Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in December 2010
Trojan Targeting Android Phones
News  |  12/30/2010  | 
Geinimi malware displaying botnet characteristics can compromise a significant amount of information on a user's smartphone.
Apple, Social Networks Top Cybercrime Targets In 2011
News  |  12/28/2010  | 
McAfee threat predictions for the coming year forecast that Apple's increasing influence in personal computing, smartphones, and tablets will make it a prime target for cybercriminals.
State Department Announces Cybersecurity Post
News  |  12/22/2010  | 
The position, planned before the recent WikiLeaks exposure, will report directly to Secretary of State Hillary Clinton and work to prevent data breaches involving confidential diplomatic information.
100,000 Credit Cards Compromised By Data Breach
News  |  12/22/2010  | 
CitySights NY tour operator was storing card security codes in apparent violation of payment card industry regulations.
OpenBSD Project Finds Two Bugs In Software's IPsec Implementation
News  |  12/22/2010  | 
Up for debate: whether the FBI created a backdoor in the open-source operating system's code base
OpenBSD Founder Believes FBI Built IPsec Backdoor
News  |  12/22/2010  | 
But Theo de Raadt said it is unlikely that the Federal Bureau of Investigation's Internet protocol security code made it into the final operating system.
Gawker Details Missteps Behind Security Breach
News  |  12/21/2010  | 
The Gnosis group apparently faced few defenses in what it called a revenge attack on the prominent online media property.
EU Investigating Intel's Plan To Buy McAfee
News  |  12/20/2010  | 
Sticking point is apparently Intel's stated intention to include previously standalone security features in its microprocessors
Microsoft Overhauls Free Antivirus Software
News  |  12/20/2010  | 
Firewall integration, a better heuristic antivirus scanner, and network traffic inspection added to Microsoft Security Essentials 2.0.
Intel Faces Antitrust Probe On Planned McAfee Acquisition
News  |  12/20/2010  | 
European Commission investigating whether proposed deal would box out competing antivirus products, reports the Wall Street Journal.
DHS Secretary Asserts Cybersecurity Leadership
News  |  12/20/2010  | 
Cybersecurity should be led by the Department of Homeland Security and not left to the market or the military, Janet Napolitano said.
Antivirus Musical Chairs: Most Consumers Have Tried Multiple AV Products Per Year
Quick Hits  |  12/17/2010  | 
Many AV users turn off AV altogether for performance reasons, survey says
HDTVs Vulnerable To Remote Hackers
News  |  12/17/2010  | 
Lack of built-in security could allow attackers to introduce malicious JavaScript to networks through Internet-connected sets, warns device security vendor.
FBI Arrests Four For Insider Trading
News  |  12/17/2010  | 
Federal authorities allege tech firm insiders sold confidential information relating to Apple, AMD, Dell, Flextronics, and Taiwan Semiconductor.
Microsoft Again Sets Record With Massive Patch
News  |  12/14/2010  | 
The holiday season brings no respite from security maintenance duties.
What The Gawker Compromise Really Reveals
Commentary  |  12/13/2010  | 
Passwords are only half of the defense against compromise --unfortunately, the other half is being crippled by the login policies of many online providers.
WikiLeaks Botnet Continues Attack On MasterCard Site
News  |  12/13/2010  | 
"Hacktivists" say their denial of service assaults aren't intended to steal personal financial data, rather to raise awareness of companies that stopped doing business with WikiLeaks.
Google DoubleClick Unknowingly Served Up Malicious Ad
Quick Hits  |  12/10/2010  | 
JavaScript-based drive-by attack automatically infected website visitors with fake antivirus
Microsoft To Patch 40 Vulnerabilities Tuesday
News  |  12/10/2010  | 
Security update will close the last known Stuxnet vulnerability, but won't address a zero-day bug reported Thursday in Internet Explorer.
Zeus Botnet Targeting Retailer Credit Cards
News  |  12/9/2010  | 
Macy's and Nordstrom cardholders are now at risk from financial malware's latest social engineering attack.
Snooping Represents A Growing Data Breach Threat
News  |  12/8/2010  | 
Few organizations are addressing the risk caused by outsiders looking at company information on mobile workers' screens, finds a study by 3M.
Rustock Most Prolific Botnet
News  |  12/8/2010  | 
Phishing attacks are down from 2009, but spam, viruses, and malicious web sites are on the rise, reports Symantec.
Google Launches Chrome OS Preview
News  |  12/7/2010  | 
The first Chrome OS netbooks will ship to a limited set of early adopters this week.
Most Businesses Haven't Patched Vulnerabilities In One-Quarter Of Their Apps
Quick Hits  |  12/7/2010  | 
eEye Digital Security survey finds security staffs short on manpower and sufficient tools
99.98% Of Domains Unsigned By DNS Security Extensions
News  |  12/7/2010  | 
While adoption of DNSSEC has increased, very few sites are safeguarding their servers against outages or attacks, finds new study.
Avast, Ye Pirates: It's Free
Commentary  |  12/7/2010  | 
Pirated installations of free Avast software included two in Vatican City
Researchers Remotely Defeat IE Protected Mode
News  |  12/6/2010  | 
Attackers can bypass the Microsoft browser's sandbox and install persistent malware, according to researchers at Verizon Business.
Internet Explorer Vulnerable To Browser History Hijacking
News  |  12/6/2010  | 
Researchers found that 1% of the world's most popular websites can force Microsoft's IE to reveal every past website visited unless private browsing controls are enabled.
Study: Most Organizations Still Vulnerable To DNS Cache-Poisoning Attacks
Quick Hits  |  12/3/2010  | 
Less than 0.02 percent of the Internet has adopted DNSSEC thus far
Lost Laptops Cost Billions
News  |  12/2/2010  | 
An Intel-sponsored study finds that organizations fail to grasp the risk of lost laptops.
China Struggling To Combat Hackers
News  |  12/2/2010  | 
Ministry of Public Security said it's seen an 80% annual increase in hacking cases since 2006.
Google Chrome Puts Flash In Security Sandbox
News  |  12/1/2010  | 
By mitigating Flash's liabilities, Google stands to gain from Flash's benefits.


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
6 Top Nontechnical Degrees for Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/21/2019
Anatomy of a BEC Scam
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15593
PUBLISHED: 2019-11-22
GitLab 12.2.3 contains a security vulnerability that allows a user to affect the availability of the service through a Denial of Service attack in Issue Comments.
CVE-2019-16285
PUBLISHED: 2019-11-22
If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive.
CVE-2019-16286
PUBLISHED: 2019-11-22
An attacker may be able to bypass the OS application filter meant to restrict applications that can be executed by changing browser preferences to launch a separate process that in turn can execute arbitrary commands.
CVE-2019-16287
PUBLISHED: 2019-11-22
An attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed commands with elevated privileges.
CVE-2019-18909
PUBLISHED: 2019-11-22
The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges.