Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in May 2013
Hacking Firmware And Detecting Backdoors
Commentary  |  5/30/2013  | 
How device manufacturers can limit critical vulnerability discovery, public disclosure, and customer fallout
Halting Cybercrime Requires Cutting Off Easy Money
News  |  5/30/2013  | 
The crackdown on Liberty Reserve underscores the danger posed by anonymous money transfers using virtual or digital currencies -- a facet of cybercrime increasingly under scrutiny by law enforcement
Google Sets New 'Aggressive' 7-Day Deadline For Vendors To Reveal Or Fix Zero-Day Bugs Under Attack
News  |  5/29/2013  | 
New policy narrows window for software vendors' public response to zero-day bugs discovered by Google researchers
Getting A Jump On Black Hat USA
Commentary  |  5/29/2013  | 
Dark Reading initiates early coverage on July Black Hat USA event, launches dedicated news page
Chinese Hackers Stole U.S. Military Secrets
News  |  5/28/2013  | 
"Cyber exploitation" campaign obtained information relating to 29 weapon systems and 21 areas of cutting-edge research.
Black Hat USA 2013: Complete Coverage
News  |  5/27/2013  | 
Articles leading up to, live coverage from, and post-event analysis of Black Hat USA 2013, July 27 - Aug. 1
Black Hat Reveals BlueTooth, SSL Exploit Talks For July Show
News  |  5/27/2013  | 
Each presentation will dip into clever exploits and workarounds for major protocols
Google Researcher Reveals Zero-Day Windows Bug
News  |  5/24/2013  | 
Bug hunter criticizes Microsoft's "great hostility" to outside security researchers, releases proof-of-concept exploit for unpatched zero-day Windows vulnerability,
BIOS Bummer: New Malware Can Bypass BIOS Security
News  |  5/23/2013  | 
Researchers expect to release proofs-of-concept at Black Hat that show how malware can infect BIOS, persist past updates, and fool the TPM into thinking everything's fine
Beware Of The 'Checklist' Penetration Tester
Commentary  |  5/23/2013  | 
A surefire way to spot a novice
Strike Back If China Steals IP, Companies Told
News  |  5/23/2013  | 
Bipartisan report argues that businesses should be allowed to retrieve stolen intellectual property from attackers' networks.
APT Attacks Trace To India, Researcher Says
News  |  5/21/2013  | 
Multi-year hacking campaign targeted mining companies, legal firms, Pakistan, Angolan dissidents and others in Pakistan, the U.S., Iran, China and Germany.
Yahoo Japan Data Breach: 22M Accounts Exposed
News  |  5/20/2013  | 
Yahoo breach could have compromised 10% of all Yahoo user credentials. Meanwhile, Syrian Electronic Army targets The Financial Times.
Strategies For Improving Web Application Security
Quick Hits  |  5/20/2013  | 
Web apps are essential to your business -- and easy targets for hackers. Here are some tips for keeping them secure
Who Is Syrian Electronic Army: 9 Facts
Slideshows  |  5/16/2013  | 
Syrian hackers claim to battle American imperialism, media bias and Angelina Jolie.
DHS Eyes Sharing Zero-Day Intelligence With Businesses
News  |  5/16/2013  | 
DHS proposal would give private businesses access to the government's stockpile of zero-day secrets for a fee. But some say the program may actually fuel the bug vulnerability marketplace.
Mass Customized Attacks Show Malware Maturity
News  |  5/15/2013  | 
The malware universe is typically divided into targeted attacks and mass, opportunistic attacks, but a middle category -- mass customized malware -- poses a more serious threat for business
Secure Software Standard In The Spotlight
News  |  5/15/2013  | 
Microsoft, among others, sees ISO application security standard as a way to spark widespread adoption of secure development programs
Web Application Testing Using Real-World Attacks
News  |  5/15/2013  | 
Using exploits to test Web applications can be an enlightening way to test for vulnerabilities, but there are downsides as well
Know Your Pen Tester: The Novice
Commentary  |  5/14/2013  | 
Beware of the tool-obsessed pen-tester
Microsoft Tech Support Scams: Why They Thrive
News  |  5/13/2013  | 
Readers detail "frozen DNS Trojan" cold calls and "repairs" that lead to $882 in unauthorized wire transfers.
