Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in April 2010
IT Pros Doubt Security Of Virtualized Environments, Study Says
Quick Hits  |  4/30/2010  | 
Majority of survey respondents don't think current security tools and practices will cut it in the cloud
McAfee Offers Compensation To Enterprise Customers Hit By Faulty AV Update
News  |  4/27/2010  | 
Businesses affected by the errant AV update get free one-year subscription to automated security health-check platform
Apple iPad Used As Scam Bait
News  |  4/26/2010  | 
Cybercriminals are sending out malicious e-mail that targets iPad users, a sure sign that the device has been selling well.
FBI Names Cyber Division Chief
News  |  4/26/2010  | 
Gordon Snow has experience working on counterterrorism and cybercrimes in Silicon Valley and led the effort to draft a government-wide Cyber Counterintelligence Plan.
Qakbot Worm Steals 2 GB Of Confidential Data Per Week, Researchers Say
Quick Hits  |  4/23/2010  | 
Data-stealing W32.Qakbot worm continues to penetrate enterprises, Symantec says
Rapid 7 Rolls Out First Commercial Metasploit Product
Quick Hits  |  4/22/2010  | 
Metasploit Express combines open source platform with user-friendly interface and new back-end
Report: Targeted Attacks Evolve, New Malware Variants Spike By 100 Percent
Quick Hits  |  4/20/2010  | 
New Symantec Global Internet Threat Report shows evolution of targeted attacks, prevalence of Web-borne attacks, increase in malware variants in 2009
Google: Virus-Packing Spam Rose Despite Botnet Takedowns
Quick Hits  |  4/15/2010  | 
Postini email security team logged massive surge in viruses in Q4 2009
SAP, Other ERP Applications At Risk Of Targeted Attacks
News  |  4/15/2010  | 
Black Hat Europe researcher demonstrates techniques for inserting 'backdoors' into popular enterprise resource planning apps that aren't properly secured
Enterprises See Risks In Cloud
News  |  4/15/2010  | 
Cloud infrastructures aren't yet reliable or secure enough for mission critical apps, say users.
Google Sees Fake AV Threat
News  |  4/14/2010  | 
Not only is fake anti-virus software increasingly common, but it delivers half of the malicious ads detected.
Federal IT Execs, Staff Disagree On Cybersecurity
News  |  4/14/2010  | 
Study notes big gaps between IT management and staff perceptions of federal cybersecurity readiness, needs.
New Adobe Auto-Updater Debuts On Super (Patch) Tuesday
Quick Hits  |  4/13/2010  | 
Meanwhile Microsoft patches 25 vulnerabilities, announces it will discontinue support for XP Service Pack 2, Windows 2000 in July, and Oracle releases fixes for 47 bugs
Microsoft Fixes Two Zero-Day Flaws
News  |  4/13/2010  | 
The company's April patch follows on the heels of an out-of-band patch two weeks ago.
Many DLP Users Still Leaking Data, Survey Says
Quick Hits  |  4/12/2010  | 
Enterprises often fail to protect loss of data via printers, smartphones
Most Java Versions Affected By Latest Zero-Day Vulnerability
News  |  4/12/2010  | 
Vulnerability resides within an NPAPI plugin and ActiveX control
Java Zero-Day Vulnerability Revealed
News  |  4/9/2010  | 
The flaw affects users of both Windows and Linux.
Adobe Critical Security Patch Coming
News  |  4/8/2010  | 
The company plans to enable automatic updating without user intervention through a new software updater that comes with its security patch.
Data Stolen From India, UN, Dalai Lama Traced To China
News  |  4/6/2010  | 
A report on cloud-based cybercrime details the activities of a gang of computer hackers believed to be operating out of Sichuan Province in China.
Cyberattack Looming, Federal IT Pros Believe
News  |  4/6/2010  | 
More than half of federal IT professionals surveyed believe the potential is "high" for a cyberattack against critical IT infrastructure in the next year.
Companies Fall Short On Protecting Sensitive Data, Study Says
Quick Hits  |  4/5/2010  | 
Compliance-driven programs detract from efforts to secure real intellectual property, Forrester Research finds
More Heartland Heartache: Florida Credit Union Says 12K More Debit Card Accounts Exposed
Quick Hits  |  4/2/2010  | 
MidFlorida Federal Credit Union, which previously issued 5,000 new cards to its members last year, now has more accounts affected by Heartland Payment Systems breach


COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-4719
PUBLISHED: 2020-09-24
The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request.
CVE-2020-15604
PUBLISHED: 2020-09-24
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CW...
CVE-2020-24560
PUBLISHED: 2020-09-24
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CW...
CVE-2020-25596
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. T...
CVE-2020-25597
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life time of a guest. Howeve...