Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in February 2014
Fresh Target Breach Cards Hitting Black Market
News  |  2/28/2014  | 
A Bitcoin-powered marketplace is selling stolen card data in small batches, offering card validity guarantees, an RSA presentation reveals.
DDoS Attack! Is Regulation The Answer?
Commentary  |  2/28/2014  | 
Four security experts weigh in on why theres been little progress in combating DDoS attacks and how companies can start fighting back.
IBM Software Vulnerabilities Spiked In 2013
News  |  2/27/2014  | 
Most code flaws still involve non-Microsoft products, and overall patching speed has improved, study presented at RSA conference finds.
Bitcoin-Stealing Malware: Now In 100 Flavors
News  |  2/27/2014  | 
Specialized malware empties electronic wallets of digital currency, and antivirus often misses it, say researchers at RSA Conference.
Apple Patches Mavericks SSL Flaw: Update Now
News  |  2/26/2014  | 
Security update patches "goto fail" flaw that enables attackers to intercept communications, but won't help the 23% of Macs running older OS
RSA: Juniper Security Chief Blasts Apathy
News  |  2/26/2014  | 
In RSA keynote, Juniper Networks security exec Nawaf Bitar urges more innovation and active defense.
Apple Patches Mavericks SSL Flaw: Update Now
News  |  2/26/2014  | 
Security update patches "goto fail" flaw that enables attackers to intercept communications, but won't help the 23% of Macs running older OS X.
Apple SSL Vulnerability: 6 Facts
News  |  2/25/2014  | 
SSL vulnerability that's been patched in iOS -- but not yet for OS X -- lets attackers intercept email and FaceTime communications, plus push malicious software updates
NSA Spying Scandal Darkens Cloud Discussions At RSA
News  |  2/25/2014  | 
From Europe's efforts to create regulations for data localization to worries over the security of the cloud, the leaks of the past eight months have cast a shadow over cloud providers
Apple SSL Vulnerability: 6 Facts
News  |  2/25/2014  | 
SSL vulnerability that's been patched in iOS -- but not yet for OS X -- lets attackers intercept email and FaceTime communications, plus push malicious software updates.
Healthcare Devices: Security Researchers Sound Alarms
Quick Hits  |  2/25/2014  | 
Default usernames, weak passwords, and widespread Windows XP Embedded systems are cause for concern, SANS Institute researchers say
How I Secure My Personal Cloud
Commentary  |  2/24/2014  | 
As global cloud traffic grows exponentially, IT pros face the daunting task of securing their personal cloud, data, and workloads.
Boutique Malware & Hackers For Hire
Commentary  |  2/20/2014  | 
Heads up! Small groups of cyber-mercenaries are now conducting targeted hit-and-run attacks for anyone willing to pay the price.
Windows Crash Reports Reveal New APT, POS Attacks
News  |  2/20/2014  | 
Researchers discover zero-day attacks after studying the contents of various "Dr. Watson" error reports.
'Connect': A Modern Approach To Mobile, Cloud Identity
Commentary  |  2/19/2014  | 
A new protocol from the OpenID Foundation promises enterprises federated single sign-on that can scale.
Bye, Bitcoin: Criminals Seek Other Crypto Currency
News  |  2/18/2014  | 
Law enforcement crackdowns, hack attacks, and market volatility drive Russian fraudsters to mint their own virtual currency systems.
FIDO Alliance Releases Authentication Standards, Unveils Products
News  |  2/18/2014  | 
Proponents say the new specifications will pave the way for the replacement of passwords, which are frequently lost, stolen, or hacked.
Why FIDO Alliance Standards Will Kill Passwords
Why FIDO Alliance Standards Will Kill Passwords
Dark Reading Videos  |  2/18/2014  | 
Phillip Dunkelberger of Nok Nok Labs tells why the time is finally ripe for a password-free computing experience.
Snowman Attack Campaign Targets IE10 Zero-Day Bug
News  |  2/14/2014  | 
Military personnel appear to be the targets of watering-hole attacks from a hacked VFW website.
The Snowden Effect: Who Controls My Data?
Commentary  |  2/14/2014  | 
In todays post-NSA-spying world, the key to providing trustworthy digital services to customers is control coupled with transparency.
Crooks Hijack ATM Using USB Stick
News  |  2/14/2014  | 
Sophisticated heist used malware-laden USB sticks to steal cash from ATMs.
Data Security Dos & Donts From The Target Breach
Commentary  |  2/13/2014  | 
The holidays brought attacks on the retail industry. If you arent in retail, your industry could be next.
3 Web Security Takeaways From Wikipedia's Near Miss
Commentary  |  2/12/2014  | 
Even the most useful and benevolent websites have the potential to host malware.
Bitcoin Exchanges Buckle Under DDoS Attacks
News  |  2/12/2014  | 
Mutant transaction attacks trigger trading halts at major exchanges. Also, new bitcoin-seeking Trojan targets Mac users.
Locking Down E-Mail With Security Services
News  |  2/12/2014  | 
Companies are increasingly looking to the cloud for services to encrypt, back up, and archive their e-mail to protect from accidental leakage and intentional disruption
Cartoon: Identity Thieves
Commentary  |  2/11/2014  | 
DDoS Attack Hits 400 Gbit/s, Breaks Record
News  |  2/11/2014  | 
A distributed denial-of-service NTP reflection attack was reportedly 33% bigger than last year's attack against Spamhaus.
Florida Sting Nabs Alleged Bitcoin Money Launderers
News  |  2/10/2014  | 
Florida undercover agents posed as fraudsters seeking to convert cash -- supposedly from stolen credit cards -- into the anonymous, cryptographic currency.
Data Breach Notifications: Time For Tough Love
Commentary  |  2/7/2014  | 
Target and Neiman Marcus came clean quickly about their data breaches, but most business don't. It's time for standards -- and fines.
'Debit Or Credit' Becomes A Point-Of-Fail
News  |  2/6/2014  | 
Target's massive breach of payment cards and other retailer security incidents have stirred debate on alternative payment options at the register
Black Hat Asia 2014: The Internet Of Things
News  |  2/6/2014  | 
Here are three Briefings from Black Hat Asia 2014 that focus on hacking Net-enabled hardware
The 7 Deadly Sins of Application Security
Commentary  |  2/6/2014  | 
How can two organizations with the exact same app security program have such wildly different outcomes over time? The reason is corporate culture.
Target Breach: HVAC Contractor Systems Investigated
News  |  2/6/2014  | 
Hackers may have used access credentials stolen from refrigeration and HVAC system contractor Fazio Mechanical Services to gain remote access to Target's network.
Hotel Company Investigates Data Breach, Card Fraud
News  |  2/5/2014  | 
White Lodging, which manages 168 hotels under Hilton, Marriott, and Sheraton brand names, is investigating a suspected credit and debit card breach.
British Spies Hit Anonymous With DDoS Attacks
News  |  2/5/2014  | 
British cyber agents attacked Anonymous chat rooms, leaked intelligence documents show.
Google Study Finds Widespread Account Hijacking
News  |  2/5/2014  | 
Victims of account hacks are mad as hell but confused about how to respond.
Decline In Number Of Critical Vulnerabilities Could Be Deceiving
News  |  2/5/2014  | 
Researchers are often paid for discovering and privately disclosing software security flaws to vendors and third parties, but evidence of a market shift to paid research is still lacking
Secure Browser Alternatives On The Rise
News  |  2/4/2014  | 
The sandboxed browser on the desktop, the disposable browser session from the cloud, and now a high-security browser that by default blocks third-party cookies and online ads are all options
The Problem With Two-Factor Authentication
Commentary  |  2/4/2014  | 
The failure of corporate security strategies to protect personal identity information from hackers resides more with system architecture than with authentication technology. Here's why.
Google Sounds Chrome Browser Hijack Alarm
News  |  2/4/2014  | 
Chrome users also face subtle attacks, including Chrome extensions that inject unwanted advertisements.
Microsoft Calls For Industry Collaboration To Kill Off Malware Families
News  |  2/3/2014  | 
Working in isolation disrupts -- but doesn't wipe out -- malware
Infographic: Mobile Security Run Amok
Commentary  |  2/3/2014  | 
Where is your organization in the battle over mobile device management and security?
20 Security Startups To Watch
News  |  2/3/2014  | 
Cloud security, mobile security, advanced behavioral detection, and a few other surprises make this latest crop of newcomers worth watching.


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
6 Top Nontechnical Degrees for Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/21/2019
Anatomy of a BEC Scam
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3654
PUBLISHED: 2019-11-22
Authentication Bypass vulnerability in the Microsoft Windows client in McAfee Client Proxy (MCP) prior to 3.0.0 allows local user to bypass scanning of web traffic and gain access to blocked sites for a short period of time via generating an authorization key on the client which should only be gener...
CVE-2014-2214
PUBLISHED: 2019-11-22
Multiple cross-site scripting (XSS) vulnerabilities in POSH (aka Posh portal or Portaneo) 3.0 through 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) error parameter to /includes/plugins/mobile/scripts/login.php or (2) id parameter to portal/openrssarticle.php
CVE-2014-6310
PUBLISHED: 2019-11-22
Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function.
CVE-2014-6311
PUBLISHED: 2019-11-22
generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges.
CVE-2019-16763
PUBLISHED: 2019-11-22
In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized for data URIs (or vbscript:), allowing for potential XSS attacks. Such an attack would require a user to click on a hot spot to execute and would require an attacker-provided configuration. The most plausible potential attack would be if ...