Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in April 2013
Darkleech Apache Attacks Intensify
News  |  4/30/2013  | 
Security researchers discover hard-to-detect, memory-resident Linux malware compromising Apache servers and redirecting browsers to other infected sites.
D-Link Camera Security Flaw: Upgrade Now
News  |  4/30/2013  | 
16 vulnerable D-Link IP camera models have password issue that provides a back door, so attackers could intercept live video feed. Get the firmware update.
Spamhaus DDoS Suspect Arrested
News  |  4/29/2013  | 
Cyberbunker leader traveled Spain in a van, accessed Wi-Fi hotspots to launch DDoS attacks against anti-spam opponents, Dutch authorities allege.
Syrian Hacktivists Hit Guardian Twitter Feeds
News  |  4/29/2013  | 
Pro-Assad hacktivist group takes over 11 Twitter feeds belonging to British news group, decries "lies and slander about Syria."
Tech Insight: Time To Set Up That Honeypot
News  |  4/26/2013  | 
A combination of traditional network security monitoring and recent advancements in honeypot and active defense tools is key to detecting today's threats
Cloud Security Starts With Development, Better Tools
News  |  4/26/2013  | 
Companies must train their developers in secure coding and rely on others' expertise for complex components of cloud services and Web applications
Java Flaw Targeted By Crimeware Toolkit: Patch Now
News  |  4/24/2013  | 
Don't wait on this update, Java 7 users. Exploit uses bug, patched by Oracle last week, to execute arbitrary code.
Twitter Preps Two Factor Authentication After AP Hoax
News  |  4/24/2013  | 
Security move follows a rash of high-profile account takeovers, including a hoax tweet from the Associated Press' account about White House explosions.
Prioritizing Your Database Security Patches
News  |  4/23/2013  | 
Patching databases can be painful, but the presence of critical vulnerabilities can make closing security holes quickly necessary
Java's Security Renaissance Begins
News  |  4/23/2013  | 
Oracle's decision to delay Java 8 to ensure security is done right is a significant step -- but challenges remain for the troubled platform
Should Insiders Really Be Your Biggest Concern?
News  |  4/23/2013  | 
Verizon's Data Breach Investigations Report shows that by volume of breach occurrences, external attackers cause problems the majority of the time
Chinese Hackers Seek Drone Secrets
News  |  4/22/2013  | 
"Comment Crew" gang that fanned fears of Chinese hacking launches malware that combs for drone technology information.
Oracle Bug Hunter Spots Java 7 Server Flaw
News  |  4/22/2013  | 
Server Java Runtime Environment vulnerability can be used to escape sandbox and execute code, says Polish security expert.
Boston Bombers Can't Elude City's Tech Infrastructure
Commentary  |  4/19/2013  | 
Video surveillance played a key role in identifying the suspects in Monday's tragic Boston Marathon bombing, setting a precedent for increasing use of sophisticated security IT systems nationwide.
Java 7 Malicious App Warning System Draws Criticism
News  |  4/18/2013  | 
Java runtime environment fails to verify that digital certificates used to sign "trusted" applications haven't been revoked.
Malware Attackers Exploit Boston Marathon Bombing
News  |  4/18/2013  | 
Now, 40% of all spam on the Internet name-drops the tragedy to trick users into executing malicious files or visiting sites that launch drive-by attacks.
Time To Dump Antivirus As Endpoint Protection?
News  |  4/18/2013  | 
Attackers find it easy to avoid signature- and heuristic-based anti-malware defenses. Experts recommend alternatives to antivirus programs be used alongside them, not in lieu of them
Safeguarding Your Data Against The Two-Bit Ne'er-Do-Well
Commentary  |  4/17/2013  | 
A real-life data breach incident underscores the importance of employing even the most basic levels of security protection
Microsoft: Worms And Rogue AV Dying, Web Threats Thriving
News  |  4/17/2013  | 
Conficker finally flickering out, newest edition of Microsoft's Security Intelligence Report (SIR) shows
How Do You Use DAM For Blocking? You Don't
Commentary  |  4/17/2013  | 
Curiously, many view blocking malicious Web application requests via WAFs as the appropriate approach
'Magic' Malware Uses Custom Protocol And A 'Magic Code' Handshake
Quick Hits  |  4/17/2013  | 
Researchers spot a nearly year-long attack campaign that employs some special tricks
DDoS Attack Bandwidth Jumps 718%
News  |  4/17/2013  | 
Distributed denial-of-service study finds increase in attack quantity and severity, while most attacks continue to originate from China.
Coordinated Disclosure, Bug Bounties Help Speed Patches
News  |  4/17/2013  | 
Vulnerability advisories are increasingly accompanied by a patch these days, indicating that researchers and software firms are working more closely
Anonymous Takes Down North Korean Websites
News  |  4/16/2013  | 
Hacktivists knock five North Korean websites offline on the 101st anniversary of North Korea's founding.
Wireless Camera Flaws Allow Remote Exploitation
News  |  4/16/2013  | 
Foscam wireless IP cameras contain multiple vulnerabilities that can be used to steal credentials or hack the devices to launch further attacks, warn researchers from Qualys.
Microsoft Discovers Trojan That Erases Evidence Of Its Existence
News  |  4/15/2013  | 
This downloader is also the payload
Open Group Publishes Security Standard For Technology Supply Chain
Quick Hits  |  4/15/2013  | 
New O-TTPS standard is designed to improve security of commercial off-the-shelf IT products
FAA Dismisses Android App Airplane Takeover
News  |  4/12/2013  | 
Demonstrated training software exploits don't work against the flight management systems installed in planes, say airline regulators and avionics manufacturers.
Microsoft: 'Embassies' Could Provide Users Sanctuary From Threats
News  |  4/12/2013  | 
Taking a cue from virtualized datacenters, Microsoft researchers envision a browser architecture that isolates Web apps from each other to strengthen security
Airplane Takeover Demonstrated Via Android App
News  |  4/11/2013  | 
Software hack allows security researcher to take control of aircraft navigation and other systems; avionics manufacturers emphasize that the presentation exploited training software.
Domain Names Like .Food May Leave Bad Taste
News  |  4/11/2013  | 
Symantec, Go Daddy, Trend Micro and other digital certificate authorities raise security, other concerns with ICANN about the pending release of new top-level domain names.
LulzSec Hackers Plead Guilty To CIA, Sony Attacks
News  |  4/10/2013  | 
Three men admit in London courtroom they launched distributed denial of service attacks and defacements that targeted a variety of websites.
Slide Show: 8 Egregious Examples Of Insider Threats
Slideshows  |  4/9/2013  | 
Real-world case studies from the CERT Insider Threat Center
South Korea Charges Alleged Hackers
News  |  4/9/2013  | 
South Korean government accuses two men of working with North Korean hackers to steal personal data relating to 140 million South Koreans.
Microsoft Windows 8 Security Software Lacks Teeth
News  |  4/9/2013  | 
Microsoft's free corporate and consumer endpoint security software needs more malware-stopping power, finds independent German firm AV-Test.
Office 2003, Windows XP Support Ends In One Year
Commentary  |  4/8/2013  | 
If you're still using Windows XP, then you won't let a little thing like unpatched public vulnerabilities stop you. But many Office 2003 users will be surprised to find themselves cut loose by Microsoft
Google Uses Reputation To Detect Malicious Downloads
News  |  4/5/2013  | 
Researchers use data about websites, IP addresses, and domains to detect 99 percent of malicious executables downloaded by users -- outperforming antivirus and URL-reputation services
Alleged Carberp Botnet Ringleader Busted
News  |  4/5/2013  | 
Joint Ukrainian and Russian operation busts alleged Carberp boss and about 20 developers of malware-driven botnet that stole millions of dollars.
Exposed Website Reboots, Reveals Celeb Credit Reports
News  |  4/4/2013  | 
Personal data on U.S. Secret Service director, Anderson Cooper, George Clooney and other public figures released by Exposed website, famous for leaking data on Michelle Obama.
Carna Compromise Delivers Data, But Casts Suspicions
News  |  4/4/2013  | 
Created by an anonymous researcher, the Carna botnet found that 1.2 million Internet-connected devices are trivially exploitable, but the illegality of the methods raises doubts
Robocall Killers Seek End Of Nuisance Calls
News  |  4/3/2013  | 
FTC contest winners have new ideas on to how to identify and block illegal spam calls to landlines and cellphones.
No Bold Moves On U.S. Cybersecurity Framework
News  |  4/3/2013  | 
New cybersecurity framework, to be created per a February Obama administration executive order, likely will draw heavily from existing cybersecurity standards.
Darkleech Attacks Hit 20,000 Websites
News  |  4/3/2013  | 
Malicious Apache modules, installed after root-level server compromises, are serving hard-to-detect real-time malware attacks against Windows users.
Identifying And Remediating Security Vulnerabilities In The Cloud
Quick Hits  |  4/3/2013  | 
Cloud computing can lead to security risks. Here are some insights on tracking them down
Taming Bad Inputs Means Taking Aim At 'Weird Machines'
News  |  4/3/2013  | 
Overly accommodating platforms and protocols let attackers use inputs like code, essentially allowing attackers to program an unintentional virtual machine
Anonymous Hits North Korea Via DDoS
News  |  4/2/2013  | 
Hacktivists disrupt government and airline websites after North Korean government threatens to restart nuclear reactor, invade South Korea.


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
TPM-Fail: What It Means & What to Do About It
Ari Singer, CTO at TrustPhi,  11/19/2019
Americans Fed Up with Lack of Data Privacy
Robert Lemos, Contributing Writer,  11/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19227
PUBLISHED: 2019-11-22
In the AppleTalk subsystem in the Linux kernel before 5.1, there is a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client, aka CID-9804501fa122.
CVE-2019-10203
PUBLISHED: 2019-11-22
PowerDNS Authoritative daemon , all versions pdns 4.1.x before pdns 4.1.10, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS.
CVE-2019-10206
PUBLISHED: 2019-11-22
ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.
CVE-2018-10854
PUBLISHED: 2019-11-22
cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. A flaw was found in CloudForms's v2v infrastructure mapping delete feature. A stored cross-site scripting due to improper sanitization of user input in Name field.
CVE-2019-13157
PUBLISHED: 2019-11-22
nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive.