Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in May 2012
Companies See Business In 'Doxing' The Adversary
News  |  5/31/2012  | 
It's not a malware problem -- it's an adversary problem: More security firms are focusing on the people behind the keyboards in order to stymie attacks
Is Lax SMB Security A Myth?
News  |  5/31/2012  | 
Small and mid-size businesses defy perception by spending more than ever on security, according to a new IDC report. Now growing twice as fast as overall IT budgets, SMB security spending will total $5.6 billion in 2015.
State-Sponsored Backdoor Or Programming Faux Pas?
Commentary  |  5/31/2012  | 
Backdoor in Android-based handsets sponsor, bad programming, or a #win for Apple's stringent application QA process?
Obama Administration Partners With Industry To Fight Botnets
News  |  5/30/2012  | 
At a White House event Wednesday, officials unveiled a series of initiatives meant to fight botnet infections
Kim Dotcom Gets Access To FBI's Megaupload Documents
News  |  5/30/2012  | 
Dotcom's defense campaign won a boost when a New Zealand judge refused to rubber-stamp U.S. prosecutors' request for extradition.
Flame FAQ: 11 Facts About Complex Malware
News  |  5/30/2012  | 
Size of Flame dwarfs existing spyware, keyloggers, and other malware. Drill down for a closer look at the crucial technology and military issues.
Flame's Big Question: What Else Is Lurking?
News  |  5/30/2012  | 
Stealth and scope of Flame intrigues researchers looking for other nation-state sponsored spyware and attacks.
Database Monitoring, SIEM Top IT's List
Quick Hits  |  5/29/2012  | 
IT organizations want better visibility into their network in order to react more quickly to advanced threats, McAfee report finds
Top 5 Myths About Insider Threats
News  |  5/29/2012  | 
Myths about who insiders are and how they're putting data at risk keep mitigation efforts at bay
Flame Espionage Malware Seeks Middle East Data
News  |  5/29/2012  | 
Flame malware, described as the most complex ever discovered, has the markings of Western intelligence agencies. Security researchers believe it's been gathering information from Iran, Lebanon, Syria, and other countries since at least 2010.
Cutting The Lag Between Detection And Action
News  |  5/25/2012  | 
Detecting a threat does little good if the targeted company is not ready to respond. Security experts weigh in on ways to speed a business' response to threats
Android Malware Surges, Botnet Business Booms
News  |  5/24/2012  | 
McAfee reports thousands of new malware apps targeting Android appeared early this year, along with a steady stream of botnet updates.
London 2012 Olympics Scammers Seek Malicious Gold
News  |  5/24/2012  | 
Expect escalating levels of malware, fake mobile apps, and online scams in the lead-up to this summer's Olympics, warns the Department of Homeland Security.
Google Spreads Word On DNSChanger Malware
News  |  5/23/2012  | 
After taking down the botnet, the FBI is still trying to alert 500,000 people that their PCs are infected with the malware. Some Google search users are now getting direct warnings.
7 Lessons From MilitarySingles.com Hack
News  |  5/23/2012  | 
LulzSec Reborn hacktivist group exploited the site's poor security checks on user-uploaded content, made away with easily cracked passwords.
Malware 'Licensing' Could Stymie Automated Analysis
News  |  5/22/2012  | 
The use of encryption and digital-rights management techniques by the authors of malicious code could make automated analysis of malware take longer and require human intervention more often
Researchers 'Map' Android Malware Genome
News  |  5/22/2012  | 
New initiative promotes sharing of Android malware research worldwide, beefing up mobile anti-malware tools
9 Lessons From Utah Data Breach
News  |  5/21/2012  | 
Breach of unencrypted data affected 28% of the state's residents; one in 10 had Social Security numbers stolen. How can you avoid such an epic fail?
Fake Google Chrome Installer Steals Banking Details
News  |  5/17/2012  | 
New polymorphic Android malware, meanwhile, disguises itself as a free virus scanner.
Threat Intelligence Becoming A Do-It-Yourself Project For Enterprises
Quick Hits  |  5/17/2012  | 
Building your own threat data collection and analysis function needn't be complex or expensive
Lumension Examines How To Close The Antivirus Protection Gap
News  |  5/16/2012  | 
New whitepaper examines and compares the effectiveness of standalone AV versus newer technologies
Zeus Malware Seeks Facebook Users' Debit Card Data
News  |  5/16/2012  | 
Latest Botnet-backed fraud compaign also has variations targeting Google Mail, Hotmail, and Yahoo users.
5 Ways To Lose A Malicious Insider Lawsuit
News  |  5/16/2012  | 
Making the case against an insider takes preparation and proactive work with HR and legal. Consider this expert advice to make sure you're ready.
Google Chrome 19 Debuts, With 20 Bug Patches
News  |  5/16/2012  | 
Latest release of browser also adds the ability to synchronize open tabs across devices.
5 Ways To Lose A Malicious Insider Lawsuit
News  |  5/15/2012  | 
Making the case against an insider takes preparation and proactive work with HR and legal
Apple Inoculates OS X Leopard Against Flashback
News  |  5/15/2012  | 
Apple security update for older OS 10.5 Leopard nukes Flashback variants and disables outdated Java and Flash functionality.
Accused LulzSec Member Pleads Not Guilty
News  |  5/15/2012  | 
Alleged LulzSec lieutenant accused of masterminding Stratfor hack, along with numerous other charges. Jeremy Hammond, a.k.a. Anarchaos, served prison time for previous hacking incident.
Half Of Computer Users Admit To Pirating Software
News  |  5/14/2012  | 
Software pirates typically are young and male and live in emerging economies, where obtaining legal copies of software isn't always easy, finds Business Software Alliance study.
Why Some SMBs Still Fear The Cloud
News  |  5/14/2012  | 
Blind study commissioned by Microsoft shows disparity between those small to midsize businesses that have adopted cloud computing and security-as-a-service and those that have not
4 Ways To Find Real Enterprise Security Threats
News  |  5/14/2012  | 
Companies re-prioritizing their defensive security efforts need to look beyond vulnerabilities. Here's advice on how to find the real threats to your business before they find you.
Amnesty International Hackers Learned From Flashback
News  |  5/14/2012  | 
Attackers used the same Java vulnerability employed by the Apple Flashback malware to try to infect site visitors with remote administration tools.
4 Ways To Identify The Real Threats To Your Organization
News  |  5/14/2012  | 
Companies looking for better ways of prioritizing their defensive efforts need to look beyond vulnerabilities. How to find the real threats to your business before they find you
Security Index Marks A Year Of Doing Business Dangerously
News  |  5/11/2012  | 
The Index of Cyber Security has measured top security officers' sentiment on cyberthreats for more than a year. So what does the index's steady rise mean?
TeamPoison Hacker Suspect Has Anonymous Ties
News  |  5/11/2012  | 
British police arrest alleged spokesman of hacktivist group that gained notoriety for exposing Tony Blair's address book and working with Anonymous as part of Operation Robin Hood.
BeyondTrust Buys eEye
Quick Hits  |  5/10/2012  | 
eEye co-founder Marc Maiffret now CTO of BeyondTrust
FBI Warns Travelers Using Hotel Networks About New Attack
News  |  5/10/2012  | 
The FBI says attackers are trying to trick users into installing malware with promises of software updates
Anonymous Targets Russian Sites For Putin Protest
News  |  5/10/2012  | 
Kremlin's public-facing website knocked offline; In separate series of attacks, Anonymous Norway dismisses claims it helped Norwegian police.
Army Eyes Monitoring Tools To Stop WikiLeaks Repeat
News  |  5/9/2012  | 
Keystroke monitoring may be just a start as Army seeks ways to sift through soldiers' website visits, search queries, and other work, watching for abnormal behavior and trying to stop inside attacks.
Targeted Attack Infiltrates At Least 20 Companies
News  |  5/8/2012  | 
Attackers conducted a sustained espionage campaign against a score of private- and public-sector targets with links to policies of interest to China
Jericho Botnet Targets Banks And Financial Institutions
Quick Hits  |  5/6/2012  | 
Botnet operators seek to steal passwords and credentials for financial gain, Palo Alto Networks researchers say
Norton 360 Everywhere Available Today
News  |  5/3/2012  | 
Provides protection for PCs, Macs, Android-based phones, and tablets
2012 Strategic Security Survey: Pick The Right Battles
News  |  5/3/2012  | 
Whether it's cloud computing, mobile devices, or insecure software, some threats are more prevalent than others. Our latest survey delves into where security pros are putting their resources.
Microsoft Fingers Chinese Firewall/IPS Vendor In Windows Exploit Leak
News  |  5/3/2012  | 
Chinese firewall and IPS vendor Hangzhou DPTech Technologies kicked out of Microsoft Active Protections Program (MAPP) for its role in disclosure of Windows Remote Desktop (RDP) flaw earlier this year
Global Payments Breach: Fresh Questions On Timing
News  |  5/3/2012  | 
Did the Global Payments data breach that exposed at least 1.5 million credit and debit card numbers date back to 2011? As new evidence is reported, Global Payments declines comment on timeframe.
7 Ways Oracle Hurts Database Customers' Security
News  |  5/3/2012  | 
Oracle's missteps during the TNS Poison disclosure debacle highlight its ongoing failures in helping customers secure their databases.
Mac Flashback Malware Bags Big Bucks
News  |  5/1/2012  | 
Analysis of the Flashback malware code estimates that botnet operators are earning $10,000 per day. Users of older Mac operating systems remain at risk.
Android Apps Slurp Excessive Data
News  |  5/1/2012  | 
Nearly half of leading Android apps access more types of data than they require, finds a new security study.
Healthcare Unable To Keep Up With Insider Threats
News  |  5/1/2012  | 
Insiders played a role in recent breaches at Utah Department of Health, Emory, and South Carolina Department of Health and Human Services

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-10-25
Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflow in the network server handling the Apple GymKit communication. This can lead t...
PUBLISHED: 2021-10-25
Exposure of senstive information to an unauthorised actor in the "com.onepeloton.erlich" mobile application up to and including version 1.7.22 allows a remote attacker to access developer files stored in an AWS S3 bucket, by reading credentials stored in plain text within the mobile applic...
PUBLISHED: 2021-10-25
Gridpro Request Management for Windows Azure Pack before 2.0.7912 allows Directory Traversal for remote code execution, as demonstrated by ..\\ in a scriptName JSON value to ServiceManagerTenant/GetVisibilityMap.
PUBLISHED: 2021-10-25
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the ma...
PUBLISHED: 2021-10-22
BQE BillQuick Web Suite 2018 through 2021 before allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include ...