Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in March 2011
Lizamoon SQL Injection: Dead From The Get-Go
Commentary  |  3/31/2011  | 
The latest round of headline-grabbing SQL injection attacks aren't new, and they aren't very effective; in fact, Lizamoon might as well be called the little injection that couldn't
Trend Micro Nukes Zeus Botnet Server
News  |  3/31/2011  | 
PayPal, eBay, and the customers of at least 15 banks were targeted by the eliminated botnet.
Microsoft Blames Poor Development Practices For Security Risks
News  |  3/31/2011  | 
Windows and Internet Explorer are at greater risk of attacks because developers don't use mitigation technologies built into the software, said Microsoft.
NASA Servers At High Risk Of Cyber Attack
News  |  3/30/2011  | 
Auditors were able to pull encryption keys, passwords, and user account information over the Internet from systems that help control spacecraft and process critical data.
Comodo Reports Two More Registration Authorities Hacked
News  |  3/30/2011  | 
The digital certificate issuer has deactivated the affected accounts and begun to implement security and validation reforms.
BP Loses Laptop With Gulf Claimant Data
News  |  3/30/2011  | 
The missing computer, containing personally identifiable information on 13,000 people, was password-protected, but not encrypted.
'Cree.py' Social Engineering Tool Pinpoints A Person's Physical Location
Quick Hits  |  3/29/2011  | 
Free tool automates process of pulling geolocation, other information on 'targets'
Rustock Takedown Cut Spam By 33%
News  |  3/29/2011  | 
Bagel and other botnets seem to be picking up the slack, according to Symantec.
Iranian Claims Credit For Comodo Hack
News  |  3/28/2011  | 
Mozilla apologizes for not publicizing the attack more quickly and criticizes Comodo's security.
Netgear Intros Gateway Security Appliance For SMBs
News  |  3/28/2011  | 
The ProSecure UTM150 unified threat management appliance polices Web traffic to help protect company networks against employee-introduced risks from social media or malicious links.
Microsoft Wins A Botnet Battle
Commentary  |  3/28/2011  | 
The Rustok botnet was estimated to be one million PCs strong, underlining the dangers that malware can cause to businesses and consumers.
Dark Reading Report: How Malware Authors Battle To Evade Detection
News  |  3/24/2011  | 
A look at the new, ingenious ways bad guys use to frustrate analysts and evade automated security tools
Social Engineering 'Capture The Flag' Contest Returns To DefCon
Quick Hits  |  3/24/2011  | 
Changes to this year's contest include some volunteer, high-profile target companies
Gmail, Hotmail Pose Government Security Risk
News  |  3/24/2011  | 
Australian auditor recommends blocking Webmail on government networks to prevent insider and external threats.
Iran Fingered For Fraudulent Comodo SSL Certificates
News  |  3/24/2011  | 
Gmail, Hotmail, and Skype are among the domains affected by fraudulently obtained digital certificates, said Comodo.
SCADA Attack Code Released For 35 Vulnerabilities
News  |  3/23/2011  | 
Systems from Siemens, Iconics, 7-Technologies, and DATAC have security holes in their supervisory control and data acquisition software, leading the Industrial Control Systems Cyber Emergency Response Team to issue security warnings.
Federal Cyber Attacks Rose 39% In 2010
News  |  3/23/2011  | 
While total incidents reported to US-CERT were down, government networks experienced more attacks than in 2009, according to a Congressional report.
Schwartz On Security: Advanced Threats Persist And Annoy
Commentary  |  3/23/2011  | 
APTs are today's normal threat, and companies such as RSA must do better, even as the odds against them keep increasing.
ICS-CERT Issues Warnings On Vulnerabilities In Siemens, Other SCADA Products
Quick Hits  |  3/22/2011  | 
Researcher discloses 34 vulnerabilities, releases proof-of-concept attack code for four process control server software product lines
Feds Bust Stock 'Pump And Dump' Botnet Scheme
News  |  3/22/2011  | 
Authorities said a group used hacking, spam, and malware to artificially inflate securities prices and then sell shares at a profit.
Adobe Patches Critical Security Flaw
News  |  3/22/2011  | 
With attackers actively exploiting the bug to remotely execute code, Adobe recommends that all Flash, Reader, and Acrobat users upgrade immediately.
Hospital Hacker 'GhostExodus' Sentenced To 9 Years
News  |  3/22/2011  | 
Contract security guard installed malware on sensitive hospital systems to attack the Anonymous hacking collective.
A Deep Dive Into The Latest Threats
Commentary  |  3/22/2011  | 
New series of blogs will examine what the latest malware or attack really means to your organization and what to do -- or not -- about it
SecurID Customers Advised To Prepare For Worst Case
News  |  3/21/2011  | 
EMC's RSA hasn't detailed exactly what was stolen, so security experts advise the authentication system's customers to implement a more layered network defense.
RSA SecurID Customers Fear Fallout From Targeted Attack On Security Firm
News  |  3/18/2011  | 
Uncertainty about what the attackers actually took leaves many customers unsure about next steps.
