Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management

News & Commentary

Content tagged with Vulnerabilities / Threats posted in February 2013
Page 1 / 2   >   >>
SCADA 'Sandbox' Tests Real-World Impact Of Cyberattacks On Critical Infrastructure
News  |  2/28/2013  | 
New testbeds would help operators test software patches as well
China Targets U.S. In Hacking Blame Game
News  |  2/28/2013  | 
Responding to allegations that China regularly hacks U.S. businesses, Chinese government officials claim that 63% of cyber attacks on their military systems in 2012 came from the U.S.
MiniDuke Espionage Malware Uses Twitter To Infect PCs
News  |  2/28/2013  | 
Online espionage campaign sends malicious PDF documents to victims, and the infected PCs use Twitter to install malware that can copy and delete files.
Anonymous: 10 Things We've Learned In 2013
Slideshows  |  2/28/2013  | 
The Anonymous hacker group continues to seek equal measures of revenge, justice and reform -- preferably through chaotic means -- for perceived wrongdoings.
The Best Way To Spend Your Security Budget
Commentary  |  2/28/2013  | 
One SQL injection attack can bring in big bucks. It's a no-brainer that you should make this problem top priority
China's Cyberespionage Will Continue Unabated, Say Experts
News  |  2/27/2013  | 
The U.S. government will be slow to act against aggressors who attack through the Internet, predict policy and China experts at RSA
Flash Patch, Take Three: Adobe Issues New Fix
News  |  2/27/2013  | 
With attackers actively targeting zero-day flaws in Flash Reader, Adobe has released its third emergency Flash update this month.
SMS Spam Delivers More Malware, Scams
News  |  2/27/2013  | 
Threats are now often disguised as gift offers, product giveaways, and payment protection insurance.
2 More Java Zero-Day Vulnerabilities Emerge
Quick Hits  |  2/27/2013  | 
While Oracle investigates reports that two bugs in Java 7 could allow attackers to remotely bypass the sandbox and compromise a system, security experts reiterate: If you don't need Java, turn it off
2 More Java Zero-Day Vulnerabilities Emerge
News  |  2/26/2013  | 
While Oracle investigates reports that two bugs in Java 7 could allow attackers to remotely bypass the sandbox and compromise a system, security experts reiterate: If you don't need Java, turn it off.
RSA, Juniper Team Up In Threat Intelligence-Sharing
News  |  2/25/2013  | 
Intelligence-sharing among vendors -- and about attacks on vendors -- key to thwarting today's attacks, officials say
Google Security Vulnerability Allowed Two-Step Verification Bypass
News  |  2/25/2013  | 
Researchers at Duo Security detailed an attack that could have allowed a hacker to hijack a user's Google account
Smartphones, Foolish Security Choices
News  |  2/25/2013  | 
One quarter of smartphone users store "intimate" images on their mobile devices, says security vendor AVG.
Microsoft Hacked: Joins Apple, Facebook, Twitter
News  |  2/25/2013  | 
Microsoft's OS X users compromised by watering-hole attack launched from a third-party iOS development site.
Don't Blame China For Security Hacks, Blame Yourself
Commentary  |  2/25/2013  | 
Focus on the sorry state of your information security defenses before worrying about the Chinese, Russians, hacktivists or cybercrime gangs.
More Improvements To SIEM Than Big Data
News  |  2/22/2013  | 
For big companies looking to spend big budgets, the Big Data pitch for security information and event management (SIEM) systems is a good fit. But other improvements are on the way
Move Over, APTs -- The RAM-Based Advanced Volatile Threat Is Spinning Up Fast
News  |  2/22/2013  | 
By attacking random access memory, AVT creators make their exploits less persistent -- and harder to detect
Hacktivists Prep For International Open Data Day
News  |  2/22/2013  | 
On Saturday, International Open Data Day, cities around the world will host hackathons in an attempt to reveal useful applications of government data.
NBC Websites Hacked To Serve Citadel Financial Malware
News  |  2/22/2013  | 
RedKit exploit kit launched drive-by malware attacks from NBC websites, targeted vulnerabilities in Java and Adobe Reader.
China Denies U.S. Hacking Accusations: 6 Facts
News  |  2/21/2013  | 
Mandiant report says that an elite Chinese military hacking unit is responsible for launching APT attacks against U.S. businesses. Chinese government cries foul.
BK Hack Triggers Twitter Password Smackdown
News  |  2/21/2013  | 
"Operation Whopper" takeover of Burger King and Jeep Twitter accounts, and spoof hacks by MTV and BET, trigger Twitter's "friendly reminder" to use strong passwords.
The Road To Hell Is Authenticated By Facebook
Commentary  |  2/20/2013  | 
OAuth allows us to log into many sites using familiar credentials, from Twitter, Facebook, Google or Microsoft. The main author of the original OAuth 1.0 spec says these giants took it and made OAuth 2.0 a monstrous, complex, and insecure mess that has already brought us significant vulnerabilities
Oxford University Briefly Blocks Google Docs
News  |  2/20/2013  | 
Increase in phishing attacks prompts Oxford University to take "temporary, extreme action."
Attribution Delivers Questionable Security Value
News  |  2/20/2013  | 
Sure, politicians have some fodder for their diplomatic cannons, but do companies gain much from identifying their attackers? Experts debate the merits of attribution
Apple, Facebook Twitter Attacks: 6 Key Facts
News  |  2/20/2013  | 
FBI investigates how hackers compromised an iOS developer website to exploit Java plug-in vulnerabilities and breach major social networking and technology companies.
Oracle, Apple Issue Java Security Patches
News  |  2/20/2013  | 
Oracle updates Java 7 and issues the final-ever public update for Java 6, while Apple releases its own Java 6 update for OS X users.