Fixes For Microsoft, Adobe Zero Days Out For Patch Tuesday
News  |  5/10/2013  | 
Busy patch cycle awaits administrator this month
British Universities Given Funds For Cyber Security Program
News  |  5/10/2013  | 
U.K. government provides grants to University of Oxford and Royal Holloway, University of London to fund doctoral programs in cyber security.
Huawei CEO Dismisses Security, Spying Concerns
News  |  5/10/2013  | 
Company founder denies that Huawei employees would ever be forced to spy for China.
Washington State Courts Reveal Security Breach
News  |  5/10/2013  | 
State officials don't know when attackers accessed up to 160,000 Social Security and 1 million driver's license numbers stored in unencrypted format.
Google Building Management System Hack Highlights SCADA Security Challenges
News  |  5/9/2013  | 
Security challenges related to SCADA systems don't just affect power plants -- ask Google
Unified Threat Management Vendors Don't Excel
News  |  5/9/2013  | 
Our survey shows users aren’t fond of UTM appliances.
McAfee, AV's King Of Crazy, Resurfaces
News  |  5/9/2013  | 
Antivirus pioneer and former fugitive from justice in Belize John McAfee shares more about his code-slinging and drug-smuggling past.
How Syrian Electronic Army Unpeeled The Onion
News  |  5/9/2013  | 
Satire site The Onion details multi-pronged Twitter account takeover strategies used by hacktivists.
Microsoft Issues Emergency Fix For IE Zero-Day
Quick Hits  |  5/9/2013  | 
'Fix it' now available as a temporary defense until actual patch is ready; only IE 8 is affected by flaw
Advanced Persistent Threats: The New Reality
Quick Hits  |  5/9/2013  | 
Once rare and sophisticated, the APT is now becoming a common attack. Is your organization ready?
Nginx Patches Critical Web Server Software Vulnerability
News  |  5/8/2013  | 
Meanwhile, hackers behind Cdorked malware that targets Apache servers now have extended it to infect open-source Nginx and Lighttpd server software.
Anonymous OpUSA Hackathon: Mostly Bluster
News  |  5/7/2013  | 
DHS predicts Tuesday's hackathon will involve little more than nuisance exploits. Meanwhile, Syrian Electronic Army hacks Twitter feeds of satire site The Onion.
Sweet Password Security Strategy: Honeywords
News  |  5/7/2013  | 
To improve detection of database breaches, businesses should store multiple fake passwords and monitor attempts to use them, according to researchers at security firm RSA.
Threat Nuevo: Latin America, Caribbean Cybercrime On The Rise
Quick Hits  |  5/3/2013  | 
Cybercriminals in the region have built their own tools and learned from their predecessors in other regions, says Trend Micro report in cooperation with Organization of American States (OAS)
Websites Harbor Fewer Flaws, But Most Have At Least One Serious Vulnerability
News  |  5/2/2013  | 
SQL injection drops out of WhiteHat Security's top 10 website vulnerability list
Twitter To News Outlets: More Takeovers Ahead
News  |  5/2/2013  | 
Twitter memo warns of ongoing account takeover attempts, urges media businesses to prepare. Should Twitter be doing more?
Five Habits Of Highly Successful Malware
News  |  5/2/2013  | 
It's no secret that malware is dodging defenses; security experts pinpoint successful strategies, including the use of real-time communications, frequent disguises, and laying low
Dark Reading's Seven-Year Itch
Commentary  |  5/1/2013  | 
After seven years of covering the security industry, Dark Reading is just getting started


Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: We need more votes, check the obituaries.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4889
PUBLISHED: 2021-01-26
IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190971.
CVE-2020-4949
PUBLISHED: 2021-01-26
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192025.
CVE-2021-21275
PUBLISHED: 2021-01-25
The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of Medi...
CVE-2021-21272
PUBLISHED: 2021-01-25
ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature allows the ...
CVE-2021-23901
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...