Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in December 2011
Stuxnet, Duqu Date Back To 2007, Researcher Says
News  |  12/29/2011  | 
Two pieces of malware likely were developed by the same team on the same platform along with similar variants, according to Kaspersky Lab.
Aggressive Phishing Attack Targets Military Personnel
News  |  12/28/2011  | 
Emails containing malware, which appear to come from senior officers or legit companies, have been sent to military personnel during the holiday season.
McAfee Reveals Its 2012 Threat Predictions
News  |  12/28/2011  | 
Predictions include an increase of attacks on oil, gas, and water utility organizations
Protect Insider Data By Googling First, Often
News  |  12/27/2011  | 
Sensitive company data is often leaked via Google, Bing, and other search engines -- find it before the bad guys can
NIST Protects BIOS With New Security Guidelines
News  |  12/22/2011  | 
The standards body provides ways to detect changes to the code or configuration of a PC's startup system.
Possible New Zero-Day Windows 7 Flaw Under Investigation
Quick Hits  |  12/22/2011  | 
Specially crafted Web page viewed with Safari causes 'blue screen of death,' remote execution
7 Strategies For Better Database Security In 2012
News  |  12/22/2011  | 
Segmenting, hardening, encrypting, insuring, and planning--these are good New Year's resolutions for database administrators.
More Sykipot Malware Clues Point To China
News  |  12/21/2011  | 
Recent version of the malware, which spread using an Adobe Reader zero-day vulnerability, appeared to be seeking information relating to U.S. military drones.
Software Bug Triggered Airplane Dive Emergency
News  |  12/21/2011  | 
When an airplane system monitoring Airbus jet's altitude and position output incorrect data, flight computers failed to compensate.
Software Security: Fewer Vulnerabilities In 2011
News  |  12/21/2011  | 
There was a decline in the number of software security vulnerabilities disclosed to the public, as well as the proportion of flaws that were exploited. Is secure development paying off?
Security Holes In Software Decreased This Year, Early Data Shows
News  |  12/20/2011  | 
The number of vulnerabilities disclosed to the public fell in 2011, as did the proportion of flaws that were exploited. Is secure development paying off?
Take Off The Data Security Blinders
Commentary  |  12/20/2011  | 
You can't protect what you can't see. Use these tools to learn how and where your data is at risk
12 Groups Carry Out Most APT Attacks
News  |  12/20/2011  | 
Security consultants and the feds are tracking a dozen groups--all out of China--responsible for advanced threats.
Dastardly Dozen: A Few APT Groups Carry Out Most Attacks
News  |  12/19/2011  | 
Security consultants and the feds are tracking a dozen groups responsible for advanced threats -- all out of China
Zero Day Initiative: One Year After Throwing Down The Disclosure Gauntlet
News  |  12/19/2011  | 
Vulnerabilities reported mostly in big-name software vendors' products, and SCADA zero-day flaws on the rise, according to ZDI's annual report
Feds Indict 55 For Cyber Crime Fraud
News  |  12/19/2011  | 
Crime ring recruited insiders to steal personal information on hundreds of people, which they used to open fake accounts and steal money.
Adobe Patches Two Zero Day Vulnerabilities
News  |  12/16/2011  | 
Attackers have exploited the vulnerabilities via malicious PDFs sent to defense contractors.
Iran Hacked GPS Signals To Capture U.S. Drone
News  |  12/16/2011  | 
Exploit of well-known bug in drone's software made it think it was landing at an American airfield, not 140 miles inside Iran.
Security Researcher Details New SCADA Bugs
News  |  12/16/2011  | 
Supervisory control and data acquisition systems' programmable logic controllers could be remotely accessed and loaded with trojanized firmware.
Internet Explorer To Get 'Silent' Updates
Quick Hits  |  12/15/2011  | 
Microsoft will provide automatic upgrades to IE users -- but enterprises can opt out
Workers, Technology Need To Team To Fight Insiders
News  |  12/13/2011  | 
Bringing together groups of employees in a company with internal intelligence can help detect rogue insiders earlier, experts say
DHS, FBI Give SCADA System Vulnerability Warning
News  |  12/13/2011  | 
Hackers have infiltrated control system environments in at least three cities this year. Yet, many control systems remain Internet-connected and at risk of remote exploitation.