Lessons Learned From A Decade Of Vulnerabilities
News  |  2/20/2013  | 
A pair of reports look at the trends in vulnerability disclosure over a decade or more. Here are four lessons from the data on more than 50,000 flaws
Anonymous Takes On State Department, More Banks
News  |  2/19/2013  | 
Hacktivist group says it will release work email addresses for more than 170 U.S. State Department employees in fifth round of Operation Last Resort attacks.
Most Americans Believe U.S. Businesses Are Vulnerable To Cyberattack, Study Says
Quick Hits  |  2/19/2013  | 
Ninety-three percent believe U.S. corporations are at least somewhat vulnerable to state-sponsored online attacks, Tenable report says
iPhone Vulnerability: Return Of The Lock Screen Bypass
Commentary  |  2/15/2013  | 
How do these errors resurface after being fixed? In Apple's case, the problem could be a weakness in their test plans or procedures
Adobe Zero-Day Attack Bypasses Sandbox
News  |  2/14/2013  | 
Adobe fumbles on the security front by not enabling -- by default -- technology built into its PDF Reader and Acrobat that would have blocked the current attacks.
Major Certificate Authorities Unite In The Name Of SSL Security
Quick Hits  |  2/14/2013  | 
Comodo, DigiCert, Entrust, GlobalSign, Go Daddy, Symantec, and Trend Micro form Certificate Authority Security Council (CASC)
Assessing Risk And Prioritizing Vulnerability Remediation
Quick Hits  |  2/14/2013  | 
Vulnerabilities crop up constantly in your IT environment. How do you choose which ones to tackle first? Here are some risk-based recommendations
Cybersecurity Executive Order Leaves Tough Work Undone
News  |  2/13/2013  | 
Government and industry must work together in challenging new ways to implement the White House's executive order on cybersecurity, top federal officials said Wednesday.
Adobe Reader, Acrobat Under Attack
News  |  2/13/2013  | 
Cue the security fatigue: Zero-day attacks target Adobe Reader and Acrobat, Adobe pushes second Flash patch, Microsoft fixes 57 flaws.
Cybercrime 2.0: It's All About The Money
News  |  2/13/2013  | 
Malware creator and hacker "business model" has shifted from high volume toward high yield, Websense study finds. IT must educate users accordingly.
Besieged By Hackers, OpenX Will Close Open Ad Platform
News  |  2/12/2013  | 
Self-service ad platform proves indefensible when hackers come knocking.
Microsoft Fixes 57 Bugs In Windows, Office, IE
News  |  2/12/2013  | 
Microsoft package of security fixes is one of the biggest updates ever; security professionals advise installing it immediately.
Zombie Alert Hoax: Emergency Broadcast System Hacked
News  |  2/12/2013  | 
Bodies of the dead are rising from their graves, warns CBS affiliate. News at 10.
Getting Into The Heads Of Departing Insiders
News  |  2/12/2013  | 
Strong policies, human decency, and targeted communication can keep the semi-malicious insider from walking out the door with valuable IP
Adobe Issues Emergency Patch For Flash Player
News  |  2/11/2013  | 
As attackers actively target new bugs in Flash Player browser plug-in, Adobe issues Windows, Mac, Linux and Android patches.
Taming Big Bad Data For Better Security
News  |  2/8/2013  | 
Companies get inundated by incident and event data from their systems, but more vendors are creating platforms for analyzing the data and picking out security intelligence
Ex-Employees Say It's OK To Take Corporate Data With Them
Quick Hits  |  2/7/2013  | 
New Symantec survey finds nearly 70 percent of employees who recently left or were fired from their job say their organizations don't prevent them from using confidential info
Barracuda Issues Security Update, Apologizes To Customers
News  |  2/7/2013  | 
Security appliance manufacturer apologizes for leaving hardcoded, undocumented accounts in its products.
Microsoft, Symantec Torpedo Massive Botnet
News  |  2/7/2013  | 
Tech companies team up to take down Bamital botnet, which generated over $1 million annually via search engine click fraud.
More Data On Attackers, But Attribution Still Dodgy
News  |  2/7/2013  | 
Identifying the groups behind attacks is still a dicey proposition, but security firms are collecting more information on attackers' techniques and their infrastructure
Email Domain Protection Effort Gains Traction
Quick Hits  |  2/6/2013  | 
Phishing and email domain abuse prevention specification DMARC marks year one with widespread adoption
Researchers Demo Building Control System Hack
News  |  2/6/2013  | 
Unpatched bugs could also ultimately expose the corporate network
DDoS Attacks Spur Concerns Over Infrastructure Weaknesses
News  |  2/6/2013  | 
The ongoing distributed denial-of-service attacks on banks have some security professionals worried about the attacks moving to less prepared industries
Fake Email Dies Under DMARC Regime
News  |  2/5/2013  | 
Authentication and cooperation, made possible by the DMARC framework, cut down on email domain abuse.
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-42556
PUBLISHED: 2021-10-22
Rasa X before 0.42.4 allows Directory Traversal during archive extraction. In the functionality that allows a user to load a trained model archive, an attacker has arbitrary write capability within specific directories via a crafted archive file.
CVE-2021-42840
PUBLISHED: 2021-10-22
SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled PHP file under the web root, because only the all-lowercase PHP file extensions were blo...
CVE-2021-29835
PUBLISHED: 2021-10-22
IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X...
CVE-2021-41171
PUBLISHED: 2021-10-22
eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows attackers to bypass a brute-force protection mechanism by using many different forged PHPSESSID values in HTTP Cookie header. This issue has been addressed by implementing bru...
CVE-2021-42836
PUBLISHED: 2021-10-22
GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack.