Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in April 2010
IT Pros Doubt Security Of Virtualized Environments, Study Says
Quick Hits  |  4/30/2010  | 
Majority of survey respondents don't think current security tools and practices will cut it in the cloud
McAfee Offers Compensation To Enterprise Customers Hit By Faulty AV Update
News  |  4/27/2010  | 
Businesses affected by the errant AV update get free one-year subscription to automated security health-check platform
Apple iPad Used As Scam Bait
News  |  4/26/2010  | 
Cybercriminals are sending out malicious e-mail that targets iPad users, a sure sign that the device has been selling well.
FBI Names Cyber Division Chief
News  |  4/26/2010  | 
Gordon Snow has experience working on counterterrorism and cybercrimes in Silicon Valley and led the effort to draft a government-wide Cyber Counterintelligence Plan.
Qakbot Worm Steals 2 GB Of Confidential Data Per Week, Researchers Say
Quick Hits  |  4/23/2010  | 
Data-stealing W32.Qakbot worm continues to penetrate enterprises, Symantec says
Rapid 7 Rolls Out First Commercial Metasploit Product
Quick Hits  |  4/22/2010  | 
Metasploit Express combines open source platform with user-friendly interface and new back-end
Report: Targeted Attacks Evolve, New Malware Variants Spike By 100 Percent
Quick Hits  |  4/20/2010  | 
New Symantec Global Internet Threat Report shows evolution of targeted attacks, prevalence of Web-borne attacks, increase in malware variants in 2009
Google: Virus-Packing Spam Rose Despite Botnet Takedowns
Quick Hits  |  4/15/2010  | 
Postini email security team logged massive surge in viruses in Q4 2009
SAP, Other ERP Applications At Risk Of Targeted Attacks
News  |  4/15/2010  | 
Black Hat Europe researcher demonstrates techniques for inserting 'backdoors' into popular enterprise resource planning apps that aren't properly secured
Enterprises See Risks In Cloud
News  |  4/15/2010  | 
Cloud infrastructures aren't yet reliable or secure enough for mission critical apps, say users.
Google Sees Fake AV Threat
News  |  4/14/2010  | 
Not only is fake anti-virus software increasingly common, but it delivers half of the malicious ads detected.
Federal IT Execs, Staff Disagree On Cybersecurity
News  |  4/14/2010  | 
Study notes big gaps between IT management and staff perceptions of federal cybersecurity readiness, needs.
New Adobe Auto-Updater Debuts On Super (Patch) Tuesday
Quick Hits  |  4/13/2010  | 
Meanwhile Microsoft patches 25 vulnerabilities, announces it will discontinue support for XP Service Pack 2, Windows 2000 in July, and Oracle releases fixes for 47 bugs
Microsoft Fixes Two Zero-Day Flaws
News  |  4/13/2010  | 
The company's April patch follows on the heels of an out-of-band patch two weeks ago.
Many DLP Users Still Leaking Data, Survey Says
Quick Hits  |  4/12/2010  | 
Enterprises often fail to protect loss of data via printers, smartphones
Most Java Versions Affected By Latest Zero-Day Vulnerability
News  |  4/12/2010  | 
Vulnerability resides within an NPAPI plugin and ActiveX control
Java Zero-Day Vulnerability Revealed
News  |  4/9/2010  | 
The flaw affects users of both Windows and Linux.
Adobe Critical Security Patch Coming
News  |  4/8/2010  | 
The company plans to enable automatic updating without user intervention through a new software updater that comes with its security patch.
Data Stolen From India, UN, Dalai Lama Traced To China
News  |  4/6/2010  | 
A report on cloud-based cybercrime details the activities of a gang of computer hackers believed to be operating out of Sichuan Province in China.
Cyberattack Looming, Federal IT Pros Believe
News  |  4/6/2010  | 
More than half of federal IT professionals surveyed believe the potential is "high" for a cyberattack against critical IT infrastructure in the next year.
Companies Fall Short On Protecting Sensitive Data, Study Says
Quick Hits  |  4/5/2010  | 
Compliance-driven programs detract from efforts to secure real intellectual property, Forrester Research finds
More Heartland Heartache: Florida Credit Union Says 12K More Debit Card Accounts Exposed
Quick Hits  |  4/2/2010  | 
MidFlorida Federal Credit Union, which previously issued 5,000 new cards to its members last year, now has more accounts affected by Heartland Payment Systems breach


US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He's too shy to invite me out face to face!"
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16649
PUBLISHED: 2019-09-21
On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the...
CVE-2019-16650
PUBLISHED: 2019-09-21
On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the se...
CVE-2019-15138
PUBLISHED: 2019-09-20
The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL.
CVE-2019-6145
PUBLISHED: 2019-09-20
Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs ...
CVE-2019-6649
PUBLISHED: 2019-09-20
F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings.