Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in March 2012
Page 1 / 2   >   >>
Lesson From Pwn2Own: Focus On Exploitability
News  |  3/29/2012  | 
Talented programmers can create attack code quickly, suggesting that firms need to focus on patching easily exploitable -- not just exploited -- flaws
How To Choose Endpoint Protection
News  |  3/29/2012  | 
Don't fret about malware detection. Focus on user interactions, performance, and management.
Malware To Increasingly Abuse DNS?
News  |  3/27/2012  | 
Many companies do not scrutinize their domain-name service traffic, leaving an opening for malware to communicate using the protocol
Risk And Regulatory Overload
Quick Hits  |  3/27/2012  | 
New study finds organizations worried about risk and compliance, but struggling to manage it all
LulzSec Reborn Claims Military Dating Site Hack
News  |  3/27/2012  | 
Hacktivists exposed details of 170,000 people on militarysingles.com, as the LulzSec reboot appears to be gaining steam.
Command Injection Attacks, Automated Password Guessing On The Rise
Quick Hits  |  3/27/2012  | 
Spam, vulnerabilities, exploit code all on the decline, IBM X-Force report says
Google Chrome Extensions: 6 Security Facts
News  |  3/26/2012  | 
Malicious Chrome extensions, once they have a toehold on your computer, can wreak havoc via your browser. Understand the security implications.
Microsoft Leads Zeus Botnet Server Shutdown
News  |  3/26/2012  | 
Microsoft, U.S. Marshals, and financial industry agents raid two Zeus botnet servers farms that stole more than $100 million and infected 13 million PCs with malware.
Choosing The Right Vulnerability Scanner For Your Organization
Quick Hits  |  3/23/2012  | 
Vulnerability scanning plays a key role in both security administration and compliance. But which tools are right for you? Here are some tips on how to decide
Fake Caller ID Attacks On The Rise
Quick Hits  |  3/22/2012  | 
"Vishing" attacks increased by 52 percent in the second half of last year
'Anonymous' Legacy: Hacktivists Stole More Data Than Organized Crime In 2011 Breaches Worldwide
News  |  3/22/2012  | 
New Verizon Data Breach Intelligence Report finds 58 percent of all data stolen was the result of hacktivist attacks -- but, overall, traditional cybercriminals executed the largest number of actual breaches
When Hackers Want Much More Than Money
News  |  3/22/2012  | 
Insider attack data breaches are down in 2011, but hacktivist attacks, with motives beyond money, are up, reports Verizon 2012 Data Breach Investigations Report.
Duqu Alive And Well: New Variant Found In Iran
News  |  3/21/2012  | 
Researchers at Symantec dissect part of new, retooled version of the reconnaissance-gathering malware
LulzSec Announces April Fool's End To Retirement
News  |  3/21/2012  | 
LulzSec hacktivists use YouTube video to announce they'll reboot on April 1, despite arrest of six alleged core members.
New Malware Puts Nasty Spin On Remote Control
News  |  3/21/2012  | 
Georbot Trojan steals remote-desktop configuration files to provide surreptitious access to targeted PCs, including recording audio and video.
Russian Police Arrest Eight In Bank Malware Scheme
News  |  3/20/2012  | 
Notorious cybercriminal gang used the Carberp and RDP-door Trojans to snare victims
Simple Settings That Could Curtail Some Attacks
News  |  3/20/2012  | 
Free tool created by eEye Digital Security checks health of key configurations that can reduce risk
Web Services' Single Sign Ons Contain Big Flaws
News  |  3/20/2012  | 
Microsoft Research report shows how risky single sign on can be without good integration and better support from Web service providers such as Google and Facebook.
Duqu Code Written By Seasoned Programmers, Researchers Find
News  |  3/19/2012  | 
Another clue about Duqu solved that further confirms a highly sophisticated and well-backed operation, but the attackers are still not unmasked
Who Leaked PoC Windows Exploit Code?
News  |  3/19/2012  | 
Accusations are flying
Microsoft Slams Windows Exploit Code Disclosure
News  |  3/19/2012  | 
Leaked proof-of-concept exploit code would give attackers remote-control access to an unpatched Windows PC.
The End Of Vulnerabilities?
News  |  3/15/2012  | 
On a global scale, bugs are never going away, but in specific products, early evidence reveals that companies are having success in weeding out flaws
Typemock Introduces Isolator V7
News  |  3/14/2012  | 
New software cuts bug fix time by pinpointing the bug in the actual code
Malicious Proxies May Become Standard Fare
News  |  3/13/2012  | 
DNSChanger shows that funneling infected network traffic to central servers can enable massive fraud, but the technique has significant weaknesses, as well
Dell Acquires Security Specialist SonicWall
News  |  3/13/2012  | 
SonicWall's Unified Threat Management systems will let Dell compete more effectively with the likes of Juniper and Check Point.
Use Google To Spot Network Security Holes
News  |  3/13/2012  | 
The bad guys use search engines to seek out weak spots. Here's how to beat them to the punch.
How To Use Google To Find Vulnerabilities In Your IT Environment
Quick Hits  |  3/13/2012  | 
The bad guys use search engines to seek out weak spots. Here's how to beat them to the punch
4 More Application Security Strategies For SMBs
News  |  3/12/2012  | 
Don't have the time, staff, or budget to go all-in on application security? Read this expert's take on how and what to prioritize.
10 Best Ways To Stop Insider Attacks
News  |  3/12/2012  | 
Consider the smartest ways that companies can detect, block, and investigate insiders with malicious motives. The advice comes from CERT and the Secret Service, after a review of hundreds of attacks.
