Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in March 2011
Lizamoon SQL Injection: Dead From The Get-Go
Commentary  |  3/31/2011  | 
The latest round of headline-grabbing SQL injection attacks aren't new, and they aren't very effective; in fact, Lizamoon might as well be called the little injection that couldn't
Trend Micro Nukes Zeus Botnet Server
News  |  3/31/2011  | 
PayPal, eBay, and the customers of at least 15 banks were targeted by the eliminated botnet.
Microsoft Blames Poor Development Practices For Security Risks
News  |  3/31/2011  | 
Windows and Internet Explorer are at greater risk of attacks because developers don't use mitigation technologies built into the software, said Microsoft.
NASA Servers At High Risk Of Cyber Attack
News  |  3/30/2011  | 
Auditors were able to pull encryption keys, passwords, and user account information over the Internet from systems that help control spacecraft and process critical data.
Comodo Reports Two More Registration Authorities Hacked
News  |  3/30/2011  | 
The digital certificate issuer has deactivated the affected accounts and begun to implement security and validation reforms.
BP Loses Laptop With Gulf Claimant Data
News  |  3/30/2011  | 
The missing computer, containing personally identifiable information on 13,000 people, was password-protected, but not encrypted.
'Cree.py' Social Engineering Tool Pinpoints A Person's Physical Location
Quick Hits  |  3/29/2011  | 
Free tool automates process of pulling geolocation, other information on 'targets'
Rustock Takedown Cut Spam By 33%
News  |  3/29/2011  | 
Bagel and other botnets seem to be picking up the slack, according to Symantec.
Iranian Claims Credit For Comodo Hack
News  |  3/28/2011  | 
Mozilla apologizes for not publicizing the attack more quickly and criticizes Comodo's security.
Netgear Intros Gateway Security Appliance For SMBs
News  |  3/28/2011  | 
The ProSecure UTM150 unified threat management appliance polices Web traffic to help protect company networks against employee-introduced risks from social media or malicious links.
Microsoft Wins A Botnet Battle
Commentary  |  3/28/2011  | 
The Rustok botnet was estimated to be one million PCs strong, underlining the dangers that malware can cause to businesses and consumers.
Dark Reading Report: How Malware Authors Battle To Evade Detection
News  |  3/24/2011  | 
A look at the new, ingenious ways bad guys use to frustrate analysts and evade automated security tools
Social Engineering 'Capture The Flag' Contest Returns To DefCon
Quick Hits  |  3/24/2011  | 
Changes to this year's contest include some volunteer, high-profile target companies
Gmail, Hotmail Pose Government Security Risk
News  |  3/24/2011  | 
Australian auditor recommends blocking Webmail on government networks to prevent insider and external threats.
Iran Fingered For Fraudulent Comodo SSL Certificates
News  |  3/24/2011  | 
Gmail, Hotmail, and Skype are among the domains affected by fraudulently obtained digital certificates, said Comodo.
SCADA Attack Code Released For 35 Vulnerabilities
News  |  3/23/2011  | 
Systems from Siemens, Iconics, 7-Technologies, and DATAC have security holes in their supervisory control and data acquisition software, leading the Industrial Control Systems Cyber Emergency Response Team to issue security warnings.
Federal Cyber Attacks Rose 39% In 2010
News  |  3/23/2011  | 
While total incidents reported to US-CERT were down, government networks experienced more attacks than in 2009, according to a Congressional report.
Schwartz On Security: Advanced Threats Persist And Annoy
Commentary  |  3/23/2011  | 
APTs are today's normal threat, and companies such as RSA must do better, even as the odds against them keep increasing.
ICS-CERT Issues Warnings On Vulnerabilities In Siemens, Other SCADA Products
Quick Hits  |  3/22/2011  | 
Researcher discloses 34 vulnerabilities, releases proof-of-concept attack code for four process control server software product lines
Feds Bust Stock 'Pump And Dump' Botnet Scheme
News  |  3/22/2011  | 
Authorities said a group used hacking, spam, and malware to artificially inflate securities prices and then sell shares at a profit.
Adobe Patches Critical Security Flaw
News  |  3/22/2011  | 
With attackers actively exploiting the bug to remotely execute code, Adobe recommends that all Flash, Reader, and Acrobat users upgrade immediately.
Hospital Hacker 'GhostExodus' Sentenced To 9 Years
News  |  3/22/2011  | 
Contract security guard installed malware on sensitive hospital systems to attack the Anonymous hacking collective.
A Deep Dive Into The Latest Threats
Commentary  |  3/22/2011  | 
New series of blogs will examine what the latest malware or attack really means to your organization and what to do -- or not -- about it
SecurID Customers Advised To Prepare For Worst Case
News  |  3/21/2011  | 
EMC's RSA hasn't detailed exactly what was stolen, so security experts advise the authentication system's customers to implement a more layered network defense.
