Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in April 2011
Page 1 / 2   >   >>
Expert: Attacks, Not Vulnerabilities, Are Keys To IT Defense
News  |  4/29/2011  | 
Attackers are increasingly cribbing code from existing exploits, rather than creating new ones
Schwartz On Security: Smile, Your Smartphone Is Watching
Commentary  |  4/28/2011  | 
In the wake of revelations that Apple devices have been insecurely storing and transmitting location data, it's time for enterprise IT managers to begin spying as well.
Is Government Inflating Cyber Threats?
News  |  4/27/2011  | 
A report from the Mercatus Center at George Mason University questions "alarmist rhetoric" and asks whether government agencies can meaningfully improve the security of critical infrastructure.
Sony Sued Over PlayStation Network Hack
News  |  4/27/2011  | 
A class action lawsuit charges that Sony failing to protect personal information and credit card numbers of up to 77 million users.
Another Researcher Hit With Threat Of German Anti-Hacking Law
News  |  4/27/2011  | 
German software firm warns researcher who disclosed a vulnerability in its software and offered his help
Iran Alleges Espionage Over Internet Worm
News  |  4/27/2011  | 
Senior government official says foreign governments are launching malware dubbed Stars at the country's nuclear facilities.
China Implicated In Hacking Of SMB Online Bank Accounts
News  |  4/26/2011  | 
FBI warns that small- to midsize businesses are being targeted in an attack that so far has bilked companies' accounts of millions of dollars and wired the money to Chinese companies
Napolitano Calls Cybersecurity A Shared Responsibility
News  |  4/26/2011  | 
The Department of Homeland Security secretary stressed the federal government's involvement in securing cyberspace alongside private companies to mitigate threats to critical infrastructure.
A Not-So Targeted Targeted Attack
Commentary  |  4/25/2011  | 
RSA was likely among several targets associated with a broader campaign that was designed to seek out industrial secrets
Hacking Becomes Leading Cause Of Data Breaches
News  |  4/22/2011  | 
Businesses are the main target, and lost data is rarely password-protected or encrypted, according to a report from the Identity Theft Resource Center.
Credit Card Hacker Pleads Guilty
News  |  4/22/2011  | 
Rogelio Hackett Jr. faces 12 years in prison and $500,000 in fines for selling 675,000 credit card numbers used to generate more than $36 million in fraudulent transactions.
Malware Bypasses Security On 64-Bit Windows OS
News  |  4/22/2011  | 
The latest TDL rookit family contains malware that evades security mechanisms built into the latest x64 operating systems, including Microsoft's Windows Vista and Windows 7.
iPhone Tracking Only Tip Of Security Iceberg
News  |  4/21/2011  | 
Mobile devices will present ongoing security and privacy challenges, particularly to businesses that permit personal usage of corporate devices.
Microsoft Updates Vulnerability Disclosure Policies
News  |  4/21/2011  | 
The software company clarifies its vulnerability-handling guidelines and begins issuing security bulletins for third-party products.
One-Fourth Of SSL Websites At Risk
News  |  4/21/2011  | 
Many sites haven't applied patches for well-known 'renegotiation' flaw
Phishing Attack Hits Oak Ridge National Laboratory
News  |  4/21/2011  | 
The government lab expects to restore Internet access and external email service next week after losing nearly 1 gigabyte of unclassified data.
Son Of Kaspersky Lab Founder Reportedly Gone Missing
Quick Hits  |  4/21/2011  | 
Russian news reports that 20-year-old Ivan Kaspersky was kidnapped and his captors are demanding ransom
Microsoft Issues First Security Alerts For Third-Party Apps
Quick Hits  |  4/20/2011  | 
Monthly or quarterly advisories on deck in the near-term, and Microsoft will only disclose an unfixed bug and offer workarounds if attacks hit
Leaked Cables Indicate Chinese Military Hackers Attacked U.S.
News  |  4/19/2011  | 
U.S. authorities have reportedly traced the "Byzantine Hades" spear-phishing attacks to specific Chinese military groups.
66% Of Security Software Submitted With Flaws
News  |  4/19/2011  | 
App testing firm Veracode reports that developers need significantly more training on secure-coding skills.
Data Loss Plummets, Verizon Report Finds
News  |  4/18/2011  | 
It's getting harder to get away with hacking big companies and data thieves are looking for easier prey.
Midmarket Security: 5 Risks, 5 Practical Responses
News  |  4/18/2011  | 
Smaller companies deal with enterprise-grade threats and compliance challenges, and partners are imposing requirements for sophisticated controls and audits that may be overwhelming. Here's how to cope.
Midmarket Security: 5 Risks, 5 Practical Responses
News  |  4/18/2011  | 
Smaller companies deal with enterprise-grade threats and compliance challenges, and partners are imposing requirements for sophisticated controls and audits that may be overwhelming. Here's how to cope.
Online Advertisers Pitch Self-Regulation Framework
News  |  4/18/2011  | 
Microsoft, Google, and other companies are backing a European proposal governing how advertisers can track people's behavior online.
Oracle To Patch 73 Critical Vulnerabilities
News  |  4/18/2011  | 
Microsoft, Apple, and Adobe have all issued bug fixes recently, and now Oracle is patching Oracle Fusion Middleware, the Sun Products Suite, the Open Office Suite, and other products.
White Houses Issues Online Trusted Identities Plan
News  |  4/15/2011  | 
The private sector is expected to take the lead in developing a stronger process for more secure online identities, according to the final version of the National Strategy for Trusted Identities in Cyberspace.
Federal Reserve Bank Hacker Pleads Guilty
News  |  4/15/2011  | 
Malysian citizen Lin Mun Poo admits to installing malware on a Federal Reserve Bank server.
Blocking Windows Admin Rights Can Stop Exploits
News  |  4/15/2011  | 
The majority of Microsoft Windows attacks seen in 2010 would have been blocked if PCs were not running with admin-level access rights, according to security vendor BeyondTrust.
FBI Busts Coreflood Botnet
News  |  4/14/2011  | 
Authorities get court authority to replace the botnet's command and control servers with their own and remotely disable the botnet on infected PCs.
WordPress Servers Hacked At Root Level
News  |  4/14/2011  | 
Source code exposed, putting passwords for WordPress.com-hosted blogs at risk of being cracked.
Windows IPv4 Networks Vulnerable To IPv6 Attack
News  |  4/13/2011  | 
A man-in-the-middle attack can use the IPv6 protocol to eavesdrop on IPv4 networks, though an attacker would have to physically place a router in the targeted environment for it to work.
Texas Data Breach Exposed 3.5 Million Records
News  |  4/13/2011  | 
Names, addresses, and social security numbers of state retirees and unemployment beneficiaries were posted, unencrypted, on a public server.
Adobe Flash Attacks Exploit Zero-Day Vulnerability
News  |  4/12/2011  | 
No patch is yet available against threat targeting government workers that uses malicious Flash inserted into Microsoft Word documents.
SEC Fines Former Executives For Client Privacy Breach
News  |  4/11/2011  | 
Private information on 16,000 customers was transferred to a departing manager's new employer in violation of government notification and opt-out regulations.
Connect The Log Data Dots
News  |  4/8/2011  | 
Effective use of SIEM tools can help spot the bad guys as they’re attacking, not just investigate after the fact.
EFF Uncovers Evidence Of Certificate Authority Apathy
Quick Hits  |  4/7/2011  | 
Electronic Frontier Foundation research digs up 37,244 'unqualified' names that were given digital certificates
Malware Surges 26% In 2011
News  |  4/7/2011  | 
Each day sees 73,190 new samples of Trojans, viruses, worms, and other forms of malware, says report from PandaLabs.
Experts Expand Warnings Of Spear Phishing Following Epsilon Breach
News  |  4/6/2011  | 
Email data thieves could find new targets in stolen lists; Conde Nast gets speared
Schwartz On Security: Secure Coding Or Bust
Commentary  |  4/6/2011  | 
Companies must embrace secure development techniques to stem the surge of attacks targeting Web application vulnerabilities.
76% Of Energy Utilities Breached In Past Year
News  |  4/6/2011  | 
Despite the high risks, energy company managers don't understand the importance of IT security, according to 71% of security pros surveyed by Ponemon Institute.
Symantec Logged 286 Million New Threats In 2010
Quick Hits  |  4/5/2011  | 
Unique malware and variants galore, and more than 40 percent more mobile vulnerabilities than a year ago
DNSSEC Finally Comes To .com, But Secure DNS Still Has A Long Way To Go
News  |  4/5/2011  | 
Half of IT security experts either don't know what DNSSEC is or don't understand it very well
Web Attacks Skyrocketed 93% In 2010
News  |  4/5/2011  | 
Symantec report finds that the daily threat volume, sophistication, and cost of security breaches have escalated since 2009.
EMC Buys Network Security Company NetWitness
News  |  4/4/2011  | 
NetWitness' network analysis and visualization tools, used to investigate the high-profile breach of RSA's SecurID authentication system, will be folded into EMC's RSA security management products.
75% Of SMB Banking Fraud Occurs Online
News  |  4/4/2011  | 
Most scams involved online account takeover or theft, according to a study commissioned by security vendor Guardian Analytics and conducted by Ponemon Institute.
Epsilon Email Hack Exposes Bank, Business Customers
News  |  4/4/2011  | 
Capital One, Brookstone, JP Morgan Chase, and TiVo have issued warnings to their customers, and presumably other Epsilon clients have as well.
RSA Details SecurID Attack Mechanics
News  |  4/4/2011  | 
EMC won't say what the attackers took, but it did explain how they penetrated RSA and stole information about its two-factor SecurID authentication system.
Web Applications See Sharp Rise In Attacks
News  |  4/4/2011  | 
Prepackaged exploits are helping attackers compromise more sites at once, while many content management systems are running with known vulnerabilities, finds report from HP DVLabs.
The Public Key Infrastructure Under Siege
Commentary  |  4/4/2011  | 
The abuse of certificates in the Stuxnet and Comodo attacks should come as no surprise given the flawed trust model
LizaMoon SQL Injection Attack Hits Websites
News  |  4/1/2011  | 
The scareware sends users to a bogus Web page warning them that their PCs are infected with malware and tries to sell them an anti-virus application.
Page 1 / 2   >   >>


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19033
PUBLISHED: 2019-11-21
Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account, by using any username and the hardcoded dev password.
CVE-2019-19191
PUBLISHED: 2019-11-21
Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user (the shibd account) after installation. This allows the user to escalate to root by pointing symlinks to files such as /etc/shadow.
CVE-2019-15511
PUBLISHED: 2019-11-21
An exploitable local privilege escalation vulnerability exists in the GalaxyClientService installed by GOG Galaxy. Due to Improper Access Control, an attacker can send unauthenticated local TCP packets to the service to gain SYSTEM privileges in Windows system where GOG Galaxy software is installed....
CVE-2019-16405
PUBLISHED: 2019-11-21
Centreon Web 19.04.4 allows Remote Code Execution by an administrator who can modify Macro Expression location settings.
CVE-2019-16406
PUBLISHED: 2019-11-21
Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron.