Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in March 2011
Lizamoon SQL Injection: Dead From The Get-Go
Commentary  |  3/31/2011  | 
The latest round of headline-grabbing SQL injection attacks aren't new, and they aren't very effective; in fact, Lizamoon might as well be called the little injection that couldn't
Trend Micro Nukes Zeus Botnet Server
News  |  3/31/2011  | 
PayPal, eBay, and the customers of at least 15 banks were targeted by the eliminated botnet.
Microsoft Blames Poor Development Practices For Security Risks
News  |  3/31/2011  | 
Windows and Internet Explorer are at greater risk of attacks because developers don't use mitigation technologies built into the software, said Microsoft.
NASA Servers At High Risk Of Cyber Attack
News  |  3/30/2011  | 
Auditors were able to pull encryption keys, passwords, and user account information over the Internet from systems that help control spacecraft and process critical data.
Comodo Reports Two More Registration Authorities Hacked
News  |  3/30/2011  | 
The digital certificate issuer has deactivated the affected accounts and begun to implement security and validation reforms.
BP Loses Laptop With Gulf Claimant Data
News  |  3/30/2011  | 
The missing computer, containing personally identifiable information on 13,000 people, was password-protected, but not encrypted.
'Cree.py' Social Engineering Tool Pinpoints A Person's Physical Location
Quick Hits  |  3/29/2011  | 
Free tool automates process of pulling geolocation, other information on 'targets'
Rustock Takedown Cut Spam By 33%
News  |  3/29/2011  | 
Bagel and other botnets seem to be picking up the slack, according to Symantec.
Iranian Claims Credit For Comodo Hack
News  |  3/28/2011  | 
Mozilla apologizes for not publicizing the attack more quickly and criticizes Comodo's security.
Netgear Intros Gateway Security Appliance For SMBs
News  |  3/28/2011  | 
The ProSecure UTM150 unified threat management appliance polices Web traffic to help protect company networks against employee-introduced risks from social media or malicious links.
Microsoft Wins A Botnet Battle
Commentary  |  3/28/2011  | 
The Rustok botnet was estimated to be one million PCs strong, underlining the dangers that malware can cause to businesses and consumers.
Dark Reading Report: How Malware Authors Battle To Evade Detection
News  |  3/24/2011  | 
A look at the new, ingenious ways bad guys use to frustrate analysts and evade automated security tools
Social Engineering 'Capture The Flag' Contest Returns To DefCon
Quick Hits  |  3/24/2011  | 
Changes to this year's contest include some volunteer, high-profile target companies
Gmail, Hotmail Pose Government Security Risk
News  |  3/24/2011  | 
Australian auditor recommends blocking Webmail on government networks to prevent insider and external threats.
Iran Fingered For Fraudulent Comodo SSL Certificates
News  |  3/24/2011  | 
Gmail, Hotmail, and Skype are among the domains affected by fraudulently obtained digital certificates, said Comodo.
SCADA Attack Code Released For 35 Vulnerabilities
News  |  3/23/2011  | 
Systems from Siemens, Iconics, 7-Technologies, and DATAC have security holes in their supervisory control and data acquisition software, leading the Industrial Control Systems Cyber Emergency Response Team to issue security warnings.
Federal Cyber Attacks Rose 39% In 2010
News  |  3/23/2011  | 
While total incidents reported to US-CERT were down, government networks experienced more attacks than in 2009, according to a Congressional report.
Schwartz On Security: Advanced Threats Persist And Annoy
Commentary  |  3/23/2011  | 
APTs are today's normal threat, and companies such as RSA must do better, even as the odds against them keep increasing.
ICS-CERT Issues Warnings On Vulnerabilities In Siemens, Other SCADA Products
Quick Hits  |  3/22/2011  | 
Researcher discloses 34 vulnerabilities, releases proof-of-concept attack code for four process control server software product lines
Feds Bust Stock 'Pump And Dump' Botnet Scheme
News  |  3/22/2011  | 
Authorities said a group used hacking, spam, and malware to artificially inflate securities prices and then sell shares at a profit.
Adobe Patches Critical Security Flaw
News  |  3/22/2011  | 
With attackers actively exploiting the bug to remotely execute code, Adobe recommends that all Flash, Reader, and Acrobat users upgrade immediately.
Hospital Hacker 'GhostExodus' Sentenced To 9 Years
News  |  3/22/2011  | 
Contract security guard installed malware on sensitive hospital systems to attack the Anonymous hacking collective.
A Deep Dive Into The Latest Threats
Commentary  |  3/22/2011  | 
New series of blogs will examine what the latest malware or attack really means to your organization and what to do -- or not -- about it
SecurID Customers Advised To Prepare For Worst Case
News  |  3/21/2011  | 
EMC's RSA hasn't detailed exactly what was stolen, so security experts advise the authentication system's customers to implement a more layered network defense.
RSA SecurID Customers Fear Fallout From Targeted Attack On Security Firm
News  |  3/18/2011  | 
Uncertainty about what the attackers actually took leaves many customers unsure about next steps.
Microsoft, Feds Knock Rustock Botnet Offline
Quick Hits  |  3/18/2011  | 
Authorities confiscated equipment from seven Internet hosting facilities used by the botnet, which was responsible for much of the Viagra email spam on the Internet
Microsoft, Feds Knock Rustock Botnet Offline
News  |  3/18/2011  | 
Authorities confiscated equipment from seven Internet hosting facilities used by the botnet, which was responsible for much of the Viagra email spam on the Internet.
Navy To Build System For Identifying Security Threats
News  |  3/17/2011  | 
Modus Operandi has been selected to develop a system that fuses information from a variety of sources to more quickly and efficiently gauge possible threats.
GAO Says IRS Data Security Problems Persist
News  |  3/17/2011  | 
The General Accountability Office reported that the Internal Revenue Service is still exposing taxpayer and financial information to insider-threat risks, despite making some access-control improvements.
Google Patches Chrome Zero-Day Flash Vulnerability
News  |  3/17/2011  | 
The release of Chrome 10.0.648.134 for Windows, Mac, Linux, and Chrome Frame makes the browser the first software to be protected against the Flash vulnerability now being actively exploited.
Report: New Malware Increased By 26 Percent In Past Year
Quick Hits  |  3/16/2011  | 
Average of 73,000 new samples created daily in 2011, PandaLabs reports
Denial Of Service Attacks Increased Sharply In 2010
News  |  3/16/2011  | 
DDoS attacks surpass SQL injection to become most prevalent attack vector, security vendor Trustwave reports.
Apple Web App Slowdown Prompts Conspiracy Theories
News  |  3/15/2011  | 
Some developers fear Apple is deliberately crippling Web apps, but others attribute the issue to technical and security problems.
Adobe Warns Of Active Flash Attack
News  |  3/15/2011  | 
The critical, zero-day vulnerability affects most recent versions of Flash, Reader, and Acrobat, although apparently not Reader X on Windows.
Google Issues Microsoft IE Warning
News  |  3/14/2011  | 
Activists using Microsoft Internet Explorer to access Google services are being targeted through an MHTML vulnerability.
Dark Reading Launches New Tech Center On Advanced Threats
Commentary  |  3/13/2011  | 
New subsite will offer more in-depth news coverage, analysis on next-generation threats
iPhone, BlackBerry Hacked At Pwn2Own Contest
News  |  3/11/2011  | 
Android and Windows 7 Phone remain untested at the competition.
Symantec Finds Fake Google Security Tool
News  |  3/10/2011  | 
The phony version of the Android Market Security Tool was found by Symantec on China-based, third-party Web sites that are not sanctioned by Google.
M86 Launches SMB Security Suite
News  |  3/10/2011  | 
Packaged for organizations with up to 500 seats, M86's new Web and email security software runs on Windows Server or in virtualized environments.
Safari, IE Defeated, Chrome, Firefox Survive
News  |  3/10/2011  | 
Apple and Microsoft get "pwned" again at CanSecWest's Pwn2Own hacking competition.
The Truth About Malvertising
Commentary  |  3/10/2011  | 
We tend to think of malvertising as short lived, one-oft attacks that somehow managed to momentarily breach the ad network's defenses. The reality is, malvertising is more norm than anomaly and can easily persist on major ad networks for months, even years, at a time.
Microsoft Fixes Four Flaws
News  |  3/8/2011  | 
This month's patch cycle may leave IT admins with some extra time on their hands.
Social Network Users Could Be A Click Away From Infection, Researchers Say
News  |  3/8/2011  | 
Most social nets don't screen out malware in URLs or ads, Dasient researchers find
Google Targets Android Malware Using Kill Switch
News  |  3/7/2011  | 
Additional steps are being taken to make the Android Market more secure, Google insists.
Security Tips For Virtualization
News  |  3/4/2011  | 
Spinning up VMs is easy--too easy, in fact. Fortunately, keeping virtual servers safe doesn't have to be expensive.
Security Tips For Virtualization
News  |  3/4/2011  | 
Spinning up VMs is easy--too easy, in fact. Fortunately, keeping virtual servers safe doesn't have to be expensive.
Hypervisor Security: Don't Trust, Verify
Commentary  |  3/4/2011  | 
Combating vulnerabilities (and passing audits) is a matter of starting from the root and working up.
Search Engine Malware Doubled In 2010, Report Says
News  |  3/4/2011  | 
Spam down, Twitter crime rate up by 20 percent, according to Barracuda research
Google Removes Malicious Android Apps
News  |  3/2/2011  | 
More than 50 apps in the Android Market have been identified as malicious, prompting Google to take steps to remove them.


US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He's too shy to invite me out face to face!"
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15138
PUBLISHED: 2019-09-20
The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL.
CVE-2019-6145
PUBLISHED: 2019-09-20
Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs ...
CVE-2019-6649
PUBLISHED: 2019-09-20
F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings.
CVE-2019-6650
PUBLISHED: 2019-09-20
F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 may expose sensitive information and allow the system configuration to be modified when using non-default settings.
CVE-2014-10396
PUBLISHED: 2019-09-20
The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php.