Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in March 2014
Community & A Virtual Handshake
Commentary  |  3/31/2014  | 
A secret handshake means you are part of a shared experience. That's what the Dark Reading community is all about.
Bit Errors & the Internet of Things
Commentary  |  3/31/2014  | 
Internet traffic, misdirected to malicious bitsquatted domains, has plagued computer security for years. The consequences will be even worse for the IoT.
'Thingularity' Triggers Security Warnings
News  |  3/28/2014  | 
The Internet of Things is creating 50 billion Internet-connected devices. Who is going to keep them updated and secure?
Hackers Cash In On ATMs
News  |  3/28/2014  | 
Malware uses text messages and other techniques to infect ATMs and ultimately allow criminals to steal cash.
Flying Naked: Why Most Web Apps Leave You Defenseless
Commentary  |  3/28/2014  | 
Even the best-funded and "mature" corporate AppSec programs aren't testing all their web applications and services. That leaves many applications with no real security in place.
Android Apps Hide Crypto-Currency Mining Malware
News  |  3/27/2014  | 
Apps downloaded by millions from Google Play and Spanish software forums include hidden altcoin-mining software. But criminals aren't getting rich quickly.
A Cyber History Of The Ukraine Conflict
Commentary  |  3/27/2014  | 
The CTO for the US Cyber Consequences Unit offers a brief lesson in Russian geopolitics and related cyber flare-ups, and explains why we should be concerned.
Outlook Users Face Zero-Day Attack
News  |  3/25/2014  | 
Simply previewing maliciously crafted RTF documents in Outlook triggers exploit of bug present in Windows and Mac versions of Word, Microsoft warns.
Symantec Fires CEO In Surprise Move
News  |  3/21/2014  | 
Analysts question security and storage giant's turnaround after the board fires its second CEO in two years.
Will Target Face FTC Probe?
News  |  3/20/2014  | 
Retailer's security practices remain under scrutiny as regulators ponder FTC investigation. Meanwhile, Sony options rights to Hollywood cyber-thriller based on breach story.
Many Businesses Fail To Disclose Data Breaches
News  |  3/19/2014  | 
Only about 35% of businesses worldwide say they share attack and threat information with others in their industry, even though 77% admit to suffering from a cyberattack.
Linux Takeover Artists Fling 35M Spam Messages Daily
News  |  3/19/2014  | 
"Operation Windigo" server takeover campaign controls 10,000 hacked servers, launches millions of spam, malware, and drive-by exploit kit attacks per day.
Attackers Hit Clearinghouse Selling Stolen Target Data
News  |  3/18/2014  | 
Hackers interrupt and deface sites of black-market forums selling credit card data stolen from Target and other retailers.
DDoS Attacks Hit NATO, Ukrainian Media Outlets
News  |  3/17/2014  | 
As pro-Russia hackers continue DDoS campaigns, Anonymous-branded propaganda reports "imminent US invasion of the Ukraine."
7 Behaviors That Could Indicate A Security Breach
News  |  3/14/2014  | 
Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.
Target Ignored Data Breach Alarms
News  |  3/14/2014  | 
Target's security team reviewed -- and ignored -- urgent warnings from threat-detection tool about unknown malware spotted on the network.
Samsung Galaxy Security Alert: Android Backdoor Discovered
News  |  3/13/2014  | 
Samsung's flavor of Android has a backdoor that can be remotely exploited by attackers, Android developers warn
Samsung Galaxy Security Alert: Android Backdoor Discovered
News  |  3/13/2014  | 
Samsung's flavor of Android has a backdoor that can be remotely exploited by attackers, Android developers warn.
Your Cloud Was Breached. Now What?
Commentary  |  3/12/2014  | 
Youre not happy. You just experienced a breach. Heres how to keep calm and secure your cloud.
Bitcoin, Meet Darwin: Crypto Currency's Future
News  |  3/12/2014  | 
First-movers rarely survive, but some experts see a real future for government-issued crypto currency.
Retail Industry May Pool Intel To Stop Breaches
News  |  3/12/2014  | 
Target and other shopper-data breaches turn up the heat on retail industry to establish a cyberthreat Information-Sharing and Analysis Center.
Snowden, Bitcoin, Data Breaches Foretell New Regulations
Commentary  |  3/12/2014  | 
It's inevitable that more businesses will be penalized for breaking customer trust. Is your enterprise prepared for new security laws?
Experian ID Theft Exposed 200M Consumer Records
News  |  3/11/2014  | 
ID theft ring sold access to database with 200 million consumers' private data to 1,300 criminals.
IT Generations: Communicating Across The Great Divide
Commentary  |  3/11/2014  | 
At 25 years old, the World Wide Web today presents unique challenges for millennials and crusty curmudgeons alike. Here's how geeks of any age can learn to talk to each other.
Snowden: I'd Do It Again
News  |  3/10/2014  | 
NSA whistleblower fields questions via live video feed at South by Southwest, calls encryption "defense against the dark arts."
Snowden: Encryption Is 'Defense Against The Dark Arts'
News  |  3/10/2014  | 
NSA whistleblower fields questions via live video feed at South by Southwest panel today, says he would definitely leak the surveillance documents all over again
Mt. Gox Chief Stole 100,000 Bitcoins, Hackers Claim
News  |  3/10/2014  | 
Cryptocurrency aficionados' ire stoked by leaked accounts showing 100,000 bitcoins remain missing.
Defending Against Targeted Attacks Requires Human Touch, Speakers Say
Quick Hits  |  3/10/2014  | 
Targeted attacks involve a human element that can be detected and stopped, speakers say at Dark Reading event
Black Hat Asia 2014: The Weaponized Web
News  |  3/7/2014  | 
These Black Hat Briefings explore ways the Web can be weaponized -- and how to defend against them
The Case For Browser-Based Access Controls
Commentary  |  3/7/2014  | 
Is "browser-ized" security a better defense against hackers than traditional methods? Check out these two examples.
Apple iOS Vulnerable To Hidden Profile Attacks
News  |  3/6/2014  | 
Unpatched flaw in iOS enables malicious profile users to secretly control devices and intercept data.
Yahoo Unfriends Facebook, Google Sign-In
Quick Hits  |  3/6/2014  | 
Yahoo drops third-party logins, will soon require Yahoo IDs
Bitcoin Heists Cause More Trouble
News  |  3/5/2014  | 
Attackers continue to pummel bitcoin "banks," exchanges, and crypto-currency users themselves via malware that steals virtual wallets.
Data Breach: Persistence Gives Hackers the Upper Hand
Commentary  |  3/5/2014  | 
Hackers are winning on speed and determination. But we can stack the odds in our favor by shifting the time frames of an attack. Here's how.
Securing Software Requires Design, Testing, And Improvement
News  |  3/5/2014  | 
Adopting secure development, incorporating frequent testing, and creating measures of software security are important to create more secure code
Malware-Lobbing Hackers Seize 300,000 Routers
News  |  3/4/2014  | 
Hackers launch scam and malware campaigns after compromising a variety of routers running firmware with known vulnerabilities.
Hacking Critical Infrastructure Companies -- A Pen Tester's View
News  |  3/3/2014  | 
At the RSA Conference, a penetration tester outlines some of the elements of a successful attack on energy companies
Mt. Gox Bitcoin Meltdown: What Went Wrong
News  |  3/3/2014  | 
Transaction malleability attacks and cold-storage software bugs both cited after nearly $500 million worth of bitcoins vanish.
Supply-Chain Threats Still An Uncertain Danger
News  |  3/3/2014  | 
With a global manufacturing economy muddying the definition of a foreign product, nations are still hashing out strategies to secure their supply chains
Name That Cartoon: Luck O' The Irish
Commentary  |  3/3/2014  | 
We provide the cartoon. You write the caption. Maybe you'll win a prize.
How To Fund Enterprise Cybersecurity: CISO Tips
News  |  3/3/2014  | 
How do you ensure funding for enterprise cybersecurity? Help C suite execs understand the true nature of cyberattacks.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Mobile App Fraud Jumped in Q1 as Attackers Pivot from Browsers
Jai Vijayan, Contributing Writer,  7/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...