Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in May 2012
Companies See Business In 'Doxing' The Adversary
News  |  5/31/2012  | 
It's not a malware problem -- it's an adversary problem: More security firms are focusing on the people behind the keyboards in order to stymie attacks
Is Lax SMB Security A Myth?
News  |  5/31/2012  | 
Small and mid-size businesses defy perception by spending more than ever on security, according to a new IDC report. Now growing twice as fast as overall IT budgets, SMB security spending will total $5.6 billion in 2015.
State-Sponsored Backdoor Or Programming Faux Pas?
Commentary  |  5/31/2012  | 
Backdoor in Android-based handsets sponsor, bad programming, or a #win for Apple's stringent application QA process?
Obama Administration Partners With Industry To Fight Botnets
News  |  5/30/2012  | 
At a White House event Wednesday, officials unveiled a series of initiatives meant to fight botnet infections
Kim Dotcom Gets Access To FBI's Megaupload Documents
News  |  5/30/2012  | 
Dotcom's defense campaign won a boost when a New Zealand judge refused to rubber-stamp U.S. prosecutors' request for extradition.
Flame FAQ: 11 Facts About Complex Malware
News  |  5/30/2012  | 
Size of Flame dwarfs existing spyware, keyloggers, and other malware. Drill down for a closer look at the crucial technology and military issues.
Flame's Big Question: What Else Is Lurking?
News  |  5/30/2012  | 
Stealth and scope of Flame intrigues researchers looking for other nation-state sponsored spyware and attacks.
Database Monitoring, SIEM Top IT's List
Quick Hits  |  5/29/2012  | 
IT organizations want better visibility into their network in order to react more quickly to advanced threats, McAfee report finds
Top 5 Myths About Insider Threats
News  |  5/29/2012  | 
Myths about who insiders are and how they're putting data at risk keep mitigation efforts at bay
Flame Espionage Malware Seeks Middle East Data
News  |  5/29/2012  | 
Flame malware, described as the most complex ever discovered, has the markings of Western intelligence agencies. Security researchers believe it's been gathering information from Iran, Lebanon, Syria, and other countries since at least 2010.
Cutting The Lag Between Detection And Action
News  |  5/25/2012  | 
Detecting a threat does little good if the targeted company is not ready to respond. Security experts weigh in on ways to speed a business' response to threats
Android Malware Surges, Botnet Business Booms
News  |  5/24/2012  | 
McAfee reports thousands of new malware apps targeting Android appeared early this year, along with a steady stream of botnet updates.
London 2012 Olympics Scammers Seek Malicious Gold
News  |  5/24/2012  | 
Expect escalating levels of malware, fake mobile apps, and online scams in the lead-up to this summer's Olympics, warns the Department of Homeland Security.
Google Spreads Word On DNSChanger Malware
News  |  5/23/2012  | 
After taking down the botnet, the FBI is still trying to alert 500,000 people that their PCs are infected with the malware. Some Google search users are now getting direct warnings.
7 Lessons From MilitarySingles.com Hack
News  |  5/23/2012  | 
LulzSec Reborn hacktivist group exploited the site's poor security checks on user-uploaded content, made away with easily cracked passwords.
Malware 'Licensing' Could Stymie Automated Analysis
News  |  5/22/2012  | 
The use of encryption and digital-rights management techniques by the authors of malicious code could make automated analysis of malware take longer and require human intervention more often
Researchers 'Map' Android Malware Genome
News  |  5/22/2012  | 
New initiative promotes sharing of Android malware research worldwide, beefing up mobile anti-malware tools
9 Lessons From Utah Data Breach
News  |  5/21/2012  | 
Breach of unencrypted data affected 28% of the state's residents; one in 10 had Social Security numbers stolen. How can you avoid such an epic fail?
Fake Google Chrome Installer Steals Banking Details
News  |  5/17/2012  | 
New polymorphic Android malware, meanwhile, disguises itself as a free virus scanner.
Threat Intelligence Becoming A Do-It-Yourself Project For Enterprises
Quick Hits  |  5/17/2012  | 
Building your own threat data collection and analysis function needn't be complex or expensive
Lumension Examines How To Close The Antivirus Protection Gap
News  |  5/16/2012  | 
New whitepaper examines and compares the effectiveness of standalone AV versus newer technologies
Zeus Malware Seeks Facebook Users' Debit Card Data
News  |  5/16/2012  | 
Latest Botnet-backed fraud compaign also has variations targeting Google Mail, Hotmail, and Yahoo users.
5 Ways To Lose A Malicious Insider Lawsuit
News  |  5/16/2012  | 
Making the case against an insider takes preparation and proactive work with HR and legal. Consider this expert advice to make sure you're ready.
Google Chrome 19 Debuts, With 20 Bug Patches
News  |  5/16/2012  | 
Latest release of browser also adds the ability to synchronize open tabs across devices.
5 Ways To Lose A Malicious Insider Lawsuit
News  |  5/15/2012  | 
Making the case against an insider takes preparation and proactive work with HR and legal
Apple Inoculates OS X Leopard Against Flashback
News  |  5/15/2012  | 
Apple security update for older OS 10.5 Leopard nukes Flashback variants and disables outdated Java and Flash functionality.
Accused LulzSec Member Pleads Not Guilty
News  |  5/15/2012  | 
Alleged LulzSec lieutenant accused of masterminding Stratfor hack, along with numerous other charges. Jeremy Hammond, a.k.a. Anarchaos, served prison time for previous hacking incident.
Half Of Computer Users Admit To Pirating Software
News  |  5/14/2012  | 
Software pirates typically are young and male and live in emerging economies, where obtaining legal copies of software isn't always easy, finds Business Software Alliance study.
Why Some SMBs Still Fear The Cloud
News  |  5/14/2012  | 
Blind study commissioned by Microsoft shows disparity between those small to midsize businesses that have adopted cloud computing and security-as-a-service and those that have not
4 Ways To Find Real Enterprise Security Threats
News  |  5/14/2012  | 
Companies re-prioritizing their defensive security efforts need to look beyond vulnerabilities. Here's advice on how to find the real threats to your business before they find you.
Amnesty International Hackers Learned From Flashback
News  |  5/14/2012  | 
Attackers used the same Java vulnerability employed by the Apple Flashback malware to try to infect site visitors with remote administration tools.
4 Ways To Identify The Real Threats To Your Organization
News  |  5/14/2012  | 
Companies looking for better ways of prioritizing their defensive efforts need to look beyond vulnerabilities. How to find the real threats to your business before they find you
Security Index Marks A Year Of Doing Business Dangerously
News  |  5/11/2012  | 
The Index of Cyber Security has measured top security officers' sentiment on cyberthreats for more than a year. So what does the index's steady rise mean?
TeamPoison Hacker Suspect Has Anonymous Ties
News  |  5/11/2012  | 
British police arrest alleged spokesman of hacktivist group that gained notoriety for exposing Tony Blair's address book and working with Anonymous as part of Operation Robin Hood.
BeyondTrust Buys eEye
Quick Hits  |  5/10/2012  | 
eEye co-founder Marc Maiffret now CTO of BeyondTrust
FBI Warns Travelers Using Hotel Networks About New Attack
News  |  5/10/2012  | 
The FBI says attackers are trying to trick users into installing malware with promises of software updates
Anonymous Targets Russian Sites For Putin Protest
News  |  5/10/2012  | 
Kremlin's public-facing website knocked offline; In separate series of attacks, Anonymous Norway dismisses claims it helped Norwegian police.
Army Eyes Monitoring Tools To Stop WikiLeaks Repeat
News  |  5/9/2012  | 
Keystroke monitoring may be just a start as Army seeks ways to sift through soldiers' website visits, search queries, and other work, watching for abnormal behavior and trying to stop inside attacks.
Targeted Attack Infiltrates At Least 20 Companies
News  |  5/8/2012  | 
Attackers conducted a sustained espionage campaign against a score of private- and public-sector targets with links to policies of interest to China
Jericho Botnet Targets Banks And Financial Institutions
Quick Hits  |  5/6/2012  | 
Botnet operators seek to steal passwords and credentials for financial gain, Palo Alto Networks researchers say
Norton 360 Everywhere Available Today
News  |  5/3/2012  | 
Provides protection for PCs, Macs, Android-based phones, and tablets
2012 Strategic Security Survey: Pick The Right Battles
News  |  5/3/2012  | 
Whether it's cloud computing, mobile devices, or insecure software, some threats are more prevalent than others. Our latest survey delves into where security pros are putting their resources.
Microsoft Fingers Chinese Firewall/IPS Vendor In Windows Exploit Leak
News  |  5/3/2012  | 
Chinese firewall and IPS vendor Hangzhou DPTech Technologies kicked out of Microsoft Active Protections Program (MAPP) for its role in disclosure of Windows Remote Desktop (RDP) flaw earlier this year
Global Payments Breach: Fresh Questions On Timing
News  |  5/3/2012  | 
Did the Global Payments data breach that exposed at least 1.5 million credit and debit card numbers date back to 2011? As new evidence is reported, Global Payments declines comment on timeframe.
7 Ways Oracle Hurts Database Customers' Security
News  |  5/3/2012  | 
Oracle's missteps during the TNS Poison disclosure debacle highlight its ongoing failures in helping customers secure their databases.
Mac Flashback Malware Bags Big Bucks
News  |  5/1/2012  | 
Analysis of the Flashback malware code estimates that botnet operators are earning $10,000 per day. Users of older Mac operating systems remain at risk.
Android Apps Slurp Excessive Data
News  |  5/1/2012  | 
Nearly half of leading Android apps access more types of data than they require, finds a new security study.
Healthcare Unable To Keep Up With Insider Threats
News  |  5/1/2012  | 
Insiders played a role in recent breaches at Utah Department of Health, Emory, and South Carolina Department of Health and Human Services


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
6 Top Nontechnical Degrees for Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/21/2019
Anatomy of a BEC Scam
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3654
PUBLISHED: 2019-11-22
Authentication Bypass vulnerability in the Microsoft Windows client in McAfee Client Proxy (MCP) prior to 3.0.0 allows local user to bypass scanning of web traffic and gain access to blocked sites for a short period of time via generating an authorization key on the client which should only be gener...
CVE-2014-2214
PUBLISHED: 2019-11-22
Multiple cross-site scripting (XSS) vulnerabilities in POSH (aka Posh portal or Portaneo) 3.0 through 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) error parameter to /includes/plugins/mobile/scripts/login.php or (2) id parameter to portal/openrssarticle.php
CVE-2014-6310
PUBLISHED: 2019-11-22
Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function.
CVE-2014-6311
PUBLISHED: 2019-11-22
generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges.
CVE-2019-16763
PUBLISHED: 2019-11-22
In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized for data URIs (or vbscript:), allowing for potential XSS attacks. Such an attack would require a user to click on a hot spot to execute and would require an attacker-provided configuration. The most plausible potential attack would be if ...