Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in March 2013
Page 1 / 2   >   >>
Got Attitude?
Commentary  |  3/31/2013  | 
Attack attitude: Does China really not care about attribution?
Enterprises Less Confident They Can Stop Targeted Attacks On Their Servers
Quick Hits  |  3/28/2013  | 
New survey shows state of server security so-so
Spamhaus DDoS Attacks: What Business Should Learn
Commentary  |  3/28/2013  | 
What should your company take away from this week's attacks? Lock down unsecured DNS repeaters being exploited by attackers and prep DDoS response plans.
Who Supplies CyberBunker?
Commentary  |  3/28/2013  | 
The hosting company behind CyberBunker, the company allegedly behind the DDOS attacks on Spamhaus, connects to the Internet through other providers. Perhaps the only way to pressure those responsible for the attacks is to put pressure on the upstream providers
DDoS Attack Doesn't Spell Internet Doom: 7 Facts
News  |  3/28/2013  | 
Despite a record-setting DDoS attack against anti-spam group Spamhaus, the Internet remains alive and well. Let's break down the key facts.
DDoS Spam Feud Backfires: 'Bulletproof' CyberBunker Busted
News  |  3/28/2013  | 
Stophaus.com campaign and anarchic, allegedly pro-spam Dutch hosting provider have apparently been disrupted via ongoing DDoS attacks.
Bank DDoS Attacks Resume: Wells Fargo Confirms Disruptions
News  |  3/27/2013  | 
Muslim hacktivists continue third wave of takedowns, submit invoice protesting "Innocence of Muslims" video that mocks founder of Islam.
The Scope Of The Java Problem
Quick Hits  |  3/26/2013  | 
New Websense data highlights why Java is attackers' favorite target: most end users run outdated versions of the app
Honeypot Stings Attackers With Counterattacks
News  |  3/26/2013  | 
Researchers test the controversial concept of hacking back and gathering intelligence on attackers
Small Suppliers Must Beef Up Security
News  |  3/26/2013  | 
Attacks on small- and midsized businesses are on the rise, particularly against those firms supplying--and thus having access to--larger companies
Don't Make Users A Security Punching Bag
News  |  3/25/2013  | 
Security blame game makes it easy to point the finger at 'dumb' users, but the delivery mechanisms of today's undetectable Web malware will get past even the savviest and most educated users
How South Korean Bank Malware Spread
News  |  3/25/2013  | 
Attackers used stolen usernames and passwords for legitimate AhnLab Patch Manager accounts, set wiper software for staggered deletes to maximize damage.
Apple Patches Password Reset Vulnerability
Quick Hits  |  3/25/2013  | 
Bug wouldn't have been blocked by Apple's new two-factor iTunes authentication due to system's three-day waiting period
Apple Patches Password Reset Vulnerability
News  |  3/25/2013  | 
Bug wouldn't have been blocked by Apple's new two-factor iTunes authentication due to system's three-day waiting period.
Who Owns Application Security, Patching In Your Business?
News  |  3/22/2013  | 
Too many organizations lack a formal security plan, leaving applications vulnerable to exploits, warns SANS Institute.
South Korea Changes Story On Bank Hacks
News  |  3/22/2013  | 
South Korean officials now say there's no evidence that the March 20 attack against banks and television stations was launched from a Chinese IP address.
NASA Tightens Security In Response To Insider Threat
News  |  3/21/2013  | 
NASA shuts down database and tightens restrictions on remote access following the arrest of a Chinese contractor on suspicion of intellectual property theft.
Hackers Eavesdrop Using Legitimate Remote Control Software
News  |  3/21/2013  | 
For a decade, "TeamSpy" cyber espionage campaign has used TeamViewer software already installed on PCs to eavesdrop on communications and steal data from targets in Eastern Europe.
South Korea Bank Hacks: 7 Key Facts
News  |  3/21/2013  | 
Data-wiping attacks on Windows and Linux computers may have just focused on random targets to cause chaos, security researchers say.
New Metric Would Score The Impact, Threat Of DDoS To An Enterprise
News  |  3/21/2013  | 
Taking a page from the metrics used to rank tornadoes and software vulnerabilities, attack-mitigation firms look to find a better measure of denial-of-service attacks than bandwidth and duration
South Korean Banks Lose Data In Malware Attack
News  |  3/20/2013  | 
Computer networks at banks and television stations in South Korea froze after targeted malware deleted data from numerous PCs. Was North Korea involved?
Security-Bug Rating System Gets A Makeover
News  |  3/20/2013  | 
The Common Vulnerability Scoring System will be moving to its third iteration next year, aiming to make the rankings more objective and add more ratings to increase accuracy
Beware Smartphone Lurkers: Cloud Storage File Remnants
News  |  3/19/2013  | 
Security investigators recovered Box, Dropbox and SugarSync files and unique file IDs, via forensic dump of iPhone and Android smartphone memory.
British Government Bolsters Anti-Cybercrime Measures
News  |  3/19/2013  | 
Amidst a bewildering array of new teams and initiatives is a plan to more effectively fight cybercrime in the U.K.
HTTPS Security Encryption Flaws Found
News  |  3/19/2013  | 
Security researchers find weaknesses that could be exploited to crack some types of encrypted Web communications.
Heading Off Advanced Social Engineering Attacks
Quick Hits  |  3/18/2013  | 
An inside look at how social engineering attacks are developed -- and how you can protect your organization
Apple OS X Update Fixes 21 Vulnerabilities
News  |  3/15/2013  | 
Patch for OS X Mountain Lion closes security holes and improves stability.
Cloud Providers Work To Disperse Points Of Failure
News  |  3/15/2013  | 
Outages at CloudFlare and Microsoft's Azure in the past month underscore that widespread chaos can be the result of a weak point in cloud infrastructure
U.S. National Vulnerability Database Hacked
News  |  3/14/2013  | 
The central database of vulnerability and related security information, maintained by NIST, remains down due to malware discovered on the site and traced, ironically, to a software vulnerability
You've Been Hacked, But For How Long?
Commentary  |  3/13/2013  | 
One of the big themes at the recent RSA Conference was awareness of threats already inside the network. The way you learn about these threats and lower your ‘Mean Time To Know’ (MTTW) about an intrusion is with profile-based network monitoring
ICS-CERT, SCADA Patching Under The Microscope
News  |  3/13/2013  | 
Existing process of vulnerability reporting, patching doesn't go far enough in improving the overall security of critical infrastructure systems, SCADA experts say
Celeb Data Breach Traced To Credit Reporting Site
News  |  3/13/2013  | 
Tiger Woods and Mitt Romney are latest to see personal financial details published; credit agencies confirm hackers took data from AnnualCreditReport.com.
Microsoft Patches For USB Key Vulnerability
News  |  3/13/2013  | 
Driver bug would allow anyone with physical access to compromise a PC by using exploit code loaded onto a USB storage device.
Bromium Founders Detail Life After Xen
News  |  3/13/2013  | 
Xen hypervisor team regroups to craft what they claim is a unique take on the problem of IT security.
Tech Insight: Securing Cisco IP Telephony
News  |  3/12/2013  | 
Learning about IPT hacking may not seem to be high on the list of IT concerns, but you ignore or underestimate it at your own risk
Overprivileged, Well-Meaning, And Dangerous
News  |  3/11/2013  | 
Nonmalicious insiders add a lot of risk when IT gives them too much access and not enough education
Apple Ups Security For App Store
News  |  3/11/2013  | 
Apple begins using secure Web pages -- HTTPS -- for all App Store communications, to protect against password theft and other potential problems.
Five Ways To Better Hunt The Zebras In Your Network
News  |  3/8/2013  | 
For the cybercriminal lions out on the Internet, your company is full of zebras. Defenders should not just protect the herd, but pay attention to those who stray, experts argue
Pwn2Own Prizes Exceed $500K For Exploits
News  |  3/8/2013  | 
Only Google Chrome OS withstands attack in annual hacking contest as Flash, Java and every major browser are exploited.
9 Must-Know Java Security Facts
News  |  3/8/2013  | 
More than half of all Java users are still using Java 6, which Oracle officially retired last month. Is it time for a consumer recall?
Pwn2Own Hackers Bring Popular Browsers To Their Knees
News  |  3/7/2013  | 
Internet Explorer, Google Chrome, and Mozilla Firefox were all among the casualties at this year's Pwn2Own competition at CanSecWest
10 Web Threats That Could Harm Your Business
News  |  3/7/2013  | 
Easily overlooked vulnerabilities can put your data and business at risk
Password Police Cite Evernote Mistakes
Commentary  |  3/7/2013  | 
Evernote used the wrong security method to store passwords, cryptography experts say. Unfortunately, it's a common error.
Java, Browsers, Windows Security Defeated At Pwn2Own
News  |  3/7/2013  | 
How secure are the latest versions of Chrome, Firefox and IE10? All were successfully exploited on the first day of the annual Pwn2Own contest.
Malware Writers Prefer Android
News  |  3/7/2013  | 
A whopping 96% of all smartphone malware was written for Android in Q4 2012, reports F-Secure.
Cybercriminals Likely To Expand Use Of Browser Proxies
News  |  3/7/2013  | 
Online thieves targeting victims in Brazil use a browser feature known as proxy auto-configuration to send victims to malicious sites
U.S. Cybersecurity Status Weak, Reports Charge
News  |  3/6/2013  | 
DOD report says the military is "not prepared" for cyber war, while a White House report says agencies fall short of federal cybersecurity goals.
Secure Development: Must-Do Or Money Pit?
News  |  3/6/2013  | 
At the RSA Conference, two software security specialists debate over whether the cost of secure programming is too much for most companies, recommending simple steps to improve development
White House Cybersecurity Czar: New Executive Order A 'Down Payment'
Quick Hits  |  3/5/2013  | 
Michael Daniel says President Obama's Executive Order on Cybersecurity sets the stage for cybersecurity legislation for protecting critical infrastructure
Java Emergency Patch Slaps McRAT Infections
News  |  3/5/2013  | 
Oracle patches two more zero-day bugs in Java 6 and Java 7. But security researcher spots new vulnerabilities in Java 7.
Page 1 / 2   >   >>

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
How Enterprises Are Assessing Cybersecurity Risk in Today's Environment
The adoption of cloud services spurred by the COVID-19 pandemic has resulted in pressure on cyber-risk professionals to focus on vulnerabilities and new exposures that stem from pandemic-driven changes. Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-01-27
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x2c17e. This vulnerability can lead to a Denial of Service (DoS).
PUBLISHED: 2022-01-27
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via add_lineno_map_item at src/mjs_bcode.c. This vulnerability can lead to a Denial of Service (DoS).
PUBLISHED: 2022-01-27
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via parse_cval_type at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS).
PUBLISHED: 2022-01-27
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via free_json_frame at src/mjs_json.c. This vulnerability can lead to a Denial of Service (DoS).
PUBLISHED: 2022-01-27
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_set_internal at src/mjs_object.c. This vulnerability can lead to a Denial of Service (DoS).