Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in February 2014
Fresh Target Breach Cards Hitting Black Market
News  |  2/28/2014  | 
A Bitcoin-powered marketplace is selling stolen card data in small batches, offering card validity guarantees, an RSA presentation reveals.
DDoS Attack! Is Regulation The Answer?
Commentary  |  2/28/2014  | 
Four security experts weigh in on why theres been little progress in combating DDoS attacks and how companies can start fighting back.
IBM Software Vulnerabilities Spiked In 2013
News  |  2/27/2014  | 
Most code flaws still involve non-Microsoft products, and overall patching speed has improved, study presented at RSA conference finds.
Bitcoin-Stealing Malware: Now In 100 Flavors
News  |  2/27/2014  | 
Specialized malware empties electronic wallets of digital currency, and antivirus often misses it, say researchers at RSA Conference.
Apple Patches Mavericks SSL Flaw: Update Now
News  |  2/26/2014  | 
Security update patches "goto fail" flaw that enables attackers to intercept communications, but won't help the 23% of Macs running older OS
RSA: Juniper Security Chief Blasts Apathy
News  |  2/26/2014  | 
In RSA keynote, Juniper Networks security exec Nawaf Bitar urges more innovation and active defense.
Apple Patches Mavericks SSL Flaw: Update Now
News  |  2/26/2014  | 
Security update patches "goto fail" flaw that enables attackers to intercept communications, but won't help the 23% of Macs running older OS X.
Apple SSL Vulnerability: 6 Facts
News  |  2/25/2014  | 
SSL vulnerability that's been patched in iOS -- but not yet for OS X -- lets attackers intercept email and FaceTime communications, plus push malicious software updates
NSA Spying Scandal Darkens Cloud Discussions At RSA
News  |  2/25/2014  | 
From Europe's efforts to create regulations for data localization to worries over the security of the cloud, the leaks of the past eight months have cast a shadow over cloud providers
Apple SSL Vulnerability: 6 Facts
News  |  2/25/2014  | 
SSL vulnerability that's been patched in iOS -- but not yet for OS X -- lets attackers intercept email and FaceTime communications, plus push malicious software updates.
Healthcare Devices: Security Researchers Sound Alarms
Quick Hits  |  2/25/2014  | 
Default usernames, weak passwords, and widespread Windows XP Embedded systems are cause for concern, SANS Institute researchers say
How I Secure My Personal Cloud
Commentary  |  2/24/2014  | 
As global cloud traffic grows exponentially, IT pros face the daunting task of securing their personal cloud, data, and workloads.
Boutique Malware & Hackers For Hire
Commentary  |  2/20/2014  | 
Heads up! Small groups of cyber-mercenaries are now conducting targeted hit-and-run attacks for anyone willing to pay the price.
Windows Crash Reports Reveal New APT, POS Attacks
News  |  2/20/2014  | 
Researchers discover zero-day attacks after studying the contents of various "Dr. Watson" error reports.
'Connect': A Modern Approach To Mobile, Cloud Identity
Commentary  |  2/19/2014  | 
A new protocol from the OpenID Foundation promises enterprises federated single sign-on that can scale.
Bye, Bitcoin: Criminals Seek Other Crypto Currency
News  |  2/18/2014  | 
Law enforcement crackdowns, hack attacks, and market volatility drive Russian fraudsters to mint their own virtual currency systems.
FIDO Alliance Releases Authentication Standards, Unveils Products
News  |  2/18/2014  | 
Proponents say the new specifications will pave the way for the replacement of passwords, which are frequently lost, stolen, or hacked.
Why FIDO Alliance Standards Will Kill Passwords
Why FIDO Alliance Standards Will Kill Passwords
Dark Reading Videos  |  2/18/2014  | 
Phillip Dunkelberger of Nok Nok Labs tells why the time is finally ripe for a password-free computing experience.
Snowman Attack Campaign Targets IE10 Zero-Day Bug
News  |  2/14/2014  | 
Military personnel appear to be the targets of watering-hole attacks from a hacked VFW website.
The Snowden Effect: Who Controls My Data?
Commentary  |  2/14/2014  | 
In todays post-NSA-spying world, the key to providing trustworthy digital services to customers is control coupled with transparency.
Crooks Hijack ATM Using USB Stick
News  |  2/14/2014  | 
Sophisticated heist used malware-laden USB sticks to steal cash from ATMs.
