Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in February 2014
Fresh Target Breach Cards Hitting Black Market
News  |  2/28/2014  | 
A Bitcoin-powered marketplace is selling stolen card data in small batches, offering card validity guarantees, an RSA presentation reveals.
DDoS Attack! Is Regulation The Answer?
Commentary  |  2/28/2014  | 
Four security experts weigh in on why theres been little progress in combating DDoS attacks and how companies can start fighting back.
IBM Software Vulnerabilities Spiked In 2013
News  |  2/27/2014  | 
Most code flaws still involve non-Microsoft products, and overall patching speed has improved, study presented at RSA conference finds.
Bitcoin-Stealing Malware: Now In 100 Flavors
News  |  2/27/2014  | 
Specialized malware empties electronic wallets of digital currency, and antivirus often misses it, say researchers at RSA Conference.
Apple Patches Mavericks SSL Flaw: Update Now
News  |  2/26/2014  | 
Security update patches "goto fail" flaw that enables attackers to intercept communications, but won't help the 23% of Macs running older OS
RSA: Juniper Security Chief Blasts Apathy
News  |  2/26/2014  | 
In RSA keynote, Juniper Networks security exec Nawaf Bitar urges more innovation and active defense.
Apple Patches Mavericks SSL Flaw: Update Now
News  |  2/26/2014  | 
Security update patches "goto fail" flaw that enables attackers to intercept communications, but won't help the 23% of Macs running older OS X.
Apple SSL Vulnerability: 6 Facts
News  |  2/25/2014  | 
SSL vulnerability that's been patched in iOS -- but not yet for OS X -- lets attackers intercept email and FaceTime communications, plus push malicious software updates
NSA Spying Scandal Darkens Cloud Discussions At RSA
News  |  2/25/2014  | 
From Europe's efforts to create regulations for data localization to worries over the security of the cloud, the leaks of the past eight months have cast a shadow over cloud providers
Apple SSL Vulnerability: 6 Facts
News  |  2/25/2014  | 
SSL vulnerability that's been patched in iOS -- but not yet for OS X -- lets attackers intercept email and FaceTime communications, plus push malicious software updates.
Healthcare Devices: Security Researchers Sound Alarms
Quick Hits  |  2/25/2014  | 
Default usernames, weak passwords, and widespread Windows XP Embedded systems are cause for concern, SANS Institute researchers say
How I Secure My Personal Cloud
Commentary  |  2/24/2014  | 
As global cloud traffic grows exponentially, IT pros face the daunting task of securing their personal cloud, data, and workloads.
Boutique Malware & Hackers For Hire
Commentary  |  2/20/2014  | 
Heads up! Small groups of cyber-mercenaries are now conducting targeted hit-and-run attacks for anyone willing to pay the price.
Windows Crash Reports Reveal New APT, POS Attacks
News  |  2/20/2014  | 
Researchers discover zero-day attacks after studying the contents of various "Dr. Watson" error reports.
'Connect': A Modern Approach To Mobile, Cloud Identity
Commentary  |  2/19/2014  | 
A new protocol from the OpenID Foundation promises enterprises federated single sign-on that can scale.
Bye, Bitcoin: Criminals Seek Other Crypto Currency
News  |  2/18/2014  | 
Law enforcement crackdowns, hack attacks, and market volatility drive Russian fraudsters to mint their own virtual currency systems.
FIDO Alliance Releases Authentication Standards, Unveils Products
News  |  2/18/2014  | 
Proponents say the new specifications will pave the way for the replacement of passwords, which are frequently lost, stolen, or hacked.
Why FIDO Alliance Standards Will Kill Passwords
Why FIDO Alliance Standards Will Kill Passwords
Dark Reading Videos  |  2/18/2014  | 
Phillip Dunkelberger of Nok Nok Labs tells why the time is finally ripe for a password-free computing experience.
Snowman Attack Campaign Targets IE10 Zero-Day Bug
News  |  2/14/2014  | 
Military personnel appear to be the targets of watering-hole attacks from a hacked VFW website.
The Snowden Effect: Who Controls My Data?
Commentary  |  2/14/2014  | 
In todays post-NSA-spying world, the key to providing trustworthy digital services to customers is control coupled with transparency.
Crooks Hijack ATM Using USB Stick
News  |  2/14/2014  | 
Sophisticated heist used malware-laden USB sticks to steal cash from ATMs.
Data Security Dos & Donts From The Target Breach
Commentary  |  2/13/2014  | 
The holidays brought attacks on the retail industry. If you arent in retail, your industry could be next.
3 Web Security Takeaways From Wikipedia's Near Miss
Commentary  |  2/12/2014  | 
Even the most useful and benevolent websites have the potential to host malware.
Bitcoin Exchanges Buckle Under DDoS Attacks
News  |  2/12/2014  | 
Mutant transaction attacks trigger trading halts at major exchanges. Also, new bitcoin-seeking Trojan targets Mac users.
Locking Down E-Mail With Security Services
News  |  2/12/2014  | 
Companies are increasingly looking to the cloud for services to encrypt, back up, and archive their e-mail to protect from accidental leakage and intentional disruption
Cartoon: Identity Thieves
Commentary  |  2/11/2014  | 
DDoS Attack Hits 400 Gbit/s, Breaks Record
News  |  2/11/2014  | 
A distributed denial-of-service NTP reflection attack was reportedly 33% bigger than last year's attack against Spamhaus.
Florida Sting Nabs Alleged Bitcoin Money Launderers
News  |  2/10/2014  | 
Florida undercover agents posed as fraudsters seeking to convert cash -- supposedly from stolen credit cards -- into the anonymous, cryptographic currency.
Data Breach Notifications: Time For Tough Love
Commentary  |  2/7/2014  | 
Target and Neiman Marcus came clean quickly about their data breaches, but most business don't. It's time for standards -- and fines.
'Debit Or Credit' Becomes A Point-Of-Fail
News  |  2/6/2014  | 
Target's massive breach of payment cards and other retailer security incidents have stirred debate on alternative payment options at the register
Black Hat Asia 2014: The Internet Of Things
News  |  2/6/2014  | 
Here are three Briefings from Black Hat Asia 2014 that focus on hacking Net-enabled hardware
The 7 Deadly Sins of Application Security
Commentary  |  2/6/2014  | 
How can two organizations with the exact same app security program have such wildly different outcomes over time? The reason is corporate culture.
Target Breach: HVAC Contractor Systems Investigated
News  |  2/6/2014  | 
Hackers may have used access credentials stolen from refrigeration and HVAC system contractor Fazio Mechanical Services to gain remote access to Target's network.
Hotel Company Investigates Data Breach, Card Fraud
News  |  2/5/2014  | 
White Lodging, which manages 168 hotels under Hilton, Marriott, and Sheraton brand names, is investigating a suspected credit and debit card breach.
British Spies Hit Anonymous With DDoS Attacks
News  |  2/5/2014  | 
British cyber agents attacked Anonymous chat rooms, leaked intelligence documents show.
Google Study Finds Widespread Account Hijacking
News  |  2/5/2014  | 
Victims of account hacks are mad as hell but confused about how to respond.
Decline In Number Of Critical Vulnerabilities Could Be Deceiving
News  |  2/5/2014  | 
Researchers are often paid for discovering and privately disclosing software security flaws to vendors and third parties, but evidence of a market shift to paid research is still lacking
Secure Browser Alternatives On The Rise
News  |  2/4/2014  | 
The sandboxed browser on the desktop, the disposable browser session from the cloud, and now a high-security browser that by default blocks third-party cookies and online ads are all options
The Problem With Two-Factor Authentication
Commentary  |  2/4/2014  | 
The failure of corporate security strategies to protect personal identity information from hackers resides more with system architecture than with authentication technology. Here's why.
Google Sounds Chrome Browser Hijack Alarm
News  |  2/4/2014  | 
Chrome users also face subtle attacks, including Chrome extensions that inject unwanted advertisements.
Microsoft Calls For Industry Collaboration To Kill Off Malware Families
News  |  2/3/2014  | 
Working in isolation disrupts -- but doesn't wipe out -- malware
Infographic: Mobile Security Run Amok
Commentary  |  2/3/2014  | 
Where is your organization in the battle over mobile device management and security?
20 Security Startups To Watch
News  |  2/3/2014  | 
Cloud security, mobile security, advanced behavioral detection, and a few other surprises make this latest crop of newcomers worth watching.


News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7856
PUBLISHED: 2021-04-20
A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient authentication validation.
CVE-2021-28793
PUBLISHED: 2021-04-20
vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration.
CVE-2021-25679
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed....
CVE-2021-25680
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only...
CVE-2021-25681
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. This could allow for exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary data over DNS. NOTE: The aff...