Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in February 2011
Newly Discovered Mac OS X, Android Trojans Reflect Cybercriminals' Expanding Targets
News  |  2/28/2011  | 
New crimeware kit is being built specifically for OS X, and new Android Trojan builds a botnet
Android Spyware Distributed By Third Party Online Marketplaces
News  |  2/25/2011  | 
On the heels of HongTouTou, Chinese security firm NetQin has found spyware -- SW.SecurePhone and SW.Qieting -- that collects messages, call logs, and other data.
Identify Theft, Financial Scams Top Internet Crimes List
News  |  2/25/2011  | 
The FBI's Internet Crime Complaint Center received more than 300,000 reports of Internet crime in 2010, according to its annual report.
Security Firm Strikes Back At Cenzic Patent Lawsuit Threat
News  |  2/24/2011  | 
NT Objectives files suit challenging claims it infringed on Cenzic's patent for "fault injection methods," security experts gathering proof of prior art
Rogue Facebook Apps Can Disable Security Settings
News  |  2/24/2011  | 
Security researchers also report that the social network's mobile app provides no SSL capabilities at all, leaving users vulnerable.
'Severe' DNS Vulnerability Leaves Systems Open To Attack
News  |  2/24/2011  | 
Security experts urge organizations running vulnerable versions of BIND to upgrade immediately to avoid a potential denial of service strike.
Many Microsoft Vulnerabilities Not Exploitable With Proper System Configuration
News  |  2/23/2011  | 
New study by eEye finds that just disabling some unneeded features can mitigate most attacks against flaws
Schwartz On Security: Security Pros' Top 2011 Threats
Commentary  |  2/23/2011  | 
While application vulnerabilities and mobile devices lead the list, perhaps it's also time to tackle security's impact on productivity.
80% Of Browsers Have Known Vulnerabilities
News  |  2/23/2011  | 
Most problems are caused by insecure plug-ins, such as Java, Adobe Reader, QuickTime, and Flash, finds Qualys.
OddJob, Zeus Mitmo Trojans Target Financial Data
News  |  2/22/2011  | 
The malware aims for bank accounts and financial details, warn security researchers at Trusteer and F-Secure.
RSA: The Saw Six Of Tradeshows
Commentary  |  2/18/2011  | 
Predictably scary, RSA offers a glimpse into the latest threats and security challenges. In this sequel, social engineering goes after social networking in a big way.
ICE Confirms Inadvertent Web Site Seizures
News  |  2/18/2011  | 
Authorities are reviewing what happened to prevent a similar misstep in the future.
New Fast-Flux Botnet Unmasked
Quick Hits  |  2/18/2011  | 
'Wibimo' botnet also employs an unusual encryption process
RSA: Defining Cyberwar And Rallying Defenders
News  |  2/17/2011  | 
We may not know exactly what cyberwar means but we know we have to work together to prepare our defenses.
Microsoft Confirms Windows Zero Day Vulnerability
News  |  2/17/2011  | 
Proof of concept code released for attack that uses malformed requests to crash any version of Windows, though remote execution appears unlikely.
RSA: HP Proposes Holistic Security
News  |  2/16/2011  | 
Following three recent security acquisitions, HP sees a chance to focus the enterprise security discussion on risk management.
Android Trojan Practices Click Fraud
News  |  2/16/2011  | 
HongTouTou malware hidden with repackaged -- typically, pirated -- applications first surfaced on third-party online software markets in China.
RSA: Working Together Works
News  |  2/15/2011  | 
But making public-private partnerships function properly isn't always easy.
Username Choices Poses Security Risks
News  |  2/15/2011  | 
Unique usernames give marketers or attackers an edge on tying a pseudonym to a real person, says a new INRIA report.
RSA: Microsoft Revises Computer Quarantine Proposal
News  |  2/15/2011  | 
Scott Charney now believes users should present claims about the health of their computers without the involvement of ISPs.
Symantec Intros Endpoint Protection 12
News  |  2/15/2011  | 
Client-side security software for SMBs will utilize cloud-based data to identify mutating malware and other rapidly changing threats, Symantec says.
RSA Announces Identity And Compliance Profiling Services For The Cloud
News  |  2/13/2011  | 
Services go into beta in the second half of this year, followed by cloud data protection, compliance verification
Product Watch: New WhiteHat Security Service Analyzes Preproduction Websites
News  |  2/13/2011  | 
Sentinel PL (PreLaunch) aimed at catching flaws before sites go live
Getting A Jump On Mobile App Security
News  |  2/11/2011  | 
OWASP, Veracode, others to pinpoint top mobile threats, best practices for writing more secure mobile apps
Google Enables Two-Factor Authentication For All
News  |  2/10/2011  | 
You can now protect your Google Account with security techniques employed by online banks.
Identity Theft Down 28% In 2010
News  |  2/9/2011  | 
While overall rates are down, incidents involving friendly fraud as well as costs for consumers are on the rise, according to Javelin Strategy & Research.
Tracking The Botnet's DNS Trail
News  |  2/8/2011  | 
Combining domain-flux detection with DNS query-failure graphing could help pinpoint the wiliest botnets
Enhanced SpyEye Trojan Poses New Threats
News  |  2/8/2011  | 
Features from Zeus crimeware toolkit lets SpyEye grab credit card numbers from hacked PCs and allows users to upgrade plug-ins after purchase.
Microsoft Security Fixes Arrive With More Vulnerabilities
News  |  2/8/2011  | 
Computer security looks more and more like a game of Whac-A-Mole.
Microsoft To Patch Three Zero Day Vulnerabilities
News  |  2/7/2011  | 
Tuesday will bring 22 fixes from Microsoft, as well as Adobe patches for Acrobat and Reader.
Google Bets $20,000 You Can't Hack Chrome
News  |  2/3/2011  | 
A special $20,000 award awaits the Pwn2Own contestant who can hack Google's Chrome browser.
Report: Exploits Rate Reaches 61 Percent
Quick Hits  |  2/3/2011  | 
Attackers exploited more new vulnerabilities in January than usual, writing exploits for half of 'critical' vulnerabilities
Waledac Botnet Contains Almost 490,000 Stolen Email Passwords
News  |  2/2/2011  | 
With numerous real-world credentials built-in, the worm can bypass many spam and security defenses, find security researchers.
Cisco Patches WebEx Bugs
News  |  2/1/2011  | 
Attacks could exploit stack overflows in WebEx Player and WebEx Media Center to compromise or crash computers.
Cross-Scripting Errors Cause Most Web App Vulnerabilities
News  |  2/1/2011  | 
Despite being easy to spot and fix, XSS bugs now account for more than half of all Web application vulnerabilities, reports Veracode.
Source Code From Older Kaspersky AV Products Posted On Web
Quick Hits  |  2/1/2011  | 
Company says the code is only a 'fragment' of an older version and had been disclosed previously


AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16319
PUBLISHED: 2019-09-15
In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero.
CVE-2019-16320
PUBLISHED: 2019-09-15
Cobham Sea Tel v170 224521 through v194 225444 devices allow attackers to obtain potentially sensitive information, such as a vessel's latitude and longitude, via the public SNMP community.
CVE-2019-16321
PUBLISHED: 2019-09-15
ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a nonexistent resource, as demonstrated by the dwr/test/ PATH_INFO.
CVE-2019-16317
PUBLISHED: 2019-09-14
In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerabi...
CVE-2019-16318
PUBLISHED: 2019-09-14
In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317.