Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in February 2011
Newly Discovered Mac OS X, Android Trojans Reflect Cybercriminals' Expanding Targets
News  |  2/28/2011  | 
New crimeware kit is being built specifically for OS X, and new Android Trojan builds a botnet
Android Spyware Distributed By Third Party Online Marketplaces
News  |  2/25/2011  | 
On the heels of HongTouTou, Chinese security firm NetQin has found spyware -- SW.SecurePhone and SW.Qieting -- that collects messages, call logs, and other data.
Identify Theft, Financial Scams Top Internet Crimes List
News  |  2/25/2011  | 
The FBI's Internet Crime Complaint Center received more than 300,000 reports of Internet crime in 2010, according to its annual report.
Security Firm Strikes Back At Cenzic Patent Lawsuit Threat
News  |  2/24/2011  | 
NT Objectives files suit challenging claims it infringed on Cenzic's patent for "fault injection methods," security experts gathering proof of prior art
Rogue Facebook Apps Can Disable Security Settings
News  |  2/24/2011  | 
Security researchers also report that the social network's mobile app provides no SSL capabilities at all, leaving users vulnerable.
'Severe' DNS Vulnerability Leaves Systems Open To Attack
News  |  2/24/2011  | 
Security experts urge organizations running vulnerable versions of BIND to upgrade immediately to avoid a potential denial of service strike.
Many Microsoft Vulnerabilities Not Exploitable With Proper System Configuration
News  |  2/23/2011  | 
New study by eEye finds that just disabling some unneeded features can mitigate most attacks against flaws
Schwartz On Security: Security Pros' Top 2011 Threats
Commentary  |  2/23/2011  | 
While application vulnerabilities and mobile devices lead the list, perhaps it's also time to tackle security's impact on productivity.
80% Of Browsers Have Known Vulnerabilities
News  |  2/23/2011  | 
Most problems are caused by insecure plug-ins, such as Java, Adobe Reader, QuickTime, and Flash, finds Qualys.
OddJob, Zeus Mitmo Trojans Target Financial Data
News  |  2/22/2011  | 
The malware aims for bank accounts and financial details, warn security researchers at Trusteer and F-Secure.
RSA: The Saw Six Of Tradeshows
Commentary  |  2/18/2011  | 
Predictably scary, RSA offers a glimpse into the latest threats and security challenges. In this sequel, social engineering goes after social networking in a big way.
ICE Confirms Inadvertent Web Site Seizures
News  |  2/18/2011  | 
Authorities are reviewing what happened to prevent a similar misstep in the future.
New Fast-Flux Botnet Unmasked
Quick Hits  |  2/18/2011  | 
'Wibimo' botnet also employs an unusual encryption process
RSA: Defining Cyberwar And Rallying Defenders
News  |  2/17/2011  | 
We may not know exactly what cyberwar means but we know we have to work together to prepare our defenses.
Microsoft Confirms Windows Zero Day Vulnerability
News  |  2/17/2011  | 
Proof of concept code released for attack that uses malformed requests to crash any version of Windows, though remote execution appears unlikely.
RSA: HP Proposes Holistic Security
News  |  2/16/2011  | 
Following three recent security acquisitions, HP sees a chance to focus the enterprise security discussion on risk management.
Android Trojan Practices Click Fraud
News  |  2/16/2011  | 
HongTouTou malware hidden with repackaged -- typically, pirated -- applications first surfaced on third-party online software markets in China.
RSA: Working Together Works
News  |  2/15/2011  | 
But making public-private partnerships function properly isn't always easy.
Username Choices Poses Security Risks
News  |  2/15/2011  | 
Unique usernames give marketers or attackers an edge on tying a pseudonym to a real person, says a new INRIA report.
RSA: Microsoft Revises Computer Quarantine Proposal
News  |  2/15/2011  | 
Scott Charney now believes users should present claims about the health of their computers without the involvement of ISPs.
Symantec Intros Endpoint Protection 12
News  |  2/15/2011  | 
Client-side security software for SMBs will utilize cloud-based data to identify mutating malware and other rapidly changing threats, Symantec says.
RSA Announces Identity And Compliance Profiling Services For The Cloud
News  |  2/13/2011  | 
Services go into beta in the second half of this year, followed by cloud data protection, compliance verification
Product Watch: New WhiteHat Security Service Analyzes Preproduction Websites
News  |  2/13/2011  | 
Sentinel PL (PreLaunch) aimed at catching flaws before sites go live
Getting A Jump On Mobile App Security
News  |  2/11/2011  | 
OWASP, Veracode, others to pinpoint top mobile threats, best practices for writing more secure mobile apps
Google Enables Two-Factor Authentication For All
News  |  2/10/2011  | 
You can now protect your Google Account with security techniques employed by online banks.
Identity Theft Down 28% In 2010
News  |  2/9/2011  | 
While overall rates are down, incidents involving friendly fraud as well as costs for consumers are on the rise, according to Javelin Strategy & Research.
Tracking The Botnet's DNS Trail
News  |  2/8/2011  | 
Combining domain-flux detection with DNS query-failure graphing could help pinpoint the wiliest botnets
Enhanced SpyEye Trojan Poses New Threats
News  |  2/8/2011  | 
Features from Zeus crimeware toolkit lets SpyEye grab credit card numbers from hacked PCs and allows users to upgrade plug-ins after purchase.
Microsoft Security Fixes Arrive With More Vulnerabilities
News  |  2/8/2011  | 
Computer security looks more and more like a game of Whac-A-Mole.
Microsoft To Patch Three Zero Day Vulnerabilities
News  |  2/7/2011  | 
Tuesday will bring 22 fixes from Microsoft, as well as Adobe patches for Acrobat and Reader.
Google Bets $20,000 You Can't Hack Chrome
News  |  2/3/2011  | 
A special $20,000 award awaits the Pwn2Own contestant who can hack Google's Chrome browser.
Report: Exploits Rate Reaches 61 Percent
Quick Hits  |  2/3/2011  | 
Attackers exploited more new vulnerabilities in January than usual, writing exploits for half of 'critical' vulnerabilities
Waledac Botnet Contains Almost 490,000 Stolen Email Passwords
News  |  2/2/2011  | 
With numerous real-world credentials built-in, the worm can bypass many spam and security defenses, find security researchers.
Cisco Patches WebEx Bugs
News  |  2/1/2011  | 
Attacks could exploit stack overflows in WebEx Player and WebEx Media Center to compromise or crash computers.
Cross-Scripting Errors Cause Most Web App Vulnerabilities
News  |  2/1/2011  | 
Despite being easy to spot and fix, XSS bugs now account for more than half of all Web application vulnerabilities, reports Veracode.
Source Code From Older Kaspersky AV Products Posted On Web
Quick Hits  |  2/1/2011  | 
Company says the code is only a 'fragment' of an older version and had been disclosed previously


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19033
PUBLISHED: 2019-11-21
Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account, by using any username and the hardcoded dev password.
CVE-2019-19191
PUBLISHED: 2019-11-21
Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user (the shibd account) after installation. This allows the user to escalate to root by pointing symlinks to files such as /etc/shadow.
CVE-2019-15511
PUBLISHED: 2019-11-21
An exploitable local privilege escalation vulnerability exists in the GalaxyClientService installed by GOG Galaxy. Due to Improper Access Control, an attacker can send unauthenticated local TCP packets to the service to gain SYSTEM privileges in Windows system where GOG Galaxy software is installed....
CVE-2019-16405
PUBLISHED: 2019-11-21
Centreon Web 19.04.4 allows Remote Code Execution by an administrator who can modify Macro Expression location settings.
CVE-2019-16406
PUBLISHED: 2019-11-21
Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron.