Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in May 2013
Hacking Firmware And Detecting Backdoors
Commentary  |  5/30/2013  | 
How device manufacturers can limit critical vulnerability discovery, public disclosure, and customer fallout
Halting Cybercrime Requires Cutting Off Easy Money
News  |  5/30/2013  | 
The crackdown on Liberty Reserve underscores the danger posed by anonymous money transfers using virtual or digital currencies -- a facet of cybercrime increasingly under scrutiny by law enforcement
Google Sets New 'Aggressive' 7-Day Deadline For Vendors To Reveal Or Fix Zero-Day Bugs Under Attack
News  |  5/29/2013  | 
New policy narrows window for software vendors' public response to zero-day bugs discovered by Google researchers
Getting A Jump On Black Hat USA
Commentary  |  5/29/2013  | 
Dark Reading initiates early coverage on July Black Hat USA event, launches dedicated news page
Chinese Hackers Stole U.S. Military Secrets
News  |  5/28/2013  | 
"Cyber exploitation" campaign obtained information relating to 29 weapon systems and 21 areas of cutting-edge research.
Black Hat USA 2013: Complete Coverage
News  |  5/27/2013  | 
Articles leading up to, live coverage from, and post-event analysis of Black Hat USA 2013, July 27 - Aug. 1
Black Hat Reveals BlueTooth, SSL Exploit Talks For July Show
News  |  5/27/2013  | 
Each presentation will dip into clever exploits and workarounds for major protocols
Google Researcher Reveals Zero-Day Windows Bug
News  |  5/24/2013  | 
Bug hunter criticizes Microsoft's "great hostility" to outside security researchers, releases proof-of-concept exploit for unpatched zero-day Windows vulnerability,
BIOS Bummer: New Malware Can Bypass BIOS Security
News  |  5/23/2013  | 
Researchers expect to release proofs-of-concept at Black Hat that show how malware can infect BIOS, persist past updates, and fool the TPM into thinking everything's fine
Beware Of The 'Checklist' Penetration Tester
Commentary  |  5/23/2013  | 
A surefire way to spot a novice
Strike Back If China Steals IP, Companies Told
News  |  5/23/2013  | 
Bipartisan report argues that businesses should be allowed to retrieve stolen intellectual property from attackers' networks.
APT Attacks Trace To India, Researcher Says
News  |  5/21/2013  | 
Multi-year hacking campaign targeted mining companies, legal firms, Pakistan, Angolan dissidents and others in Pakistan, the U.S., Iran, China and Germany.
Yahoo Japan Data Breach: 22M Accounts Exposed
News  |  5/20/2013  | 
Yahoo breach could have compromised 10% of all Yahoo user credentials. Meanwhile, Syrian Electronic Army targets The Financial Times.
Strategies For Improving Web Application Security
Quick Hits  |  5/20/2013  | 
Web apps are essential to your business -- and easy targets for hackers. Here are some tips for keeping them secure
Who Is Syrian Electronic Army: 9 Facts
Slideshows  |  5/16/2013  | 
Syrian hackers claim to battle American imperialism, media bias and Angelina Jolie.
DHS Eyes Sharing Zero-Day Intelligence With Businesses
News  |  5/16/2013  | 
DHS proposal would give private businesses access to the government's stockpile of zero-day secrets for a fee. But some say the program may actually fuel the bug vulnerability marketplace.
Mass Customized Attacks Show Malware Maturity
News  |  5/15/2013  | 
The malware universe is typically divided into targeted attacks and mass, opportunistic attacks, but a middle category -- mass customized malware -- poses a more serious threat for business
Secure Software Standard In The Spotlight
News  |  5/15/2013  | 
Microsoft, among others, sees ISO application security standard as a way to spark widespread adoption of secure development programs
Web Application Testing Using Real-World Attacks
News  |  5/15/2013  | 
Using exploits to test Web applications can be an enlightening way to test for vulnerabilities, but there are downsides as well
Know Your Pen Tester: The Novice
Commentary  |  5/14/2013  | 
Beware of the tool-obsessed pen-tester
Microsoft Tech Support Scams: Why They Thrive
News  |  5/13/2013  | 
Readers detail "frozen DNS Trojan" cold calls and "repairs" that lead to $882 in unauthorized wire transfers.
Fixes For Microsoft, Adobe Zero Days Out For Patch Tuesday
News  |  5/10/2013  | 
Busy patch cycle awaits administrator this month
British Universities Given Funds For Cyber Security Program
News  |  5/10/2013  | 
U.K. government provides grants to University of Oxford and Royal Holloway, University of London to fund doctoral programs in cyber security.
Huawei CEO Dismisses Security, Spying Concerns
News  |  5/10/2013  | 
Company founder denies that Huawei employees would ever be forced to spy for China.
Washington State Courts Reveal Security Breach
News  |  5/10/2013  | 
State officials don't know when attackers accessed up to 160,000 Social Security and 1 million driver's license numbers stored in unencrypted format.
Google Building Management System Hack Highlights SCADA Security Challenges
News  |  5/9/2013  | 
Security challenges related to SCADA systems don't just affect power plants -- ask Google
Unified Threat Management Vendors Don't Excel
News  |  5/9/2013  | 
Our survey shows users aren’t fond of UTM appliances.
McAfee, AV's King Of Crazy, Resurfaces
News  |  5/9/2013  | 
Antivirus pioneer and former fugitive from justice in Belize John McAfee shares more about his code-slinging and drug-smuggling past.
How Syrian Electronic Army Unpeeled The Onion
News  |  5/9/2013  | 
Satire site The Onion details multi-pronged Twitter account takeover strategies used by hacktivists.
Microsoft Issues Emergency Fix For IE Zero-Day
Quick Hits  |  5/9/2013  | 
'Fix it' now available as a temporary defense until actual patch is ready; only IE 8 is affected by flaw
Advanced Persistent Threats: The New Reality
Quick Hits  |  5/9/2013  | 
Once rare and sophisticated, the APT is now becoming a common attack. Is your organization ready?
Nginx Patches Critical Web Server Software Vulnerability
News  |  5/8/2013  | 
Meanwhile, hackers behind Cdorked malware that targets Apache servers now have extended it to infect open-source Nginx and Lighttpd server software.
Anonymous OpUSA Hackathon: Mostly Bluster
News  |  5/7/2013  | 
DHS predicts Tuesday's hackathon will involve little more than nuisance exploits. Meanwhile, Syrian Electronic Army hacks Twitter feeds of satire site The Onion.
Sweet Password Security Strategy: Honeywords
News  |  5/7/2013  | 
To improve detection of database breaches, businesses should store multiple fake passwords and monitor attempts to use them, according to researchers at security firm RSA.
Threat Nuevo: Latin America, Caribbean Cybercrime On The Rise
Quick Hits  |  5/3/2013  | 
Cybercriminals in the region have built their own tools and learned from their predecessors in other regions, says Trend Micro report in cooperation with Organization of American States (OAS)
Websites Harbor Fewer Flaws, But Most Have At Least One Serious Vulnerability
News  |  5/2/2013  | 
SQL injection drops out of WhiteHat Security's top 10 website vulnerability list
Twitter To News Outlets: More Takeovers Ahead
News  |  5/2/2013  | 
Twitter memo warns of ongoing account takeover attempts, urges media businesses to prepare. Should Twitter be doing more?
Five Habits Of Highly Successful Malware
News  |  5/2/2013  | 
It's no secret that malware is dodging defenses; security experts pinpoint successful strategies, including the use of real-time communications, frequent disguises, and laying low
Dark Reading's Seven-Year Itch
Commentary  |  5/1/2013  | 
After seven years of covering the security industry, Dark Reading is just getting started


Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/8/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: How do you like our new spear phishing email solution?
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprise
Assessing Cybersecurity Risk in Today's Enterprise
Security leaders are struggling to understand their organizations risk exposure. While many are confident in their security strategies and processes, theyre also more concerned than ever about getting breached. Download this report today and get insights on how today's enterprises assess and perceive the risks they face in 2019!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18881
PUBLISHED: 2019-11-12
WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile.
CVE-2019-18882
PUBLISHED: 2019-11-12
WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled.
CVE-2019-18873
PUBLISHED: 2019-11-12
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the pa...
CVE-2019-18874
PUBLISHED: 2019-11-12
psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
CVE-2019-18862
PUBLISHED: 2019-11-11
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.