Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in December 2013
Windows Crash Reports Open To Hijacking
Quick Hits  |  12/31/2013  | 
Attackers -- and the NSA -- can glean valuable intel from unencrypted transmissions
Security, Privacy & The Democratization Of Data
Commentary  |  12/30/2013  | 
Data gathering and profiling capabilities that today are only available to nation states will eventually be at the disposal of everyone. What then?
Researchers Reveal Snapchat Security Issues
News  |  12/27/2013  | 
Security researchers release proof-of-concept code for issues they say they disclosed months ago to Snapchat
9 Notorious Hackers Of 2013
Slideshows  |  12/27/2013  | 
This year's hacking hall of shame includes members of Anonymous and the Blackhole cybercrime gang, plus state-sponsored groups.
The Coolest Hacks Of 2013
News  |  12/27/2013  | 
Take a look back at security researchers' most extreme, creative, and just plain bizarre hacks this year.
Lessons From 5 Advanced Attacks Of 2013
News  |  12/26/2013  | 
From Cryptolocker to the destructive attacks on Korean firms to the massive flood that made Spamhaus inaccessible, attackers delivered some hard lessons in 2013
RSA Denies Trading Security For NSA Payout
News  |  12/23/2013  | 
EMC security subsidiary accused of accepting $10 million from the NSA to purposefully use encryption for which the intelligence agency enjoyed backdoor access.
Mobility & Cloud: A Double Whammy For Securing Data
Commentary  |  12/23/2013  | 
In 2014, legacy security solutions like firewalls and intrusion detection systems will no longer be sufficient to protect corporate data against BYOD and cybercrime.
Target Breach: 10 Facts
News  |  12/21/2013  | 
Experts advise consumers not to panic as suspicion falls on point-of-sale terminals used to scan credit cards.
7 Reasons Why Bitcoin Attacks Will Continue
Quick Hits  |  12/20/2013  | 
Cryptographic currency's rising value makes it an appealing target for cybercrime gangs and crimeware toolkit developers
Yes, In The Internet Of Everything, Things Will Have Passwords
Commentary  |  12/20/2013  | 
Things would have no problem remembering passwords like "[email protected]" But even for things, passwords are less than ideal.
7 Reasons Why Bitcoin Attacks Will Continue
News  |  12/19/2013  | 
Cryptographic currency's rising value makes it an appealing target for cybercrime gangs and crimeware toolkit developers.
Target Confirms Hackers Stole 40 Million Credit Cards
News  |  12/19/2013  | 
Hackers' 19-day heist scoops up all ingredients required to make counterfeit cards.
Secure Code Starts With Measuring What Developers Know
Commentary  |  12/19/2013  | 
I recently discovered Ive been teaching blindly about application security. I assumed that I know what students need to learn. Nothing could be further from the truth.
Bitcoin Hit By Gameover Malware, Chinese Crackdown
News  |  12/18/2013  | 
China gets tough with exchanges trading Bitcoins, while new malware variant targets Bitcoin customers.
My 5 Wishes For Security In 2014
Commentary  |  12/18/2013  | 
Security skeptic Dave Piscitello tells why his end-of-year InfoSec predictions are like a fine wine.
'ChewBacca' Malware Taps Tor Network
News  |  12/18/2013  | 
Malicious Trojan sporting a Star Wars theme uses Tor anonymizing network to disguise its command-and-control communications.
Advanced Power Botnet: Firefox Users, Beware
Quick Hits  |  12/17/2013  | 
Malicious Firefox plugin scans websites for exploitable SQL injection vulnerabilities
Is Mob-Busting RICO Overkill For Combating Cybercrime?
Commentary  |  12/17/2013  | 
The milestone conviction of 22-year-old David Camez for his participation in a Russian-run "carder" forum raises legitimate questions about the role of RICO in taking down cybercrime.
Advanced Power Botnet: Firefox Users, Beware
News  |  12/16/2013  | 
Malicious Firefox plugin scans websites for exploitable SQL injection vulnerabilities.
The State of IT Security: Its Broken
Commentary  |  12/16/2013  | 
Its time to move past the hyperbole of next-gen security and look to new approaches that show enterprises how to understand and assess their unique risks.
Why Fed Cybersecurity Reboot Plan Fails To Convince
Commentary  |  12/13/2013  | 
Does a presidential commission's hodgepodge analysis and suggestions for improving federal cybersecurity tells us anything we didn't already know?
Weak Security In Most Mobile Banking Apps
News  |  12/12/2013  | 
Eight of 10 iOS, Android mobile banking apps are improperly configured, new report says
Zeus Banking Malware Gets 64-Bit Facelift
News  |  12/12/2013  | 
Crimeware toolkit developers follow the money, build new features into the notorious banking malware.
Time For An 'Active Defense' Against Security Attacks
Commentary  |  12/12/2013  | 
Today's threat landscape and the mobility of our data demand much more than a castle wall approach to keep hackers at bay.
Cybercrime Milestone: Guilty Verdict In RICO Case
News  |  12/12/2013  | 
Prosecutors use law designed to take down mobsters to fight online crime.
Firms Eliminate Embedded Code To Foil Targeted Attacks
News  |  12/11/2013  | 
Security providers are developing technology to strip out, or render unusable, any potential code in popular file formats
Microsoft Patches Windows, Office, IE, SharePoint
News  |  12/11/2013  | 
Microsoft fixes include patch for in-the-wild Office 365 token-grabbing attack that enabled silent eavesdropping.
