Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in March 2012
Page 1 / 2   >   >>
Lesson From Pwn2Own: Focus On Exploitability
News  |  3/29/2012  | 
Talented programmers can create attack code quickly, suggesting that firms need to focus on patching easily exploitable -- not just exploited -- flaws
How To Choose Endpoint Protection
News  |  3/29/2012  | 
Don't fret about malware detection. Focus on user interactions, performance, and management.
Malware To Increasingly Abuse DNS?
News  |  3/27/2012  | 
Many companies do not scrutinize their domain-name service traffic, leaving an opening for malware to communicate using the protocol
Risk And Regulatory Overload
Quick Hits  |  3/27/2012  | 
New study finds organizations worried about risk and compliance, but struggling to manage it all
LulzSec Reborn Claims Military Dating Site Hack
News  |  3/27/2012  | 
Hacktivists exposed details of 170,000 people on militarysingles.com, as the LulzSec reboot appears to be gaining steam.
Command Injection Attacks, Automated Password Guessing On The Rise
Quick Hits  |  3/27/2012  | 
Spam, vulnerabilities, exploit code all on the decline, IBM X-Force report says
Google Chrome Extensions: 6 Security Facts
News  |  3/26/2012  | 
Malicious Chrome extensions, once they have a toehold on your computer, can wreak havoc via your browser. Understand the security implications.
Microsoft Leads Zeus Botnet Server Shutdown
News  |  3/26/2012  | 
Microsoft, U.S. Marshals, and financial industry agents raid two Zeus botnet servers farms that stole more than $100 million and infected 13 million PCs with malware.
Choosing The Right Vulnerability Scanner For Your Organization
Quick Hits  |  3/23/2012  | 
Vulnerability scanning plays a key role in both security administration and compliance. But which tools are right for you? Here are some tips on how to decide
Fake Caller ID Attacks On The Rise
Quick Hits  |  3/22/2012  | 
"Vishing" attacks increased by 52 percent in the second half of last year
'Anonymous' Legacy: Hacktivists Stole More Data Than Organized Crime In 2011 Breaches Worldwide
News  |  3/22/2012  | 
New Verizon Data Breach Intelligence Report finds 58 percent of all data stolen was the result of hacktivist attacks -- but, overall, traditional cybercriminals executed the largest number of actual breaches
When Hackers Want Much More Than Money
News  |  3/22/2012  | 
Insider attack data breaches are down in 2011, but hacktivist attacks, with motives beyond money, are up, reports Verizon 2012 Data Breach Investigations Report.
Duqu Alive And Well: New Variant Found In Iran
News  |  3/21/2012  | 
Researchers at Symantec dissect part of new, retooled version of the reconnaissance-gathering malware
LulzSec Announces April Fool's End To Retirement
News  |  3/21/2012  | 
LulzSec hacktivists use YouTube video to announce they'll reboot on April 1, despite arrest of six alleged core members.
New Malware Puts Nasty Spin On Remote Control
News  |  3/21/2012  | 
Georbot Trojan steals remote-desktop configuration files to provide surreptitious access to targeted PCs, including recording audio and video.
Russian Police Arrest Eight In Bank Malware Scheme
News  |  3/20/2012  | 
Notorious cybercriminal gang used the Carberp and RDP-door Trojans to snare victims
Simple Settings That Could Curtail Some Attacks
News  |  3/20/2012  | 
Free tool created by eEye Digital Security checks health of key configurations that can reduce risk
Web Services' Single Sign Ons Contain Big Flaws
News  |  3/20/2012  | 
Microsoft Research report shows how risky single sign on can be without good integration and better support from Web service providers such as Google and Facebook.
Duqu Code Written By Seasoned Programmers, Researchers Find
News  |  3/19/2012  | 
Another clue about Duqu solved that further confirms a highly sophisticated and well-backed operation, but the attackers are still not unmasked
Who Leaked PoC Windows Exploit Code?
News  |  3/19/2012  | 
Accusations are flying
Microsoft Slams Windows Exploit Code Disclosure
News  |  3/19/2012  | 
Leaked proof-of-concept exploit code would give attackers remote-control access to an unpatched Windows PC.
The End Of Vulnerabilities?
News  |  3/15/2012  | 
On a global scale, bugs are never going away, but in specific products, early evidence reveals that companies are having success in weeding out flaws
Typemock Introduces Isolator V7
News  |  3/14/2012  | 
New software cuts bug fix time by pinpointing the bug in the actual code
Malicious Proxies May Become Standard Fare
News  |  3/13/2012  | 
DNSChanger shows that funneling infected network traffic to central servers can enable massive fraud, but the technique has significant weaknesses, as well
Dell Acquires Security Specialist SonicWall
News  |  3/13/2012  | 
SonicWall's Unified Threat Management systems will let Dell compete more effectively with the likes of Juniper and Check Point.
Use Google To Spot Network Security Holes
News  |  3/13/2012  | 
The bad guys use search engines to seek out weak spots. Here's how to beat them to the punch.
How To Use Google To Find Vulnerabilities In Your IT Environment
Quick Hits  |  3/13/2012  | 
The bad guys use search engines to seek out weak spots. Here's how to beat them to the punch
4 More Application Security Strategies For SMBs
News  |  3/12/2012  | 
Don't have the time, staff, or budget to go all-in on application security? Read this expert's take on how and what to prioritize.
