Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in May 2011
Page 1 / 2   >   >>
'APT' Among Top Three Security Worries In 2011
Quick Hits  |  5/31/2011  | 
nCircle survey finds wider understanding of risks, less financial support for security projects
A Tale Of Two Hacks
Commentary  |  5/31/2011  | 
The similarities and differences in the Lockheed and RSA attacks
DOD Says Cyber Attacks May Mean War
News  |  5/31/2011  | 
The Pentagon's forthcoming cyber strategy will formalize the possibility of a physical response to a virtual attack, according to published reports.
Product Watch: New Service Aims To Improved Botnet Detection Among Service Providers
News  |  5/27/2011  | 
Damballa CSP 1.6 automates subscriber notification and remediation of botnet infections
35 Million Google Profiles Captured In Database
News  |  5/27/2011  | 
A security researcher was able to collect information from Google Profiles and save millions of files in a SQL database in about a month.
DNS Filtering Legislation Would Derail DNSSEC, Experts Contend
News  |  5/26/2011  | 
Senate bill that aims to protect copyright infringement online could backfire security-wise, according to a who's who of Internet infrastructure and security experts
DHS Advances Einstein Cybersecurity Deployment
News  |  5/26/2011  | 
The Department of Homeland Security plans to hire IT experts who can support Einstein and other security technologies.
Cookiejacking Attack Steals Website Access Credentials
News  |  5/26/2011  | 
All Internet Explorer users on all versions of Windows are at risk from zero-day attack that can steal any website cookie, allowing an attacker to impersonate their victim.
Google Fixes Authentication Flaw
News  |  5/26/2011  | 
Vulnerability leaves Android smartphones open to sidejacking
Freebie Black Hole Exploit Kit Limited By Encoding
News  |  5/25/2011  | 
Obfuscated and encoded code prevents easy customization and creation of new versions
Apple Promises MacDefender Fix
News  |  5/25/2011  | 
The impact of rogue security software attacks like MacDefender has prompted Apple to issue advice about the malware and to commit to issuing a software fix.
Attackers Step Away From Mainstream, Target Lesser-Known Apps
News  |  5/25/2011  | 
Attackers Step Away From Mainstream, Target Lesser-Known Apps.
Scareware Is Evolving
Commentary  |  5/24/2011  | 
That's right -- scareware is still proving an effective way for threat actors to make quick cash on the Internet
Siemens To Issue Patches For SCADA Products 'In Next Few Weeks'
News  |  5/24/2011  | 
Says attacks would only affect plants without IT security systems
Researcher Challenges Siemens' Public Reaction To New SCADA Flaws
News  |  5/24/2011  | 
Initial solution suggested by Siemens to remedy the critical vulnerabilities failed.
Audio Captchas Easy To Defeat
News  |  5/24/2011  | 
Security researchers have designed automated software that regularly defeats most audio challenge-and-response systems on websites.
LinkedIn Faces Cookie Vulnerabilities
News  |  5/24/2011  | 
The social networking site is set to reduce the length of time before cookies expire and add HTTPS across its site.
Qakbot Malware Infections Spike
News  |  5/23/2011  | 
Worm that targets financial information infected 1,500 Massachusetts state PCs, potentially exposing 250,000 residents' personal details.
Researcher Challenges Siemens' Public Reaction To New SCADA Flaws
News  |  5/23/2011  | 
Initial solution suggested by Siemens to remedy the critical vulnerabilities failed
Sony Data Breach Cleanup To Cost $171 Million
News  |  5/23/2011  | 
If identify theft or credit card fraud takes place, the company said its actual costs could rise substantially.
Hacker Exposes NASA Security Hole
News  |  5/20/2011  | 
A Goddard Space Flight Center FTP server was breached by a Romanian whitehat hacker known as TinKode, who cracked a European Space Agency network a month ago.
Researchers Decide Not To Give SCADA Vulnerability Talk
News  |  5/19/2011  | 
Last-minute change in plans spurred by Siemens, government officials
Microsoft Claims IE9 Stops Most Social Engineering Threats
News  |  5/18/2011  | 
Application reputation feature in the browser blocks more than 20 million malware infections per month by white-listing applications from approved publishers, the software maker says.
Schwartz On Security: Developers Battle Piracy Channels
Commentary  |  5/18/2011  | 
Business Software Alliance report finds widespread software piracy, but experts say market pressures are to blame.
Cybercriminals Target Online Banking Culture In Latin America
News  |  5/17/2011  | 
Botnets and malware creation are on the rise in the region, which also could host first big wave of smartphone malware writers
Reduce Your Android Security Risks
Commentary  |  5/17/2011  | 
Threats against Google's mobile platform have increased 400% in the last year, but common sense will protect users against many of the attacks.
SMBs At Risk For Financial Fraud
News  |  5/16/2011  | 
Small and midsize businesses are at greater risk than consumers and need to improve identification and response, according to Javelin Strategy & Research.
Success, Failure And The Advanced Threat
Commentary  |  5/16/2011  | 
You can't judge the sophistication of an attack by its success or failure
Sony Strengthens Security, Restores Some PlayStation Services
News  |  5/16/2011  | 
Online services get stronger encryption, more firewalls, and an early detection system to try to prevent future attacks; users are required to update gaming console's firmware and password before going online.
Adobe Adds Flash Privacy Controls
News  |  5/13/2011  | 
Flash Player and Google Chrome get patches against attacks currently seen in the wild.
Microsoft: Cybercrime Falling Into Two Distinct Camps
News  |  5/12/2011  | 
New Microsoft Security Intelligence Report outlines 'marketing campaign' strategies being employed by one group, and related rise in phishing and rogue antivirus software.
Graphics Cards Face Internet-Borne Threats
News  |  5/12/2011  | 
The WebGL 3-D graphics specification implemented in Firefox and Chrome, and included in Safari, is subject to denial of service attacks.
Schwartz On Security: Sony Must Do More
Commentary  |  5/12/2011  | 
Forget free ID theft monitoring. Sony should release its police reports, so that 101 million people can obtain a free credit freeze to proactively battle ID thieves.
McAfee, Intel Launch Cloud Security Platform
News  |  5/12/2011  | 
The security service uses data loss prevention policies to stop leakage of sensitive data via mobile devices, end users, social networks, and private cloud applications.
Microsoft: Cybercrime Falling Into Two Distinct Camps
News  |  5/12/2011  | 
New Microsoft Security Intelligence Report outlines 'marketing campaign' strategies being employed by one group, and related rise in phishing and rogue antivirus software
Java Bot Software Could Signal New Vector For Malware Authors
News  |  5/11/2011  | 
Flexible programming language offers some advantages for cybercriminals, researchers say.
Google, VUPEN Spar Over Chrome Hack
News  |  5/11/2011  | 
If bypass of Chrome's sandbox indeed used a new Flash vulnerability in the browser, then it's both a Flash bug and a Chrome hack, says security researcher Dan Kaminksy
Facebook Patches Access Token Leak
News  |  5/11/2011  | 
Users should change their passwords to mitigate threats posed by the accidental leak of perhaps millions of account identity details.
Microsoft Patches Critical Windows Vulnerability
News  |  5/11/2011  | 
The software maker also tweaked its exploitability index, which predicts the likelihood that vulnerabilities will soon be compromised.
Zeus Trojan's Source Code Leaked In The Wild
Quick Hits  |  5/10/2011  | 
'Open source' Zeus could result in widespread infections
Hackers Subvert Google Chrome Sandbox
News  |  5/10/2011  | 
Vulnerability research firm Vupen said it's found a way to execute arbitrary code in the browser.
DDoS Attacks Evolve And Spread
News  |  5/10/2011  | 
Nearly two-thirds of organizations have been DDoS'ed in the past year--even smaller organizations, new VeriSign report finds.
OpenID Warns Of Serious Bug
News  |  5/9/2011  | 
Facebook, Google, and Yahoo are among the millions of websites that use the single sign-on technology.
Tech Insight: Spear Phishing A Tough Catch
News  |  5/6/2011  | 
But there are technical and training strategies that can help lessen the chances that users will fall for these socially engineered email-based attacks
Disabling Features Make Some Microsoft Bugs Unexploitable
Quick Hits  |  5/5/2011  | 
eEye study finds that disabling two well-known features in Microsoft products would prevent attackers from exploiting 12 percent of vulnerabilities
Sony Brings In Forensic Experts On Data Breaches
News  |  5/5/2011  | 
Data Forte, Guidance Software, and Protiviti will investigate who hacked into Sony's servers and how they cracked the company's defenses.
Bin Laden Death Triggers Cyber Scams
News  |  5/4/2011  | 
Homeland Security warns about rogueware and phishing attacks masquerading as news about the Al Qaeda leader.
Apache Web Server Under Stealth Attack
News  |  5/4/2011  | 
Malicious code uses Apache's own filter capabilities to transform the server module into a malware platform.
Apple Macs Targetted By Crimeware Toolkit
News  |  5/3/2011  | 
The OSX operating system now faces botnet software as well as a fake antivirus campaign launched via Google image searches on Osama Bin Laden.
Sony Reports 24.5 Million More Accounts Hacked
News  |  5/3/2011  | 
After a second breach, the company suspends all Sony Online Entertainment multiplayer games as the number of compromised user accounts exceeds 100 million.
Page 1 / 2   >   >>


When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
CVE-2021-21245
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...
CVE-2021-21246
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the `/users/` endpoint there are no security checks enforced so it is possible to retrieve ar...