Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in December 2010
Trojan Targeting Android Phones
News  |  12/30/2010  | 
Geinimi malware displaying botnet characteristics can compromise a significant amount of information on a user's smartphone.
Apple, Social Networks Top Cybercrime Targets In 2011
News  |  12/28/2010  | 
McAfee threat predictions for the coming year forecast that Apple's increasing influence in personal computing, smartphones, and tablets will make it a prime target for cybercriminals.
State Department Announces Cybersecurity Post
News  |  12/22/2010  | 
The position, planned before the recent WikiLeaks exposure, will report directly to Secretary of State Hillary Clinton and work to prevent data breaches involving confidential diplomatic information.
100,000 Credit Cards Compromised By Data Breach
News  |  12/22/2010  | 
CitySights NY tour operator was storing card security codes in apparent violation of payment card industry regulations.
OpenBSD Project Finds Two Bugs In Software's IPsec Implementation
News  |  12/22/2010  | 
Up for debate: whether the FBI created a backdoor in the open-source operating system's code base
OpenBSD Founder Believes FBI Built IPsec Backdoor
News  |  12/22/2010  | 
But Theo de Raadt said it is unlikely that the Federal Bureau of Investigation's Internet protocol security code made it into the final operating system.
Gawker Details Missteps Behind Security Breach
News  |  12/21/2010  | 
The Gnosis group apparently faced few defenses in what it called a revenge attack on the prominent online media property.
EU Investigating Intel's Plan To Buy McAfee
News  |  12/20/2010  | 
Sticking point is apparently Intel's stated intention to include previously standalone security features in its microprocessors
Microsoft Overhauls Free Antivirus Software
News  |  12/20/2010  | 
Firewall integration, a better heuristic antivirus scanner, and network traffic inspection added to Microsoft Security Essentials 2.0.
Intel Faces Antitrust Probe On Planned McAfee Acquisition
News  |  12/20/2010  | 
European Commission investigating whether proposed deal would box out competing antivirus products, reports the Wall Street Journal.
DHS Secretary Asserts Cybersecurity Leadership
News  |  12/20/2010  | 
Cybersecurity should be led by the Department of Homeland Security and not left to the market or the military, Janet Napolitano said.
Antivirus Musical Chairs: Most Consumers Have Tried Multiple AV Products Per Year
Quick Hits  |  12/17/2010  | 
Many AV users turn off AV altogether for performance reasons, survey says
HDTVs Vulnerable To Remote Hackers
News  |  12/17/2010  | 
Lack of built-in security could allow attackers to introduce malicious JavaScript to networks through Internet-connected sets, warns device security vendor.
FBI Arrests Four For Insider Trading
News  |  12/17/2010  | 
Federal authorities allege tech firm insiders sold confidential information relating to Apple, AMD, Dell, Flextronics, and Taiwan Semiconductor.
Microsoft Again Sets Record With Massive Patch
News  |  12/14/2010  | 
The holiday season brings no respite from security maintenance duties.
What The Gawker Compromise Really Reveals
Commentary  |  12/13/2010  | 
Passwords are only half of the defense against compromise --unfortunately, the other half is being crippled by the login policies of many online providers.
WikiLeaks Botnet Continues Attack On MasterCard Site
News  |  12/13/2010  | 
"Hacktivists" say their denial of service assaults aren't intended to steal personal financial data, rather to raise awareness of companies that stopped doing business with WikiLeaks.
Google DoubleClick Unknowingly Served Up Malicious Ad
Quick Hits  |  12/10/2010  | 
JavaScript-based drive-by attack automatically infected website visitors with fake antivirus
Microsoft To Patch 40 Vulnerabilities Tuesday
News  |  12/10/2010  | 
Security update will close the last known Stuxnet vulnerability, but won't address a zero-day bug reported Thursday in Internet Explorer.
Zeus Botnet Targeting Retailer Credit Cards
News  |  12/9/2010  | 
Macy's and Nordstrom cardholders are now at risk from financial malware's latest social engineering attack.
Snooping Represents A Growing Data Breach Threat
News  |  12/8/2010  | 
Few organizations are addressing the risk caused by outsiders looking at company information on mobile workers' screens, finds a study by 3M.
Rustock Most Prolific Botnet
News  |  12/8/2010  | 
Phishing attacks are down from 2009, but spam, viruses, and malicious web sites are on the rise, reports Symantec.
Google Launches Chrome OS Preview
News  |  12/7/2010  | 
The first Chrome OS netbooks will ship to a limited set of early adopters this week.
Most Businesses Haven't Patched Vulnerabilities In One-Quarter Of Their Apps
Quick Hits  |  12/7/2010  | 
eEye Digital Security survey finds security staffs short on manpower and sufficient tools
99.98% Of Domains Unsigned By DNS Security Extensions
News  |  12/7/2010  | 
While adoption of DNSSEC has increased, very few sites are safeguarding their servers against outages or attacks, finds new study.
Avast, Ye Pirates: It's Free
Commentary  |  12/7/2010  | 
Pirated installations of free Avast software included two in Vatican City
Researchers Remotely Defeat IE Protected Mode
News  |  12/6/2010  | 
Attackers can bypass the Microsoft browser's sandbox and install persistent malware, according to researchers at Verizon Business.
Internet Explorer Vulnerable To Browser History Hijacking
News  |  12/6/2010  | 
Researchers found that 1% of the world's most popular websites can force Microsoft's IE to reveal every past website visited unless private browsing controls are enabled.
Study: Most Organizations Still Vulnerable To DNS Cache-Poisoning Attacks
Quick Hits  |  12/3/2010  | 
Less than 0.02 percent of the Internet has adopted DNSSEC thus far
Lost Laptops Cost Billions
News  |  12/2/2010  | 
An Intel-sponsored study finds that organizations fail to grasp the risk of lost laptops.
China Struggling To Combat Hackers
News  |  12/2/2010  | 
Ministry of Public Security said it's seen an 80% annual increase in hacking cases since 2006.
Google Chrome Puts Flash In Security Sandbox
News  |  12/1/2010  | 
By mitigating Flash's liabilities, Google stands to gain from Flash's benefits.


AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4147
PUBLISHED: 2019-09-16
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.
CVE-2019-5481
PUBLISHED: 2019-09-16
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
CVE-2019-5482
PUBLISHED: 2019-09-16
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
CVE-2019-15741
PUBLISHED: 2019-09-16
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
CVE-2019-16370
PUBLISHED: 2019-09-16
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.