Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in December 2011
Stuxnet, Duqu Date Back To 2007, Researcher Says
News  |  12/29/2011  | 
Two pieces of malware likely were developed by the same team on the same platform along with similar variants, according to Kaspersky Lab.
Aggressive Phishing Attack Targets Military Personnel
News  |  12/28/2011  | 
Emails containing malware, which appear to come from senior officers or legit companies, have been sent to military personnel during the holiday season.
McAfee Reveals Its 2012 Threat Predictions
News  |  12/28/2011  | 
Predictions include an increase of attacks on oil, gas, and water utility organizations
Protect Insider Data By Googling First, Often
News  |  12/27/2011  | 
Sensitive company data is often leaked via Google, Bing, and other search engines -- find it before the bad guys can
NIST Protects BIOS With New Security Guidelines
News  |  12/22/2011  | 
The standards body provides ways to detect changes to the code or configuration of a PC's startup system.
Possible New Zero-Day Windows 7 Flaw Under Investigation
Quick Hits  |  12/22/2011  | 
Specially crafted Web page viewed with Safari causes 'blue screen of death,' remote execution
7 Strategies For Better Database Security In 2012
News  |  12/22/2011  | 
Segmenting, hardening, encrypting, insuring, and planning--these are good New Year's resolutions for database administrators.
More Sykipot Malware Clues Point To China
News  |  12/21/2011  | 
Recent version of the malware, which spread using an Adobe Reader zero-day vulnerability, appeared to be seeking information relating to U.S. military drones.
Software Bug Triggered Airplane Dive Emergency
News  |  12/21/2011  | 
When an airplane system monitoring Airbus jet's altitude and position output incorrect data, flight computers failed to compensate.
Software Security: Fewer Vulnerabilities In 2011
News  |  12/21/2011  | 
There was a decline in the number of software security vulnerabilities disclosed to the public, as well as the proportion of flaws that were exploited. Is secure development paying off?
Security Holes In Software Decreased This Year, Early Data Shows
News  |  12/20/2011  | 
The number of vulnerabilities disclosed to the public fell in 2011, as did the proportion of flaws that were exploited. Is secure development paying off?
Take Off The Data Security Blinders
Commentary  |  12/20/2011  | 
You can't protect what you can't see. Use these tools to learn how and where your data is at risk
12 Groups Carry Out Most APT Attacks
News  |  12/20/2011  | 
Security consultants and the feds are tracking a dozen groups--all out of China--responsible for advanced threats.
Dastardly Dozen: A Few APT Groups Carry Out Most Attacks
News  |  12/19/2011  | 
Security consultants and the feds are tracking a dozen groups responsible for advanced threats -- all out of China
Zero Day Initiative: One Year After Throwing Down The Disclosure Gauntlet
News  |  12/19/2011  | 
Vulnerabilities reported mostly in big-name software vendors' products, and SCADA zero-day flaws on the rise, according to ZDI's annual report
Feds Indict 55 For Cyber Crime Fraud
News  |  12/19/2011  | 
Crime ring recruited insiders to steal personal information on hundreds of people, which they used to open fake accounts and steal money.
Adobe Patches Two Zero Day Vulnerabilities
News  |  12/16/2011  | 
Attackers have exploited the vulnerabilities via malicious PDFs sent to defense contractors.
Iran Hacked GPS Signals To Capture U.S. Drone
News  |  12/16/2011  | 
Exploit of well-known bug in drone's software made it think it was landing at an American airfield, not 140 miles inside Iran.
Security Researcher Details New SCADA Bugs
News  |  12/16/2011  | 
Supervisory control and data acquisition systems' programmable logic controllers could be remotely accessed and loaded with trojanized firmware.
Internet Explorer To Get 'Silent' Updates
Quick Hits  |  12/15/2011  | 
Microsoft will provide automatic upgrades to IE users -- but enterprises can opt out
Workers, Technology Need To Team To Fight Insiders
News  |  12/13/2011  | 
Bringing together groups of employees in a company with internal intelligence can help detect rogue insiders earlier, experts say
DHS, FBI Give SCADA System Vulnerability Warning
News  |  12/13/2011  | 
Hackers have infiltrated control system environments in at least three cities this year. Yet, many control systems remain Internet-connected and at risk of remote exploitation.
Database Security's Biggest Problem: People
News  |  12/12/2011  | 
Many database security projects arrive DOA because database administrators and security pros aren't singing the same tune.
Google-Sponsored Study Touts Chrome Security
News  |  12/9/2011  | 
Accuvant Lab's browser security study compared Mozilla Firefox, Google Chrome, and Microsoft Internet Explorer.
84% Of Development Apps Sport Known Vulnerabilities
News  |  12/9/2011  | 
SQL injection vulnerabilities and other flaws increase in first-version code reviews, but overall bug levels decline, reports Veracode.
Microsoft Patch Fest Includes Duqu Vulnerability
News  |  12/9/2011  | 
Security patches next week should address multiple critical vulnerabilities. Adobe will fix a Reader flaw being actively exploited to attack defense firms.
The Art Of Profiling Cybercriminals
News  |  12/8/2011  | 
New psychological and criminological studies attempt to capture a glimpse of the human behind the hack
How To Spot Malicious Insiders Before Data Theft
News  |  12/8/2011  | 
Psychologists identify warning signs that could tip you off that corporate data may be stolen.
White House Sets Cybersecurity R&D Priorities
News  |  12/7/2011  | 
Roadmap details plans to secure U.S. network infrastructure through agency collaboration, scientific research, and creating more difficult targets for hackers to attack.
Adobe Under New Zero Day Attack
News  |  12/7/2011  | 
Emergency patch for Adobe Reader and Acrobat 9.x for Windows due for release within a week.
New Open-Source Technology Locks Down User's DNS Connection
News  |  12/7/2011  | 
OpenCrypt secures connection between end users and their DNS services
Exploited Apps Depend On Attack Vector
News  |  12/6/2011  | 
While some data shows Java to be the most attacked software application, other software gives the program a run for the title
Smart Grid Security Threatened By Fragmented Control
News  |  12/6/2011  | 
MIT study finds smart grid cybersecurity led by fiefdoms, says central leadership would better protect the nation's power lines from hackers.
Best Ways To Detect Advanced Threats Once They Invade
News  |  12/5/2011  | 
If attackers want to get in, it's likely they will find a way; security experts offer advice on how to detect the intrusion
HP Denies Exploit Could Trigger Printer Fire
News  |  12/5/2011  | 
Security researchers warned that zero-day printer vulnerability could be exploited to overheat printers, or worse.
Debunking The Conficker-Iranian Nuclear Program Connection
Commentary  |  12/4/2011  | 
Recent claims allude to Conficker-Stuxnet relationship, but are they really credible?
Top 10 Security Mistakes SMBs Make
News  |  12/2/2011  | 
Small and midsize businesses need to work on fundamental security errors to reduce risk of costly incidents.
TSA Finds Stun Gun Disguised As Smartphone
News  |  12/2/2011  | 
Airport security agents took weapon from a female passenger at LAX as she tried to pass through checkpoint this week.
More Vendors Reacting Poorly To Disclosure
News  |  12/1/2011  | 
From Charlie Miller's latest attack on Apple's App Store to the outing of Carrier IQ, companies seem to be taking a step back and punishing researchers who disclose vulnerabilities
Obama Fortifies Efforts To Protect Critical Infrastructure
News  |  12/1/2011  | 
President asks administration to beef up efforts to work with private sector to keep power grid, Internet and other foundational U.S. networks safe.
Oracle Leaves Databases Vulnerable, Say Researchers
News  |  12/1/2011  | 
As SQL injection attacks and other advanced threats gain traction, researchers complain that Oracle's other application efforts distract it from shoring up database security.

Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-18
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. The RPL-Classic and RPL-Lite implementations in the Contiki-NG operating system versions prior to 4.6 do not validate the address pointer in the RPL source routing header This makes it possible for an attac...
PUBLISHED: 2021-06-18
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In verions prior to 4.6, an attacker can perform a denial-of-service attack by triggering an infinite loop in the processing of IPv6 neighbor solicitation (NS) messages. This type of attack can effectively ...
PUBLISHED: 2021-06-18
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. It is possible to cause an out-of-bounds write in versions of Contiki-NG prior to 4.6 when transmitting a 6LoWPAN packet with a chain of extension headers. Unfortunately, the written header is not checked t...
PUBLISHED: 2021-06-18
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. A buffer overflow vulnerability exists in Contiki-NG versions prior to 4.6. After establishing a TCP socket using the tcp-socket library, it is possible for the remote end to send a packet with a data offse...
PUBLISHED: 2021-06-18
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be triggered by 6LoWPAN packets sent to devices running Contiki-NG 4.6 and prior. The IPv6 header decompression function (<code>uncompress_hdr_iphc</code>) does not pe...