Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in March 2012
Page 1 / 2   >   >>
Lesson From Pwn2Own: Focus On Exploitability
News  |  3/29/2012  | 
Talented programmers can create attack code quickly, suggesting that firms need to focus on patching easily exploitable -- not just exploited -- flaws
How To Choose Endpoint Protection
News  |  3/29/2012  | 
Don't fret about malware detection. Focus on user interactions, performance, and management.
Malware To Increasingly Abuse DNS?
News  |  3/27/2012  | 
Many companies do not scrutinize their domain-name service traffic, leaving an opening for malware to communicate using the protocol
Risk And Regulatory Overload
Quick Hits  |  3/27/2012  | 
New study finds organizations worried about risk and compliance, but struggling to manage it all
LulzSec Reborn Claims Military Dating Site Hack
News  |  3/27/2012  | 
Hacktivists exposed details of 170,000 people on militarysingles.com, as the LulzSec reboot appears to be gaining steam.
Command Injection Attacks, Automated Password Guessing On The Rise
Quick Hits  |  3/27/2012  | 
Spam, vulnerabilities, exploit code all on the decline, IBM X-Force report says
Google Chrome Extensions: 6 Security Facts
News  |  3/26/2012  | 
Malicious Chrome extensions, once they have a toehold on your computer, can wreak havoc via your browser. Understand the security implications.
Microsoft Leads Zeus Botnet Server Shutdown
News  |  3/26/2012  | 
Microsoft, U.S. Marshals, and financial industry agents raid two Zeus botnet servers farms that stole more than $100 million and infected 13 million PCs with malware.
Choosing The Right Vulnerability Scanner For Your Organization
Quick Hits  |  3/23/2012  | 
Vulnerability scanning plays a key role in both security administration and compliance. But which tools are right for you? Here are some tips on how to decide
Fake Caller ID Attacks On The Rise
Quick Hits  |  3/22/2012  | 
"Vishing" attacks increased by 52 percent in the second half of last year
'Anonymous' Legacy: Hacktivists Stole More Data Than Organized Crime In 2011 Breaches Worldwide
News  |  3/22/2012  | 
New Verizon Data Breach Intelligence Report finds 58 percent of all data stolen was the result of hacktivist attacks -- but, overall, traditional cybercriminals executed the largest number of actual breaches
When Hackers Want Much More Than Money
News  |  3/22/2012  | 
Insider attack data breaches are down in 2011, but hacktivist attacks, with motives beyond money, are up, reports Verizon 2012 Data Breach Investigations Report.
Duqu Alive And Well: New Variant Found In Iran
News  |  3/21/2012  | 
Researchers at Symantec dissect part of new, retooled version of the reconnaissance-gathering malware
LulzSec Announces April Fool's End To Retirement
News  |  3/21/2012  | 
LulzSec hacktivists use YouTube video to announce they'll reboot on April 1, despite arrest of six alleged core members.
New Malware Puts Nasty Spin On Remote Control
News  |  3/21/2012  | 
Georbot Trojan steals remote-desktop configuration files to provide surreptitious access to targeted PCs, including recording audio and video.
Russian Police Arrest Eight In Bank Malware Scheme
News  |  3/20/2012  | 
Notorious cybercriminal gang used the Carberp and RDP-door Trojans to snare victims
Simple Settings That Could Curtail Some Attacks
News  |  3/20/2012  | 
Free tool created by eEye Digital Security checks health of key configurations that can reduce risk
Web Services' Single Sign Ons Contain Big Flaws
News  |  3/20/2012  | 
Microsoft Research report shows how risky single sign on can be without good integration and better support from Web service providers such as Google and Facebook.
Duqu Code Written By Seasoned Programmers, Researchers Find
News  |  3/19/2012  | 
Another clue about Duqu solved that further confirms a highly sophisticated and well-backed operation, but the attackers are still not unmasked
Who Leaked PoC Windows Exploit Code?
News  |  3/19/2012  | 
Accusations are flying
Microsoft Slams Windows Exploit Code Disclosure
News  |  3/19/2012  | 
Leaked proof-of-concept exploit code would give attackers remote-control access to an unpatched Windows PC.
The End Of Vulnerabilities?
News  |  3/15/2012  | 
On a global scale, bugs are never going away, but in specific products, early evidence reveals that companies are having success in weeding out flaws
Typemock Introduces Isolator V7
News  |  3/14/2012  | 
New software cuts bug fix time by pinpointing the bug in the actual code
Malicious Proxies May Become Standard Fare
News  |  3/13/2012  | 
DNSChanger shows that funneling infected network traffic to central servers can enable massive fraud, but the technique has significant weaknesses, as well
Dell Acquires Security Specialist SonicWall
News  |  3/13/2012  | 
SonicWall's Unified Threat Management systems will let Dell compete more effectively with the likes of Juniper and Check Point.
Use Google To Spot Network Security Holes
News  |  3/13/2012  | 
The bad guys use search engines to seek out weak spots. Here's how to beat them to the punch.
How To Use Google To Find Vulnerabilities In Your IT Environment
Quick Hits  |  3/13/2012  | 
The bad guys use search engines to seek out weak spots. Here's how to beat them to the punch
4 More Application Security Strategies For SMBs
News  |  3/12/2012  | 
Don't have the time, staff, or budget to go all-in on application security? Read this expert's take on how and what to prioritize.
10 Best Ways To Stop Insider Attacks
News  |  3/12/2012  | 
Consider the smartest ways that companies can detect, block, and investigate insiders with malicious motives. The advice comes from CERT and the Secret Service, after a review of hundreds of attacks.
Facebook Social Engineering Attack Strikes NATO
News  |  3/12/2012  | 
Top military commander in NATO targeted by attackers wielding fake Facebook pages. Some security watchers ask if Chinese culprits were involved.
Doman Generation Algorithms Quietly On The Rise, Researcher Says
Quick Hits  |  3/12/2012  | 
Thought to be dead, DGAs are increasingly being used for botnet command and control, Damballa says
IE Falls In Pwn2Own
News  |  3/9/2012  | 
Vupen Security said it will publicly detail only one of two bugs involved. Meanwhile, Google has already patched the Chrome bug exploited in the Pwnium contest.
Hacker Sabu Worked Nonstop As Government Informer
News  |  3/9/2012  | 
Fascinating details continue to emerge about Hector Xavier Monsegur, aka LulzSec and Anonymous leader Sabu. Court documents show he worked around the clock to help investigators.
Malware Advancing Faster Than Companies Can Analyze It
Quick Hits  |  3/8/2012  | 
Only 17 percent catch malware targeting their organizations, new survey by Forrest Anderson Research and commissioned by Norman ASA finds
Feds Simulate Crippling Cybersecurity Attack On NYC Electricity
News  |  3/8/2012  | 
Senators and agencies participate in exercise, which simulated how the government might respond in the event of a cyberattack on New York's electricity supply during a summer heat wave.
Security Holes Common In Customer-Facing Bank Apps
News  |  3/8/2012  | 
CRASH Report reveals that banks fall behind in making their customer-facing applications structurally sound and secure.
Google Chrome Falls Twice In Hacking Contest
News  |  3/8/2012  | 
VUPEN Security hacks Google Chrome, Safari, and Internet Explorer to take early lead in Pwn2Own contest.
Facebook: DDoS Attack Didn't Cause European Outage
News  |  3/8/2012  | 
Facebook said technical issues caused downtime that made site temporarily inaccessible in parts of Europe.
Anonymous Hackers' Helper: IT Security Neglect
Commentary  |  3/8/2012  | 
Despite successful FBI arrests of members of LulzSec and Anonymous, hacktivist attacks will continue so long as easy-to-exploit weaknesses persist. How much are our security practices to blame?
What's Next For Anonymous After Sabu Arrest?
News  |  3/7/2012  | 
Members of the hacktivist collective have defaced websites, and taunted LulzSec leader Sabu for turning informer. But will he have company?
LulzSec's Sabu Was Identity Thief, Not Robin Hood
News  |  3/7/2012  | 
Federal indictment accuses Sabu of crossing a clear line between political expression and criminal activity.
LulzSec Sabu Arrest: Don't Relax Yet, IT
News  |  3/7/2012  | 
LulzSec mastermind arrested, but security experts warn this is no time to let down your guard for this type of threat.
LulzSec Leader Sabu Unmasked, Aids FBI Hacker Sweep
News  |  3/6/2012  | 
Feds arrest alleged members of LulzSec, Anonymous, and AntiSec, charge them with attacks on Sony, PBS, Stratfor, and other sites.
As Congress Debates Critical Infrastructure Security, Danger Grows
News  |  3/6/2012  | 
Security experts warn that new tools make it easier than ever to attack critical infrastructure control systems, as Congress debates legislative action.
Chrome Shines Bright In Controversial Security Fight
News  |  3/5/2012  | 
Major browsers have all made solid strides in security in the past few years, but Chrome's sandbox makes Google's browser a harder target, researchers say at RSA.
Chrome Shines Bright In Controversial Security Fight
News  |  3/2/2012  | 
The major browsers have all made solid strides in security in the past few years, but Chrome's sandbox makes Google's browser a harder target, researchers say
4 BYOD Security Strategies For Small Business
News  |  3/2/2012  | 
Whether or not your company embraces the bring-your-own-device approach, don't ignore the data integrity and retention implications of all the personal smartphones and tablets showing up in the workplace.
Security On A Shoestring
News  |  3/2/2012  | 
A study of 15 vulnerability remediation projects finds only one third of time is actually spent fixing flaws. Here's how to use that extra time more efficiently.
Qualys Pumps $500,000 Into Net Security Collaborative
News  |  3/2/2012  | 
Trustworthy Internet Movement aims to accelerate progress against tough problems like botnets, cloud security, announced Qualys CEO in RSA keynote.
Fixing Vulnerabilities On A Shoestring
News  |  3/1/2012  | 
A study of 15 vulnerability remediation projects finds only a third of time is actually spent fixing flaws. More on the costs and how to reduce them
Page 1 / 2   >   >>

COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Mobile App Fraud Jumped in Q1 as Attackers Pivot from Browsers
Jai Vijayan, Contributing Writer,  7/10/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...