Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in May 2011
Page 1 / 2   >   >>
'APT' Among Top Three Security Worries In 2011
Quick Hits  |  5/31/2011  | 
nCircle survey finds wider understanding of risks, less financial support for security projects
A Tale Of Two Hacks
Commentary  |  5/31/2011  | 
The similarities and differences in the Lockheed and RSA attacks
DOD Says Cyber Attacks May Mean War
News  |  5/31/2011  | 
The Pentagon's forthcoming cyber strategy will formalize the possibility of a physical response to a virtual attack, according to published reports.
Product Watch: New Service Aims To Improved Botnet Detection Among Service Providers
News  |  5/27/2011  | 
Damballa CSP 1.6 automates subscriber notification and remediation of botnet infections
35 Million Google Profiles Captured In Database
News  |  5/27/2011  | 
A security researcher was able to collect information from Google Profiles and save millions of files in a SQL database in about a month.
DNS Filtering Legislation Would Derail DNSSEC, Experts Contend
News  |  5/26/2011  | 
Senate bill that aims to protect copyright infringement online could backfire security-wise, according to a who's who of Internet infrastructure and security experts
DHS Advances Einstein Cybersecurity Deployment
News  |  5/26/2011  | 
The Department of Homeland Security plans to hire IT experts who can support Einstein and other security technologies.
Cookiejacking Attack Steals Website Access Credentials
News  |  5/26/2011  | 
All Internet Explorer users on all versions of Windows are at risk from zero-day attack that can steal any website cookie, allowing an attacker to impersonate their victim.
Google Fixes Authentication Flaw
News  |  5/26/2011  | 
Vulnerability leaves Android smartphones open to sidejacking
Freebie Black Hole Exploit Kit Limited By Encoding
News  |  5/25/2011  | 
Obfuscated and encoded code prevents easy customization and creation of new versions
Apple Promises MacDefender Fix
News  |  5/25/2011  | 
The impact of rogue security software attacks like MacDefender has prompted Apple to issue advice about the malware and to commit to issuing a software fix.
Attackers Step Away From Mainstream, Target Lesser-Known Apps
News  |  5/25/2011  | 
Attackers Step Away From Mainstream, Target Lesser-Known Apps.
Scareware Is Evolving
Commentary  |  5/24/2011  | 
That's right -- scareware is still proving an effective way for threat actors to make quick cash on the Internet
Siemens To Issue Patches For SCADA Products 'In Next Few Weeks'
News  |  5/24/2011  | 
Says attacks would only affect plants without IT security systems
Researcher Challenges Siemens' Public Reaction To New SCADA Flaws
News  |  5/24/2011  | 
Initial solution suggested by Siemens to remedy the critical vulnerabilities failed.
Audio Captchas Easy To Defeat
News  |  5/24/2011  | 
Security researchers have designed automated software that regularly defeats most audio challenge-and-response systems on websites.
LinkedIn Faces Cookie Vulnerabilities
News  |  5/24/2011  | 
The social networking site is set to reduce the length of time before cookies expire and add HTTPS across its site.
Qakbot Malware Infections Spike
News  |  5/23/2011  | 
Worm that targets financial information infected 1,500 Massachusetts state PCs, potentially exposing 250,000 residents' personal details.
Researcher Challenges Siemens' Public Reaction To New SCADA Flaws
News  |  5/23/2011  | 
Initial solution suggested by Siemens to remedy the critical vulnerabilities failed
Sony Data Breach Cleanup To Cost $171 Million
News  |  5/23/2011  | 
If identify theft or credit card fraud takes place, the company said its actual costs could rise substantially.
Hacker Exposes NASA Security Hole
News  |  5/20/2011  | 
A Goddard Space Flight Center FTP server was breached by a Romanian whitehat hacker known as TinKode, who cracked a European Space Agency network a month ago.
Researchers Decide Not To Give SCADA Vulnerability Talk
News  |  5/19/2011  | 
Last-minute change in plans spurred by Siemens, government officials
Microsoft Claims IE9 Stops Most Social Engineering Threats
News  |  5/18/2011  | 
Application reputation feature in the browser blocks more than 20 million malware infections per month by white-listing applications from approved publishers, the software maker says.
Schwartz On Security: Developers Battle Piracy Channels
Commentary  |  5/18/2011  | 
Business Software Alliance report finds widespread software piracy, but experts say market pressures are to blame.
Cybercriminals Target Online Banking Culture In Latin America
News  |  5/17/2011  | 
Botnets and malware creation are on the rise in the region, which also could host first big wave of smartphone malware writers
Reduce Your Android Security Risks
Commentary  |  5/17/2011  | 
Threats against Google's mobile platform have increased 400% in the last year, but common sense will protect users against many of the attacks.
SMBs At Risk For Financial Fraud
News  |  5/16/2011  | 
Small and midsize businesses are at greater risk than consumers and need to improve identification and response, according to Javelin Strategy & Research.
Success, Failure And The Advanced Threat
Commentary  |  5/16/2011  | 
You can't judge the sophistication of an attack by its success or failure
Sony Strengthens Security, Restores Some PlayStation Services
News  |  5/16/2011  | 
Online services get stronger encryption, more firewalls, and an early detection system to try to prevent future attacks; users are required to update gaming console's firmware and password before going online.
Adobe Adds Flash Privacy Controls
News  |  5/13/2011  | 
Flash Player and Google Chrome get patches against attacks currently seen in the wild.
Microsoft: Cybercrime Falling Into Two Distinct Camps
News  |  5/12/2011  | 
New Microsoft Security Intelligence Report outlines 'marketing campaign' strategies being employed by one group, and related rise in phishing and rogue antivirus software.
Graphics Cards Face Internet-Borne Threats
News  |  5/12/2011  | 
The WebGL 3-D graphics specification implemented in Firefox and Chrome, and included in Safari, is subject to denial of service attacks.
Schwartz On Security: Sony Must Do More
Commentary  |  5/12/2011  | 
Forget free ID theft monitoring. Sony should release its police reports, so that 101 million people can obtain a free credit freeze to proactively battle ID thieves.
McAfee, Intel Launch Cloud Security Platform
News  |  5/12/2011  | 
The security service uses data loss prevention policies to stop leakage of sensitive data via mobile devices, end users, social networks, and private cloud applications.
Microsoft: Cybercrime Falling Into Two Distinct Camps
News  |  5/12/2011  | 
New Microsoft Security Intelligence Report outlines 'marketing campaign' strategies being employed by one group, and related rise in phishing and rogue antivirus software
Java Bot Software Could Signal New Vector For Malware Authors
News  |  5/11/2011  | 
Flexible programming language offers some advantages for cybercriminals, researchers say.
Google, VUPEN Spar Over Chrome Hack
News  |  5/11/2011  | 
If bypass of Chrome's sandbox indeed used a new Flash vulnerability in the browser, then it's both a Flash bug and a Chrome hack, says security researcher Dan Kaminksy
Facebook Patches Access Token Leak
News  |  5/11/2011  | 
Users should change their passwords to mitigate threats posed by the accidental leak of perhaps millions of account identity details.
Microsoft Patches Critical Windows Vulnerability
News  |  5/11/2011  | 
The software maker also tweaked its exploitability index, which predicts the likelihood that vulnerabilities will soon be compromised.
Zeus Trojan's Source Code Leaked In The Wild
Quick Hits  |  5/10/2011  | 
'Open source' Zeus could result in widespread infections
Hackers Subvert Google Chrome Sandbox
News  |  5/10/2011  | 
Vulnerability research firm Vupen said it's found a way to execute arbitrary code in the browser.
DDoS Attacks Evolve And Spread
News  |  5/10/2011  | 
Nearly two-thirds of organizations have been DDoS'ed in the past year--even smaller organizations, new VeriSign report finds.
OpenID Warns Of Serious Bug
News  |  5/9/2011  | 
Facebook, Google, and Yahoo are among the millions of websites that use the single sign-on technology.
Tech Insight: Spear Phishing A Tough Catch
News  |  5/6/2011  | 
But there are technical and training strategies that can help lessen the chances that users will fall for these socially engineered email-based attacks
Disabling Features Make Some Microsoft Bugs Unexploitable
Quick Hits  |  5/5/2011  | 
eEye study finds that disabling two well-known features in Microsoft products would prevent attackers from exploiting 12 percent of vulnerabilities
Sony Brings In Forensic Experts On Data Breaches
News  |  5/5/2011  | 
Data Forte, Guidance Software, and Protiviti will investigate who hacked into Sony's servers and how they cracked the company's defenses.
Bin Laden Death Triggers Cyber Scams
News  |  5/4/2011  | 
Homeland Security warns about rogueware and phishing attacks masquerading as news about the Al Qaeda leader.
Apache Web Server Under Stealth Attack
News  |  5/4/2011  | 
Malicious code uses Apache's own filter capabilities to transform the server module into a malware platform.
Apple Macs Targetted By Crimeware Toolkit
News  |  5/3/2011  | 
The OSX operating system now faces botnet software as well as a fake antivirus campaign launched via Google image searches on Osama Bin Laden.
Sony Reports 24.5 Million More Accounts Hacked
News  |  5/3/2011  | 
After a second breach, the company suspends all Sony Online Entertainment multiplayer games as the number of compromised user accounts exceeds 100 million.
Page 1 / 2   >   >>


HackerOne Drops Mobile Voting App Vendor Voatz
Dark Reading Staff 3/30/2020
Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
Curtis Franklin Jr., Senior Editor at Dark Reading,  3/31/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11547
PUBLISHED: 2020-04-05
PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server itself (CPU usage, memory, Windows version, and internal statistics) via an HTTP request, as demonstrated by type=probes to login.htm or index.htm.
CVE-2020-11548
PUBLISHED: 2020-04-05
The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. The attacker could achieve remote code execution via CSV injection if a wp-admin/index.php?page=search-meter Export is performed.
CVE-2020-11542
PUBLISHED: 2020-04-04
3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authentication Bypass via CMD.HTM?CMD= because authentication depends on the client side's interpretation of the <KEY>MYKEY</KEY> substring.
CVE-2020-11533
PUBLISHED: 2020-04-04
Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to obtain sensitive information (keying material).
CVE-2020-11529
PUBLISHED: 2020-04-04
Common/Grav.php in Grav before 1.6.23 has an Open Redirect.