Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in April 2013
Darkleech Apache Attacks Intensify
News  |  4/30/2013  | 
Security researchers discover hard-to-detect, memory-resident Linux malware compromising Apache servers and redirecting browsers to other infected sites.
D-Link Camera Security Flaw: Upgrade Now
News  |  4/30/2013  | 
16 vulnerable D-Link IP camera models have password issue that provides a back door, so attackers could intercept live video feed. Get the firmware update.
Spamhaus DDoS Suspect Arrested
News  |  4/29/2013  | 
Cyberbunker leader traveled Spain in a van, accessed Wi-Fi hotspots to launch DDoS attacks against anti-spam opponents, Dutch authorities allege.
Syrian Hacktivists Hit Guardian Twitter Feeds
News  |  4/29/2013  | 
Pro-Assad hacktivist group takes over 11 Twitter feeds belonging to British news group, decries "lies and slander about Syria."
Tech Insight: Time To Set Up That Honeypot
News  |  4/26/2013  | 
A combination of traditional network security monitoring and recent advancements in honeypot and active defense tools is key to detecting today's threats
Cloud Security Starts With Development, Better Tools
News  |  4/26/2013  | 
Companies must train their developers in secure coding and rely on others' expertise for complex components of cloud services and Web applications
Java Flaw Targeted By Crimeware Toolkit: Patch Now
News  |  4/24/2013  | 
Don't wait on this update, Java 7 users. Exploit uses bug, patched by Oracle last week, to execute arbitrary code.
Twitter Preps Two Factor Authentication After AP Hoax
News  |  4/24/2013  | 
Security move follows a rash of high-profile account takeovers, including a hoax tweet from the Associated Press' account about White House explosions.
Prioritizing Your Database Security Patches
News  |  4/23/2013  | 
Patching databases can be painful, but the presence of critical vulnerabilities can make closing security holes quickly necessary
Java's Security Renaissance Begins
News  |  4/23/2013  | 
Oracle's decision to delay Java 8 to ensure security is done right is a significant step -- but challenges remain for the troubled platform
Should Insiders Really Be Your Biggest Concern?
News  |  4/23/2013  | 
Verizon's Data Breach Investigations Report shows that by volume of breach occurrences, external attackers cause problems the majority of the time
Chinese Hackers Seek Drone Secrets
News  |  4/22/2013  | 
"Comment Crew" gang that fanned fears of Chinese hacking launches malware that combs for drone technology information.
Oracle Bug Hunter Spots Java 7 Server Flaw
News  |  4/22/2013  | 
Server Java Runtime Environment vulnerability can be used to escape sandbox and execute code, says Polish security expert.
Boston Bombers Can't Elude City's Tech Infrastructure
Commentary  |  4/19/2013  | 
Video surveillance played a key role in identifying the suspects in Monday's tragic Boston Marathon bombing, setting a precedent for increasing use of sophisticated security IT systems nationwide.
Java 7 Malicious App Warning System Draws Criticism
News  |  4/18/2013  | 
Java runtime environment fails to verify that digital certificates used to sign "trusted" applications haven't been revoked.
Malware Attackers Exploit Boston Marathon Bombing
News  |  4/18/2013  | 
Now, 40% of all spam on the Internet name-drops the tragedy to trick users into executing malicious files or visiting sites that launch drive-by attacks.
Time To Dump Antivirus As Endpoint Protection?
News  |  4/18/2013  | 
Attackers find it easy to avoid signature- and heuristic-based anti-malware defenses. Experts recommend alternatives to antivirus programs be used alongside them, not in lieu of them
Safeguarding Your Data Against The Two-Bit Ne'er-Do-Well
Commentary  |  4/17/2013  | 
A real-life data breach incident underscores the importance of employing even the most basic levels of security protection
Microsoft: Worms And Rogue AV Dying, Web Threats Thriving
News  |  4/17/2013  | 
Conficker finally flickering out, newest edition of Microsoft's Security Intelligence Report (SIR) shows
How Do You Use DAM For Blocking? You Don't
Commentary  |  4/17/2013  | 
Curiously, many view blocking malicious Web application requests via WAFs as the appropriate approach
'Magic' Malware Uses Custom Protocol And A 'Magic Code' Handshake
Quick Hits  |  4/17/2013  | 
Researchers spot a nearly year-long attack campaign that employs some special tricks
DDoS Attack Bandwidth Jumps 718%
News  |  4/17/2013  | 
Distributed denial-of-service study finds increase in attack quantity and severity, while most attacks continue to originate from China.
Coordinated Disclosure, Bug Bounties Help Speed Patches
News  |  4/17/2013  | 
Vulnerability advisories are increasingly accompanied by a patch these days, indicating that researchers and software firms are working more closely
Anonymous Takes Down North Korean Websites
News  |  4/16/2013  | 
Hacktivists knock five North Korean websites offline on the 101st anniversary of North Korea's founding.
Wireless Camera Flaws Allow Remote Exploitation
News  |  4/16/2013  | 
Foscam wireless IP cameras contain multiple vulnerabilities that can be used to steal credentials or hack the devices to launch further attacks, warn researchers from Qualys.
Microsoft Discovers Trojan That Erases Evidence Of Its Existence
News  |  4/15/2013  | 
This downloader is also the payload
Open Group Publishes Security Standard For Technology Supply Chain
Quick Hits  |  4/15/2013  | 
New O-TTPS standard is designed to improve security of commercial off-the-shelf IT products
FAA Dismisses Android App Airplane Takeover
News  |  4/12/2013  | 
Demonstrated training software exploits don't work against the flight management systems installed in planes, say airline regulators and avionics manufacturers.
Microsoft: 'Embassies' Could Provide Users Sanctuary From Threats
News  |  4/12/2013  | 
Taking a cue from virtualized datacenters, Microsoft researchers envision a browser architecture that isolates Web apps from each other to strengthen security
Airplane Takeover Demonstrated Via Android App
News  |  4/11/2013  | 
Software hack allows security researcher to take control of aircraft navigation and other systems; avionics manufacturers emphasize that the presentation exploited training software.
Domain Names Like .Food May Leave Bad Taste
News  |  4/11/2013  | 
Symantec, Go Daddy, Trend Micro and other digital certificate authorities raise security, other concerns with ICANN about the pending release of new top-level domain names.
LulzSec Hackers Plead Guilty To CIA, Sony Attacks
News  |  4/10/2013  | 
Three men admit in London courtroom they launched distributed denial of service attacks and defacements that targeted a variety of websites.
Slide Show: 8 Egregious Examples Of Insider Threats
Slideshows  |  4/9/2013  | 
Real-world case studies from the CERT Insider Threat Center
South Korea Charges Alleged Hackers
News  |  4/9/2013  | 
South Korean government accuses two men of working with North Korean hackers to steal personal data relating to 140 million South Koreans.
Microsoft Windows 8 Security Software Lacks Teeth
News  |  4/9/2013  | 
Microsoft's free corporate and consumer endpoint security software needs more malware-stopping power, finds independent German firm AV-Test.
Office 2003, Windows XP Support Ends In One Year
Commentary  |  4/8/2013  | 
If you're still using Windows XP, then you won't let a little thing like unpatched public vulnerabilities stop you. But many Office 2003 users will be surprised to find themselves cut loose by Microsoft
Google Uses Reputation To Detect Malicious Downloads
News  |  4/5/2013  | 
Researchers use data about websites, IP addresses, and domains to detect 99 percent of malicious executables downloaded by users -- outperforming antivirus and URL-reputation services
Alleged Carberp Botnet Ringleader Busted
News  |  4/5/2013  | 
Joint Ukrainian and Russian operation busts alleged Carberp boss and about 20 developers of malware-driven botnet that stole millions of dollars.
Exposed Website Reboots, Reveals Celeb Credit Reports
News  |  4/4/2013  | 
Personal data on U.S. Secret Service director, Anderson Cooper, George Clooney and other public figures released by Exposed website, famous for leaking data on Michelle Obama.
Carna Compromise Delivers Data, But Casts Suspicions
News  |  4/4/2013  | 
Created by an anonymous researcher, the Carna botnet found that 1.2 million Internet-connected devices are trivially exploitable, but the illegality of the methods raises doubts
Robocall Killers Seek End Of Nuisance Calls
News  |  4/3/2013  | 
FTC contest winners have new ideas on to how to identify and block illegal spam calls to landlines and cellphones.
No Bold Moves On U.S. Cybersecurity Framework
News  |  4/3/2013  | 
New cybersecurity framework, to be created per a February Obama administration executive order, likely will draw heavily from existing cybersecurity standards.
Darkleech Attacks Hit 20,000 Websites
News  |  4/3/2013  | 
Malicious Apache modules, installed after root-level server compromises, are serving hard-to-detect real-time malware attacks against Windows users.
Identifying And Remediating Security Vulnerabilities In The Cloud
Quick Hits  |  4/3/2013  | 
Cloud computing can lead to security risks. Here are some insights on tracking them down
Taming Bad Inputs Means Taking Aim At 'Weird Machines'
News  |  4/3/2013  | 
Overly accommodating platforms and protocols let attackers use inputs like code, essentially allowing attackers to program an unintentional virtual machine
Anonymous Hits North Korea Via DDoS
News  |  4/2/2013  | 
Hacktivists disrupt government and airline websites after North Korean government threatens to restart nuclear reactor, invade South Korea.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-38258
PUBLISHED: 2021-10-25
NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostProcessCallback().
CVE-2021-38260
PUBLISHED: 2021-10-25
NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostParseDeviceConfigurationDescriptor().
CVE-2021-39223
PUBLISHED: 2021-10-25
Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file `shared.t...
CVE-2021-39224
PUBLISHED: 2021-10-25
Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud OfficeOnline application prior to version 1.1.1 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file `shared.txt` is locat...
CVE-2021-39225
PUBLISHED: 2021-10-25
Nextcloud is an open-source, self-hosted productivity platform. A missing permission check in Nextcloud Deck before 1.2.9, 1.4.5 and 1.5.3 allows another authenticated users to access Deck cards of another user. It is recommended that the Nextcloud Deck App is upgraded to 1.2.9, 1.4.5 or 1.5.3. Ther...