Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in April 2013
Darkleech Apache Attacks Intensify
News  |  4/30/2013  | 
Security researchers discover hard-to-detect, memory-resident Linux malware compromising Apache servers and redirecting browsers to other infected sites.
D-Link Camera Security Flaw: Upgrade Now
News  |  4/30/2013  | 
16 vulnerable D-Link IP camera models have password issue that provides a back door, so attackers could intercept live video feed. Get the firmware update.
Spamhaus DDoS Suspect Arrested
News  |  4/29/2013  | 
Cyberbunker leader traveled Spain in a van, accessed Wi-Fi hotspots to launch DDoS attacks against anti-spam opponents, Dutch authorities allege.
Syrian Hacktivists Hit Guardian Twitter Feeds
News  |  4/29/2013  | 
Pro-Assad hacktivist group takes over 11 Twitter feeds belonging to British news group, decries "lies and slander about Syria."
Tech Insight: Time To Set Up That Honeypot
News  |  4/26/2013  | 
A combination of traditional network security monitoring and recent advancements in honeypot and active defense tools is key to detecting today's threats
Cloud Security Starts With Development, Better Tools
News  |  4/26/2013  | 
Companies must train their developers in secure coding and rely on others' expertise for complex components of cloud services and Web applications
Java Flaw Targeted By Crimeware Toolkit: Patch Now
News  |  4/24/2013  | 
Don't wait on this update, Java 7 users. Exploit uses bug, patched by Oracle last week, to execute arbitrary code.
Twitter Preps Two Factor Authentication After AP Hoax
News  |  4/24/2013  | 
Security move follows a rash of high-profile account takeovers, including a hoax tweet from the Associated Press' account about White House explosions.
Prioritizing Your Database Security Patches
News  |  4/23/2013  | 
Patching databases can be painful, but the presence of critical vulnerabilities can make closing security holes quickly necessary
Java's Security Renaissance Begins
News  |  4/23/2013  | 
Oracle's decision to delay Java 8 to ensure security is done right is a significant step -- but challenges remain for the troubled platform
Should Insiders Really Be Your Biggest Concern?
News  |  4/23/2013  | 
Verizon's Data Breach Investigations Report shows that by volume of breach occurrences, external attackers cause problems the majority of the time
Chinese Hackers Seek Drone Secrets
News  |  4/22/2013  | 
"Comment Crew" gang that fanned fears of Chinese hacking launches malware that combs for drone technology information.
Oracle Bug Hunter Spots Java 7 Server Flaw
News  |  4/22/2013  | 
Server Java Runtime Environment vulnerability can be used to escape sandbox and execute code, says Polish security expert.
Boston Bombers Can't Elude City's Tech Infrastructure
Commentary  |  4/19/2013  | 
Video surveillance played a key role in identifying the suspects in Monday's tragic Boston Marathon bombing, setting a precedent for increasing use of sophisticated security IT systems nationwide.
Java 7 Malicious App Warning System Draws Criticism
News  |  4/18/2013  | 
Java runtime environment fails to verify that digital certificates used to sign "trusted" applications haven't been revoked.
Malware Attackers Exploit Boston Marathon Bombing
News  |  4/18/2013  | 
Now, 40% of all spam on the Internet name-drops the tragedy to trick users into executing malicious files or visiting sites that launch drive-by attacks.
Time To Dump Antivirus As Endpoint Protection?
News  |  4/18/2013  | 
Attackers find it easy to avoid signature- and heuristic-based anti-malware defenses. Experts recommend alternatives to antivirus programs be used alongside them, not in lieu of them
Safeguarding Your Data Against The Two-Bit Ne'er-Do-Well
Commentary  |  4/17/2013  | 
A real-life data breach incident underscores the importance of employing even the most basic levels of security protection
Microsoft: Worms And Rogue AV Dying, Web Threats Thriving
News  |  4/17/2013  | 
Conficker finally flickering out, newest edition of Microsoft's Security Intelligence Report (SIR) shows
How Do You Use DAM For Blocking? You Don't
Commentary  |  4/17/2013  | 
Curiously, many view blocking malicious Web application requests via WAFs as the appropriate approach
'Magic' Malware Uses Custom Protocol And A 'Magic Code' Handshake
Quick Hits  |  4/17/2013  | 
Researchers spot a nearly year-long attack campaign that employs some special tricks
DDoS Attack Bandwidth Jumps 718%
News  |  4/17/2013  | 
Distributed denial-of-service study finds increase in attack quantity and severity, while most attacks continue to originate from China.
Coordinated Disclosure, Bug Bounties Help Speed Patches
News  |  4/17/2013  | 
Vulnerability advisories are increasingly accompanied by a patch these days, indicating that researchers and software firms are working more closely
Anonymous Takes Down North Korean Websites
News  |  4/16/2013  | 
Hacktivists knock five North Korean websites offline on the 101st anniversary of North Korea's founding.
Wireless Camera Flaws Allow Remote Exploitation
News  |  4/16/2013  | 
Foscam wireless IP cameras contain multiple vulnerabilities that can be used to steal credentials or hack the devices to launch further attacks, warn researchers from Qualys.
Microsoft Discovers Trojan That Erases Evidence Of Its Existence
News  |  4/15/2013  | 
This downloader is also the payload
Open Group Publishes Security Standard For Technology Supply Chain
Quick Hits  |  4/15/2013  | 
New O-TTPS standard is designed to improve security of commercial off-the-shelf IT products
FAA Dismisses Android App Airplane Takeover
News  |  4/12/2013  | 
Demonstrated training software exploits don't work against the flight management systems installed in planes, say airline regulators and avionics manufacturers.
Microsoft: 'Embassies' Could Provide Users Sanctuary From Threats
News  |  4/12/2013  | 
Taking a cue from virtualized datacenters, Microsoft researchers envision a browser architecture that isolates Web apps from each other to strengthen security
Airplane Takeover Demonstrated Via Android App
News  |  4/11/2013  | 
Software hack allows security researcher to take control of aircraft navigation and other systems; avionics manufacturers emphasize that the presentation exploited training software.
Domain Names Like .Food May Leave Bad Taste
News  |  4/11/2013  | 
Symantec, Go Daddy, Trend Micro and other digital certificate authorities raise security, other concerns with ICANN about the pending release of new top-level domain names.
LulzSec Hackers Plead Guilty To CIA, Sony Attacks
News  |  4/10/2013  | 
Three men admit in London courtroom they launched distributed denial of service attacks and defacements that targeted a variety of websites.
Slide Show: 8 Egregious Examples Of Insider Threats
Slideshows  |  4/9/2013  | 
Real-world case studies from the CERT Insider Threat Center
South Korea Charges Alleged Hackers
News  |  4/9/2013  | 
South Korean government accuses two men of working with North Korean hackers to steal personal data relating to 140 million South Koreans.
Microsoft Windows 8 Security Software Lacks Teeth
News  |  4/9/2013  | 
Microsoft's free corporate and consumer endpoint security software needs more malware-stopping power, finds independent German firm AV-Test.
Office 2003, Windows XP Support Ends In One Year
Commentary  |  4/8/2013  | 
If you're still using Windows XP, then you won't let a little thing like unpatched public vulnerabilities stop you. But many Office 2003 users will be surprised to find themselves cut loose by Microsoft
Google Uses Reputation To Detect Malicious Downloads
News  |  4/5/2013  | 
Researchers use data about websites, IP addresses, and domains to detect 99 percent of malicious executables downloaded by users -- outperforming antivirus and URL-reputation services
Alleged Carberp Botnet Ringleader Busted
News  |  4/5/2013  | 
Joint Ukrainian and Russian operation busts alleged Carberp boss and about 20 developers of malware-driven botnet that stole millions of dollars.
Exposed Website Reboots, Reveals Celeb Credit Reports
News  |  4/4/2013  | 
Personal data on U.S. Secret Service director, Anderson Cooper, George Clooney and other public figures released by Exposed website, famous for leaking data on Michelle Obama.
Carna Compromise Delivers Data, But Casts Suspicions
News  |  4/4/2013  | 
Created by an anonymous researcher, the Carna botnet found that 1.2 million Internet-connected devices are trivially exploitable, but the illegality of the methods raises doubts
Robocall Killers Seek End Of Nuisance Calls
News  |  4/3/2013  | 
FTC contest winners have new ideas on to how to identify and block illegal spam calls to landlines and cellphones.
No Bold Moves On U.S. Cybersecurity Framework
News  |  4/3/2013  | 
New cybersecurity framework, to be created per a February Obama administration executive order, likely will draw heavily from existing cybersecurity standards.
Darkleech Attacks Hit 20,000 Websites
News  |  4/3/2013  | 
Malicious Apache modules, installed after root-level server compromises, are serving hard-to-detect real-time malware attacks against Windows users.
Identifying And Remediating Security Vulnerabilities In The Cloud
Quick Hits  |  4/3/2013  | 
Cloud computing can lead to security risks. Here are some insights on tracking them down
Taming Bad Inputs Means Taking Aim At 'Weird Machines'
News  |  4/3/2013  | 
Overly accommodating platforms and protocols let attackers use inputs like code, essentially allowing attackers to program an unintentional virtual machine
Anonymous Hits North Korea Via DDoS
News  |  4/2/2013  | 
Hacktivists disrupt government and airline websites after North Korean government threatens to restart nuclear reactor, invade South Korea.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24847
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
CVE-2020-24848
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
CVE-2020-5990
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
CVE-2020-25483
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
CVE-2020-5977
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.