Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in February 2011
Newly Discovered Mac OS X, Android Trojans Reflect Cybercriminals' Expanding Targets
News  |  2/28/2011  | 
New crimeware kit is being built specifically for OS X, and new Android Trojan builds a botnet
Android Spyware Distributed By Third Party Online Marketplaces
News  |  2/25/2011  | 
On the heels of HongTouTou, Chinese security firm NetQin has found spyware -- SW.SecurePhone and SW.Qieting -- that collects messages, call logs, and other data.
Identify Theft, Financial Scams Top Internet Crimes List
News  |  2/25/2011  | 
The FBI's Internet Crime Complaint Center received more than 300,000 reports of Internet crime in 2010, according to its annual report.
Security Firm Strikes Back At Cenzic Patent Lawsuit Threat
News  |  2/24/2011  | 
NT Objectives files suit challenging claims it infringed on Cenzic's patent for "fault injection methods," security experts gathering proof of prior art
Rogue Facebook Apps Can Disable Security Settings
News  |  2/24/2011  | 
Security researchers also report that the social network's mobile app provides no SSL capabilities at all, leaving users vulnerable.
'Severe' DNS Vulnerability Leaves Systems Open To Attack
News  |  2/24/2011  | 
Security experts urge organizations running vulnerable versions of BIND to upgrade immediately to avoid a potential denial of service strike.
Many Microsoft Vulnerabilities Not Exploitable With Proper System Configuration
News  |  2/23/2011  | 
New study by eEye finds that just disabling some unneeded features can mitigate most attacks against flaws
Schwartz On Security: Security Pros' Top 2011 Threats
Commentary  |  2/23/2011  | 
While application vulnerabilities and mobile devices lead the list, perhaps it's also time to tackle security's impact on productivity.
80% Of Browsers Have Known Vulnerabilities
News  |  2/23/2011  | 
Most problems are caused by insecure plug-ins, such as Java, Adobe Reader, QuickTime, and Flash, finds Qualys.
OddJob, Zeus Mitmo Trojans Target Financial Data
News  |  2/22/2011  | 
The malware aims for bank accounts and financial details, warn security researchers at Trusteer and F-Secure.
RSA: The Saw Six Of Tradeshows
Commentary  |  2/18/2011  | 
Predictably scary, RSA offers a glimpse into the latest threats and security challenges. In this sequel, social engineering goes after social networking in a big way.
ICE Confirms Inadvertent Web Site Seizures
News  |  2/18/2011  | 
Authorities are reviewing what happened to prevent a similar misstep in the future.
New Fast-Flux Botnet Unmasked
Quick Hits  |  2/18/2011  | 
'Wibimo' botnet also employs an unusual encryption process
RSA: Defining Cyberwar And Rallying Defenders
News  |  2/17/2011  | 
We may not know exactly what cyberwar means but we know we have to work together to prepare our defenses.
Microsoft Confirms Windows Zero Day Vulnerability
News  |  2/17/2011  | 
Proof of concept code released for attack that uses malformed requests to crash any version of Windows, though remote execution appears unlikely.
RSA: HP Proposes Holistic Security
News  |  2/16/2011  | 
Following three recent security acquisitions, HP sees a chance to focus the enterprise security discussion on risk management.
Android Trojan Practices Click Fraud
News  |  2/16/2011  | 
HongTouTou malware hidden with repackaged -- typically, pirated -- applications first surfaced on third-party online software markets in China.
RSA: Working Together Works
News  |  2/15/2011  | 
But making public-private partnerships function properly isn't always easy.
Username Choices Poses Security Risks
News  |  2/15/2011  | 
Unique usernames give marketers or attackers an edge on tying a pseudonym to a real person, says a new INRIA report.
RSA: Microsoft Revises Computer Quarantine Proposal
News  |  2/15/2011  | 
Scott Charney now believes users should present claims about the health of their computers without the involvement of ISPs.
Symantec Intros Endpoint Protection 12
News  |  2/15/2011  | 
Client-side security software for SMBs will utilize cloud-based data to identify mutating malware and other rapidly changing threats, Symantec says.
RSA Announces Identity And Compliance Profiling Services For The Cloud
News  |  2/13/2011  | 
Services go into beta in the second half of this year, followed by cloud data protection, compliance verification
Product Watch: New WhiteHat Security Service Analyzes Preproduction Websites
News  |  2/13/2011  | 
Sentinel PL (PreLaunch) aimed at catching flaws before sites go live
Getting A Jump On Mobile App Security
News  |  2/11/2011  | 
OWASP, Veracode, others to pinpoint top mobile threats, best practices for writing more secure mobile apps
Google Enables Two-Factor Authentication For All
News  |  2/10/2011  | 
You can now protect your Google Account with security techniques employed by online banks.
Identity Theft Down 28% In 2010
News  |  2/9/2011  | 
While overall rates are down, incidents involving friendly fraud as well as costs for consumers are on the rise, according to Javelin Strategy & Research.
Tracking The Botnet's DNS Trail
News  |  2/8/2011  | 
Combining domain-flux detection with DNS query-failure graphing could help pinpoint the wiliest botnets
Enhanced SpyEye Trojan Poses New Threats
News  |  2/8/2011  | 
Features from Zeus crimeware toolkit lets SpyEye grab credit card numbers from hacked PCs and allows users to upgrade plug-ins after purchase.
Microsoft Security Fixes Arrive With More Vulnerabilities
News  |  2/8/2011  | 
Computer security looks more and more like a game of Whac-A-Mole.
Microsoft To Patch Three Zero Day Vulnerabilities
News  |  2/7/2011  | 
Tuesday will bring 22 fixes from Microsoft, as well as Adobe patches for Acrobat and Reader.
Google Bets $20,000 You Can't Hack Chrome
News  |  2/3/2011  | 
A special $20,000 award awaits the Pwn2Own contestant who can hack Google's Chrome browser.
Report: Exploits Rate Reaches 61 Percent
Quick Hits  |  2/3/2011  | 
Attackers exploited more new vulnerabilities in January than usual, writing exploits for half of 'critical' vulnerabilities
Waledac Botnet Contains Almost 490,000 Stolen Email Passwords
News  |  2/2/2011  | 
With numerous real-world credentials built-in, the worm can bypass many spam and security defenses, find security researchers.
Cisco Patches WebEx Bugs
News  |  2/1/2011  | 
Attacks could exploit stack overflows in WebEx Player and WebEx Media Center to compromise or crash computers.
Cross-Scripting Errors Cause Most Web App Vulnerabilities
News  |  2/1/2011  | 
Despite being easy to spot and fix, XSS bugs now account for more than half of all Web application vulnerabilities, reports Veracode.
Source Code From Older Kaspersky AV Products Posted On Web
Quick Hits  |  2/1/2011  | 
Company says the code is only a 'fragment' of an older version and had been disclosed previously

COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.