Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in May 2011
Page 1 / 2   >   >>
'APT' Among Top Three Security Worries In 2011
Quick Hits  |  5/31/2011  | 
nCircle survey finds wider understanding of risks, less financial support for security projects
A Tale Of Two Hacks
Commentary  |  5/31/2011  | 
The similarities and differences in the Lockheed and RSA attacks
DOD Says Cyber Attacks May Mean War
News  |  5/31/2011  | 
The Pentagon's forthcoming cyber strategy will formalize the possibility of a physical response to a virtual attack, according to published reports.
Product Watch: New Service Aims To Improved Botnet Detection Among Service Providers
News  |  5/27/2011  | 
Damballa CSP 1.6 automates subscriber notification and remediation of botnet infections
35 Million Google Profiles Captured In Database
News  |  5/27/2011  | 
A security researcher was able to collect information from Google Profiles and save millions of files in a SQL database in about a month.
DNS Filtering Legislation Would Derail DNSSEC, Experts Contend
News  |  5/26/2011  | 
Senate bill that aims to protect copyright infringement online could backfire security-wise, according to a who's who of Internet infrastructure and security experts
DHS Advances Einstein Cybersecurity Deployment
News  |  5/26/2011  | 
The Department of Homeland Security plans to hire IT experts who can support Einstein and other security technologies.
Cookiejacking Attack Steals Website Access Credentials
News  |  5/26/2011  | 
All Internet Explorer users on all versions of Windows are at risk from zero-day attack that can steal any website cookie, allowing an attacker to impersonate their victim.
Google Fixes Authentication Flaw
News  |  5/26/2011  | 
Vulnerability leaves Android smartphones open to sidejacking
Freebie Black Hole Exploit Kit Limited By Encoding
News  |  5/25/2011  | 
Obfuscated and encoded code prevents easy customization and creation of new versions
Apple Promises MacDefender Fix
News  |  5/25/2011  | 
The impact of rogue security software attacks like MacDefender has prompted Apple to issue advice about the malware and to commit to issuing a software fix.
Attackers Step Away From Mainstream, Target Lesser-Known Apps
News  |  5/25/2011  | 
Attackers Step Away From Mainstream, Target Lesser-Known Apps.
Scareware Is Evolving
Commentary  |  5/24/2011  | 
That's right -- scareware is still proving an effective way for threat actors to make quick cash on the Internet
Siemens To Issue Patches For SCADA Products 'In Next Few Weeks'
News  |  5/24/2011  | 
Says attacks would only affect plants without IT security systems
Researcher Challenges Siemens' Public Reaction To New SCADA Flaws
News  |  5/24/2011  | 
Initial solution suggested by Siemens to remedy the critical vulnerabilities failed.
Audio Captchas Easy To Defeat
News  |  5/24/2011  | 
Security researchers have designed automated software that regularly defeats most audio challenge-and-response systems on websites.
LinkedIn Faces Cookie Vulnerabilities
News  |  5/24/2011  | 
The social networking site is set to reduce the length of time before cookies expire and add HTTPS across its site.
Qakbot Malware Infections Spike
News  |  5/23/2011  | 
Worm that targets financial information infected 1,500 Massachusetts state PCs, potentially exposing 250,000 residents' personal details.
Researcher Challenges Siemens' Public Reaction To New SCADA Flaws
News  |  5/23/2011  | 
Initial solution suggested by Siemens to remedy the critical vulnerabilities failed
Sony Data Breach Cleanup To Cost $171 Million
News  |  5/23/2011  | 
If identify theft or credit card fraud takes place, the company said its actual costs could rise substantially.
Hacker Exposes NASA Security Hole
News  |  5/20/2011  | 
A Goddard Space Flight Center FTP server was breached by a Romanian whitehat hacker known as TinKode, who cracked a European Space Agency network a month ago.
Researchers Decide Not To Give SCADA Vulnerability Talk
News  |  5/19/2011  | 
Last-minute change in plans spurred by Siemens, government officials
Microsoft Claims IE9 Stops Most Social Engineering Threats
News  |  5/18/2011  | 
Application reputation feature in the browser blocks more than 20 million malware infections per month by white-listing applications from approved publishers, the software maker says.
Schwartz On Security: Developers Battle Piracy Channels
Commentary  |  5/18/2011  | 
Business Software Alliance report finds widespread software piracy, but experts say market pressures are to blame.
Cybercriminals Target Online Banking Culture In Latin America
News  |  5/17/2011  | 
Botnets and malware creation are on the rise in the region, which also could host first big wave of smartphone malware writers
Reduce Your Android Security Risks
Commentary  |  5/17/2011  | 
Threats against Google's mobile platform have increased 400% in the last year, but common sense will protect users against many of the attacks.
SMBs At Risk For Financial Fraud
News  |  5/16/2011  | 
Small and midsize businesses are at greater risk than consumers and need to improve identification and response, according to Javelin Strategy & Research.
Success, Failure And The Advanced Threat
Commentary  |  5/16/2011  | 
You can't judge the sophistication of an attack by its success or failure
Sony Strengthens Security, Restores Some PlayStation Services
News  |  5/16/2011  | 
Online services get stronger encryption, more firewalls, and an early detection system to try to prevent future attacks; users are required to update gaming console's firmware and password before going online.
Adobe Adds Flash Privacy Controls
News  |  5/13/2011  | 
Flash Player and Google Chrome get patches against attacks currently seen in the wild.
Microsoft: Cybercrime Falling Into Two Distinct Camps
News  |  5/12/2011  | 
New Microsoft Security Intelligence Report outlines 'marketing campaign' strategies being employed by one group, and related rise in phishing and rogue antivirus software.
Graphics Cards Face Internet-Borne Threats
News  |  5/12/2011  | 
The WebGL 3-D graphics specification implemented in Firefox and Chrome, and included in Safari, is subject to denial of service attacks.
Schwartz On Security: Sony Must Do More
Commentary  |  5/12/2011  | 
Forget free ID theft monitoring. Sony should release its police reports, so that 101 million people can obtain a free credit freeze to proactively battle ID thieves.
McAfee, Intel Launch Cloud Security Platform
News  |  5/12/2011  | 
The security service uses data loss prevention policies to stop leakage of sensitive data via mobile devices, end users, social networks, and private cloud applications.
Microsoft: Cybercrime Falling Into Two Distinct Camps
News  |  5/12/2011  | 
New Microsoft Security Intelligence Report outlines 'marketing campaign' strategies being employed by one group, and related rise in phishing and rogue antivirus software
Java Bot Software Could Signal New Vector For Malware Authors
News  |  5/11/2011  | 
Flexible programming language offers some advantages for cybercriminals, researchers say.
Google, VUPEN Spar Over Chrome Hack
News  |  5/11/2011  | 
If bypass of Chrome's sandbox indeed used a new Flash vulnerability in the browser, then it's both a Flash bug and a Chrome hack, says security researcher Dan Kaminksy
Facebook Patches Access Token Leak
News  |  5/11/2011  | 
Users should change their passwords to mitigate threats posed by the accidental leak of perhaps millions of account identity details.
Microsoft Patches Critical Windows Vulnerability
News  |  5/11/2011  | 
The software maker also tweaked its exploitability index, which predicts the likelihood that vulnerabilities will soon be compromised.
Zeus Trojan's Source Code Leaked In The Wild
Quick Hits  |  5/10/2011  | 
'Open source' Zeus could result in widespread infections
Hackers Subvert Google Chrome Sandbox
News  |  5/10/2011  | 
Vulnerability research firm Vupen said it's found a way to execute arbitrary code in the browser.
DDoS Attacks Evolve And Spread
News  |  5/10/2011  | 
Nearly two-thirds of organizations have been DDoS'ed in the past year--even smaller organizations, new VeriSign report finds.
OpenID Warns Of Serious Bug
News  |  5/9/2011  | 
Facebook, Google, and Yahoo are among the millions of websites that use the single sign-on technology.
Tech Insight: Spear Phishing A Tough Catch
News  |  5/6/2011  | 
But there are technical and training strategies that can help lessen the chances that users will fall for these socially engineered email-based attacks
Disabling Features Make Some Microsoft Bugs Unexploitable
Quick Hits  |  5/5/2011  | 
eEye study finds that disabling two well-known features in Microsoft products would prevent attackers from exploiting 12 percent of vulnerabilities
Sony Brings In Forensic Experts On Data Breaches
News  |  5/5/2011  | 
Data Forte, Guidance Software, and Protiviti will investigate who hacked into Sony's servers and how they cracked the company's defenses.
Bin Laden Death Triggers Cyber Scams
News  |  5/4/2011  | 
Homeland Security warns about rogueware and phishing attacks masquerading as news about the Al Qaeda leader.
Apache Web Server Under Stealth Attack
News  |  5/4/2011  | 
Malicious code uses Apache's own filter capabilities to transform the server module into a malware platform.
Apple Macs Targetted By Crimeware Toolkit
News  |  5/3/2011  | 
The OSX operating system now faces botnet software as well as a fake antivirus campaign launched via Google image searches on Osama Bin Laden.
Sony Reports 24.5 Million More Accounts Hacked
News  |  5/3/2011  | 
After a second breach, the company suspends all Sony Online Entertainment multiplayer games as the number of compromised user accounts exceeds 100 million.
Page 1 / 2   >   >>


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
TPM-Fail: What It Means & What to Do About It
Ari Singer, CTO at TrustPhi,  11/19/2019
Americans Fed Up with Lack of Data Privacy
Robert Lemos, Contributing Writer,  11/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19227
PUBLISHED: 2019-11-22
In the AppleTalk subsystem in the Linux kernel before 5.1, there is a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client, aka CID-9804501fa122.
CVE-2019-10203
PUBLISHED: 2019-11-22
PowerDNS Authoritative daemon , all versions pdns 4.1.x before pdns 4.1.10, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS.
CVE-2019-10206
PUBLISHED: 2019-11-22
ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.
CVE-2018-10854
PUBLISHED: 2019-11-22
cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. A flaw was found in CloudForms's v2v infrastructure mapping delete feature. A stored cross-site scripting due to improper sanitization of user input in Name field.
CVE-2019-13157
PUBLISHED: 2019-11-22
nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive.