Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in March 2011
Lizamoon SQL Injection: Dead From The Get-Go
Commentary  |  3/31/2011  | 
The latest round of headline-grabbing SQL injection attacks aren't new, and they aren't very effective; in fact, Lizamoon might as well be called the little injection that couldn't
Trend Micro Nukes Zeus Botnet Server
News  |  3/31/2011  | 
PayPal, eBay, and the customers of at least 15 banks were targeted by the eliminated botnet.
Microsoft Blames Poor Development Practices For Security Risks
News  |  3/31/2011  | 
Windows and Internet Explorer are at greater risk of attacks because developers don't use mitigation technologies built into the software, said Microsoft.
NASA Servers At High Risk Of Cyber Attack
News  |  3/30/2011  | 
Auditors were able to pull encryption keys, passwords, and user account information over the Internet from systems that help control spacecraft and process critical data.
Comodo Reports Two More Registration Authorities Hacked
News  |  3/30/2011  | 
The digital certificate issuer has deactivated the affected accounts and begun to implement security and validation reforms.
BP Loses Laptop With Gulf Claimant Data
News  |  3/30/2011  | 
The missing computer, containing personally identifiable information on 13,000 people, was password-protected, but not encrypted.
'Cree.py' Social Engineering Tool Pinpoints A Person's Physical Location
Quick Hits  |  3/29/2011  | 
Free tool automates process of pulling geolocation, other information on 'targets'
Rustock Takedown Cut Spam By 33%
News  |  3/29/2011  | 
Bagel and other botnets seem to be picking up the slack, according to Symantec.
Iranian Claims Credit For Comodo Hack
News  |  3/28/2011  | 
Mozilla apologizes for not publicizing the attack more quickly and criticizes Comodo's security.
Netgear Intros Gateway Security Appliance For SMBs
News  |  3/28/2011  | 
The ProSecure UTM150 unified threat management appliance polices Web traffic to help protect company networks against employee-introduced risks from social media or malicious links.
Microsoft Wins A Botnet Battle
Commentary  |  3/28/2011  | 
The Rustok botnet was estimated to be one million PCs strong, underlining the dangers that malware can cause to businesses and consumers.
Dark Reading Report: How Malware Authors Battle To Evade Detection
News  |  3/24/2011  | 
A look at the new, ingenious ways bad guys use to frustrate analysts and evade automated security tools
Social Engineering 'Capture The Flag' Contest Returns To DefCon
Quick Hits  |  3/24/2011  | 
Changes to this year's contest include some volunteer, high-profile target companies
Gmail, Hotmail Pose Government Security Risk
News  |  3/24/2011  | 
Australian auditor recommends blocking Webmail on government networks to prevent insider and external threats.
Iran Fingered For Fraudulent Comodo SSL Certificates
News  |  3/24/2011  | 
Gmail, Hotmail, and Skype are among the domains affected by fraudulently obtained digital certificates, said Comodo.
SCADA Attack Code Released For 35 Vulnerabilities
News  |  3/23/2011  | 
Systems from Siemens, Iconics, 7-Technologies, and DATAC have security holes in their supervisory control and data acquisition software, leading the Industrial Control Systems Cyber Emergency Response Team to issue security warnings.
Federal Cyber Attacks Rose 39% In 2010
News  |  3/23/2011  | 
While total incidents reported to US-CERT were down, government networks experienced more attacks than in 2009, according to a Congressional report.
Schwartz On Security: Advanced Threats Persist And Annoy
Commentary  |  3/23/2011  | 
APTs are today's normal threat, and companies such as RSA must do better, even as the odds against them keep increasing.
ICS-CERT Issues Warnings On Vulnerabilities In Siemens, Other SCADA Products
Quick Hits  |  3/22/2011  | 
Researcher discloses 34 vulnerabilities, releases proof-of-concept attack code for four process control server software product lines
Feds Bust Stock 'Pump And Dump' Botnet Scheme
News  |  3/22/2011  | 
Authorities said a group used hacking, spam, and malware to artificially inflate securities prices and then sell shares at a profit.
Adobe Patches Critical Security Flaw
News  |  3/22/2011  | 
With attackers actively exploiting the bug to remotely execute code, Adobe recommends that all Flash, Reader, and Acrobat users upgrade immediately.
Hospital Hacker 'GhostExodus' Sentenced To 9 Years
News  |  3/22/2011  | 
Contract security guard installed malware on sensitive hospital systems to attack the Anonymous hacking collective.
A Deep Dive Into The Latest Threats
Commentary  |  3/22/2011  | 
New series of blogs will examine what the latest malware or attack really means to your organization and what to do -- or not -- about it
SecurID Customers Advised To Prepare For Worst Case
News  |  3/21/2011  | 
EMC's RSA hasn't detailed exactly what was stolen, so security experts advise the authentication system's customers to implement a more layered network defense.
RSA SecurID Customers Fear Fallout From Targeted Attack On Security Firm
News  |  3/18/2011  | 
Uncertainty about what the attackers actually took leaves many customers unsure about next steps.
Microsoft, Feds Knock Rustock Botnet Offline
Quick Hits  |  3/18/2011  | 
Authorities confiscated equipment from seven Internet hosting facilities used by the botnet, which was responsible for much of the Viagra email spam on the Internet
Microsoft, Feds Knock Rustock Botnet Offline
News  |  3/18/2011  | 
Authorities confiscated equipment from seven Internet hosting facilities used by the botnet, which was responsible for much of the Viagra email spam on the Internet.
Navy To Build System For Identifying Security Threats
News  |  3/17/2011  | 
Modus Operandi has been selected to develop a system that fuses information from a variety of sources to more quickly and efficiently gauge possible threats.
GAO Says IRS Data Security Problems Persist
News  |  3/17/2011  | 
The General Accountability Office reported that the Internal Revenue Service is still exposing taxpayer and financial information to insider-threat risks, despite making some access-control improvements.
Google Patches Chrome Zero-Day Flash Vulnerability
News  |  3/17/2011  | 
The release of Chrome 10.0.648.134 for Windows, Mac, Linux, and Chrome Frame makes the browser the first software to be protected against the Flash vulnerability now being actively exploited.
Report: New Malware Increased By 26 Percent In Past Year
Quick Hits  |  3/16/2011  | 
Average of 73,000 new samples created daily in 2011, PandaLabs reports
Denial Of Service Attacks Increased Sharply In 2010
News  |  3/16/2011  | 
DDoS attacks surpass SQL injection to become most prevalent attack vector, security vendor Trustwave reports.
Apple Web App Slowdown Prompts Conspiracy Theories
News  |  3/15/2011  | 
Some developers fear Apple is deliberately crippling Web apps, but others attribute the issue to technical and security problems.
Adobe Warns Of Active Flash Attack
News  |  3/15/2011  | 
The critical, zero-day vulnerability affects most recent versions of Flash, Reader, and Acrobat, although apparently not Reader X on Windows.
Google Issues Microsoft IE Warning
News  |  3/14/2011  | 
Activists using Microsoft Internet Explorer to access Google services are being targeted through an MHTML vulnerability.
Dark Reading Launches New Tech Center On Advanced Threats
Commentary  |  3/13/2011  | 
New subsite will offer more in-depth news coverage, analysis on next-generation threats
iPhone, BlackBerry Hacked At Pwn2Own Contest
News  |  3/11/2011  | 
Android and Windows 7 Phone remain untested at the competition.
Symantec Finds Fake Google Security Tool
News  |  3/10/2011  | 
The phony version of the Android Market Security Tool was found by Symantec on China-based, third-party Web sites that are not sanctioned by Google.
M86 Launches SMB Security Suite
News  |  3/10/2011  | 
Packaged for organizations with up to 500 seats, M86's new Web and email security software runs on Windows Server or in virtualized environments.
Safari, IE Defeated, Chrome, Firefox Survive
News  |  3/10/2011  | 
Apple and Microsoft get "pwned" again at CanSecWest's Pwn2Own hacking competition.
The Truth About Malvertising
Commentary  |  3/10/2011  | 
We tend to think of malvertising as short lived, one-oft attacks that somehow managed to momentarily breach the ad network's defenses. The reality is, malvertising is more norm than anomaly and can easily persist on major ad networks for months, even years, at a time.
Microsoft Fixes Four Flaws
News  |  3/8/2011  | 
This month's patch cycle may leave IT admins with some extra time on their hands.
Social Network Users Could Be A Click Away From Infection, Researchers Say
News  |  3/8/2011  | 
Most social nets don't screen out malware in URLs or ads, Dasient researchers find
Google Targets Android Malware Using Kill Switch
News  |  3/7/2011  | 
Additional steps are being taken to make the Android Market more secure, Google insists.
Security Tips For Virtualization
News  |  3/4/2011  | 
Spinning up VMs is easy--too easy, in fact. Fortunately, keeping virtual servers safe doesn't have to be expensive.
Security Tips For Virtualization
News  |  3/4/2011  | 
Spinning up VMs is easy--too easy, in fact. Fortunately, keeping virtual servers safe doesn't have to be expensive.
Hypervisor Security: Don't Trust, Verify
Commentary  |  3/4/2011  | 
Combating vulnerabilities (and passing audits) is a matter of starting from the root and working up.
Search Engine Malware Doubled In 2010, Report Says
News  |  3/4/2011  | 
Spam down, Twitter crime rate up by 20 percent, according to Barracuda research
Google Removes Malicious Android Apps
News  |  3/2/2011  | 
More than 50 apps in the Android Market have been identified as malicious, prompting Google to take steps to remove them.


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
TPM-Fail: What It Means & What to Do About It
Ari Singer, CTO at TrustPhi,  11/19/2019
Americans Fed Up with Lack of Data Privacy
Robert Lemos, Contributing Writer,  11/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19227
PUBLISHED: 2019-11-22
In the AppleTalk subsystem in the Linux kernel before 5.1, there is a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client, aka CID-9804501fa122.
CVE-2019-10203
PUBLISHED: 2019-11-22
PowerDNS Authoritative daemon , all versions pdns 4.1.x before pdns 4.1.10, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS.
CVE-2019-10206
PUBLISHED: 2019-11-22
ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.
CVE-2018-10854
PUBLISHED: 2019-11-22
cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. A flaw was found in CloudForms's v2v infrastructure mapping delete feature. A stored cross-site scripting due to improper sanitization of user input in Name field.
CVE-2019-13157
PUBLISHED: 2019-11-22
nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive.