Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in February 2011
Newly Discovered Mac OS X, Android Trojans Reflect Cybercriminals' Expanding Targets
News  |  2/28/2011  | 
New crimeware kit is being built specifically for OS X, and new Android Trojan builds a botnet
Android Spyware Distributed By Third Party Online Marketplaces
News  |  2/25/2011  | 
On the heels of HongTouTou, Chinese security firm NetQin has found spyware -- SW.SecurePhone and SW.Qieting -- that collects messages, call logs, and other data.
Identify Theft, Financial Scams Top Internet Crimes List
News  |  2/25/2011  | 
The FBI's Internet Crime Complaint Center received more than 300,000 reports of Internet crime in 2010, according to its annual report.
Security Firm Strikes Back At Cenzic Patent Lawsuit Threat
News  |  2/24/2011  | 
NT Objectives files suit challenging claims it infringed on Cenzic's patent for "fault injection methods," security experts gathering proof of prior art
Rogue Facebook Apps Can Disable Security Settings
News  |  2/24/2011  | 
Security researchers also report that the social network's mobile app provides no SSL capabilities at all, leaving users vulnerable.
'Severe' DNS Vulnerability Leaves Systems Open To Attack
News  |  2/24/2011  | 
Security experts urge organizations running vulnerable versions of BIND to upgrade immediately to avoid a potential denial of service strike.
Many Microsoft Vulnerabilities Not Exploitable With Proper System Configuration
News  |  2/23/2011  | 
New study by eEye finds that just disabling some unneeded features can mitigate most attacks against flaws
Schwartz On Security: Security Pros' Top 2011 Threats
Commentary  |  2/23/2011  | 
While application vulnerabilities and mobile devices lead the list, perhaps it's also time to tackle security's impact on productivity.
80% Of Browsers Have Known Vulnerabilities
News  |  2/23/2011  | 
Most problems are caused by insecure plug-ins, such as Java, Adobe Reader, QuickTime, and Flash, finds Qualys.
OddJob, Zeus Mitmo Trojans Target Financial Data
News  |  2/22/2011  | 
The malware aims for bank accounts and financial details, warn security researchers at Trusteer and F-Secure.
RSA: The Saw Six Of Tradeshows
Commentary  |  2/18/2011  | 
Predictably scary, RSA offers a glimpse into the latest threats and security challenges. In this sequel, social engineering goes after social networking in a big way.
ICE Confirms Inadvertent Web Site Seizures
News  |  2/18/2011  | 
Authorities are reviewing what happened to prevent a similar misstep in the future.
New Fast-Flux Botnet Unmasked
Quick Hits  |  2/18/2011  | 
'Wibimo' botnet also employs an unusual encryption process
RSA: Defining Cyberwar And Rallying Defenders
News  |  2/17/2011  | 
We may not know exactly what cyberwar means but we know we have to work together to prepare our defenses.
Microsoft Confirms Windows Zero Day Vulnerability
News  |  2/17/2011  | 
Proof of concept code released for attack that uses malformed requests to crash any version of Windows, though remote execution appears unlikely.
RSA: HP Proposes Holistic Security
News  |  2/16/2011  | 
Following three recent security acquisitions, HP sees a chance to focus the enterprise security discussion on risk management.
Android Trojan Practices Click Fraud
News  |  2/16/2011  | 
HongTouTou malware hidden with repackaged -- typically, pirated -- applications first surfaced on third-party online software markets in China.
RSA: Working Together Works
News  |  2/15/2011  | 
But making public-private partnerships function properly isn't always easy.
Username Choices Poses Security Risks
News  |  2/15/2011  | 
Unique usernames give marketers or attackers an edge on tying a pseudonym to a real person, says a new INRIA report.
RSA: Microsoft Revises Computer Quarantine Proposal
News  |  2/15/2011  | 
Scott Charney now believes users should present claims about the health of their computers without the involvement of ISPs.
Symantec Intros Endpoint Protection 12
News  |  2/15/2011  | 
Client-side security software for SMBs will utilize cloud-based data to identify mutating malware and other rapidly changing threats, Symantec says.
RSA Announces Identity And Compliance Profiling Services For The Cloud
News  |  2/13/2011  | 
Services go into beta in the second half of this year, followed by cloud data protection, compliance verification
Product Watch: New WhiteHat Security Service Analyzes Preproduction Websites
News  |  2/13/2011  | 
Sentinel PL (PreLaunch) aimed at catching flaws before sites go live
Getting A Jump On Mobile App Security
News  |  2/11/2011  | 
OWASP, Veracode, others to pinpoint top mobile threats, best practices for writing more secure mobile apps
Google Enables Two-Factor Authentication For All
News  |  2/10/2011  | 
You can now protect your Google Account with security techniques employed by online banks.
Identity Theft Down 28% In 2010
News  |  2/9/2011  | 
While overall rates are down, incidents involving friendly fraud as well as costs for consumers are on the rise, according to Javelin Strategy & Research.
Tracking The Botnet's DNS Trail
News  |  2/8/2011  | 
Combining domain-flux detection with DNS query-failure graphing could help pinpoint the wiliest botnets
Enhanced SpyEye Trojan Poses New Threats
News  |  2/8/2011  | 
Features from Zeus crimeware toolkit lets SpyEye grab credit card numbers from hacked PCs and allows users to upgrade plug-ins after purchase.
Microsoft Security Fixes Arrive With More Vulnerabilities
News  |  2/8/2011  | 
Computer security looks more and more like a game of Whac-A-Mole.
Microsoft To Patch Three Zero Day Vulnerabilities
News  |  2/7/2011  | 
Tuesday will bring 22 fixes from Microsoft, as well as Adobe patches for Acrobat and Reader.
Google Bets $20,000 You Can't Hack Chrome
News  |  2/3/2011  | 
A special $20,000 award awaits the Pwn2Own contestant who can hack Google's Chrome browser.
Report: Exploits Rate Reaches 61 Percent
Quick Hits  |  2/3/2011  | 
Attackers exploited more new vulnerabilities in January than usual, writing exploits for half of 'critical' vulnerabilities
Waledac Botnet Contains Almost 490,000 Stolen Email Passwords
News  |  2/2/2011  | 
With numerous real-world credentials built-in, the worm can bypass many spam and security defenses, find security researchers.
Cisco Patches WebEx Bugs
News  |  2/1/2011  | 
Attacks could exploit stack overflows in WebEx Player and WebEx Media Center to compromise or crash computers.
Cross-Scripting Errors Cause Most Web App Vulnerabilities
News  |  2/1/2011  | 
Despite being easy to spot and fix, XSS bugs now account for more than half of all Web application vulnerabilities, reports Veracode.
Source Code From Older Kaspersky AV Products Posted On Web
Quick Hits  |  2/1/2011  | 
Company says the code is only a 'fragment' of an older version and had been disclosed previously


How Attackers Could Use Azure Apps to Sneak into Microsoft 365
Kelly Sheridan, Staff Editor, Dark Reading,  3/24/2020
Malicious USB Drive Hides Behind Gift Card Lure
Dark Reading Staff 3/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10940
PUBLISHED: 2020-03-27
Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.
CVE-2020-10939
PUBLISHED: 2020-03-27
Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.
CVE-2020-6095
PUBLISHED: 2020-03-27
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2020-10817
PUBLISHED: 2020-03-27
The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued.
CVE-2020-10952
PUBLISHED: 2020-03-27
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.