Microsoft, Feds Knock Rustock Botnet Offline
Quick Hits  |  3/18/2011  | 
Authorities confiscated equipment from seven Internet hosting facilities used by the botnet, which was responsible for much of the Viagra email spam on the Internet
Microsoft, Feds Knock Rustock Botnet Offline
News  |  3/18/2011  | 
Authorities confiscated equipment from seven Internet hosting facilities used by the botnet, which was responsible for much of the Viagra email spam on the Internet.
Navy To Build System For Identifying Security Threats
News  |  3/17/2011  | 
Modus Operandi has been selected to develop a system that fuses information from a variety of sources to more quickly and efficiently gauge possible threats.
GAO Says IRS Data Security Problems Persist
News  |  3/17/2011  | 
The General Accountability Office reported that the Internal Revenue Service is still exposing taxpayer and financial information to insider-threat risks, despite making some access-control improvements.
Google Patches Chrome Zero-Day Flash Vulnerability
News  |  3/17/2011  | 
The release of Chrome 10.0.648.134 for Windows, Mac, Linux, and Chrome Frame makes the browser the first software to be protected against the Flash vulnerability now being actively exploited.
Report: New Malware Increased By 26 Percent In Past Year
Quick Hits  |  3/16/2011  | 
Average of 73,000 new samples created daily in 2011, PandaLabs reports
Denial Of Service Attacks Increased Sharply In 2010
News  |  3/16/2011  | 
DDoS attacks surpass SQL injection to become most prevalent attack vector, security vendor Trustwave reports.
Apple Web App Slowdown Prompts Conspiracy Theories
News  |  3/15/2011  | 
Some developers fear Apple is deliberately crippling Web apps, but others attribute the issue to technical and security problems.
Adobe Warns Of Active Flash Attack
News  |  3/15/2011  | 
The critical, zero-day vulnerability affects most recent versions of Flash, Reader, and Acrobat, although apparently not Reader X on Windows.
Google Issues Microsoft IE Warning
News  |  3/14/2011  | 
Activists using Microsoft Internet Explorer to access Google services are being targeted through an MHTML vulnerability.
Dark Reading Launches New Tech Center On Advanced Threats
Commentary  |  3/13/2011  | 
New subsite will offer more in-depth news coverage, analysis on next-generation threats
iPhone, BlackBerry Hacked At Pwn2Own Contest
News  |  3/11/2011  | 
Android and Windows 7 Phone remain untested at the competition.
Symantec Finds Fake Google Security Tool
News  |  3/10/2011  | 
The phony version of the Android Market Security Tool was found by Symantec on China-based, third-party Web sites that are not sanctioned by Google.
M86 Launches SMB Security Suite
News  |  3/10/2011  | 
Packaged for organizations with up to 500 seats, M86's new Web and email security software runs on Windows Server or in virtualized environments.
Safari, IE Defeated, Chrome, Firefox Survive
News  |  3/10/2011  | 
Apple and Microsoft get "pwned" again at CanSecWest's Pwn2Own hacking competition.
The Truth About Malvertising
Commentary  |  3/10/2011  | 
We tend to think of malvertising as short lived, one-oft attacks that somehow managed to momentarily breach the ad network's defenses. The reality is, malvertising is more norm than anomaly and can easily persist on major ad networks for months, even years, at a time.
Microsoft Fixes Four Flaws
News  |  3/8/2011  | 
This month's patch cycle may leave IT admins with some extra time on their hands.
Social Network Users Could Be A Click Away From Infection, Researchers Say
News  |  3/8/2011  | 
Most social nets don't screen out malware in URLs or ads, Dasient researchers find
Google Targets Android Malware Using Kill Switch
News  |  3/7/2011  | 
Additional steps are being taken to make the Android Market more secure, Google insists.
Security Tips For Virtualization
News  |  3/4/2011  | 
Spinning up VMs is easy--too easy, in fact. Fortunately, keeping virtual servers safe doesn't have to be expensive.
Hypervisor Security: Don't Trust, Verify
Commentary  |  3/4/2011  | 
Combating vulnerabilities (and passing audits) is a matter of starting from the root and working up.
Security Tips For Virtualization
News  |  3/4/2011  | 
Spinning up VMs is easy--too easy, in fact. Fortunately, keeping virtual servers safe doesn't have to be expensive.
Search Engine Malware Doubled In 2010, Report Says
News  |  3/4/2011  | 
Spam down, Twitter crime rate up by 20 percent, according to Barracuda research
Google Removes Malicious Android Apps
News  |  3/2/2011  | 
More than 50 apps in the Android Market have been identified as malicious, prompting Google to take steps to remove them.

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-10-19
Cross Site Scripting (XSS). vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form.
PUBLISHED: 2021-10-19
An out-of-bounds read in the SNMP stack in Contiki-NG 4.4 and earlier allows an attacker to cause a denial of service and potentially disclose information via crafted SNMP packets to snmp_ber_decode_string_len_buffer in os/net/app-layer/snmp/snmp-ber.c.
PUBLISHED: 2021-10-19
IBM Security Risk Manager on CP4S is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 207828.
PUBLISHED: 2021-10-19
IBM Security Risk Manager on CP4S stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. IBM X-Force ID: 209940.
PUBLISHED: 2021-10-19
A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability ...