Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in December 2013
Windows Crash Reports Open To Hijacking
Quick Hits  |  12/31/2013  | 
Attackers -- and the NSA -- can glean valuable intel from unencrypted transmissions
Security, Privacy & The Democratization Of Data
Commentary  |  12/30/2013  | 
Data gathering and profiling capabilities that today are only available to nation states will eventually be at the disposal of everyone. What then?
Researchers Reveal Snapchat Security Issues
News  |  12/27/2013  | 
Security researchers release proof-of-concept code for issues they say they disclosed months ago to Snapchat
9 Notorious Hackers Of 2013
Slideshows  |  12/27/2013  | 
This year's hacking hall of shame includes members of Anonymous and the Blackhole cybercrime gang, plus state-sponsored groups.
The Coolest Hacks Of 2013
News  |  12/27/2013  | 
Take a look back at security researchers' most extreme, creative, and just plain bizarre hacks this year.
Lessons From 5 Advanced Attacks Of 2013
News  |  12/26/2013  | 
From Cryptolocker to the destructive attacks on Korean firms to the massive flood that made Spamhaus inaccessible, attackers delivered some hard lessons in 2013
RSA Denies Trading Security For NSA Payout
News  |  12/23/2013  | 
EMC security subsidiary accused of accepting $10 million from the NSA to purposefully use encryption for which the intelligence agency enjoyed backdoor access.
Mobility & Cloud: A Double Whammy For Securing Data
Commentary  |  12/23/2013  | 
In 2014, legacy security solutions like firewalls and intrusion detection systems will no longer be sufficient to protect corporate data against BYOD and cybercrime.
Target Breach: 10 Facts
News  |  12/21/2013  | 
Experts advise consumers not to panic as suspicion falls on point-of-sale terminals used to scan credit cards.
7 Reasons Why Bitcoin Attacks Will Continue
Quick Hits  |  12/20/2013  | 
Cryptographic currency's rising value makes it an appealing target for cybercrime gangs and crimeware toolkit developers
Yes, In The Internet Of Everything, Things Will Have Passwords
Commentary  |  12/20/2013  | 
Things would have no problem remembering passwords like "[email protected]" But even for things, passwords are less than ideal.
7 Reasons Why Bitcoin Attacks Will Continue
News  |  12/19/2013  | 
Cryptographic currency's rising value makes it an appealing target for cybercrime gangs and crimeware toolkit developers.
Target Confirms Hackers Stole 40 Million Credit Cards
News  |  12/19/2013  | 
Hackers' 19-day heist scoops up all ingredients required to make counterfeit cards.
Secure Code Starts With Measuring What Developers Know
Commentary  |  12/19/2013  | 
I recently discovered Ive been teaching blindly about application security. I assumed that I know what students need to learn. Nothing could be further from the truth.
Bitcoin Hit By Gameover Malware, Chinese Crackdown
News  |  12/18/2013  | 
China gets tough with exchanges trading Bitcoins, while new malware variant targets Bitcoin customers.
My 5 Wishes For Security In 2014
Commentary  |  12/18/2013  | 
Security skeptic Dave Piscitello tells why his end-of-year InfoSec predictions are like a fine wine.
'ChewBacca' Malware Taps Tor Network
News  |  12/18/2013  | 
Malicious Trojan sporting a Star Wars theme uses Tor anonymizing network to disguise its command-and-control communications.
Advanced Power Botnet: Firefox Users, Beware
Quick Hits  |  12/17/2013  | 
Malicious Firefox plugin scans websites for exploitable SQL injection vulnerabilities
Is Mob-Busting RICO Overkill For Combating Cybercrime?
Commentary  |  12/17/2013  | 
The milestone conviction of 22-year-old David Camez for his participation in a Russian-run "carder" forum raises legitimate questions about the role of RICO in taking down cybercrime.
Advanced Power Botnet: Firefox Users, Beware
News  |  12/16/2013  | 
Malicious Firefox plugin scans websites for exploitable SQL injection vulnerabilities.
The State of IT Security: Its Broken
Commentary  |  12/16/2013  | 
Its time to move past the hyperbole of next-gen security and look to new approaches that show enterprises how to understand and assess their unique risks.
Why Fed Cybersecurity Reboot Plan Fails To Convince
Commentary  |  12/13/2013  | 
Does a presidential commission's hodgepodge analysis and suggestions for improving federal cybersecurity tells us anything we didn't already know?
Weak Security In Most Mobile Banking Apps
News  |  12/12/2013  | 
Eight of 10 iOS, Android mobile banking apps are improperly configured, new report says
Zeus Banking Malware Gets 64-Bit Facelift
News  |  12/12/2013  | 
Crimeware toolkit developers follow the money, build new features into the notorious banking malware.
Time For An 'Active Defense' Against Security Attacks
Commentary  |  12/12/2013  | 
Today's threat landscape and the mobility of our data demand much more than a castle wall approach to keep hackers at bay.
Cybercrime Milestone: Guilty Verdict In RICO Case
News  |  12/12/2013  | 
Prosecutors use law designed to take down mobsters to fight online crime.
Firms Eliminate Embedded Code To Foil Targeted Attacks
News  |  12/11/2013  | 
Security providers are developing technology to strip out, or render unusable, any potential code in popular file formats
Microsoft Patches Windows, Office, IE, SharePoint
News  |  12/11/2013  | 
Microsoft fixes include patch for in-the-wild Office 365 token-grabbing attack that enabled silent eavesdropping.
6 Tips To Secure Webcams, Stop Keyloggers
News  |  12/10/2013  | 
If the FBI can activate webcams silently and record keystrokes, so can attackers. Here's how to defend yourself.
'Imposter' Bots On The Rise
Quick Hits  |  12/10/2013  | 
A whopping 61.5 percent of all website traffic is attributed to bots of all types, new report finds
Microsoft Fails To Nuke ZeroAccess Botnet
News  |  12/10/2013  | 
Attacks may be down, but 62% of the malicious infrastructure, along with the P2P communications channel, is alive and well.
Hacking The Zero-Day Vulnerability Market
News  |  12/9/2013  | 
Private brokers sell zero-day bugs for anywhere between $40,000 and $160,000 -- and in some cases buyers could end up spending much more for lucrative targets, new analysis says
DARPA Crowdsources Bug-Spotting Games
News  |  12/9/2013  | 
DARPA debuts five different puzzle games to test whether players can spot mathematical flaws in open-source code used by the Defense Department.
What Next-Gen Security Looks Like
What Next-Gen Security Looks Like
Dark Reading Videos  |  12/9/2013  | 
The nightmare of BYOD is giving rise to a new generation of intelligent, highly scalable security products and platforms.
Cyber Monday And The Threat Of Economic Espionage
Commentary  |  12/8/2013  | 
All signs point to such an event becoming a very real possibility
Microsoft Goes Toe-To-Two With Largest Customer
Commentary  |  12/8/2013  | 
Microsoft follows Google in attempting to thwart NSA surveillance efforts
JPMorgan Chase Catches Heat On July Breach
News  |  12/6/2013  | 
The July breach may have exposed cardholders' personal information -- so why did the bank wait more than 2 months to notify state officials and affected customers?
IT Security Risk Management: Is It Worth The Cost?
Commentary  |  12/6/2013  | 
The attitude that IT security risk shouldn't be governed by traditional measures of cost and benefit is ludicrous.
Hardware Hacker Demos Zombie Drone Hijacker
News  |  12/5/2013  | 
The SkyJack drone automatically seeks out and hijacks other nearby Parrot drones. Will this mean trouble for Amazon's planned drone delivery fleet?
NSA Fallout: Microsoft Rethinks Customer Data Controls
News  |  12/5/2013  | 
Fallout over NSA surveillance drives Microsoft to promise widespread security and privacy improvements. But do they go far enough?
Why Security Awareness Is Like An Umbrella
Commentary  |  12/5/2013  | 
A small security awareness program will protect you as much as a small umbrella. So dont complain when you get wet.
Anatomy Of An Electronic Health Record Zero-Day
News  |  12/4/2013  | 
How a dangerous security flaw discovered in one of the most pervasive electronic medical record platforms in the U.S. was found and fixed before it could do damage
Bitcoin Password Grab Disguised As DDoS Attack
News  |  12/4/2013  | 
Attacks against bitcoin users continue, as online forum Bitcointalk.org warns users their passwords might have been stolen in distributed denial of service hack.
Hardware Hacker Demos Zombie Drone Hijacker
News  |  12/4/2013  | 
The SkyJack drone automatically seeks out and hijacks other nearby Parrot drones. Will this mean trouble for Amazon's planned drone delivery fleet?
Do Antivirus Companies Whitelist NSA Malware?
Commentary  |  12/4/2013  | 
Microsoft, Symantec, and McAfee fail to respond to a transparency plea from leading privacy and security experts.
Many Commercial Software Projects Contain Older, Vulnerable Open-Source Code
Quick Hits  |  12/3/2013  | 
More than one-fifth contain older and less secure versions of open-source code, new study finds
Weighing Costs Vs. Benefits Of NSA Surveillance
Commentary  |  12/3/2013  | 
What the tech industry needs the NSA to know about aligning a national security agenda with the realities of a global Internet.
Windows XP Zero-Day Vulnerability Popular
News  |  12/2/2013  | 
Attackers use malicious PDF documents to exploit bug in Windows XP and Windows Server 2003 and take full control of vulnerable systems.
Zero-Day Drive-By Attacks: Accelerating & Expanding
Commentary  |  12/2/2013  | 
The zero-day attack business is no longer just about money, and patching is no longer the best defense.
5 Protocols That Should Be Closely Watched
News  |  12/1/2013  | 
Attackers frequently scan for open SSH, FTP, and RDP ports, but companies need to watch out for attacks against less common protocols as well


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises Are Assessing Cybersecurity Risk in Today's Environment
The adoption of cloud services spurred by the COVID-19 pandemic has resulted in pressure on cyber-risk professionals to focus on vulnerabilities and new exposures that stem from pandemic-driven changes. Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-4170
PUBLISHED: 2022-01-16
calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-0235
PUBLISHED: 2022-01-16
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-0238
PUBLISHED: 2022-01-16
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-44537
PUBLISHED: 2022-01-15
ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution.
CVE-2021-33828
PUBLISHED: 2022-01-15
The files_antivirus component before 1.0.0 for ownCloud mishandles the protection mechanism by which malicious files (that have been uploaded to a public share) are supposed to be deleted upon detection.