Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in May 2013
Hacking Firmware And Detecting Backdoors
Commentary  |  5/30/2013  | 
How device manufacturers can limit critical vulnerability discovery, public disclosure, and customer fallout
Halting Cybercrime Requires Cutting Off Easy Money
News  |  5/30/2013  | 
The crackdown on Liberty Reserve underscores the danger posed by anonymous money transfers using virtual or digital currencies -- a facet of cybercrime increasingly under scrutiny by law enforcement
Google Sets New 'Aggressive' 7-Day Deadline For Vendors To Reveal Or Fix Zero-Day Bugs Under Attack
News  |  5/29/2013  | 
New policy narrows window for software vendors' public response to zero-day bugs discovered by Google researchers
Getting A Jump On Black Hat USA
Commentary  |  5/29/2013  | 
Dark Reading initiates early coverage on July Black Hat USA event, launches dedicated news page
Chinese Hackers Stole U.S. Military Secrets
News  |  5/28/2013  | 
"Cyber exploitation" campaign obtained information relating to 29 weapon systems and 21 areas of cutting-edge research.
Black Hat USA 2013: Complete Coverage
News  |  5/27/2013  | 
Articles leading up to, live coverage from, and post-event analysis of Black Hat USA 2013, July 27 - Aug. 1
Black Hat Reveals BlueTooth, SSL Exploit Talks For July Show
News  |  5/27/2013  | 
Each presentation will dip into clever exploits and workarounds for major protocols
Google Researcher Reveals Zero-Day Windows Bug
News  |  5/24/2013  | 
Bug hunter criticizes Microsoft's "great hostility" to outside security researchers, releases proof-of-concept exploit for unpatched zero-day Windows vulnerability,
BIOS Bummer: New Malware Can Bypass BIOS Security
News  |  5/23/2013  | 
Researchers expect to release proofs-of-concept at Black Hat that show how malware can infect BIOS, persist past updates, and fool the TPM into thinking everything's fine
Beware Of The 'Checklist' Penetration Tester
Commentary  |  5/23/2013  | 
A surefire way to spot a novice
Strike Back If China Steals IP, Companies Told
News  |  5/23/2013  | 
Bipartisan report argues that businesses should be allowed to retrieve stolen intellectual property from attackers' networks.
APT Attacks Trace To India, Researcher Says
News  |  5/21/2013  | 
Multi-year hacking campaign targeted mining companies, legal firms, Pakistan, Angolan dissidents and others in Pakistan, the U.S., Iran, China and Germany.
Yahoo Japan Data Breach: 22M Accounts Exposed
News  |  5/20/2013  | 
Yahoo breach could have compromised 10% of all Yahoo user credentials. Meanwhile, Syrian Electronic Army targets The Financial Times.
Strategies For Improving Web Application Security
Quick Hits  |  5/20/2013  | 
Web apps are essential to your business -- and easy targets for hackers. Here are some tips for keeping them secure
Who Is Syrian Electronic Army: 9 Facts
Slideshows  |  5/16/2013  | 
Syrian hackers claim to battle American imperialism, media bias and Angelina Jolie.
DHS Eyes Sharing Zero-Day Intelligence With Businesses
News  |  5/16/2013  | 
DHS proposal would give private businesses access to the government's stockpile of zero-day secrets for a fee. But some say the program may actually fuel the bug vulnerability marketplace.
Mass Customized Attacks Show Malware Maturity
News  |  5/15/2013  | 
The malware universe is typically divided into targeted attacks and mass, opportunistic attacks, but a middle category -- mass customized malware -- poses a more serious threat for business
Secure Software Standard In The Spotlight
News  |  5/15/2013  | 
Microsoft, among others, sees ISO application security standard as a way to spark widespread adoption of secure development programs
Web Application Testing Using Real-World Attacks
News  |  5/15/2013  | 
Using exploits to test Web applications can be an enlightening way to test for vulnerabilities, but there are downsides as well
Know Your Pen Tester: The Novice
Commentary  |  5/14/2013  | 
Beware of the tool-obsessed pen-tester
Microsoft Tech Support Scams: Why They Thrive
News  |  5/13/2013  | 
Readers detail "frozen DNS Trojan" cold calls and "repairs" that lead to $882 in unauthorized wire transfers.
Fixes For Microsoft, Adobe Zero Days Out For Patch Tuesday
News  |  5/10/2013  | 
Busy patch cycle awaits administrator this month
British Universities Given Funds For Cyber Security Program
News  |  5/10/2013  | 
U.K. government provides grants to University of Oxford and Royal Holloway, University of London to fund doctoral programs in cyber security.
Huawei CEO Dismisses Security, Spying Concerns
News  |  5/10/2013  | 
Company founder denies that Huawei employees would ever be forced to spy for China.
Washington State Courts Reveal Security Breach
News  |  5/10/2013  | 
State officials don't know when attackers accessed up to 160,000 Social Security and 1 million driver's license numbers stored in unencrypted format.
Google Building Management System Hack Highlights SCADA Security Challenges
News  |  5/9/2013  | 
Security challenges related to SCADA systems don't just affect power plants -- ask Google
Unified Threat Management Vendors Don't Excel
News  |  5/9/2013  | 
Our survey shows users aren’t fond of UTM appliances.
McAfee, AV's King Of Crazy, Resurfaces
News  |  5/9/2013  | 
Antivirus pioneer and former fugitive from justice in Belize John McAfee shares more about his code-slinging and drug-smuggling past.
How Syrian Electronic Army Unpeeled The Onion
News  |  5/9/2013  | 
Satire site The Onion details multi-pronged Twitter account takeover strategies used by hacktivists.
Microsoft Issues Emergency Fix For IE Zero-Day
Quick Hits  |  5/9/2013  | 
'Fix it' now available as a temporary defense until actual patch is ready; only IE 8 is affected by flaw
Advanced Persistent Threats: The New Reality
Quick Hits  |  5/9/2013  | 
Once rare and sophisticated, the APT is now becoming a common attack. Is your organization ready?
Nginx Patches Critical Web Server Software Vulnerability
News  |  5/8/2013  | 
Meanwhile, hackers behind Cdorked malware that targets Apache servers now have extended it to infect open-source Nginx and Lighttpd server software.
Anonymous OpUSA Hackathon: Mostly Bluster
News  |  5/7/2013  | 
DHS predicts Tuesday's hackathon will involve little more than nuisance exploits. Meanwhile, Syrian Electronic Army hacks Twitter feeds of satire site The Onion.
Sweet Password Security Strategy: Honeywords
News  |  5/7/2013  | 
To improve detection of database breaches, businesses should store multiple fake passwords and monitor attempts to use them, according to researchers at security firm RSA.
Threat Nuevo: Latin America, Caribbean Cybercrime On The Rise
Quick Hits  |  5/3/2013  | 
Cybercriminals in the region have built their own tools and learned from their predecessors in other regions, says Trend Micro report in cooperation with Organization of American States (OAS)
Websites Harbor Fewer Flaws, But Most Have At Least One Serious Vulnerability
News  |  5/2/2013  | 
SQL injection drops out of WhiteHat Security's top 10 website vulnerability list
Twitter To News Outlets: More Takeovers Ahead
News  |  5/2/2013  | 
Twitter memo warns of ongoing account takeover attempts, urges media businesses to prepare. Should Twitter be doing more?
Five Habits Of Highly Successful Malware
News  |  5/2/2013  | 
It's no secret that malware is dodging defenses; security experts pinpoint successful strategies, including the use of real-time communications, frequent disguises, and laying low
Dark Reading's Seven-Year Itch
Commentary  |  5/1/2013  | 
After seven years of covering the security industry, Dark Reading is just getting started


7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3154
PUBLISHED: 2020-01-27
CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email.
CVE-2019-17190
PUBLISHED: 2020-01-27
A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the...
CVE-2014-8161
PUBLISHED: 2020-01-27
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
CVE-2014-9481
PUBLISHED: 2020-01-27
The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.
CVE-2015-0241
PUBLISHED: 2020-01-27
The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric ...