Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in December 2011
Stuxnet, Duqu Date Back To 2007, Researcher Says
News  |  12/29/2011  | 
Two pieces of malware likely were developed by the same team on the same platform along with similar variants, according to Kaspersky Lab.
Aggressive Phishing Attack Targets Military Personnel
News  |  12/28/2011  | 
Emails containing malware, which appear to come from senior officers or legit companies, have been sent to military personnel during the holiday season.
McAfee Reveals Its 2012 Threat Predictions
News  |  12/28/2011  | 
Predictions include an increase of attacks on oil, gas, and water utility organizations
Protect Insider Data By Googling First, Often
News  |  12/27/2011  | 
Sensitive company data is often leaked via Google, Bing, and other search engines -- find it before the bad guys can
NIST Protects BIOS With New Security Guidelines
News  |  12/22/2011  | 
The standards body provides ways to detect changes to the code or configuration of a PC's startup system.
Possible New Zero-Day Windows 7 Flaw Under Investigation
Quick Hits  |  12/22/2011  | 
Specially crafted Web page viewed with Safari causes 'blue screen of death,' remote execution
7 Strategies For Better Database Security In 2012
News  |  12/22/2011  | 
Segmenting, hardening, encrypting, insuring, and planning--these are good New Year's resolutions for database administrators.
More Sykipot Malware Clues Point To China
News  |  12/21/2011  | 
Recent version of the malware, which spread using an Adobe Reader zero-day vulnerability, appeared to be seeking information relating to U.S. military drones.
Software Bug Triggered Airplane Dive Emergency
News  |  12/21/2011  | 
When an airplane system monitoring Airbus jet's altitude and position output incorrect data, flight computers failed to compensate.
Software Security: Fewer Vulnerabilities In 2011
News  |  12/21/2011  | 
There was a decline in the number of software security vulnerabilities disclosed to the public, as well as the proportion of flaws that were exploited. Is secure development paying off?
Security Holes In Software Decreased This Year, Early Data Shows
News  |  12/20/2011  | 
The number of vulnerabilities disclosed to the public fell in 2011, as did the proportion of flaws that were exploited. Is secure development paying off?
Take Off The Data Security Blinders
Commentary  |  12/20/2011  | 
You can't protect what you can't see. Use these tools to learn how and where your data is at risk
12 Groups Carry Out Most APT Attacks
News  |  12/20/2011  | 
Security consultants and the feds are tracking a dozen groups--all out of China--responsible for advanced threats.
Dastardly Dozen: A Few APT Groups Carry Out Most Attacks
News  |  12/19/2011  | 
Security consultants and the feds are tracking a dozen groups responsible for advanced threats -- all out of China
Zero Day Initiative: One Year After Throwing Down The Disclosure Gauntlet
News  |  12/19/2011  | 
Vulnerabilities reported mostly in big-name software vendors' products, and SCADA zero-day flaws on the rise, according to ZDI's annual report
Feds Indict 55 For Cyber Crime Fraud
News  |  12/19/2011  | 
Crime ring recruited insiders to steal personal information on hundreds of people, which they used to open fake accounts and steal money.
Adobe Patches Two Zero Day Vulnerabilities
News  |  12/16/2011  | 
Attackers have exploited the vulnerabilities via malicious PDFs sent to defense contractors.
Iran Hacked GPS Signals To Capture U.S. Drone
News  |  12/16/2011  | 
Exploit of well-known bug in drone's software made it think it was landing at an American airfield, not 140 miles inside Iran.
Security Researcher Details New SCADA Bugs
News  |  12/16/2011  | 
Supervisory control and data acquisition systems' programmable logic controllers could be remotely accessed and loaded with trojanized firmware.
Internet Explorer To Get 'Silent' Updates
Quick Hits  |  12/15/2011  | 
Microsoft will provide automatic upgrades to IE users -- but enterprises can opt out
Workers, Technology Need To Team To Fight Insiders
News  |  12/13/2011  | 
Bringing together groups of employees in a company with internal intelligence can help detect rogue insiders earlier, experts say
DHS, FBI Give SCADA System Vulnerability Warning
News  |  12/13/2011  | 
Hackers have infiltrated control system environments in at least three cities this year. Yet, many control systems remain Internet-connected and at risk of remote exploitation.
Database Security's Biggest Problem: People
News  |  12/12/2011  | 
Many database security projects arrive DOA because database administrators and security pros aren't singing the same tune.
Google-Sponsored Study Touts Chrome Security
News  |  12/9/2011  | 
Accuvant Lab's browser security study compared Mozilla Firefox, Google Chrome, and Microsoft Internet Explorer.
84% Of Development Apps Sport Known Vulnerabilities
News  |  12/9/2011  | 
SQL injection vulnerabilities and other flaws increase in first-version code reviews, but overall bug levels decline, reports Veracode.
Microsoft Patch Fest Includes Duqu Vulnerability
News  |  12/9/2011  | 
Security patches next week should address multiple critical vulnerabilities. Adobe will fix a Reader flaw being actively exploited to attack defense firms.
The Art Of Profiling Cybercriminals
News  |  12/8/2011  | 
New psychological and criminological studies attempt to capture a glimpse of the human behind the hack
How To Spot Malicious Insiders Before Data Theft
News  |  12/8/2011  | 
Psychologists identify warning signs that could tip you off that corporate data may be stolen.
White House Sets Cybersecurity R&D Priorities
News  |  12/7/2011  | 
Roadmap details plans to secure U.S. network infrastructure through agency collaboration, scientific research, and creating more difficult targets for hackers to attack.
Adobe Under New Zero Day Attack
News  |  12/7/2011  | 
Emergency patch for Adobe Reader and Acrobat 9.x for Windows due for release within a week.
New Open-Source Technology Locks Down User's DNS Connection
News  |  12/7/2011  | 
OpenCrypt secures connection between end users and their DNS services
Exploited Apps Depend On Attack Vector
News  |  12/6/2011  | 
While some data shows Java to be the most attacked software application, other software gives the program a run for the title
Smart Grid Security Threatened By Fragmented Control
News  |  12/6/2011  | 
MIT study finds smart grid cybersecurity led by fiefdoms, says central leadership would better protect the nation's power lines from hackers.
Best Ways To Detect Advanced Threats Once They Invade
News  |  12/5/2011  | 
If attackers want to get in, it's likely they will find a way; security experts offer advice on how to detect the intrusion
HP Denies Exploit Could Trigger Printer Fire
News  |  12/5/2011  | 
Security researchers warned that zero-day printer vulnerability could be exploited to overheat printers, or worse.
Debunking The Conficker-Iranian Nuclear Program Connection
Commentary  |  12/4/2011  | 
Recent claims allude to Conficker-Stuxnet relationship, but are they really credible?
Top 10 Security Mistakes SMBs Make
News  |  12/2/2011  | 
Small and midsize businesses need to work on fundamental security errors to reduce risk of costly incidents.
TSA Finds Stun Gun Disguised As Smartphone
News  |  12/2/2011  | 
Airport security agents took weapon from a female passenger at LAX as she tried to pass through checkpoint this week.
More Vendors Reacting Poorly To Disclosure
News  |  12/1/2011  | 
From Charlie Miller's latest attack on Apple's App Store to the outing of Carrier IQ, companies seem to be taking a step back and punishing researchers who disclose vulnerabilities
Obama Fortifies Efforts To Protect Critical Infrastructure
News  |  12/1/2011  | 
President asks administration to beef up efforts to work with private sector to keep power grid, Internet and other foundational U.S. networks safe.
Oracle Leaves Databases Vulnerable, Say Researchers
News  |  12/1/2011  | 
As SQL injection attacks and other advanced threats gain traction, researchers complain that Oracle's other application efforts distract it from shoring up database security.


AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-14540
PUBLISHED: 2019-09-15
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
CVE-2019-16332
PUBLISHED: 2019-09-15
In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.
CVE-2019-16333
PUBLISHED: 2019-09-15
GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php.
CVE-2019-16334
PUBLISHED: 2019-09-15
In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636.
CVE-2019-16335
PUBLISHED: 2019-09-15
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.