Facebook Social Engineering Attack Strikes NATO
News  |  3/12/2012  | 
Top military commander in NATO targeted by attackers wielding fake Facebook pages. Some security watchers ask if Chinese culprits were involved.
Doman Generation Algorithms Quietly On The Rise, Researcher Says
Quick Hits  |  3/12/2012  | 
Thought to be dead, DGAs are increasingly being used for botnet command and control, Damballa says
IE Falls In Pwn2Own
News  |  3/9/2012  | 
Vupen Security said it will publicly detail only one of two bugs involved. Meanwhile, Google has already patched the Chrome bug exploited in the Pwnium contest.
Hacker Sabu Worked Nonstop As Government Informer
News  |  3/9/2012  | 
Fascinating details continue to emerge about Hector Xavier Monsegur, aka LulzSec and Anonymous leader Sabu. Court documents show he worked around the clock to help investigators.
Malware Advancing Faster Than Companies Can Analyze It
Quick Hits  |  3/8/2012  | 
Only 17 percent catch malware targeting their organizations, new survey by Forrest Anderson Research and commissioned by Norman ASA finds
Feds Simulate Crippling Cybersecurity Attack On NYC Electricity
News  |  3/8/2012  | 
Senators and agencies participate in exercise, which simulated how the government might respond in the event of a cyberattack on New York's electricity supply during a summer heat wave.
Security Holes Common In Customer-Facing Bank Apps
News  |  3/8/2012  | 
CRASH Report reveals that banks fall behind in making their customer-facing applications structurally sound and secure.
Google Chrome Falls Twice In Hacking Contest
News  |  3/8/2012  | 
VUPEN Security hacks Google Chrome, Safari, and Internet Explorer to take early lead in Pwn2Own contest.
Facebook: DDoS Attack Didn't Cause European Outage
News  |  3/8/2012  | 
Facebook said technical issues caused downtime that made site temporarily inaccessible in parts of Europe.
Anonymous Hackers' Helper: IT Security Neglect
Commentary  |  3/8/2012  | 
Despite successful FBI arrests of members of LulzSec and Anonymous, hacktivist attacks will continue so long as easy-to-exploit weaknesses persist. How much are our security practices to blame?
What's Next For Anonymous After Sabu Arrest?
News  |  3/7/2012  | 
Members of the hacktivist collective have defaced websites, and taunted LulzSec leader Sabu for turning informer. But will he have company?
LulzSec's Sabu Was Identity Thief, Not Robin Hood
News  |  3/7/2012  | 
Federal indictment accuses Sabu of crossing a clear line between political expression and criminal activity.
LulzSec Sabu Arrest: Don't Relax Yet, IT
News  |  3/7/2012  | 
LulzSec mastermind arrested, but security experts warn this is no time to let down your guard for this type of threat.
LulzSec Leader Sabu Unmasked, Aids FBI Hacker Sweep
News  |  3/6/2012  | 
Feds arrest alleged members of LulzSec, Anonymous, and AntiSec, charge them with attacks on Sony, PBS, Stratfor, and other sites.
As Congress Debates Critical Infrastructure Security, Danger Grows
News  |  3/6/2012  | 
Security experts warn that new tools make it easier than ever to attack critical infrastructure control systems, as Congress debates legislative action.
Chrome Shines Bright In Controversial Security Fight
News  |  3/5/2012  | 
Major browsers have all made solid strides in security in the past few years, but Chrome's sandbox makes Google's browser a harder target, researchers say at RSA.
Chrome Shines Bright In Controversial Security Fight
News  |  3/2/2012  | 
The major browsers have all made solid strides in security in the past few years, but Chrome's sandbox makes Google's browser a harder target, researchers say
4 BYOD Security Strategies For Small Business
News  |  3/2/2012  | 
Whether or not your company embraces the bring-your-own-device approach, don't ignore the data integrity and retention implications of all the personal smartphones and tablets showing up in the workplace.
Security On A Shoestring
News  |  3/2/2012  | 
A study of 15 vulnerability remediation projects finds only one third of time is actually spent fixing flaws. Here's how to use that extra time more efficiently.
Qualys Pumps $500,000 Into Net Security Collaborative
News  |  3/2/2012  | 
Trustworthy Internet Movement aims to accelerate progress against tough problems like botnets, cloud security, announced Qualys CEO in RSA keynote.
Fixing Vulnerabilities On A Shoestring
News  |  3/1/2012  | 
A study of 15 vulnerability remediation projects finds only a third of time is actually spent fixing flaws. More on the costs and how to reduce them
Page 1 / 2   >   >>

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-10-19
A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability ...
PUBLISHED: 2021-10-19
FreeBSD's crontab calculates the MD5 sum of the previous and new cronjob to determine if any changes have been made before copying the new version in. In particular, it uses the MD5File() function, which takes a pathname as an argument, and is called with euid 0. A race condition in this process may...
PUBLISHED: 2021-10-19
A potential security vulnerability has been identified in HPE Superdome Flex Servers. The vulnerability could be remotely exploited to allow Cross Site Scripting (XSS) because the Session Cookie is missing an HttpOnly Attribute. HPE has provided a firmware update to resolve the vulnerability in HPE ...
PUBLISHED: 2021-10-19
Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily modify Compliance-mode WORM data prior to the end of the retention period.
PUBLISHED: 2021-10-19
WordPress Popups, Welcome Bar, Optins and Lead Generation Plugin – Icegram (versions <= 2.0.2) vulnerable at "Headline" (&message_data[16][headline]) input.