Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in April 2011
Page 1 / 2   >   >>
Expert: Attacks, Not Vulnerabilities, Are Keys To IT Defense
News  |  4/29/2011  | 
Attackers are increasingly cribbing code from existing exploits, rather than creating new ones
Schwartz On Security: Smile, Your Smartphone Is Watching
Commentary  |  4/28/2011  | 
In the wake of revelations that Apple devices have been insecurely storing and transmitting location data, it's time for enterprise IT managers to begin spying as well.
Is Government Inflating Cyber Threats?
News  |  4/27/2011  | 
A report from the Mercatus Center at George Mason University questions "alarmist rhetoric" and asks whether government agencies can meaningfully improve the security of critical infrastructure.
Sony Sued Over PlayStation Network Hack
News  |  4/27/2011  | 
A class action lawsuit charges that Sony failing to protect personal information and credit card numbers of up to 77 million users.
Another Researcher Hit With Threat Of German Anti-Hacking Law
News  |  4/27/2011  | 
German software firm warns researcher who disclosed a vulnerability in its software and offered his help
Iran Alleges Espionage Over Internet Worm
News  |  4/27/2011  | 
Senior government official says foreign governments are launching malware dubbed Stars at the country's nuclear facilities.
China Implicated In Hacking Of SMB Online Bank Accounts
News  |  4/26/2011  | 
FBI warns that small- to midsize businesses are being targeted in an attack that so far has bilked companies' accounts of millions of dollars and wired the money to Chinese companies
Napolitano Calls Cybersecurity A Shared Responsibility
News  |  4/26/2011  | 
The Department of Homeland Security secretary stressed the federal government's involvement in securing cyberspace alongside private companies to mitigate threats to critical infrastructure.
A Not-So Targeted Targeted Attack
Commentary  |  4/25/2011  | 
RSA was likely among several targets associated with a broader campaign that was designed to seek out industrial secrets
Hacking Becomes Leading Cause Of Data Breaches
News  |  4/22/2011  | 
Businesses are the main target, and lost data is rarely password-protected or encrypted, according to a report from the Identity Theft Resource Center.
Credit Card Hacker Pleads Guilty
News  |  4/22/2011  | 
Rogelio Hackett Jr. faces 12 years in prison and $500,000 in fines for selling 675,000 credit card numbers used to generate more than $36 million in fraudulent transactions.
Malware Bypasses Security On 64-Bit Windows OS
News  |  4/22/2011  | 
The latest TDL rookit family contains malware that evades security mechanisms built into the latest x64 operating systems, including Microsoft's Windows Vista and Windows 7.
iPhone Tracking Only Tip Of Security Iceberg
News  |  4/21/2011  | 
Mobile devices will present ongoing security and privacy challenges, particularly to businesses that permit personal usage of corporate devices.
Microsoft Updates Vulnerability Disclosure Policies
News  |  4/21/2011  | 
The software company clarifies its vulnerability-handling guidelines and begins issuing security bulletins for third-party products.
One-Fourth Of SSL Websites At Risk
News  |  4/21/2011  | 
Many sites haven't applied patches for well-known 'renegotiation' flaw
Phishing Attack Hits Oak Ridge National Laboratory
News  |  4/21/2011  | 
The government lab expects to restore Internet access and external email service next week after losing nearly 1 gigabyte of unclassified data.
Son Of Kaspersky Lab Founder Reportedly Gone Missing
Quick Hits  |  4/21/2011  | 
Russian news reports that 20-year-old Ivan Kaspersky was kidnapped and his captors are demanding ransom
Microsoft Issues First Security Alerts For Third-Party Apps
Quick Hits  |  4/20/2011  | 
Monthly or quarterly advisories on deck in the near-term, and Microsoft will only disclose an unfixed bug and offer workarounds if attacks hit
Leaked Cables Indicate Chinese Military Hackers Attacked U.S.
News  |  4/19/2011  | 
U.S. authorities have reportedly traced the "Byzantine Hades" spear-phishing attacks to specific Chinese military groups.
66% Of Security Software Submitted With Flaws
News  |  4/19/2011  | 
App testing firm Veracode reports that developers need significantly more training on secure-coding skills.
Data Loss Plummets, Verizon Report Finds
News  |  4/18/2011  | 
It's getting harder to get away with hacking big companies and data thieves are looking for easier prey.
Midmarket Security: 5 Risks, 5 Practical Responses
News  |  4/18/2011  | 
Smaller companies deal with enterprise-grade threats and compliance challenges, and partners are imposing requirements for sophisticated controls and audits that may be overwhelming. Here's how to cope.
Midmarket Security: 5 Risks, 5 Practical Responses
News  |  4/18/2011  | 
Smaller companies deal with enterprise-grade threats and compliance challenges, and partners are imposing requirements for sophisticated controls and audits that may be overwhelming. Here's how to cope.
Online Advertisers Pitch Self-Regulation Framework
News  |  4/18/2011  | 
Microsoft, Google, and other companies are backing a European proposal governing how advertisers can track people's behavior online.
Oracle To Patch 73 Critical Vulnerabilities
News  |  4/18/2011  | 
Microsoft, Apple, and Adobe have all issued bug fixes recently, and now Oracle is patching Oracle Fusion Middleware, the Sun Products Suite, the Open Office Suite, and other products.
White Houses Issues Online Trusted Identities Plan
News  |  4/15/2011  | 
The private sector is expected to take the lead in developing a stronger process for more secure online identities, according to the final version of the National Strategy for Trusted Identities in Cyberspace.
Federal Reserve Bank Hacker Pleads Guilty
News  |  4/15/2011  | 
Malysian citizen Lin Mun Poo admits to installing malware on a Federal Reserve Bank server.
Blocking Windows Admin Rights Can Stop Exploits
News  |  4/15/2011  | 
The majority of Microsoft Windows attacks seen in 2010 would have been blocked if PCs were not running with admin-level access rights, according to security vendor BeyondTrust.
FBI Busts Coreflood Botnet
News  |  4/14/2011  | 
Authorities get court authority to replace the botnet's command and control servers with their own and remotely disable the botnet on infected PCs.
WordPress Servers Hacked At Root Level
News  |  4/14/2011  | 
Source code exposed, putting passwords for WordPress.com-hosted blogs at risk of being cracked.
Windows IPv4 Networks Vulnerable To IPv6 Attack
News  |  4/13/2011  | 
A man-in-the-middle attack can use the IPv6 protocol to eavesdrop on IPv4 networks, though an attacker would have to physically place a router in the targeted environment for it to work.
Texas Data Breach Exposed 3.5 Million Records
News  |  4/13/2011  | 
Names, addresses, and social security numbers of state retirees and unemployment beneficiaries were posted, unencrypted, on a public server.
Adobe Flash Attacks Exploit Zero-Day Vulnerability
News  |  4/12/2011  | 
No patch is yet available against threat targeting government workers that uses malicious Flash inserted into Microsoft Word documents.
SEC Fines Former Executives For Client Privacy Breach
News  |  4/11/2011  | 
Private information on 16,000 customers was transferred to a departing manager's new employer in violation of government notification and opt-out regulations.
Connect The Log Data Dots
News  |  4/8/2011  | 
Effective use of SIEM tools can help spot the bad guys as they’re attacking, not just investigate after the fact.
EFF Uncovers Evidence Of Certificate Authority Apathy
Quick Hits  |  4/7/2011  | 
Electronic Frontier Foundation research digs up 37,244 'unqualified' names that were given digital certificates
Malware Surges 26% In 2011
News  |  4/7/2011  | 
Each day sees 73,190 new samples of Trojans, viruses, worms, and other forms of malware, says report from PandaLabs.
Experts Expand Warnings Of Spear Phishing Following Epsilon Breach
News  |  4/6/2011  | 
Email data thieves could find new targets in stolen lists; Conde Nast gets speared
Schwartz On Security: Secure Coding Or Bust
Commentary  |  4/6/2011  | 
Companies must embrace secure development techniques to stem the surge of attacks targeting Web application vulnerabilities.
76% Of Energy Utilities Breached In Past Year
News  |  4/6/2011  | 
Despite the high risks, energy company managers don't understand the importance of IT security, according to 71% of security pros surveyed by Ponemon Institute.
Symantec Logged 286 Million New Threats In 2010
Quick Hits  |  4/5/2011  | 
Unique malware and variants galore, and more than 40 percent more mobile vulnerabilities than a year ago
DNSSEC Finally Comes To .com, But Secure DNS Still Has A Long Way To Go
News  |  4/5/2011  | 
Half of IT security experts either don't know what DNSSEC is or don't understand it very well
Web Attacks Skyrocketed 93% In 2010
News  |  4/5/2011  | 
Symantec report finds that the daily threat volume, sophistication, and cost of security breaches have escalated since 2009.
EMC Buys Network Security Company NetWitness
News  |  4/4/2011  | 
NetWitness' network analysis and visualization tools, used to investigate the high-profile breach of RSA's SecurID authentication system, will be folded into EMC's RSA security management products.
75% Of SMB Banking Fraud Occurs Online
News  |  4/4/2011  | 
Most scams involved online account takeover or theft, according to a study commissioned by security vendor Guardian Analytics and conducted by Ponemon Institute.
Epsilon Email Hack Exposes Bank, Business Customers
News  |  4/4/2011  | 
Capital One, Brookstone, JP Morgan Chase, and TiVo have issued warnings to their customers, and presumably other Epsilon clients have as well.
RSA Details SecurID Attack Mechanics
News  |  4/4/2011  | 
EMC won't say what the attackers took, but it did explain how they penetrated RSA and stole information about its two-factor SecurID authentication system.
Web Applications See Sharp Rise In Attacks
News  |  4/4/2011  | 
Prepackaged exploits are helping attackers compromise more sites at once, while many content management systems are running with known vulnerabilities, finds report from HP DVLabs.
The Public Key Infrastructure Under Siege
Commentary  |  4/4/2011  | 
The abuse of certificates in the Stuxnet and Comodo attacks should come as no surprise given the flawed trust model
LizaMoon SQL Injection Attack Hits Websites
News  |  4/1/2011  | 
The scareware sends users to a bogus Web page warning them that their PCs are infected with malware and tries to sell them an anti-virus application.
Page 1 / 2   >   >>


AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16319
PUBLISHED: 2019-09-15
In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero.
CVE-2019-16320
PUBLISHED: 2019-09-15
Cobham Sea Tel v170 224521 through v194 225444 devices allow attackers to obtain potentially sensitive information, such as a vessel's latitude and longitude, via the public SNMP community.
CVE-2019-16321
PUBLISHED: 2019-09-15
ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a nonexistent resource, as demonstrated by the dwr/test/ PATH_INFO.
CVE-2019-16317
PUBLISHED: 2019-09-14
In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerabi...
CVE-2019-16318
PUBLISHED: 2019-09-14
In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317.