6 Tips To Secure Webcams, Stop Keyloggers
News  |  12/10/2013  | 
If the FBI can activate webcams silently and record keystrokes, so can attackers. Here's how to defend yourself.
'Imposter' Bots On The Rise
Quick Hits  |  12/10/2013  | 
A whopping 61.5 percent of all website traffic is attributed to bots of all types, new report finds
Microsoft Fails To Nuke ZeroAccess Botnet
News  |  12/10/2013  | 
Attacks may be down, but 62% of the malicious infrastructure, along with the P2P communications channel, is alive and well.
Hacking The Zero-Day Vulnerability Market
News  |  12/9/2013  | 
Private brokers sell zero-day bugs for anywhere between $40,000 and $160,000 -- and in some cases buyers could end up spending much more for lucrative targets, new analysis says
DARPA Crowdsources Bug-Spotting Games
News  |  12/9/2013  | 
DARPA debuts five different puzzle games to test whether players can spot mathematical flaws in open-source code used by the Defense Department.
What Next-Gen Security Looks Like
What Next-Gen Security Looks Like
Dark Reading Videos  |  12/9/2013  | 
The nightmare of BYOD is giving rise to a new generation of intelligent, highly scalable security products and platforms.
Cyber Monday And The Threat Of Economic Espionage
Commentary  |  12/8/2013  | 
All signs point to such an event becoming a very real possibility
Microsoft Goes Toe-To-Two With Largest Customer
Commentary  |  12/8/2013  | 
Microsoft follows Google in attempting to thwart NSA surveillance efforts
JPMorgan Chase Catches Heat On July Breach
News  |  12/6/2013  | 
The July breach may have exposed cardholders' personal information -- so why did the bank wait more than 2 months to notify state officials and affected customers?
IT Security Risk Management: Is It Worth The Cost?
Commentary  |  12/6/2013  | 
The attitude that IT security risk shouldn't be governed by traditional measures of cost and benefit is ludicrous.
Hardware Hacker Demos Zombie Drone Hijacker
News  |  12/5/2013  | 
The SkyJack drone automatically seeks out and hijacks other nearby Parrot drones. Will this mean trouble for Amazon's planned drone delivery fleet?
NSA Fallout: Microsoft Rethinks Customer Data Controls
News  |  12/5/2013  | 
Fallout over NSA surveillance drives Microsoft to promise widespread security and privacy improvements. But do they go far enough?
Why Security Awareness Is Like An Umbrella
Commentary  |  12/5/2013  | 
A small security awareness program will protect you as much as a small umbrella. So dont complain when you get wet.
Anatomy Of An Electronic Health Record Zero-Day
News  |  12/4/2013  | 
How a dangerous security flaw discovered in one of the most pervasive electronic medical record platforms in the U.S. was found and fixed before it could do damage
Bitcoin Password Grab Disguised As DDoS Attack
News  |  12/4/2013  | 
Attacks against bitcoin users continue, as online forum Bitcointalk.org warns users their passwords might have been stolen in distributed denial of service hack.
Hardware Hacker Demos Zombie Drone Hijacker
News  |  12/4/2013  | 
The SkyJack drone automatically seeks out and hijacks other nearby Parrot drones. Will this mean trouble for Amazon's planned drone delivery fleet?
Do Antivirus Companies Whitelist NSA Malware?
Commentary  |  12/4/2013  | 
Microsoft, Symantec, and McAfee fail to respond to a transparency plea from leading privacy and security experts.
Many Commercial Software Projects Contain Older, Vulnerable Open-Source Code
Quick Hits  |  12/3/2013  | 
More than one-fifth contain older and less secure versions of open-source code, new study finds
Weighing Costs Vs. Benefits Of NSA Surveillance
Commentary  |  12/3/2013  | 
What the tech industry needs the NSA to know about aligning a national security agenda with the realities of a global Internet.
Windows XP Zero-Day Vulnerability Popular
News  |  12/2/2013  | 
Attackers use malicious PDF documents to exploit bug in Windows XP and Windows Server 2003 and take full control of vulnerable systems.
Zero-Day Drive-By Attacks: Accelerating & Expanding
Commentary  |  12/2/2013  | 
The zero-day attack business is no longer just about money, and patching is no longer the best defense.
5 Protocols That Should Be Closely Watched
News  |  12/1/2013  | 
Attackers frequently scan for open SSH, FTP, and RDP ports, but companies need to watch out for attacks against less common protocols as well


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19033
PUBLISHED: 2019-11-21
Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account, by using any username and the hardcoded dev password.
CVE-2019-19191
PUBLISHED: 2019-11-21
Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user (the shibd account) after installation. This allows the user to escalate to root by pointing symlinks to files such as /etc/shadow.
CVE-2019-15511
PUBLISHED: 2019-11-21
An exploitable local privilege escalation vulnerability exists in the GalaxyClientService installed by GOG Galaxy. Due to Improper Access Control, an attacker can send unauthenticated local TCP packets to the service to gain SYSTEM privileges in Windows system where GOG Galaxy software is installed....
CVE-2019-16405
PUBLISHED: 2019-11-21
Centreon Web 19.04.4 allows Remote Code Execution by an administrator who can modify Macro Expression location settings.
CVE-2019-16406
PUBLISHED: 2019-11-21
Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron.