Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in April 2010
IT Pros Doubt Security Of Virtualized Environments, Study Says
Quick Hits  |  4/30/2010  | 
Majority of survey respondents don't think current security tools and practices will cut it in the cloud
McAfee Offers Compensation To Enterprise Customers Hit By Faulty AV Update
News  |  4/27/2010  | 
Businesses affected by the errant AV update get free one-year subscription to automated security health-check platform
Apple iPad Used As Scam Bait
News  |  4/26/2010  | 
Cybercriminals are sending out malicious e-mail that targets iPad users, a sure sign that the device has been selling well.
FBI Names Cyber Division Chief
News  |  4/26/2010  | 
Gordon Snow has experience working on counterterrorism and cybercrimes in Silicon Valley and led the effort to draft a government-wide Cyber Counterintelligence Plan.
Qakbot Worm Steals 2 GB Of Confidential Data Per Week, Researchers Say
Quick Hits  |  4/23/2010  | 
Data-stealing W32.Qakbot worm continues to penetrate enterprises, Symantec says
Rapid 7 Rolls Out First Commercial Metasploit Product
Quick Hits  |  4/22/2010  | 
Metasploit Express combines open source platform with user-friendly interface and new back-end
Report: Targeted Attacks Evolve, New Malware Variants Spike By 100 Percent
Quick Hits  |  4/20/2010  | 
New Symantec Global Internet Threat Report shows evolution of targeted attacks, prevalence of Web-borne attacks, increase in malware variants in 2009
Google: Virus-Packing Spam Rose Despite Botnet Takedowns
Quick Hits  |  4/15/2010  | 
Postini email security team logged massive surge in viruses in Q4 2009
SAP, Other ERP Applications At Risk Of Targeted Attacks
News  |  4/15/2010  | 
Black Hat Europe researcher demonstrates techniques for inserting 'backdoors' into popular enterprise resource planning apps that aren't properly secured
Enterprises See Risks In Cloud
News  |  4/15/2010  | 
Cloud infrastructures aren't yet reliable or secure enough for mission critical apps, say users.
Google Sees Fake AV Threat
News  |  4/14/2010  | 
Not only is fake anti-virus software increasingly common, but it delivers half of the malicious ads detected.
Federal IT Execs, Staff Disagree On Cybersecurity
News  |  4/14/2010  | 
Study notes big gaps between IT management and staff perceptions of federal cybersecurity readiness, needs.
New Adobe Auto-Updater Debuts On Super (Patch) Tuesday
Quick Hits  |  4/13/2010  | 
Meanwhile Microsoft patches 25 vulnerabilities, announces it will discontinue support for XP Service Pack 2, Windows 2000 in July, and Oracle releases fixes for 47 bugs
Microsoft Fixes Two Zero-Day Flaws
News  |  4/13/2010  | 
The company's April patch follows on the heels of an out-of-band patch two weeks ago.
Many DLP Users Still Leaking Data, Survey Says
Quick Hits  |  4/12/2010  | 
Enterprises often fail to protect loss of data via printers, smartphones
Most Java Versions Affected By Latest Zero-Day Vulnerability
News  |  4/12/2010  | 
Vulnerability resides within an NPAPI plugin and ActiveX control
Java Zero-Day Vulnerability Revealed
News  |  4/9/2010  | 
The flaw affects users of both Windows and Linux.
Adobe Critical Security Patch Coming
News  |  4/8/2010  | 
The company plans to enable automatic updating without user intervention through a new software updater that comes with its security patch.
Data Stolen From India, UN, Dalai Lama Traced To China
News  |  4/6/2010  | 
A report on cloud-based cybercrime details the activities of a gang of computer hackers believed to be operating out of Sichuan Province in China.
Cyberattack Looming, Federal IT Pros Believe
News  |  4/6/2010  | 
More than half of federal IT professionals surveyed believe the potential is "high" for a cyberattack against critical IT infrastructure in the next year.
Companies Fall Short On Protecting Sensitive Data, Study Says
Quick Hits  |  4/5/2010  | 
Compliance-driven programs detract from efforts to secure real intellectual property, Forrester Research finds
More Heartland Heartache: Florida Credit Union Says 12K More Debit Card Accounts Exposed
Quick Hits  |  4/2/2010  | 
MidFlorida Federal Credit Union, which previously issued 5,000 new cards to its members last year, now has more accounts affected by Heartland Payment Systems breach


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32812
PUBLISHED: 2021-08-02
Monkshu is an enterprise application server for mobile apps (iOS and Android), responsive HTML 5 apps, and JSON API services. In version 2.90 and earlier, there is a reflected cross-site scripting vulnerability in frontend HTTP server. The attacker can send in a carefully crafted URL along with a kn...
CVE-2021-32787
PUBLISHED: 2021-08-02
Sourcegraph is a code search and navigation engine. Sourcegraph before version 3.30.0 has two potential information leaks. The site-admin area can be accessed by regular users and all information and features are properly protected except for daily usage statistics and code intelligence uploads and ...
CVE-2021-32811
PUBLISHED: 2021-08-02
Zope is an open-source web application server. Zope versions prior to versions 4.6.3 and 5.3 have a remote code execution security issue. In order to be affected, one must use Python 3 for one's Zope deployment, run Zope 4 below version 4.6.3 or Zope 5 below version 5.3, and have the optional `Produ...
CVE-2021-21866
PUBLISHED: 2021-08-02
A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger t...
CVE-2021-27499
PUBLISHED: 2021-08-02
Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application layer encryption of the communication protocol between the Ypsomed mylife App and mylife Cloud uses non-random IVs, which allows man-in-...