Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in December 2010
Trojan Targeting Android Phones
News  |  12/30/2010  | 
Geinimi malware displaying botnet characteristics can compromise a significant amount of information on a user's smartphone.
Apple, Social Networks Top Cybercrime Targets In 2011
News  |  12/28/2010  | 
McAfee threat predictions for the coming year forecast that Apple's increasing influence in personal computing, smartphones, and tablets will make it a prime target for cybercriminals.
State Department Announces Cybersecurity Post
News  |  12/22/2010  | 
The position, planned before the recent WikiLeaks exposure, will report directly to Secretary of State Hillary Clinton and work to prevent data breaches involving confidential diplomatic information.
100,000 Credit Cards Compromised By Data Breach
News  |  12/22/2010  | 
CitySights NY tour operator was storing card security codes in apparent violation of payment card industry regulations.
OpenBSD Project Finds Two Bugs In Software's IPsec Implementation
News  |  12/22/2010  | 
Up for debate: whether the FBI created a backdoor in the open-source operating system's code base
OpenBSD Founder Believes FBI Built IPsec Backdoor
News  |  12/22/2010  | 
But Theo de Raadt said it is unlikely that the Federal Bureau of Investigation's Internet protocol security code made it into the final operating system.
Gawker Details Missteps Behind Security Breach
News  |  12/21/2010  | 
The Gnosis group apparently faced few defenses in what it called a revenge attack on the prominent online media property.
EU Investigating Intel's Plan To Buy McAfee
News  |  12/20/2010  | 
Sticking point is apparently Intel's stated intention to include previously standalone security features in its microprocessors
Microsoft Overhauls Free Antivirus Software
News  |  12/20/2010  | 
Firewall integration, a better heuristic antivirus scanner, and network traffic inspection added to Microsoft Security Essentials 2.0.
Intel Faces Antitrust Probe On Planned McAfee Acquisition
News  |  12/20/2010  | 
European Commission investigating whether proposed deal would box out competing antivirus products, reports the Wall Street Journal.
DHS Secretary Asserts Cybersecurity Leadership
News  |  12/20/2010  | 
Cybersecurity should be led by the Department of Homeland Security and not left to the market or the military, Janet Napolitano said.
Antivirus Musical Chairs: Most Consumers Have Tried Multiple AV Products Per Year
Quick Hits  |  12/17/2010  | 
Many AV users turn off AV altogether for performance reasons, survey says
HDTVs Vulnerable To Remote Hackers
News  |  12/17/2010  | 
Lack of built-in security could allow attackers to introduce malicious JavaScript to networks through Internet-connected sets, warns device security vendor.
FBI Arrests Four For Insider Trading
News  |  12/17/2010  | 
Federal authorities allege tech firm insiders sold confidential information relating to Apple, AMD, Dell, Flextronics, and Taiwan Semiconductor.
Microsoft Again Sets Record With Massive Patch
News  |  12/14/2010  | 
The holiday season brings no respite from security maintenance duties.
What The Gawker Compromise Really Reveals
Commentary  |  12/13/2010  | 
Passwords are only half of the defense against compromise --unfortunately, the other half is being crippled by the login policies of many online providers.
WikiLeaks Botnet Continues Attack On MasterCard Site
News  |  12/13/2010  | 
"Hacktivists" say their denial of service assaults aren't intended to steal personal financial data, rather to raise awareness of companies that stopped doing business with WikiLeaks.
Google DoubleClick Unknowingly Served Up Malicious Ad
Quick Hits  |  12/10/2010  | 
JavaScript-based drive-by attack automatically infected website visitors with fake antivirus
Microsoft To Patch 40 Vulnerabilities Tuesday
News  |  12/10/2010  | 
Security update will close the last known Stuxnet vulnerability, but won't address a zero-day bug reported Thursday in Internet Explorer.
Zeus Botnet Targeting Retailer Credit Cards
News  |  12/9/2010  | 
Macy's and Nordstrom cardholders are now at risk from financial malware's latest social engineering attack.
Snooping Represents A Growing Data Breach Threat
News  |  12/8/2010  | 
Few organizations are addressing the risk caused by outsiders looking at company information on mobile workers' screens, finds a study by 3M.
Rustock Most Prolific Botnet
News  |  12/8/2010  | 
Phishing attacks are down from 2009, but spam, viruses, and malicious web sites are on the rise, reports Symantec.
Google Launches Chrome OS Preview
News  |  12/7/2010  | 
The first Chrome OS netbooks will ship to a limited set of early adopters this week.
Most Businesses Haven't Patched Vulnerabilities In One-Quarter Of Their Apps
Quick Hits  |  12/7/2010  | 
eEye Digital Security survey finds security staffs short on manpower and sufficient tools
99.98% Of Domains Unsigned By DNS Security Extensions
News  |  12/7/2010  | 
While adoption of DNSSEC has increased, very few sites are safeguarding their servers against outages or attacks, finds new study.
Avast, Ye Pirates: It's Free
Commentary  |  12/7/2010  | 
Pirated installations of free Avast software included two in Vatican City
Researchers Remotely Defeat IE Protected Mode
News  |  12/6/2010  | 
Attackers can bypass the Microsoft browser's sandbox and install persistent malware, according to researchers at Verizon Business.
Internet Explorer Vulnerable To Browser History Hijacking
News  |  12/6/2010  | 
Researchers found that 1% of the world's most popular websites can force Microsoft's IE to reveal every past website visited unless private browsing controls are enabled.
Study: Most Organizations Still Vulnerable To DNS Cache-Poisoning Attacks
Quick Hits  |  12/3/2010  | 
Less than 0.02 percent of the Internet has adopted DNSSEC thus far
Lost Laptops Cost Billions
News  |  12/2/2010  | 
An Intel-sponsored study finds that organizations fail to grasp the risk of lost laptops.
China Struggling To Combat Hackers
News  |  12/2/2010  | 
Ministry of Public Security said it's seen an 80% annual increase in hacking cases since 2006.
Google Chrome Puts Flash In Security Sandbox
News  |  12/1/2010  | 
By mitigating Flash's liabilities, Google stands to gain from Flash's benefits.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises Are Assessing Cybersecurity Risk in Today's Environment
The adoption of cloud services spurred by the COVID-19 pandemic has resulted in pressure on cyber-risk professionals to focus on vulnerabilities and new exposures that stem from pandemic-driven changes. Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-23599
PUBLISHED: 2022-01-28
Products.ATContentTypes are the core content types for Plone 2.1 - 4.3. Versions of Plone that are dependent on Products.ATContentTypes prior to version 3.0.6 are vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the image_view_fullscree...
CVE-2022-0395
PUBLISHED: 2022-01-28
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
CVE-2022-21721
PUBLISHED: 2022-01-28
Next.js is a React framework. Starting with version 12.0.0 and prior to version 12.0.9, vulnerable code could allow a bad actor to trigger a denial of service attack for anyone using i18n functionality. In order to be affected by this CVE, one must use next start or a custom server and the built-in ...
CVE-2022-23598
PUBLISHED: 2022-01-28
laminas-form is a package for validating and displaying simple and complex forms. When rendering validation error messages via the `formElementErrors()` view helper shipped with laminas-form, many messages will contain the submitted value. However, in laminas-form prior to version 3.1.1, the value w...
CVE-2021-4160
PUBLISHED: 2022-01-28
There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis sug...