Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in April 2013
Darkleech Apache Attacks Intensify
News  |  4/30/2013  | 
Security researchers discover hard-to-detect, memory-resident Linux malware compromising Apache servers and redirecting browsers to other infected sites.
D-Link Camera Security Flaw: Upgrade Now
News  |  4/30/2013  | 
16 vulnerable D-Link IP camera models have password issue that provides a back door, so attackers could intercept live video feed. Get the firmware update.
Spamhaus DDoS Suspect Arrested
News  |  4/29/2013  | 
Cyberbunker leader traveled Spain in a van, accessed Wi-Fi hotspots to launch DDoS attacks against anti-spam opponents, Dutch authorities allege.
Syrian Hacktivists Hit Guardian Twitter Feeds
News  |  4/29/2013  | 
Pro-Assad hacktivist group takes over 11 Twitter feeds belonging to British news group, decries "lies and slander about Syria."
Tech Insight: Time To Set Up That Honeypot
News  |  4/26/2013  | 
A combination of traditional network security monitoring and recent advancements in honeypot and active defense tools is key to detecting today's threats
Cloud Security Starts With Development, Better Tools
News  |  4/26/2013  | 
Companies must train their developers in secure coding and rely on others' expertise for complex components of cloud services and Web applications
Java Flaw Targeted By Crimeware Toolkit: Patch Now
News  |  4/24/2013  | 
Don't wait on this update, Java 7 users. Exploit uses bug, patched by Oracle last week, to execute arbitrary code.
Twitter Preps Two Factor Authentication After AP Hoax
News  |  4/24/2013  | 
Security move follows a rash of high-profile account takeovers, including a hoax tweet from the Associated Press' account about White House explosions.
Prioritizing Your Database Security Patches
News  |  4/23/2013  | 
Patching databases can be painful, but the presence of critical vulnerabilities can make closing security holes quickly necessary
Java's Security Renaissance Begins
News  |  4/23/2013  | 
Oracle's decision to delay Java 8 to ensure security is done right is a significant step -- but challenges remain for the troubled platform
Should Insiders Really Be Your Biggest Concern?
News  |  4/23/2013  | 
Verizon's Data Breach Investigations Report shows that by volume of breach occurrences, external attackers cause problems the majority of the time
Chinese Hackers Seek Drone Secrets
News  |  4/22/2013  | 
"Comment Crew" gang that fanned fears of Chinese hacking launches malware that combs for drone technology information.
Oracle Bug Hunter Spots Java 7 Server Flaw
News  |  4/22/2013  | 
Server Java Runtime Environment vulnerability can be used to escape sandbox and execute code, says Polish security expert.
Boston Bombers Can't Elude City's Tech Infrastructure
Commentary  |  4/19/2013  | 
Video surveillance played a key role in identifying the suspects in Monday's tragic Boston Marathon bombing, setting a precedent for increasing use of sophisticated security IT systems nationwide.
Java 7 Malicious App Warning System Draws Criticism
News  |  4/18/2013  | 
Java runtime environment fails to verify that digital certificates used to sign "trusted" applications haven't been revoked.
Malware Attackers Exploit Boston Marathon Bombing
News  |  4/18/2013  | 
Now, 40% of all spam on the Internet name-drops the tragedy to trick users into executing malicious files or visiting sites that launch drive-by attacks.
Time To Dump Antivirus As Endpoint Protection?
News  |  4/18/2013  | 
Attackers find it easy to avoid signature- and heuristic-based anti-malware defenses. Experts recommend alternatives to antivirus programs be used alongside them, not in lieu of them
Safeguarding Your Data Against The Two-Bit Ne'er-Do-Well
Commentary  |  4/17/2013  | 
A real-life data breach incident underscores the importance of employing even the most basic levels of security protection
Microsoft: Worms And Rogue AV Dying, Web Threats Thriving
News  |  4/17/2013  | 
Conficker finally flickering out, newest edition of Microsoft's Security Intelligence Report (SIR) shows
How Do You Use DAM For Blocking? You Don't
Commentary  |  4/17/2013  | 
Curiously, many view blocking malicious Web application requests via WAFs as the appropriate approach
'Magic' Malware Uses Custom Protocol And A 'Magic Code' Handshake
Quick Hits  |  4/17/2013  | 
Researchers spot a nearly year-long attack campaign that employs some special tricks
DDoS Attack Bandwidth Jumps 718%
News  |  4/17/2013  | 
Distributed denial-of-service study finds increase in attack quantity and severity, while most attacks continue to originate from China.
Coordinated Disclosure, Bug Bounties Help Speed Patches
News  |  4/17/2013  | 
Vulnerability advisories are increasingly accompanied by a patch these days, indicating that researchers and software firms are working more closely
Anonymous Takes Down North Korean Websites
News  |  4/16/2013  | 
Hacktivists knock five North Korean websites offline on the 101st anniversary of North Korea's founding.
Wireless Camera Flaws Allow Remote Exploitation
News  |  4/16/2013  | 
Foscam wireless IP cameras contain multiple vulnerabilities that can be used to steal credentials or hack the devices to launch further attacks, warn researchers from Qualys.
Microsoft Discovers Trojan That Erases Evidence Of Its Existence
News  |  4/15/2013  | 
This downloader is also the payload
Open Group Publishes Security Standard For Technology Supply Chain
Quick Hits  |  4/15/2013  | 
New O-TTPS standard is designed to improve security of commercial off-the-shelf IT products
FAA Dismisses Android App Airplane Takeover
News  |  4/12/2013  | 
Demonstrated training software exploits don't work against the flight management systems installed in planes, say airline regulators and avionics manufacturers.
Microsoft: 'Embassies' Could Provide Users Sanctuary From Threats
News  |  4/12/2013  | 
Taking a cue from virtualized datacenters, Microsoft researchers envision a browser architecture that isolates Web apps from each other to strengthen security
Airplane Takeover Demonstrated Via Android App
News  |  4/11/2013  | 
Software hack allows security researcher to take control of aircraft navigation and other systems; avionics manufacturers emphasize that the presentation exploited training software.
Domain Names Like .Food May Leave Bad Taste
News  |  4/11/2013  | 
Symantec, Go Daddy, Trend Micro and other digital certificate authorities raise security, other concerns with ICANN about the pending release of new top-level domain names.
LulzSec Hackers Plead Guilty To CIA, Sony Attacks
News  |  4/10/2013  | 
Three men admit in London courtroom they launched distributed denial of service attacks and defacements that targeted a variety of websites.
Slide Show: 8 Egregious Examples Of Insider Threats
Slideshows  |  4/9/2013  | 
Real-world case studies from the CERT Insider Threat Center
South Korea Charges Alleged Hackers
News  |  4/9/2013  | 
South Korean government accuses two men of working with North Korean hackers to steal personal data relating to 140 million South Koreans.
Microsoft Windows 8 Security Software Lacks Teeth
News  |  4/9/2013  | 
Microsoft's free corporate and consumer endpoint security software needs more malware-stopping power, finds independent German firm AV-Test.
Office 2003, Windows XP Support Ends In One Year
Commentary  |  4/8/2013  | 
If you're still using Windows XP, then you won't let a little thing like unpatched public vulnerabilities stop you. But many Office 2003 users will be surprised to find themselves cut loose by Microsoft
Google Uses Reputation To Detect Malicious Downloads
News  |  4/5/2013  | 
Researchers use data about websites, IP addresses, and domains to detect 99 percent of malicious executables downloaded by users -- outperforming antivirus and URL-reputation services
Alleged Carberp Botnet Ringleader Busted
News  |  4/5/2013  | 
Joint Ukrainian and Russian operation busts alleged Carberp boss and about 20 developers of malware-driven botnet that stole millions of dollars.
Exposed Website Reboots, Reveals Celeb Credit Reports
News  |  4/4/2013  | 
Personal data on U.S. Secret Service director, Anderson Cooper, George Clooney and other public figures released by Exposed website, famous for leaking data on Michelle Obama.
Carna Compromise Delivers Data, But Casts Suspicions
News  |  4/4/2013  | 
Created by an anonymous researcher, the Carna botnet found that 1.2 million Internet-connected devices are trivially exploitable, but the illegality of the methods raises doubts
Robocall Killers Seek End Of Nuisance Calls
News  |  4/3/2013  | 
FTC contest winners have new ideas on to how to identify and block illegal spam calls to landlines and cellphones.
No Bold Moves On U.S. Cybersecurity Framework
News  |  4/3/2013  | 
New cybersecurity framework, to be created per a February Obama administration executive order, likely will draw heavily from existing cybersecurity standards.
Darkleech Attacks Hit 20,000 Websites
News  |  4/3/2013  | 
Malicious Apache modules, installed after root-level server compromises, are serving hard-to-detect real-time malware attacks against Windows users.
Identifying And Remediating Security Vulnerabilities In The Cloud
Quick Hits  |  4/3/2013  | 
Cloud computing can lead to security risks. Here are some insights on tracking them down
Taming Bad Inputs Means Taking Aim At 'Weird Machines'
News  |  4/3/2013  | 
Overly accommodating platforms and protocols let attackers use inputs like code, essentially allowing attackers to program an unintentional virtual machine
Anonymous Hits North Korea Via DDoS
News  |  4/2/2013  | 
Hacktivists disrupt government and airline websites after North Korean government threatens to restart nuclear reactor, invade South Korea.


US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He's too shy to invite me out face to face!"
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15138
PUBLISHED: 2019-09-20
The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL.
CVE-2019-6145
PUBLISHED: 2019-09-20
Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs ...
CVE-2019-6649
PUBLISHED: 2019-09-20
F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings.
CVE-2019-6650
PUBLISHED: 2019-09-20
F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 may expose sensitive information and allow the system configuration to be modified when using non-default settings.
CVE-2014-10396
PUBLISHED: 2019-09-20
The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php.