Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management

News & Commentary

Content tagged with Vulnerabilities / Threats posted in February 2013
Page 1 / 2   >   >>
SCADA 'Sandbox' Tests Real-World Impact Of Cyberattacks On Critical Infrastructure
News  |  2/28/2013  | 
New testbeds would help operators test software patches as well
China Targets U.S. In Hacking Blame Game
News  |  2/28/2013  | 
Responding to allegations that China regularly hacks U.S. businesses, Chinese government officials claim that 63% of cyber attacks on their military systems in 2012 came from the U.S.
MiniDuke Espionage Malware Uses Twitter To Infect PCs
News  |  2/28/2013  | 
Online espionage campaign sends malicious PDF documents to victims, and the infected PCs use Twitter to install malware that can copy and delete files.
Anonymous: 10 Things We've Learned In 2013
Slideshows  |  2/28/2013  | 
The Anonymous hacker group continues to seek equal measures of revenge, justice and reform -- preferably through chaotic means -- for perceived wrongdoings.
The Best Way To Spend Your Security Budget
Commentary  |  2/28/2013  | 
One SQL injection attack can bring in big bucks. It's a no-brainer that you should make this problem top priority
China's Cyberespionage Will Continue Unabated, Say Experts
News  |  2/27/2013  | 
The U.S. government will be slow to act against aggressors who attack through the Internet, predict policy and China experts at RSA
Flash Patch, Take Three: Adobe Issues New Fix
News  |  2/27/2013  | 
With attackers actively targeting zero-day flaws in Flash Reader, Adobe has released its third emergency Flash update this month.
SMS Spam Delivers More Malware, Scams
News  |  2/27/2013  | 
Threats are now often disguised as gift offers, product giveaways, and payment protection insurance.
2 More Java Zero-Day Vulnerabilities Emerge
Quick Hits  |  2/27/2013  | 
While Oracle investigates reports that two bugs in Java 7 could allow attackers to remotely bypass the sandbox and compromise a system, security experts reiterate: If you don't need Java, turn it off
2 More Java Zero-Day Vulnerabilities Emerge
News  |  2/26/2013  | 
While Oracle investigates reports that two bugs in Java 7 could allow attackers to remotely bypass the sandbox and compromise a system, security experts reiterate: If you don't need Java, turn it off.
RSA, Juniper Team Up In Threat Intelligence-Sharing
News  |  2/25/2013  | 
Intelligence-sharing among vendors -- and about attacks on vendors -- key to thwarting today's attacks, officials say
Google Security Vulnerability Allowed Two-Step Verification Bypass
News  |  2/25/2013  | 
Researchers at Duo Security detailed an attack that could have allowed a hacker to hijack a user's Google account
Smartphones, Foolish Security Choices
News  |  2/25/2013  | 
One quarter of smartphone users store "intimate" images on their mobile devices, says security vendor AVG.
Microsoft Hacked: Joins Apple, Facebook, Twitter
News  |  2/25/2013  | 
Microsoft's OS X users compromised by watering-hole attack launched from a third-party iOS development site.
Don't Blame China For Security Hacks, Blame Yourself
Commentary  |  2/25/2013  | 
Focus on the sorry state of your information security defenses before worrying about the Chinese, Russians, hacktivists or cybercrime gangs.
More Improvements To SIEM Than Big Data
News  |  2/22/2013  | 
For big companies looking to spend big budgets, the Big Data pitch for security information and event management (SIEM) systems is a good fit. But other improvements are on the way
Move Over, APTs -- The RAM-Based Advanced Volatile Threat Is Spinning Up Fast
News  |  2/22/2013  | 
By attacking random access memory, AVT creators make their exploits less persistent -- and harder to detect
Hacktivists Prep For International Open Data Day
News  |  2/22/2013  | 
On Saturday, International Open Data Day, cities around the world will host hackathons in an attempt to reveal useful applications of government data.
