Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in May 2009
Report Identifies The Most Dangerous -- And Safest -- Search Terms
Quick Hits  |  5/29/2009  | 
"Viagra" is surprisingly safe, but "screensaver" is a dangerous search, McAfee report says
Cybersecurity Review Finds U.S. Networks 'Not Secure'
News  |  5/29/2009  | 
The report dovetails with President Obama's call for the creation of a cybersecurity coordinator who will orchestrate and integrate federal cybersecurity policies and agendas.
Microsoft Warns Of 'Browse-And-Get-Owned' DirectX Flaw
News  |  5/28/2009  | 
The flaw could allow a remote attacker to execute malicious code by convincing or duping a user to open a specially crafted QuickTime media file.
Security Experts Raise Alarm Over Insider Threats
News  |  5/26/2009  | 
Economic troubles raising the stakes on potential threats, FIRST members say
Microsoft Issues IIS Security Advisory
News  |  5/19/2009  | 
An exploit of the vulnerability could give an attacker access to a directory that normally requires authentication.
Schools' Cybersecurity Needs Improvement
News  |  5/18/2009  | 
While more than half of surveyed schools reported a breach last year, 75% say their security infrastructure is adequate.
Tech Insight: Keeping Server Virtualization Secure
News  |  5/15/2009  | 
Don't let security worries stop you from virtualizing your servers -- but know the risks and ways to protect your systems and data
'Kramer' Is In The Building
Commentary  |  5/15/2009  | 
My firm, Secure Network Technologies, was recently hired by a large healthcare provider to perform a security assessment. As part of the job, my partner, Bob Clary, posed as an employee, similar to the "Seinfeld" episode in which Kramer shows up and works at a company where he was never actually hired.
DHS Disaster Recovery Plans Lacking, Report Finds
News  |  5/14/2009  | 
Eight of the Department of Homeland Security's 27 critical systems don't have an identified alternate processing site.
Microsoft Patches PowerPoint Flaws, But Not For Mac
News  |  5/12/2009  | 
One of the 14 Patch Tuesday bulletins is rated "critical" and the rest are rated "important." All of them could lead to remote code execution.
Report: Zeus Flips Kill Switch On More Than 100,000 PCs
Quick Hits  |  5/11/2009  | 
Botnet reportedly triggered a little-used capability called "Kill OS," rendering a blue screen on 100,000-plus PCs and making them difficult to reboot
Air Traffic Control System Repeatedly Hacked
News  |  5/7/2009  | 
A security audit finds a total of 763 high-risk, 504 medium-risk, and 2,590 low-risk vulnerabilities, such as weak passwords and unprotected folders.
Mass. Criminal Database Deemed Public Safety Risk
News  |  5/7/2009  | 
The 25-year-old system cannot reconcile arrests with court dispositions or use fingerprints to verify criminal history, state auditor Joe DeNucci finds.
Data Loss Prevention Rolling Review: Safend Safeguards At The Endpoint
News  |  5/7/2009  | 
Low-cost endpoint specialist gets the job done -- most of the time.
Google Chrome Update Scheme Beats Firefox, Safari, Opera
News  |  5/6/2009  | 
By automatically updating the browser every five hours, Google Chrome provides greater security than its competitors, according to a new study.
Viral Art: A Gallery Of Security Threats
News  |  5/5/2009  | 
Visually, online threats such as viruses, worms, and Trojans can be as beautiful as they are menacing to individual PC users, enterprises, and IT security professionals.
McAfee Report: Bot Infections Jump 50 Percent Over Last Year
Quick Hits  |  5/5/2009  | 
Botnets have added nearly 12 million new IP addresses since January, with Conficker malware representing only around 1 percent of all infections
NoScript Developer Apologizes For Meddling With AdBlock
News  |  5/4/2009  | 
His methods caused a furor in the Mozilla community over the weekend because he did not provide clear notification about what his software was doing.
Virginia Health Data Potentially Held Hostage
News  |  5/4/2009  | 
An extortion demand seeks $10 million to return more than 8 million patient records allegedly stolen from Virginia Department of Health Professions.


Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7227
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.