Cybersecurity Leadership
News  |  12/20/2010  | 
Cybersecurity should be led by the Department of Homeland Security and not left to the market or the military, Janet Napolitano said.
Antivirus Musical Chairs: Most Consumers Have Tried Multiple AV Products Per Year
Quick Hits  |  12/17/2010  | 
Many AV users turn off AV altogether for performance reasons, survey says
HDTVs Vulnerable To Remote Hackers
News  |  12/17/2010  | 
Lack of built-in security could allow attackers to introduce malicious JavaScript to networks through Internet-connected sets, warns device security vendor.
FBI Arrests Four For Insider Trading
News  |  12/17/2010  | 
Federal authorities allege tech firm insiders sold confidential information relating to Apple, AMD, Dell, Flextronics, and Taiwan Semiconductor.
Microsoft Again Sets Record With Massive Patch
News  |  12/14/2010  | 
The holiday season brings no respite from security maintenance duties.
What The Gawker Compromise Really Reveals
Commentary  |  12/13/2010  | 
Passwords are only half of the defense against compromise --unfortunately, the other half is being crippled by the login policies of many online providers.
WikiLeaks Botnet Continues Attack On MasterCard Site
News  |  12/13/2010  | 
"Hacktivists" say their denial of service assaults aren't intended to steal personal financial data, rather to raise awareness of companies that stopped doing business with WikiLeaks.
Google DoubleClick Unknowingly Served Up Malicious Ad
Quick Hits  |  12/10/2010  | 
JavaScript-based drive-by attack automatically infected website visitors with fake antivirus
Microsoft To Patch 40 Vulnerabilities Tuesday
News  |  12/10/2010  | 
Security update will close the last known Stuxnet vulnerability, but won't address a zero-day bug reported Thursday in Internet Explorer.
Zeus Botnet Targeting Retailer Credit Cards
News  |  12/9/2010  | 
Macy's and Nordstrom cardholders are now at risk from financial malware's latest social engineering attack.
Snooping Represents A Growing Data Breach Threat
News  |  12/8/2010  | 
Few organizations are addressing the risk caused by outsiders looking at company information on mobile workers' screens, finds a study by 3M.
Rustock Most Prolific Botnet
News  |  12/8/2010  | 
Phishing attacks are down from 2009, but spam, viruses, and malicious web sites are on the rise, reports Symantec.
Google Launches Chrome OS Preview
News  |  12/7/2010  | 
The first Chrome OS netbooks will ship to a limited set of early adopters this week.
Most Businesses Haven't Patched Vulnerabilities In One-Quarter Of Their Apps
Quick Hits  |  12/7/2010  | 
eEye Digital Security survey finds security staffs short on manpower and sufficient tools
99.98% Of Domains Unsigned By DNS Security Extensions
News  |  12/7/2010  | 
While adoption of DNSSEC has increased, very few sites are safeguarding their servers against outages or attacks, finds new study.
Avast, Ye Pirates: It's Free
Commentary  |  12/7/2010  | 
Pirated installations of free Avast software included two in Vatican City
Researchers Remotely Defeat IE Protected Mode
News  |  12/6/2010  | 
Attackers can bypass the Microsoft browser's sandbox and install persistent malware, according to researchers at Verizon Business.
Internet Explorer Vulnerable To Browser History Hijacking
News  |  12/6/2010  | 
Researchers found that 1% of the world's most popular websites can force Microsoft's IE to reveal every past website visited unless private browsing controls are enabled.
Study: Most Organizations Still Vulnerable To DNS Cache-Poisoning Attacks
Quick Hits  |  12/3/2010  | 
Less than 0.02 percent of the Internet has adopted DNSSEC thus far
Lost Laptops Cost Billions
News  |  12/2/2010  | 
An Intel-sponsored study finds that organizations fail to grasp the risk of lost laptops.
China Struggling To Combat Hackers
News  |  12/2/2010  | 
Ministry of Public Security said it's seen an 80% annual increase in hacking cases since 2006.
Google Chrome Puts Flash In Security Sandbox
News  |  12/1/2010  | 
By mitigating Flash's liabilities, Google stands to gain from Flash's benefits.


HackerOne Drops Mobile Voting App Vendor Voatz
Dark Reading Staff 3/30/2020
Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
Curtis Franklin Jr., Senior Editor at Dark Reading,  3/31/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11547
PUBLISHED: 2020-04-05
PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server itself (CPU usage, memory, Windows version, and internal statistics) via an HTTP request, as demonstrated by type=probes to login.htm or index.htm.
CVE-2020-11548
PUBLISHED: 2020-04-05
The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. The attacker could achieve remote code execution via CSV injection if a wp-admin/index.php?page=search-meter Export is performed.
CVE-2020-11542
PUBLISHED: 2020-04-04
3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authentication Bypass via CMD.HTM?CMD= because authentication depends on the client side's interpretation of the <KEY>MYKEY</KEY> substring.
CVE-2020-11533
PUBLISHED: 2020-04-04
Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to obtain sensitive information (keying material).
CVE-2020-11529
PUBLISHED: 2020-04-04
Common/Grav.php in Grav before 1.6.23 has an Open Redirect.