NBC Websites Hacked To Serve Citadel Financial Malware
News  |  2/22/2013  | 
RedKit exploit kit launched drive-by malware attacks from NBC websites, targeted vulnerabilities in Java and Adobe Reader.
China Denies U.S. Hacking Accusations: 6 Facts
News  |  2/21/2013  | 
Mandiant report says that an elite Chinese military hacking unit is responsible for launching APT attacks against U.S. businesses. Chinese government cries foul.
BK Hack Triggers Twitter Password Smackdown
News  |  2/21/2013  | 
"Operation Whopper" takeover of Burger King and Jeep Twitter accounts, and spoof hacks by MTV and BET, trigger Twitter's "friendly reminder" to use strong passwords.
The Road To Hell Is Authenticated By Facebook
Commentary  |  2/20/2013  | 
OAuth allows us to log into many sites using familiar credentials, from Twitter, Facebook, Google or Microsoft. The main author of the original OAuth 1.0 spec says these giants took it and made OAuth 2.0 a monstrous, complex, and insecure mess that has already brought us significant vulnerabilities
Oxford University Briefly Blocks Google Docs
News  |  2/20/2013  | 
Increase in phishing attacks prompts Oxford University to take "temporary, extreme action."
Attribution Delivers Questionable Security Value
News  |  2/20/2013  | 
Sure, politicians have some fodder for their diplomatic cannons, but do companies gain much from identifying their attackers? Experts debate the merits of attribution
Apple, Facebook Twitter Attacks: 6 Key Facts
News  |  2/20/2013  | 
FBI investigates how hackers compromised an iOS developer website to exploit Java plug-in vulnerabilities and breach major social networking and technology companies.
Oracle, Apple Issue Java Security Patches
News  |  2/20/2013  | 
Oracle updates Java 7 and issues the final-ever public update for Java 6, while Apple releases its own Java 6 update for OS X users.
Lessons Learned From A Decade Of Vulnerabilities
News  |  2/20/2013  | 
A pair of reports look at the trends in vulnerability disclosure over a decade or more. Here are four lessons from the data on more than 50,000 flaws
Anonymous Takes On State Department, More Banks
News  |  2/19/2013  | 
Hacktivist group says it will release work email addresses for more than 170 U.S. State Department employees in fifth round of Operation Last Resort attacks.
Most Americans Believe U.S. Businesses Are Vulnerable To Cyberattack, Study Says
Quick Hits  |  2/19/2013  | 
Ninety-three percent believe U.S. corporations are at least somewhat vulnerable to state-sponsored online attacks, Tenable report says
iPhone Vulnerability: Return Of The Lock Screen Bypass
Commentary  |  2/15/2013  | 
How do these errors resurface after being fixed? In Apple's case, the problem could be a weakness in their test plans or procedures
Adobe Zero-Day Attack Bypasses Sandbox
News  |  2/14/2013  | 
Adobe fumbles on the security front by not enabling -- by default -- technology built into its PDF Reader and Acrobat that would have blocked the current attacks.
Major Certificate Authorities Unite In The Name Of SSL Security
Quick Hits  |  2/14/2013  | 
Comodo, DigiCert, Entrust, GlobalSign, Go Daddy, Symantec, and Trend Micro form Certificate Authority Security Council (CASC)
Assessing Risk And Prioritizing Vulnerability Remediation
Quick Hits  |  2/14/2013  | 
Vulnerabilities crop up constantly in your IT environment. How do you choose which ones to tackle first? Here are some risk-based recommendations
Cybersecurity Executive Order Leaves Tough Work Undone
News  |  2/13/2013  | 
Government and industry must work together in challenging new ways to implement the White House's executive order on cybersecurity, top federal officials said Wednesday.
Adobe Reader, Acrobat Under Attack
News  |  2/13/2013  | 
Cue the security fatigue: Zero-day attacks target Adobe Reader and Acrobat, Adobe pushes second Flash patch, Microsoft fixes 57 flaws.
