Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in April 2010
IT Pros Doubt Security Of Virtualized Environments, Study Says
Quick Hits  |  4/30/2010  | 
Majority of survey respondents don't think current security tools and practices will cut it in the cloud
McAfee Offers Compensation To Enterprise Customers Hit By Faulty AV Update
News  |  4/27/2010  | 
Businesses affected by the errant AV update get free one-year subscription to automated security health-check platform
Apple iPad Used As Scam Bait
News  |  4/26/2010  | 
Cybercriminals are sending out malicious e-mail that targets iPad users, a sure sign that the device has been selling well.
FBI Names Cyber Division Chief
News  |  4/26/2010  | 
Gordon Snow has experience working on counterterrorism and cybercrimes in Silicon Valley and led the effort to draft a government-wide Cyber Counterintelligence Plan.
Qakbot Worm Steals 2 GB Of Confidential Data Per Week, Researchers Say
Quick Hits  |  4/23/2010  | 
Data-stealing W32.Qakbot worm continues to penetrate enterprises, Symantec says
Rapid 7 Rolls Out First Commercial Metasploit Product
Quick Hits  |  4/22/2010  | 
Metasploit Express combines open source platform with user-friendly interface and new back-end
Report: Targeted Attacks Evolve, New Malware Variants Spike By 100 Percent
Quick Hits  |  4/20/2010  | 
New Symantec Global Internet Threat Report shows evolution of targeted attacks, prevalence of Web-borne attacks, increase in malware variants in 2009
Google: Virus-Packing Spam Rose Despite Botnet Takedowns
Quick Hits  |  4/15/2010  | 
Postini email security team logged massive surge in viruses in Q4 2009
SAP, Other ERP Applications At Risk Of Targeted Attacks
News  |  4/15/2010  | 
Black Hat Europe researcher demonstrates techniques for inserting 'backdoors' into popular enterprise resource planning apps that aren't properly secured
Enterprises See Risks In Cloud
News  |  4/15/2010  | 
Cloud infrastructures aren't yet reliable or secure enough for mission critical apps, say users.
Google Sees Fake AV Threat
News  |  4/14/2010  | 
Not only is fake anti-virus software increasingly common, but it delivers half of the malicious ads detected.
Federal IT Execs, Staff Disagree On Cybersecurity
News  |  4/14/2010  | 
Study notes big gaps between IT management and staff perceptions of federal cybersecurity readiness, needs.
New Adobe Auto-Updater Debuts On Super (Patch) Tuesday
Quick Hits  |  4/13/2010  | 
Meanwhile Microsoft patches 25 vulnerabilities, announces it will discontinue support for XP Service Pack 2, Windows 2000 in July, and Oracle releases fixes for 47 bugs
Microsoft Fixes Two Zero-Day Flaws
News  |  4/13/2010  | 
The company's April patch follows on the heels of an out-of-band patch two weeks ago.
Many DLP Users Still Leaking Data, Survey Says
Quick Hits  |  4/12/2010  | 
Enterprises often fail to protect loss of data via printers, smartphones
Most Java Versions Affected By Latest Zero-Day Vulnerability
News  |  4/12/2010  | 
Vulnerability resides within an NPAPI plugin and ActiveX control
Java Zero-Day Vulnerability Revealed
News  |  4/9/2010  | 
The flaw affects users of both Windows and Linux.
Adobe Critical Security Patch Coming
News  |  4/8/2010  | 
The company plans to enable automatic updating without user intervention through a new software updater that comes with its security patch.
Data Stolen From India, UN, Dalai Lama Traced To China
News  |  4/6/2010  | 
A report on cloud-based cybercrime details the activities of a gang of computer hackers believed to be operating out of Sichuan Province in China.
Cyberattack Looming, Federal IT Pros Believe
News  |  4/6/2010  | 
More than half of federal IT professionals surveyed believe the potential is "high" for a cyberattack against critical IT infrastructure in the next year.
Companies Fall Short On Protecting Sensitive Data, Study Says
Quick Hits  |  4/5/2010  | 
Compliance-driven programs detract from efforts to secure real intellectual property, Forrester Research finds
More Heartland Heartache: Florida Credit Union Says 12K More Debit Card Accounts Exposed
Quick Hits  |  4/2/2010  | 
MidFlorida Federal Credit Union, which previously issued 5,000 new cards to its members last year, now has more accounts affected by Heartland Payment Systems breach


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-2304
PUBLISHED: 2022-07-05
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
CVE-2022-26365
PUBLISHED: 2022-07-05
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33...
CVE-2022-30290
PUBLISHED: 2022-07-05
In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered e-mail address as well as their API key, even though such action is not possible through the...
CVE-2022-33740
PUBLISHED: 2022-07-05
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33...
CVE-2022-33741
PUBLISHED: 2022-07-05
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33...