Database Security's Biggest Problem: People
News  |  12/12/2011  | 
Many database security projects arrive DOA because database administrators and security pros aren't singing the same tune.
Google-Sponsored Study Touts Chrome Security
News  |  12/9/2011  | 
Accuvant Lab's browser security study compared Mozilla Firefox, Google Chrome, and Microsoft Internet Explorer.
84% Of Development Apps Sport Known Vulnerabilities
News  |  12/9/2011  | 
SQL injection vulnerabilities and other flaws increase in first-version code reviews, but overall bug levels decline, reports Veracode.
Microsoft Patch Fest Includes Duqu Vulnerability
News  |  12/9/2011  | 
Security patches next week should address multiple critical vulnerabilities. Adobe will fix a Reader flaw being actively exploited to attack defense firms.
The Art Of Profiling Cybercriminals
News  |  12/8/2011  | 
New psychological and criminological studies attempt to capture a glimpse of the human behind the hack
How To Spot Malicious Insiders Before Data Theft
News  |  12/8/2011  | 
Psychologists identify warning signs that could tip you off that corporate data may be stolen.
White House Sets Cybersecurity R&D Priorities
News  |  12/7/2011  | 
Roadmap details plans to secure U.S. network infrastructure through agency collaboration, scientific research, and creating more difficult targets for hackers to attack.
Adobe Under New Zero Day Attack
News  |  12/7/2011  | 
Emergency patch for Adobe Reader and Acrobat 9.x for Windows due for release within a week.
New Open-Source Technology Locks Down User's DNS Connection
News  |  12/7/2011  | 
OpenCrypt secures connection between end users and their DNS services
Exploited Apps Depend On Attack Vector
News  |  12/6/2011  | 
While some data shows Java to be the most attacked software application, other software gives the program a run for the title
Smart Grid Security Threatened By Fragmented Control
News  |  12/6/2011  | 
MIT study finds smart grid cybersecurity led by fiefdoms, says central leadership would better protect the nation's power lines from hackers.
Best Ways To Detect Advanced Threats Once They Invade
News  |  12/5/2011  | 
If attackers want to get in, it's likely they will find a way; security experts offer advice on how to detect the intrusion
HP Denies Exploit Could Trigger Printer Fire
News  |  12/5/2011  | 
Security researchers warned that zero-day printer vulnerability could be exploited to overheat printers, or worse.
Debunking The Conficker-Iranian Nuclear Program Connection
Commentary  |  12/4/2011  | 
Recent claims allude to Conficker-Stuxnet relationship, but are they really credible?
Top 10 Security Mistakes SMBs Make
News  |  12/2/2011  | 
Small and midsize businesses need to work on fundamental security errors to reduce risk of costly incidents.
TSA Finds Stun Gun Disguised As Smartphone
News  |  12/2/2011  | 
Airport security agents took weapon from a female passenger at LAX as she tried to pass through checkpoint this week.
More Vendors Reacting Poorly To Disclosure
News  |  12/1/2011  | 
From Charlie Miller's latest attack on Apple's App Store to the outing of Carrier IQ, companies seem to be taking a step back and punishing researchers who disclose vulnerabilities
Obama Fortifies Efforts To Protect Critical Infrastructure
News  |  12/1/2011  | 
President asks administration to beef up efforts to work with private sector to keep power grid, Internet and other foundational U.S. networks safe.
Oracle Leaves Databases Vulnerable, Say Researchers
News  |  12/1/2011  | 
As SQL injection attacks and other advanced threats gain traction, researchers complain that Oracle's other application efforts distract it from shoring up database security.

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-07-04
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, where a user with high privileges can chain another vulnerability to this vulnerability, causing an integer overflow, possibly leading to code execution, escalation of privileges, denial of service, compromised integrity, and informat...
PUBLISHED: 2022-07-04
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmbiosPei, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure.
PUBLISHED: 2022-07-04
NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with elevated privileges and a preconditioned heap can exploit an out-of-bounds write vulnerability, which may lead to code execution, denial of service, data integrity impact, and information disclosure.
PUBLISHED: 2022-07-04
NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global data can exploit improper validation of an array index to cause code execution, which may lead to denial of service, data integrity impact, and information disclosu...
PUBLISHED: 2022-07-04
NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other ...