Cybercrime 2.0: It's All About The Money
News  |  2/13/2013  | 
Malware creator and hacker "business model" has shifted from high volume toward high yield, Websense study finds. IT must educate users accordingly.
Besieged By Hackers, OpenX Will Close Open Ad Platform
News  |  2/12/2013  | 
Self-service ad platform proves indefensible when hackers come knocking.
Microsoft Fixes 57 Bugs In Windows, Office, IE
News  |  2/12/2013  | 
Microsoft package of security fixes is one of the biggest updates ever; security professionals advise installing it immediately.
Zombie Alert Hoax: Emergency Broadcast System Hacked
News  |  2/12/2013  | 
Bodies of the dead are rising from their graves, warns CBS affiliate. News at 10.
Getting Into The Heads Of Departing Insiders
News  |  2/12/2013  | 
Strong policies, human decency, and targeted communication can keep the semi-malicious insider from walking out the door with valuable IP
Adobe Issues Emergency Patch For Flash Player
News  |  2/11/2013  | 
As attackers actively target new bugs in Flash Player browser plug-in, Adobe issues Windows, Mac, Linux and Android patches.
Taming Big Bad Data For Better Security
News  |  2/8/2013  | 
Companies get inundated by incident and event data from their systems, but more vendors are creating platforms for analyzing the data and picking out security intelligence
Ex-Employees Say It's OK To Take Corporate Data With Them
Quick Hits  |  2/7/2013  | 
New Symantec survey finds nearly 70 percent of employees who recently left or were fired from their job say their organizations don't prevent them from using confidential info
Barracuda Issues Security Update, Apologizes To Customers
News  |  2/7/2013  | 
Security appliance manufacturer apologizes for leaving hardcoded, undocumented accounts in its products.
Microsoft, Symantec Torpedo Massive Botnet
News  |  2/7/2013  | 
Tech companies team up to take down Bamital botnet, which generated over $1 million annually via search engine click fraud.
More Data On Attackers, But Attribution Still Dodgy
News  |  2/7/2013  | 
Identifying the groups behind attacks is still a dicey proposition, but security firms are collecting more information on attackers' techniques and their infrastructure
Email Domain Protection Effort Gains Traction
Quick Hits  |  2/6/2013  | 
Phishing and email domain abuse prevention specification DMARC marks year one with widespread adoption
Researchers Demo Building Control System Hack
News  |  2/6/2013  | 
Unpatched bugs could also ultimately expose the corporate network
DDoS Attacks Spur Concerns Over Infrastructure Weaknesses
News  |  2/6/2013  | 
The ongoing distributed denial-of-service attacks on banks have some security professionals worried about the attacks moving to less prepared industries
Fake Email Dies Under DMARC Regime
News  |  2/5/2013  | 
Authentication and cooperation, made possible by the DMARC framework, cut down on email domain abuse.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Attacker Dwell Time: Ransomware's Most Important Metric
Ricardo Villadiego, Founder and CEO of Lumu,  9/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25288
PUBLISHED: 2020-09-30
An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input's pattern attribute allows HTML injection and, if CSP settings permit, execution of arbitra...
CVE-2020-25781
PUBLISHED: 2020-09-30
An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly.
CVE-2020-25830
PUBLISHED: 2020-09-30
An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said custom field via bug_actiongroup_page.php.
CVE-2020-26159
PUBLISHED: 2020-09-30
In Oniguruma 6.9.5_rev1, an attacker able to supply a regular expression for compilation may be able to overflow a buffer by one byte in concat_opt_exact_str in src/regcomp.c .
CVE-2020-6654
PUBLISHED: 2020-09-30
A DLL Hijacking vulnerability in Eaton's 9000x Programming and Configuration Software v 2.0.38 and prior allows an attacker to execute arbitrary code by replacing the required DLLs with malicious DLLs when the software try to load vci11un6.DLL and cinpl.DLL.