Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in February 2014
Fresh Target Breach Cards Hitting Black Market
News  |  2/28/2014  | 
A Bitcoin-powered marketplace is selling stolen card data in small batches, offering card validity guarantees, an RSA presentation reveals.
DDoS Attack! Is Regulation The Answer?
Commentary  |  2/28/2014  | 
Four security experts weigh in on why theres been little progress in combating DDoS attacks and how companies can start fighting back.
IBM Software Vulnerabilities Spiked In 2013
News  |  2/27/2014  | 
Most code flaws still involve non-Microsoft products, and overall patching speed has improved, study presented at RSA conference finds.
Bitcoin-Stealing Malware: Now In 100 Flavors
News  |  2/27/2014  | 
Specialized malware empties electronic wallets of digital currency, and antivirus often misses it, say researchers at RSA Conference.
Apple Patches Mavericks SSL Flaw: Update Now
News  |  2/26/2014  | 
Security update patches "goto fail" flaw that enables attackers to intercept communications, but won't help the 23% of Macs running older OS
RSA: Juniper Security Chief Blasts Apathy
News  |  2/26/2014  | 
In RSA keynote, Juniper Networks security exec Nawaf Bitar urges more innovation and active defense.
Apple Patches Mavericks SSL Flaw: Update Now
News  |  2/26/2014  | 
Security update patches "goto fail" flaw that enables attackers to intercept communications, but won't help the 23% of Macs running older OS X.
Apple SSL Vulnerability: 6 Facts
News  |  2/25/2014  | 
SSL vulnerability that's been patched in iOS -- but not yet for OS X -- lets attackers intercept email and FaceTime communications, plus push malicious software updates
NSA Spying Scandal Darkens Cloud Discussions At RSA
News  |  2/25/2014  | 
From Europe's efforts to create regulations for data localization to worries over the security of the cloud, the leaks of the past eight months have cast a shadow over cloud providers
Apple SSL Vulnerability: 6 Facts
News  |  2/25/2014  | 
SSL vulnerability that's been patched in iOS -- but not yet for OS X -- lets attackers intercept email and FaceTime communications, plus push malicious software updates.
Healthcare Devices: Security Researchers Sound Alarms
Quick Hits  |  2/25/2014  | 
Default usernames, weak passwords, and widespread Windows XP Embedded systems are cause for concern, SANS Institute researchers say
How I Secure My Personal Cloud
Commentary  |  2/24/2014  | 
As global cloud traffic grows exponentially, IT pros face the daunting task of securing their personal cloud, data, and workloads.
Boutique Malware & Hackers For Hire
Commentary  |  2/20/2014  | 
Heads up! Small groups of cyber-mercenaries are now conducting targeted hit-and-run attacks for anyone willing to pay the price.
Windows Crash Reports Reveal New APT, POS Attacks
News  |  2/20/2014  | 
Researchers discover zero-day attacks after studying the contents of various "Dr. Watson" error reports.
'Connect': A Modern Approach To Mobile, Cloud Identity
Commentary  |  2/19/2014  | 
A new protocol from the OpenID Foundation promises enterprises federated single sign-on that can scale.
Bye, Bitcoin: Criminals Seek Other Crypto Currency
News  |  2/18/2014  | 
Law enforcement crackdowns, hack attacks, and market volatility drive Russian fraudsters to mint their own virtual currency systems.
FIDO Alliance Releases Authentication Standards, Unveils Products
News  |  2/18/2014  | 
Proponents say the new specifications will pave the way for the replacement of passwords, which are frequently lost, stolen, or hacked.
Why FIDO Alliance Standards Will Kill Passwords
Why FIDO Alliance Standards Will Kill Passwords
Dark Reading Videos  |  2/18/2014  | 
Phillip Dunkelberger of Nok Nok Labs tells why the time is finally ripe for a password-free computing experience.
Snowman Attack Campaign Targets IE10 Zero-Day Bug
News  |  2/14/2014  | 
Military personnel appear to be the targets of watering-hole attacks from a hacked VFW website.
The Snowden Effect: Who Controls My Data?
Commentary  |  2/14/2014  | 
In todays post-NSA-spying world, the key to providing trustworthy digital services to customers is control coupled with transparency.
Crooks Hijack ATM Using USB Stick
News  |  2/14/2014  | 
Sophisticated heist used malware-laden USB sticks to steal cash from ATMs.
Data Security Dos & Donts From The Target Breach
Commentary  |  2/13/2014  | 
The holidays brought attacks on the retail industry. If you arent in retail, your industry could be next.
3 Web Security Takeaways From Wikipedia's Near Miss
Commentary  |  2/12/2014  | 
Even the most useful and benevolent websites have the potential to host malware.
Bitcoin Exchanges Buckle Under DDoS Attacks
News  |  2/12/2014  | 
Mutant transaction attacks trigger trading halts at major exchanges. Also, new bitcoin-seeking Trojan targets Mac users.
Locking Down E-Mail With Security Services
News  |  2/12/2014  | 
Companies are increasingly looking to the cloud for services to encrypt, back up, and archive their e-mail to protect from accidental leakage and intentional disruption
Cartoon: Identity Thieves
Commentary  |  2/11/2014  | 
DDoS Attack Hits 400 Gbit/s, Breaks Record
News  |  2/11/2014  | 
A distributed denial-of-service NTP reflection attack was reportedly 33% bigger than last year's attack against Spamhaus.
Florida Sting Nabs Alleged Bitcoin Money Launderers
News  |  2/10/2014  | 
Florida undercover agents posed as fraudsters seeking to convert cash -- supposedly from stolen credit cards -- into the anonymous, cryptographic currency.
Data Breach Notifications: Time For Tough Love
Commentary  |  2/7/2014  | 
Target and Neiman Marcus came clean quickly about their data breaches, but most business don't. It's time for standards -- and fines.
'Debit Or Credit' Becomes A Point-Of-Fail
News  |  2/6/2014  | 
Target's massive breach of payment cards and other retailer security incidents have stirred debate on alternative payment options at the register
Black Hat Asia 2014: The Internet Of Things
News  |  2/6/2014  | 
Here are three Briefings from Black Hat Asia 2014 that focus on hacking Net-enabled hardware
The 7 Deadly Sins of Application Security
Commentary  |  2/6/2014  | 
How can two organizations with the exact same app security program have such wildly different outcomes over time? The reason is corporate culture.
Target Breach: HVAC Contractor Systems Investigated
News  |  2/6/2014  | 
Hackers may have used access credentials stolen from refrigeration and HVAC system contractor Fazio Mechanical Services to gain remote access to Target's network.
Hotel Company Investigates Data Breach, Card Fraud
News  |  2/5/2014  | 
White Lodging, which manages 168 hotels under Hilton, Marriott, and Sheraton brand names, is investigating a suspected credit and debit card breach.
British Spies Hit Anonymous With DDoS Attacks
News  |  2/5/2014  | 
British cyber agents attacked Anonymous chat rooms, leaked intelligence documents show.
Google Study Finds Widespread Account Hijacking
News  |  2/5/2014  | 
Victims of account hacks are mad as hell but confused about how to respond.
Decline In Number Of Critical Vulnerabilities Could Be Deceiving
News  |  2/5/2014  | 
Researchers are often paid for discovering and privately disclosing software security flaws to vendors and third parties, but evidence of a market shift to paid research is still lacking
Secure Browser Alternatives On The Rise
News  |  2/4/2014  | 
The sandboxed browser on the desktop, the disposable browser session from the cloud, and now a high-security browser that by default blocks third-party cookies and online ads are all options
The Problem With Two-Factor Authentication
Commentary  |  2/4/2014  | 
The failure of corporate security strategies to protect personal identity information from hackers resides more with system architecture than with authentication technology. Here's why.
Google Sounds Chrome Browser Hijack Alarm
News  |  2/4/2014  | 
Chrome users also face subtle attacks, including Chrome extensions that inject unwanted advertisements.
Microsoft Calls For Industry Collaboration To Kill Off Malware Families
News  |  2/3/2014  | 
Working in isolation disrupts -- but doesn't wipe out -- malware
Infographic: Mobile Security Run Amok
Commentary  |  2/3/2014  | 
Where is your organization in the battle over mobile device management and security?
20 Security Startups To Watch
News  |  2/3/2014  | 
Cloud security, mobile security, advanced behavioral detection, and a few other surprises make this latest crop of newcomers worth watching.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23418
PUBLISHED: 2021-07-29
The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.
CVE-2020-5329
PUBLISHED: 2021-07-29
Dell EMC Avamar Server contains an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links.
CVE-2020-5353
PUBLISHED: 2021-07-29
The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an 'admin' home directory. An attacker may leverage a spoofed Unique Identifier (UID) over NFS to rewrite sensitive files to gain administ...
CVE-2021-21538
PUBLISHED: 2021-07-29
Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the virtual console.
CVE-2021-21546
PUBLISHED: 2021-07-29
Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosure in Log Files vulnerability. A local low-privileged user of the Networker server could potentially exploit this vulnerability to read plain-text credentials from server log files.