Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in February 2011
Newly Discovered Mac OS X, Android Trojans Reflect Cybercriminals' Expanding Targets
News  |  2/28/2011  | 
New crimeware kit is being built specifically for OS X, and new Android Trojan builds a botnet
Android Spyware Distributed By Third Party Online Marketplaces
News  |  2/25/2011  | 
On the heels of HongTouTou, Chinese security firm NetQin has found spyware -- SW.SecurePhone and SW.Qieting -- that collects messages, call logs, and other data.
Identify Theft, Financial Scams Top Internet Crimes List
News  |  2/25/2011  | 
The FBI's Internet Crime Complaint Center received more than 300,000 reports of Internet crime in 2010, according to its annual report.
Security Firm Strikes Back At Cenzic Patent Lawsuit Threat
News  |  2/24/2011  | 
NT Objectives files suit challenging claims it infringed on Cenzic's patent for "fault injection methods," security experts gathering proof of prior art
Rogue Facebook Apps Can Disable Security Settings
News  |  2/24/2011  | 
Security researchers also report that the social network's mobile app provides no SSL capabilities at all, leaving users vulnerable.
'Severe' DNS Vulnerability Leaves Systems Open To Attack
News  |  2/24/2011  | 
Security experts urge organizations running vulnerable versions of BIND to upgrade immediately to avoid a potential denial of service strike.
Many Microsoft Vulnerabilities Not Exploitable With Proper System Configuration
News  |  2/23/2011  | 
New study by eEye finds that just disabling some unneeded features can mitigate most attacks against flaws
Schwartz On Security: Security Pros' Top 2011 Threats
Commentary  |  2/23/2011  | 
While application vulnerabilities and mobile devices lead the list, perhaps it's also time to tackle security's impact on productivity.
80% Of Browsers Have Known Vulnerabilities
News  |  2/23/2011  | 
Most problems are caused by insecure plug-ins, such as Java, Adobe Reader, QuickTime, and Flash, finds Qualys.
OddJob, Zeus Mitmo Trojans Target Financial Data
News  |  2/22/2011  | 
The malware aims for bank accounts and financial details, warn security researchers at Trusteer and F-Secure.
RSA: The Saw Six Of Tradeshows
Commentary  |  2/18/2011  | 
Predictably scary, RSA offers a glimpse into the latest threats and security challenges. In this sequel, social engineering goes after social networking in a big way.
ICE Confirms Inadvertent Web Site Seizures
News  |  2/18/2011  | 
Authorities are reviewing what happened to prevent a similar misstep in the future.
New Fast-Flux Botnet Unmasked
Quick Hits  |  2/18/2011  | 
'Wibimo' botnet also employs an unusual encryption process
RSA: Defining Cyberwar And Rallying Defenders
News  |  2/17/2011  | 
We may not know exactly what cyberwar means but we know we have to work together to prepare our defenses.
Microsoft Confirms Windows Zero Day Vulnerability
News  |  2/17/2011  | 
Proof of concept code released for attack that uses malformed requests to crash any version of Windows, though remote execution appears unlikely.
RSA: HP Proposes Holistic Security
News  |  2/16/2011  | 
Following three recent security acquisitions, HP sees a chance to focus the enterprise security discussion on risk management.
Android Trojan Practices Click Fraud
News  |  2/16/2011  | 
HongTouTou malware hidden with repackaged -- typically, pirated -- applications first surfaced on third-party online software markets in China.
RSA: Working Together Works
News  |  2/15/2011  | 
But making public-private partnerships function properly isn't always easy.
Username Choices Poses Security Risks
News  |  2/15/2011  | 
Unique usernames give marketers or attackers an edge on tying a pseudonym to a real person, says a new INRIA report.
RSA: Microsoft Revises Computer Quarantine Proposal
News  |  2/15/2011  | 
Scott Charney now believes users should present claims about the health of their computers without the involvement of ISPs.
Symantec Intros Endpoint Protection 12
News  |  2/15/2011  | 
Client-side security software for SMBs will utilize cloud-based data to identify mutating malware and other rapidly changing threats, Symantec says.
RSA Announces Identity And Compliance Profiling Services For The Cloud
News  |  2/13/2011  | 
Services go into beta in the second half of this year, followed by cloud data protection, compliance verification
Product Watch: New WhiteHat Security Service Analyzes Preproduction Websites
News  |  2/13/2011  | 
Sentinel PL (PreLaunch) aimed at catching flaws before sites go live
Getting A Jump On Mobile App Security
News  |  2/11/2011  | 
OWASP, Veracode, others to pinpoint top mobile threats, best practices for writing more secure mobile apps
Google Enables Two-Factor Authentication For All
News  |  2/10/2011  | 
You can now protect your Google Account with security techniques employed by online banks.
Identity Theft Down 28% In 2010
News  |  2/9/2011  | 
While overall rates are down, incidents involving friendly fraud as well as costs for consumers are on the rise, according to Javelin Strategy & Research.
Tracking The Botnet's DNS Trail
News  |  2/8/2011  | 
Combining domain-flux detection with DNS query-failure graphing could help pinpoint the wiliest botnets
Enhanced SpyEye Trojan Poses New Threats
News  |  2/8/2011  | 
Features from Zeus crimeware toolkit lets SpyEye grab credit card numbers from hacked PCs and allows users to upgrade plug-ins after purchase.
Microsoft Security Fixes Arrive With More Vulnerabilities
News  |  2/8/2011  | 
Computer security looks more and more like a game of Whac-A-Mole.
Microsoft To Patch Three Zero Day Vulnerabilities
News  |  2/7/2011  | 
Tuesday will bring 22 fixes from Microsoft, as well as Adobe patches for Acrobat and Reader.
Google Bets $20,000 You Can't Hack Chrome
News  |  2/3/2011  | 
A special $20,000 award awaits the Pwn2Own contestant who can hack Google's Chrome browser.
Report: Exploits Rate Reaches 61 Percent
Quick Hits  |  2/3/2011  | 
Attackers exploited more new vulnerabilities in January than usual, writing exploits for half of 'critical' vulnerabilities
Waledac Botnet Contains Almost 490,000 Stolen Email Passwords
News  |  2/2/2011  | 
With numerous real-world credentials built-in, the worm can bypass many spam and security defenses, find security researchers.
Cisco Patches WebEx Bugs
News  |  2/1/2011  | 
Attacks could exploit stack overflows in WebEx Player and WebEx Media Center to compromise or crash computers.
Cross-Scripting Errors Cause Most Web App Vulnerabilities
News  |  2/1/2011  | 
Despite being easy to spot and fix, XSS bugs now account for more than half of all Web application vulnerabilities, reports Veracode.
Source Code From Older Kaspersky AV Products Posted On Web
Quick Hits  |  2/1/2011  | 
Company says the code is only a 'fragment' of an older version and had been disclosed previously


Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29378
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. It is possible to elevate the privilege of a CLI user (to full administrative access) by using the password [email protected]#y$z%x6x7q8c9z) for the e...
CVE-2020-29379
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. During the process of updating the firmware, the update script starts a telnetd -l /bin/sh process that does not require authentication for TELNET access.
CVE-2020-29380
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. TELNET is offered by default but SSH is not always available. An attacker can intercept passwords sent in cleartext and conduct a man-in-...
CVE-2020-29381
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. Command injection can occur in "upload tftp syslog" and "upload tftp configuration" in the CLI via a crafted filename...
CVE-2020-29382
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. A hardcoded RSA private key (specific to V1600D, V1600G1, and V1600G2) is contained in the firmware images.