Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in March 2013
Page 1 / 2   >   >>
Got Attitude?
Commentary  |  3/31/2013  | 
Attack attitude: Does China really not care about attribution?
Enterprises Less Confident They Can Stop Targeted Attacks On Their Servers
Quick Hits  |  3/28/2013  | 
New survey shows state of server security so-so
Spamhaus DDoS Attacks: What Business Should Learn
Commentary  |  3/28/2013  | 
What should your company take away from this week's attacks? Lock down unsecured DNS repeaters being exploited by attackers and prep DDoS response plans.
Who Supplies CyberBunker?
Commentary  |  3/28/2013  | 
The hosting company behind CyberBunker, the company allegedly behind the DDOS attacks on Spamhaus, connects to the Internet through other providers. Perhaps the only way to pressure those responsible for the attacks is to put pressure on the upstream providers
DDoS Attack Doesn't Spell Internet Doom: 7 Facts
News  |  3/28/2013  | 
Despite a record-setting DDoS attack against anti-spam group Spamhaus, the Internet remains alive and well. Let's break down the key facts.
DDoS Spam Feud Backfires: 'Bulletproof' CyberBunker Busted
News  |  3/28/2013  | 
Stophaus.com campaign and anarchic, allegedly pro-spam Dutch hosting provider have apparently been disrupted via ongoing DDoS attacks.
Bank DDoS Attacks Resume: Wells Fargo Confirms Disruptions
News  |  3/27/2013  | 
Muslim hacktivists continue third wave of takedowns, submit invoice protesting "Innocence of Muslims" video that mocks founder of Islam.
The Scope Of The Java Problem
Quick Hits  |  3/26/2013  | 
New Websense data highlights why Java is attackers' favorite target: most end users run outdated versions of the app
Honeypot Stings Attackers With Counterattacks
News  |  3/26/2013  | 
Researchers test the controversial concept of hacking back and gathering intelligence on attackers
Small Suppliers Must Beef Up Security
News  |  3/26/2013  | 
Attacks on small- and midsized businesses are on the rise, particularly against those firms supplying--and thus having access to--larger companies
Don't Make Users A Security Punching Bag
News  |  3/25/2013  | 
Security blame game makes it easy to point the finger at 'dumb' users, but the delivery mechanisms of today's undetectable Web malware will get past even the savviest and most educated users
How South Korean Bank Malware Spread
News  |  3/25/2013  | 
Attackers used stolen usernames and passwords for legitimate AhnLab Patch Manager accounts, set wiper software for staggered deletes to maximize damage.
Apple Patches Password Reset Vulnerability
Quick Hits  |  3/25/2013  | 
Bug wouldn't have been blocked by Apple's new two-factor iTunes authentication due to system's three-day waiting period
Apple Patches Password Reset Vulnerability
News  |  3/25/2013  | 
Bug wouldn't have been blocked by Apple's new two-factor iTunes authentication due to system's three-day waiting period.
Who Owns Application Security, Patching In Your Business?
News  |  3/22/2013  | 
Too many organizations lack a formal security plan, leaving applications vulnerable to exploits, warns SANS Institute.
South Korea Changes Story On Bank Hacks
News  |  3/22/2013  | 
South Korean officials now say there's no evidence that the March 20 attack against banks and television stations was launched from a Chinese IP address.
NASA Tightens Security In Response To Insider Threat
News  |  3/21/2013  | 
NASA shuts down database and tightens restrictions on remote access following the arrest of a Chinese contractor on suspicion of intellectual property theft.
Hackers Eavesdrop Using Legitimate Remote Control Software
News  |  3/21/2013  | 
For a decade, "TeamSpy" cyber espionage campaign has used TeamViewer software already installed on PCs to eavesdrop on communications and steal data from targets in Eastern Europe.
South Korea Bank Hacks: 7 Key Facts
News  |  3/21/2013  | 
Data-wiping attacks on Windows and Linux computers may have just focused on random targets to cause chaos, security researchers say.
New Metric Would Score The Impact, Threat Of DDoS To An Enterprise
News  |  3/21/2013  | 
Taking a page from the metrics used to rank tornadoes and software vulnerabilities, attack-mitigation firms look to find a better measure of denial-of-service attacks than bandwidth and duration
South Korean Banks Lose Data In Malware Attack
News  |  3/20/2013  | 
Computer networks at banks and television stations in South Korea froze after targeted malware deleted data from numerous PCs. Was North Korea involved?
Security-Bug Rating System Gets A Makeover
News  |  3/20/2013  | 
The Common Vulnerability Scoring System will be moving to its third iteration next year, aiming to make the rankings more objective and add more ratings to increase accuracy
Beware Smartphone Lurkers: Cloud Storage File Remnants
News  |  3/19/2013  | 
Security investigators recovered Box, Dropbox and SugarSync files and unique file IDs, via forensic dump of iPhone and Android smartphone memory.
British Government Bolsters Anti-Cybercrime Measures
News  |  3/19/2013  | 
Amidst a bewildering array of new teams and initiatives is a plan to more effectively fight cybercrime in the U.K.
HTTPS Security Encryption Flaws Found
News  |  3/19/2013  | 
Security researchers find weaknesses that could be exploited to crack some types of encrypted Web communications.
Heading Off Advanced Social Engineering Attacks
Quick Hits  |  3/18/2013  | 
An inside look at how social engineering attacks are developed -- and how you can protect your organization
Apple OS X Update Fixes 21 Vulnerabilities
News  |  3/15/2013  | 
Patch for OS X Mountain Lion closes security holes and improves stability.
Cloud Providers Work To Disperse Points Of Failure
News  |  3/15/2013  | 
Outages at CloudFlare and Microsoft's Azure in the past month underscore that widespread chaos can be the result of a weak point in cloud infrastructure
U.S. National Vulnerability Database Hacked
News  |  3/14/2013  | 
The central database of vulnerability and related security information, maintained by NIST, remains down due to malware discovered on the site and traced, ironically, to a software vulnerability
You've Been Hacked, But For How Long?
Commentary  |  3/13/2013  | 
One of the big themes at the recent RSA Conference was awareness of threats already inside the network. The way you learn about these threats and lower your ‘Mean Time To Know’ (MTTW) about an intrusion is with profile-based network monitoring
ICS-CERT, SCADA Patching Under The Microscope
News  |  3/13/2013  | 
Existing process of vulnerability reporting, patching doesn't go far enough in improving the overall security of critical infrastructure systems, SCADA experts say
Celeb Data Breach Traced To Credit Reporting Site
News  |  3/13/2013  | 
Tiger Woods and Mitt Romney are latest to see personal financial details published; credit agencies confirm hackers took data from AnnualCreditReport.com.
Microsoft Patches For USB Key Vulnerability
News  |  3/13/2013  | 
Driver bug would allow anyone with physical access to compromise a PC by using exploit code loaded onto a USB storage device.
Bromium Founders Detail Life After Xen
News  |  3/13/2013  | 
Xen hypervisor team regroups to craft what they claim is a unique take on the problem of IT security.
Tech Insight: Securing Cisco IP Telephony
News  |  3/12/2013  | 
Learning about IPT hacking may not seem to be high on the list of IT concerns, but you ignore or underestimate it at your own risk
Overprivileged, Well-Meaning, And Dangerous
News  |  3/11/2013  | 
Nonmalicious insiders add a lot of risk when IT gives them too much access and not enough education
Apple Ups Security For App Store
News  |  3/11/2013  | 
Apple begins using secure Web pages -- HTTPS -- for all App Store communications, to protect against password theft and other potential problems.
Five Ways To Better Hunt The Zebras In Your Network
News  |  3/8/2013  | 
For the cybercriminal lions out on the Internet, your company is full of zebras. Defenders should not just protect the herd, but pay attention to those who stray, experts argue
Pwn2Own Prizes Exceed $500K For Exploits
News  |  3/8/2013  | 
Only Google Chrome OS withstands attack in annual hacking contest as Flash, Java and every major browser are exploited.
9 Must-Know Java Security Facts
News  |  3/8/2013  | 
More than half of all Java users are still using Java 6, which Oracle officially retired last month. Is it time for a consumer recall?
Pwn2Own Hackers Bring Popular Browsers To Their Knees
News  |  3/7/2013  | 
Internet Explorer, Google Chrome, and Mozilla Firefox were all among the casualties at this year's Pwn2Own competition at CanSecWest
10 Web Threats That Could Harm Your Business
News  |  3/7/2013  | 
Easily overlooked vulnerabilities can put your data and business at risk
Password Police Cite Evernote Mistakes
Commentary  |  3/7/2013  | 
Evernote used the wrong security method to store passwords, cryptography experts say. Unfortunately, it's a common error.
Java, Browsers, Windows Security Defeated At Pwn2Own
News  |  3/7/2013  | 
How secure are the latest versions of Chrome, Firefox and IE10? All were successfully exploited on the first day of the annual Pwn2Own contest.
Malware Writers Prefer Android
News  |  3/7/2013  | 
A whopping 96% of all smartphone malware was written for Android in Q4 2012, reports F-Secure.
Cybercriminals Likely To Expand Use Of Browser Proxies
News  |  3/7/2013  | 
Online thieves targeting victims in Brazil use a browser feature known as proxy auto-configuration to send victims to malicious sites
U.S. Cybersecurity Status Weak, Reports Charge
News  |  3/6/2013  | 
DOD report says the military is "not prepared" for cyber war, while a White House report says agencies fall short of federal cybersecurity goals.
Secure Development: Must-Do Or Money Pit?
News  |  3/6/2013  | 
At the RSA Conference, two software security specialists debate over whether the cost of secure programming is too much for most companies, recommending simple steps to improve development
White House Cybersecurity Czar: New Executive Order A 'Down Payment'
Quick Hits  |  3/5/2013  | 
Michael Daniel says President Obama's Executive Order on Cybersecurity sets the stage for cybersecurity legislation for protecting critical infrastructure
Java Emergency Patch Slaps McRAT Infections
News  |  3/5/2013  | 
Oracle patches two more zero-day bugs in Java 6 and Java 7. But security researcher spots new vulnerabilities in Java 7.
Page 1 / 2   >   >>


DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Human Nature vs. AI: A False Dichotomy?
John McClurg, Sr. VP & CISO, BlackBerry,  11/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: -when I told you that our cyber-defense was from another age
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15073
PUBLISHED: 2019-11-20
An Open Redirect vulnerability for all browsers in MAIL2000 through version 6.0 and 7.0, which will redirect to a malicious site without authentication. This vulnerability affects many mail system of governments, organizations, companies and universities.
CVE-2019-15072
PUBLISHED: 2019-11-20
The login feature in "/cgi-bin/portal" in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via any parameter. This vulnerability affects many mail system of governments, organizations, companies and universities.
CVE-2019-15071
PUBLISHED: 2019-11-20
The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. The code can executed for any user accessing the page. This vulnerability affects many mail syste...
CVE-2019-6176
PUBLISHED: 2019-11-20
A potential vulnerability reported in ThinkPad USB-C Dock Firmware version 3.7.2 may allow a denial of service.
CVE-2019-6184
PUBLISHED: 2019-11-20
A potential vulnerability in the discontinued Customer Engagement Service (CCSDK) software version 2.0.21.1 may allow local privilege escalation.