RSA SecurID Customers Fear Fallout From Targeted Attack On Security Firm
News  |  3/18/2011  | 
Uncertainty about what the attackers actually took leaves many customers unsure about next steps.
Microsoft, Feds Knock Rustock Botnet Offline
Quick Hits  |  3/18/2011  | 
Authorities confiscated equipment from seven Internet hosting facilities used by the botnet, which was responsible for much of the Viagra email spam on the Internet
Microsoft, Feds Knock Rustock Botnet Offline
News  |  3/18/2011  | 
Authorities confiscated equipment from seven Internet hosting facilities used by the botnet, which was responsible for much of the Viagra email spam on the Internet.
Navy To Build System For Identifying Security Threats
News  |  3/17/2011  | 
Modus Operandi has been selected to develop a system that fuses information from a variety of sources to more quickly and efficiently gauge possible threats.
GAO Says IRS Data Security Problems Persist
News  |  3/17/2011  | 
The General Accountability Office reported that the Internal Revenue Service is still exposing taxpayer and financial information to insider-threat risks, despite making some access-control improvements.
Google Patches Chrome Zero-Day Flash Vulnerability
News  |  3/17/2011  | 
The release of Chrome 10.0.648.134 for Windows, Mac, Linux, and Chrome Frame makes the browser the first software to be protected against the Flash vulnerability now being actively exploited.
Report: New Malware Increased By 26 Percent In Past Year
Quick Hits  |  3/16/2011  | 
Average of 73,000 new samples created daily in 2011, PandaLabs reports
Denial Of Service Attacks Increased Sharply In 2010
News  |  3/16/2011  | 
DDoS attacks surpass SQL injection to become most prevalent attack vector, security vendor Trustwave reports.
Apple Web App Slowdown Prompts Conspiracy Theories
News  |  3/15/2011  | 
Some developers fear Apple is deliberately crippling Web apps, but others attribute the issue to technical and security problems.
Adobe Warns Of Active Flash Attack
News  |  3/15/2011  | 
The critical, zero-day vulnerability affects most recent versions of Flash, Reader, and Acrobat, although apparently not Reader X on Windows.
Google Issues Microsoft IE Warning
News  |  3/14/2011  | 
Activists using Microsoft Internet Explorer to access Google services are being targeted through an MHTML vulnerability.
Dark Reading Launches New Tech Center On Advanced Threats
Commentary  |  3/13/2011  | 
New subsite will offer more in-depth news coverage, analysis on next-generation threats
iPhone, BlackBerry Hacked At Pwn2Own Contest
News  |  3/11/2011  | 
Android and Windows 7 Phone remain untested at the competition.
Symantec Finds Fake Google Security Tool
News  |  3/10/2011  | 
The phony version of the Android Market Security Tool was found by Symantec on China-based, third-party Web sites that are not sanctioned by Google.
M86 Launches SMB Security Suite
News  |  3/10/2011  | 
Packaged for organizations with up to 500 seats, M86's new Web and email security software runs on Windows Server or in virtualized environments.
Safari, IE Defeated, Chrome, Firefox Survive
News  |  3/10/2011  | 
Apple and Microsoft get "pwned" again at CanSecWest's Pwn2Own hacking competition.
The Truth About Malvertising
Commentary  |  3/10/2011  | 
We tend to think of malvertising as short lived, one-oft attacks that somehow managed to momentarily breach the ad network's defenses. The reality is, malvertising is more norm than anomaly and can easily persist on major ad networks for months, even years, at a time.
Microsoft Fixes Four Flaws
News  |  3/8/2011  | 
This month's patch cycle may leave IT admins with some extra time on their hands.
Social Network Users Could Be A Click Away From Infection, Researchers Say
News  |  3/8/2011  | 
Most social nets don't screen out malware in URLs or ads, Dasient researchers find
Google Targets Android Malware Using Kill Switch
News  |  3/7/2011  | 
Additional steps are being taken to make the Android Market more secure, Google insists.
Security Tips For Virtualization
News  |  3/4/2011  | 
Spinning up VMs is easy--too easy, in fact. Fortunately, keeping virtual servers safe doesn't have to be expensive.
Hypervisor Security: Don't Trust, Verify
Commentary  |  3/4/2011  | 
Combating vulnerabilities (and passing audits) is a matter of starting from the root and working up.
Security Tips For Virtualization
News  |  3/4/2011  | 
Spinning up VMs is easy--too easy, in fact. Fortunately, keeping virtual servers safe doesn't have to be expensive.
Search Engine Malware Doubled In 2010, Report Says
News  |  3/4/2011  | 
Spam down, Twitter crime rate up by 20 percent, according to Barracuda research
Google Removes Malicious Android Apps
News  |  3/2/2011  | 
More than 50 apps in the Android Market have been identified as malicious, prompting Google to take steps to remove them.

COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Mobile App Fraud Jumped in Q1 as Attackers Pivot from Browsers
Jai Vijayan, Contributing Writer,  7/10/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...