Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in May 2012
Companies See Business In 'Doxing' The Adversary
News  |  5/31/2012  | 
It's not a malware problem -- it's an adversary problem: More security firms are focusing on the people behind the keyboards in order to stymie attacks
Is Lax SMB Security A Myth?
News  |  5/31/2012  | 
Small and mid-size businesses defy perception by spending more than ever on security, according to a new IDC report. Now growing twice as fast as overall IT budgets, SMB security spending will total $5.6 billion in 2015.
State-Sponsored Backdoor Or Programming Faux Pas?
Commentary  |  5/31/2012  | 
Backdoor in Android-based handsets sponsor, bad programming, or a #win for Apple's stringent application QA process?
Obama Administration Partners With Industry To Fight Botnets
News  |  5/30/2012  | 
At a White House event Wednesday, officials unveiled a series of initiatives meant to fight botnet infections
Kim Dotcom Gets Access To FBI's Megaupload Documents
News  |  5/30/2012  | 
Dotcom's defense campaign won a boost when a New Zealand judge refused to rubber-stamp U.S. prosecutors' request for extradition.
Flame FAQ: 11 Facts About Complex Malware
News  |  5/30/2012  | 
Size of Flame dwarfs existing spyware, keyloggers, and other malware. Drill down for a closer look at the crucial technology and military issues.
Flame's Big Question: What Else Is Lurking?
News  |  5/30/2012  | 
Stealth and scope of Flame intrigues researchers looking for other nation-state sponsored spyware and attacks.
Database Monitoring, SIEM Top IT's List
Quick Hits  |  5/29/2012  | 
IT organizations want better visibility into their network in order to react more quickly to advanced threats, McAfee report finds
Top 5 Myths About Insider Threats
News  |  5/29/2012  | 
Myths about who insiders are and how they're putting data at risk keep mitigation efforts at bay
Flame Espionage Malware Seeks Middle East Data
News  |  5/29/2012  | 
Flame malware, described as the most complex ever discovered, has the markings of Western intelligence agencies. Security researchers believe it's been gathering information from Iran, Lebanon, Syria, and other countries since at least 2010.
Cutting The Lag Between Detection And Action
News  |  5/25/2012  | 
Detecting a threat does little good if the targeted company is not ready to respond. Security experts weigh in on ways to speed a business' response to threats
Android Malware Surges, Botnet Business Booms
News  |  5/24/2012  | 
McAfee reports thousands of new malware apps targeting Android appeared early this year, along with a steady stream of botnet updates.
London 2012 Olympics Scammers Seek Malicious Gold
News  |  5/24/2012  | 
Expect escalating levels of malware, fake mobile apps, and online scams in the lead-up to this summer's Olympics, warns the Department of Homeland Security.
Google Spreads Word On DNSChanger Malware
News  |  5/23/2012  | 
After taking down the botnet, the FBI is still trying to alert 500,000 people that their PCs are infected with the malware. Some Google search users are now getting direct warnings.
7 Lessons From MilitarySingles.com Hack
News  |  5/23/2012  | 
LulzSec Reborn hacktivist group exploited the site's poor security checks on user-uploaded content, made away with easily cracked passwords.
Malware 'Licensing' Could Stymie Automated Analysis
News  |  5/22/2012  | 
The use of encryption and digital-rights management techniques by the authors of malicious code could make automated analysis of malware take longer and require human intervention more often
Researchers 'Map' Android Malware Genome
News  |  5/22/2012  | 
New initiative promotes sharing of Android malware research worldwide, beefing up mobile anti-malware tools
9 Lessons From Utah Data Breach
News  |  5/21/2012  | 
Breach of unencrypted data affected 28% of the state's residents; one in 10 had Social Security numbers stolen. How can you avoid such an epic fail?
Fake Google Chrome Installer Steals Banking Details
News  |  5/17/2012  | 
New polymorphic Android malware, meanwhile, disguises itself as a free virus scanner.
Threat Intelligence Becoming A Do-It-Yourself Project For Enterprises
Quick Hits  |  5/17/2012  | 
Building your own threat data collection and analysis function needn't be complex or expensive
Lumension Examines How To Close The Antivirus Protection Gap
News  |  5/16/2012  | 
New whitepaper examines and compares the effectiveness of standalone AV versus newer technologies
Zeus Malware Seeks Facebook Users' Debit Card Data
News  |  5/16/2012  | 
Latest Botnet-backed fraud compaign also has variations targeting Google Mail, Hotmail, and Yahoo users.
5 Ways To Lose A Malicious Insider Lawsuit
News  |  5/16/2012  | 
Making the case against an insider takes preparation and proactive work with HR and legal. Consider this expert advice to make sure you're ready.
Google Chrome 19 Debuts, With 20 Bug Patches
News  |  5/16/2012  | 
Latest release of browser also adds the ability to synchronize open tabs across devices.
5 Ways To Lose A Malicious Insider Lawsuit
News  |  5/15/2012  | 
Making the case against an insider takes preparation and proactive work with HR and legal
Apple Inoculates OS X Leopard Against Flashback
News  |  5/15/2012  | 
Apple security update for older OS 10.5 Leopard nukes Flashback variants and disables outdated Java and Flash functionality.
Accused LulzSec Member Pleads Not Guilty
News  |  5/15/2012  | 
Alleged LulzSec lieutenant accused of masterminding Stratfor hack, along with numerous other charges. Jeremy Hammond, a.k.a. Anarchaos, served prison time for previous hacking incident.
Half Of Computer Users Admit To Pirating Software
News  |  5/14/2012  | 
Software pirates typically are young and male and live in emerging economies, where obtaining legal copies of software isn't always easy, finds Business Software Alliance study.
Why Some SMBs Still Fear The Cloud
News  |  5/14/2012  | 
Blind study commissioned by Microsoft shows disparity between those small to midsize businesses that have adopted cloud computing and security-as-a-service and those that have not
4 Ways To Find Real Enterprise Security Threats
News  |  5/14/2012  | 
Companies re-prioritizing their defensive security efforts need to look beyond vulnerabilities. Here's advice on how to find the real threats to your business before they find you.
Amnesty International Hackers Learned From Flashback
News  |  5/14/2012  | 
Attackers used the same Java vulnerability employed by the Apple Flashback malware to try to infect site visitors with remote administration tools.
4 Ways To Identify The Real Threats To Your Organization
News  |  5/14/2012  | 
Companies looking for better ways of prioritizing their defensive efforts need to look beyond vulnerabilities. How to find the real threats to your business before they find you
Security Index Marks A Year Of Doing Business Dangerously
News  |  5/11/2012  | 
The Index of Cyber Security has measured top security officers' sentiment on cyberthreats for more than a year. So what does the index's steady rise mean?
TeamPoison Hacker Suspect Has Anonymous Ties
News  |  5/11/2012  | 
British police arrest alleged spokesman of hacktivist group that gained notoriety for exposing Tony Blair's address book and working with Anonymous as part of Operation Robin Hood.
BeyondTrust Buys eEye
Quick Hits  |  5/10/2012  | 
eEye co-founder Marc Maiffret now CTO of BeyondTrust
FBI Warns Travelers Using Hotel Networks About New Attack
News  |  5/10/2012  | 
The FBI says attackers are trying to trick users into installing malware with promises of software updates
Anonymous Targets Russian Sites For Putin Protest
News  |  5/10/2012  | 
Kremlin's public-facing website knocked offline; In separate series of attacks, Anonymous Norway dismisses claims it helped Norwegian police.
Army Eyes Monitoring Tools To Stop WikiLeaks Repeat
News  |  5/9/2012  | 
Keystroke monitoring may be just a start as Army seeks ways to sift through soldiers' website visits, search queries, and other work, watching for abnormal behavior and trying to stop inside attacks.
Targeted Attack Infiltrates At Least 20 Companies
News  |  5/8/2012  | 
Attackers conducted a sustained espionage campaign against a score of private- and public-sector targets with links to policies of interest to China
Jericho Botnet Targets Banks And Financial Institutions
Quick Hits  |  5/6/2012  | 
Botnet operators seek to steal passwords and credentials for financial gain, Palo Alto Networks researchers say
Norton 360 Everywhere Available Today
News  |  5/3/2012  | 
Provides protection for PCs, Macs, Android-based phones, and tablets
2012 Strategic Security Survey: Pick The Right Battles
News  |  5/3/2012  | 
Whether it's cloud computing, mobile devices, or insecure software, some threats are more prevalent than others. Our latest survey delves into where security pros are putting their resources.
Microsoft Fingers Chinese Firewall/IPS Vendor In Windows Exploit Leak
News  |  5/3/2012  | 
Chinese firewall and IPS vendor Hangzhou DPTech Technologies kicked out of Microsoft Active Protections Program (MAPP) for its role in disclosure of Windows Remote Desktop (RDP) flaw earlier this year
Global Payments Breach: Fresh Questions On Timing
News  |  5/3/2012  | 
Did the Global Payments data breach that exposed at least 1.5 million credit and debit card numbers date back to 2011? As new evidence is reported, Global Payments declines comment on timeframe.
7 Ways Oracle Hurts Database Customers' Security
News  |  5/3/2012  | 
Oracle's missteps during the TNS Poison disclosure debacle highlight its ongoing failures in helping customers secure their databases.
Mac Flashback Malware Bags Big Bucks
News  |  5/1/2012  | 
Analysis of the Flashback malware code estimates that botnet operators are earning $10,000 per day. Users of older Mac operating systems remain at risk.
Android Apps Slurp Excessive Data
News  |  5/1/2012  | 
Nearly half of leading Android apps access more types of data than they require, finds a new security study.
Healthcare Unable To Keep Up With Insider Threats
News  |  5/1/2012  | 
Insiders played a role in recent breaches at Utah Department of Health, Emory, and South Carolina Department of Health and Human Services

COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Mobile App Fraud Jumped in Q1 as Attackers Pivot from Browsers
Jai Vijayan, Contributing Writer,  7/10/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...