Data Security Dos & Donts From The Target Breach
Commentary  |  2/13/2014  | 
The holidays brought attacks on the retail industry. If you arent in retail, your industry could be next.
3 Web Security Takeaways From Wikipedia's Near Miss
Commentary  |  2/12/2014  | 
Even the most useful and benevolent websites have the potential to host malware.
Bitcoin Exchanges Buckle Under DDoS Attacks
News  |  2/12/2014  | 
Mutant transaction attacks trigger trading halts at major exchanges. Also, new bitcoin-seeking Trojan targets Mac users.
Locking Down E-Mail With Security Services
News  |  2/12/2014  | 
Companies are increasingly looking to the cloud for services to encrypt, back up, and archive their e-mail to protect from accidental leakage and intentional disruption
Cartoon: Identity Thieves
Commentary  |  2/11/2014  | 
DDoS Attack Hits 400 Gbit/s, Breaks Record
News  |  2/11/2014  | 
A distributed denial-of-service NTP reflection attack was reportedly 33% bigger than last year's attack against Spamhaus.
Florida Sting Nabs Alleged Bitcoin Money Launderers
News  |  2/10/2014  | 
Florida undercover agents posed as fraudsters seeking to convert cash -- supposedly from stolen credit cards -- into the anonymous, cryptographic currency.
Data Breach Notifications: Time For Tough Love
Commentary  |  2/7/2014  | 
Target and Neiman Marcus came clean quickly about their data breaches, but most business don't. It's time for standards -- and fines.
'Debit Or Credit' Becomes A Point-Of-Fail
News  |  2/6/2014  | 
Target's massive breach of payment cards and other retailer security incidents have stirred debate on alternative payment options at the register
Black Hat Asia 2014: The Internet Of Things
News  |  2/6/2014  | 
Here are three Briefings from Black Hat Asia 2014 that focus on hacking Net-enabled hardware
The 7 Deadly Sins of Application Security
Commentary  |  2/6/2014  | 
How can two organizations with the exact same app security program have such wildly different outcomes over time? The reason is corporate culture.
Target Breach: HVAC Contractor Systems Investigated
News  |  2/6/2014  | 
Hackers may have used access credentials stolen from refrigeration and HVAC system contractor Fazio Mechanical Services to gain remote access to Target's network.
Hotel Company Investigates Data Breach, Card Fraud
News  |  2/5/2014  | 
White Lodging, which manages 168 hotels under Hilton, Marriott, and Sheraton brand names, is investigating a suspected credit and debit card breach.
British Spies Hit Anonymous With DDoS Attacks
News  |  2/5/2014  | 
British cyber agents attacked Anonymous chat rooms, leaked intelligence documents show.
Google Study Finds Widespread Account Hijacking
News  |  2/5/2014  | 
Victims of account hacks are mad as hell but confused about how to respond.
Decline In Number Of Critical Vulnerabilities Could Be Deceiving
News  |  2/5/2014  | 
Researchers are often paid for discovering and privately disclosing software security flaws to vendors and third parties, but evidence of a market shift to paid research is still lacking
Secure Browser Alternatives On The Rise
News  |  2/4/2014  | 
The sandboxed browser on the desktop, the disposable browser session from the cloud, and now a high-security browser that by default blocks third-party cookies and online ads are all options
The Problem With Two-Factor Authentication
Commentary  |  2/4/2014  | 
The failure of corporate security strategies to protect personal identity information from hackers resides more with system architecture than with authentication technology. Here's why.
Google Sounds Chrome Browser Hijack Alarm
News  |  2/4/2014  | 
Chrome users also face subtle attacks, including Chrome extensions that inject unwanted advertisements.
Microsoft Calls For Industry Collaboration To Kill Off Malware Families
News  |  2/3/2014  | 
Working in isolation disrupts -- but doesn't wipe out -- malware
Infographic: Mobile Security Run Amok
Commentary  |  2/3/2014  | 
Where is your organization in the battle over mobile device management and security?
20 Security Startups To Watch
News  |  2/3/2014  | 
Cloud security, mobile security, advanced behavioral detection, and a few other surprises make this latest crop of newcomers worth watching.


AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4147
PUBLISHED: 2019-09-16
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.
CVE-2019-5481
PUBLISHED: 2019-09-16
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
CVE-2019-5482
PUBLISHED: 2019-09-16
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
CVE-2019-15741
PUBLISHED: 2019-09-16
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
CVE-2019-16370
PUBLISHED: 2019-09-16
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.