10 Best Ways To Stop Insider Attacks
News  |  3/12/2012  | 
Consider the smartest ways that companies can detect, block, and investigate insiders with malicious motives. The advice comes from CERT and the Secret Service, after a review of hundreds of attacks.
Facebook Social Engineering Attack Strikes NATO
News  |  3/12/2012  | 
Top military commander in NATO targeted by attackers wielding fake Facebook pages. Some security watchers ask if Chinese culprits were involved.
Doman Generation Algorithms Quietly On The Rise, Researcher Says
Quick Hits  |  3/12/2012  | 
Thought to be dead, DGAs are increasingly being used for botnet command and control, Damballa says
IE Falls In Pwn2Own
News  |  3/9/2012  | 
Vupen Security said it will publicly detail only one of two bugs involved. Meanwhile, Google has already patched the Chrome bug exploited in the Pwnium contest.
Hacker Sabu Worked Nonstop As Government Informer
News  |  3/9/2012  | 
Fascinating details continue to emerge about Hector Xavier Monsegur, aka LulzSec and Anonymous leader Sabu. Court documents show he worked around the clock to help investigators.
Malware Advancing Faster Than Companies Can Analyze It
Quick Hits  |  3/8/2012  | 
Only 17 percent catch malware targeting their organizations, new survey by Forrest Anderson Research and commissioned by Norman ASA finds
Feds Simulate Crippling Cybersecurity Attack On NYC Electricity
News  |  3/8/2012  | 
Senators and agencies participate in exercise, which simulated how the government might respond in the event of a cyberattack on New York's electricity supply during a summer heat wave.
Security Holes Common In Customer-Facing Bank Apps
News  |  3/8/2012  | 
CRASH Report reveals that banks fall behind in making their customer-facing applications structurally sound and secure.
Google Chrome Falls Twice In Hacking Contest
News  |  3/8/2012  | 
VUPEN Security hacks Google Chrome, Safari, and Internet Explorer to take early lead in Pwn2Own contest.
Facebook: DDoS Attack Didn't Cause European Outage
News  |  3/8/2012  | 
Facebook said technical issues caused downtime that made site temporarily inaccessible in parts of Europe.
Anonymous Hackers' Helper: IT Security Neglect
Commentary  |  3/8/2012  | 
Despite successful FBI arrests of members of LulzSec and Anonymous, hacktivist attacks will continue so long as easy-to-exploit weaknesses persist. How much are our security practices to blame?
What's Next For Anonymous After Sabu Arrest?
News  |  3/7/2012  | 
Members of the hacktivist collective have defaced websites, and taunted LulzSec leader Sabu for turning informer. But will he have company?
LulzSec's Sabu Was Identity Thief, Not Robin Hood
News  |  3/7/2012  | 
Federal indictment accuses Sabu of crossing a clear line between political expression and criminal activity.
LulzSec Sabu Arrest: Don't Relax Yet, IT
News  |  3/7/2012  | 
LulzSec mastermind arrested, but security experts warn this is no time to let down your guard for this type of threat.
LulzSec Leader Sabu Unmasked, Aids FBI Hacker Sweep
News  |  3/6/2012  | 
Feds arrest alleged members of LulzSec, Anonymous, and AntiSec, charge them with attacks on Sony, PBS, Stratfor, and other sites.
As Congress Debates Critical Infrastructure Security, Danger Grows
News  |  3/6/2012  | 
Security experts warn that new tools make it easier than ever to attack critical infrastructure control systems, as Congress debates legislative action.
Chrome Shines Bright In Controversial Security Fight
News  |  3/5/2012  | 
Major browsers have all made solid strides in security in the past few years, but Chrome's sandbox makes Google's browser a harder target, researchers say at RSA.
Chrome Shines Bright In Controversial Security Fight
News  |  3/2/2012  | 
The major browsers have all made solid strides in security in the past few years, but Chrome's sandbox makes Google's browser a harder target, researchers say
4 BYOD Security Strategies For Small Business
News  |  3/2/2012  | 
Whether or not your company embraces the bring-your-own-device approach, don't ignore the data integrity and retention implications of all the personal smartphones and tablets showing up in the workplace.
Security On A Shoestring
News  |  3/2/2012  | 
A study of 15 vulnerability remediation projects finds only one third of time is actually spent fixing flaws. Here's how to use that extra time more efficiently.
Qualys Pumps $500,000 Into Net Security Collaborative
News  |  3/2/2012  | 
Trustworthy Internet Movement aims to accelerate progress against tough problems like botnets, cloud security, announced Qualys CEO in RSA keynote.
Fixing Vulnerabilities On A Shoestring
News  |  3/1/2012  | 
A study of 15 vulnerability remediation projects finds only a third of time is actually spent fixing flaws. More on the costs and how to reduce them
Page 1 / 2   >   >>


The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
The State of Email Security and Protection
Mike Flouton, Vice President of Email Security at Barracuda Networks,  11/5/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprise
Assessing Cybersecurity Risk in Today's Enterprise
Security leaders are struggling to understand their organizations risk exposure. While many are confident in their security strategies and processes, theyre also more concerned than ever about getting breached. Download this report today and get insights on how today's enterprises assess and perceive the risks they face in 2019!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18881
PUBLISHED: 2019-11-12
WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile.
CVE-2019-18882
PUBLISHED: 2019-11-12
WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled.
CVE-2019-18873
PUBLISHED: 2019-11-12
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the pa...
CVE-2019-18874
PUBLISHED: 2019-11-12
psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
CVE-2019-18862
PUBLISHED: 2019-11-11
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.