Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in December 2010
Trojan Targeting Android Phones
News  |  12/30/2010  | 
Geinimi malware displaying botnet characteristics can compromise a significant amount of information on a user's smartphone.
Apple, Social Networks Top Cybercrime Targets In 2011
News  |  12/28/2010  | 
McAfee threat predictions for the coming year forecast that Apple's increasing influence in personal computing, smartphones, and tablets will make it a prime target for cybercriminals.
State Department Announces Cybersecurity Post
News  |  12/22/2010  | 
The position, planned before the recent WikiLeaks exposure, will report directly to Secretary of State Hillary Clinton and work to prevent data breaches involving confidential diplomatic information.
100,000 Credit Cards Compromised By Data Breach
News  |  12/22/2010  | 
CitySights NY tour operator was storing card security codes in apparent violation of payment card industry regulations.
OpenBSD Project Finds Two Bugs In Software's IPsec Implementation
News  |  12/22/2010  | 
Up for debate: whether the FBI created a backdoor in the open-source operating system's code base
OpenBSD Founder Believes FBI Built IPsec Backdoor
News  |  12/22/2010  | 
But Theo de Raadt said it is unlikely that the Federal Bureau of Investigation's Internet protocol security code made it into the final operating system.
Gawker Details Missteps Behind Security Breach
News  |  12/21/2010  | 
The Gnosis group apparently faced few defenses in what it called a revenge attack on the prominent online media property.
EU Investigating Intel's Plan To Buy McAfee
News  |  12/20/2010  | 
Sticking point is apparently Intel's stated intention to include previously standalone security features in its microprocessors
Microsoft Overhauls Free Antivirus Software
News  |  12/20/2010  | 
Firewall integration, a better heuristic antivirus scanner, and network traffic inspection added to Microsoft Security Essentials 2.0.
Intel Faces Antitrust Probe On Planned McAfee Acquisition
News  |  12/20/2010  | 
European Commission investigating whether proposed deal would box out competing antivirus products, reports the Wall Street Journal.
DHS Secretary Asserts Cybersecurity Leadership
News  |  12/20/2010  | 
Cybersecurity should be led by the Department of Homeland Security and not left to the market or the military, Janet Napolitano said.
Antivirus Musical Chairs: Most Consumers Have Tried Multiple AV Products Per Year
Quick Hits  |  12/17/2010  | 
Many AV users turn off AV altogether for performance reasons, survey says
HDTVs Vulnerable To Remote Hackers
News  |  12/17/2010  | 
Lack of built-in security could allow attackers to introduce malicious JavaScript to networks through Internet-connected sets, warns device security vendor.
FBI Arrests Four For Insider Trading
News  |  12/17/2010  | 
Federal authorities allege tech firm insiders sold confidential information relating to Apple, AMD, Dell, Flextronics, and Taiwan Semiconductor.
Microsoft Again Sets Record With Massive Patch
News  |  12/14/2010  | 
The holiday season brings no respite from security maintenance duties.
What The Gawker Compromise Really Reveals
Commentary  |  12/13/2010  | 
Passwords are only half of the defense against compromise --unfortunately, the other half is being crippled by the login policies of many online providers.
WikiLeaks Botnet Continues Attack On MasterCard Site
News  |  12/13/2010  | 
"Hacktivists" say their denial of service assaults aren't intended to steal personal financial data, rather to raise awareness of companies that stopped doing business with WikiLeaks.
Google DoubleClick Unknowingly Served Up Malicious Ad
Quick Hits  |  12/10/2010  | 
JavaScript-based drive-by attack automatically infected website visitors with fake antivirus
Microsoft To Patch 40 Vulnerabilities Tuesday
News  |  12/10/2010  | 
Security update will close the last known Stuxnet vulnerability, but won't address a zero-day bug reported Thursday in Internet Explorer.
Zeus Botnet Targeting Retailer Credit Cards
News  |  12/9/2010  | 
Macy's and Nordstrom cardholders are now at risk from financial malware's latest social engineering attack.
Snooping Represents A Growing Data Breach Threat
News  |  12/8/2010  | 
Few organizations are addressing the risk caused by outsiders looking at company information on mobile workers' screens, finds a study by 3M.
Rustock Most Prolific Botnet
News  |  12/8/2010  | 
Phishing attacks are down from 2009, but spam, viruses, and malicious web sites are on the rise, reports Symantec.
Google Launches Chrome OS Preview
News  |  12/7/2010  | 
The first Chrome OS netbooks will ship to a limited set of early adopters this week.
Most Businesses Haven't Patched Vulnerabilities In One-Quarter Of Their Apps
Quick Hits  |  12/7/2010  | 
eEye Digital Security survey finds security staffs short on manpower and sufficient tools
99.98% Of Domains Unsigned By DNS Security Extensions
News  |  12/7/2010  | 
While adoption of DNSSEC has increased, very few sites are safeguarding their servers against outages or attacks, finds new study.
Avast, Ye Pirates: It's Free
Commentary  |  12/7/2010  | 
Pirated installations of free Avast software included two in Vatican City
Researchers Remotely Defeat IE Protected Mode
News  |  12/6/2010  | 
Attackers can bypass the Microsoft browser's sandbox and install persistent malware, according to researchers at Verizon Business.
Internet Explorer Vulnerable To Browser History Hijacking
News  |  12/6/2010  | 
Researchers found that 1% of the world's most popular websites can force Microsoft's IE to reveal every past website visited unless private browsing controls are enabled.
Study: Most Organizations Still Vulnerable To DNS Cache-Poisoning Attacks
Quick Hits  |  12/3/2010  | 
Less than 0.02 percent of the Internet has adopted DNSSEC thus far
Lost Laptops Cost Billions
News  |  12/2/2010  | 
An Intel-sponsored study finds that organizations fail to grasp the risk of lost laptops.
China Struggling To Combat Hackers
News  |  12/2/2010  | 
Ministry of Public Security said it's seen an 80% annual increase in hacking cases since 2006.
Google Chrome Puts Flash In Security Sandbox
News  |  12/1/2010  | 
By mitigating Flash's liabilities, Google stands to gain from Flash's benefits.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Malware Attacks Declined But Became More Evasive in Q2
Jai Vijayan, Contributing Writer,  9/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15216
PUBLISHED: 2020-09-29
In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revisio...
CVE-2020-4607
PUBLISHED: 2020-09-29
IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.
CVE-2020-24565
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25770
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25771
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...