Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in June 2009
Zeus Trojan Variant Steals FTP Login Details
News  |  6/30/2009  | 
A new variant of the particularly malicious Zeus family of Trojans has surfaced and is compromising computers at an alarming rate.
China Delays 'Green Dam' Mandate
News  |  6/30/2009  | 
China has pushed back its deadline requiring all PCs sold in the country to include Web filtering software known as Green Dam. No new deadline has been set.
Sony Begins Shipping PCs With Green Dam Filter
News  |  6/29/2009  | 
Company beats Chinese government's July 1 deadline, but Sony disclaims responsibility for any damage caused by the Web filtering software.
Most PC Users Have A Dozen Dangerous Apps
News  |  6/26/2009  | 
The average PC user has a dozen unpatched applications installed.
Booming Underground Economy Makes Spam A Hot Commodity, Expert Says
News  |  6/25/2009  | 
$10 might be enough to reach 1 million users, MessageLabs researcher warns
Defense Secretary Orders Cyberspace Command
News  |  6/23/2009  | 
Initiative aims to unify offense and defense in cyberspace under U.S. military command and enable responses "in Internet time rather than bureaucratic time."
Microsoft Security Essentials Beta Now Available
News  |  6/23/2009  | 
Once known as "Morro," Microsoft Security Essentials is the anti-malware component of Microsoft's subscription security service, Windows Live OneCare.
Maltego: Going On The Offensive *And* Defensive To Defend Against Social Networks
Commentary  |  6/22/2009  | 
You know the military's ol' mantra about "loose lips sink ships"? Well, it's being redefined by sites like Twitter, Flickr, and Facebook, according to a great article from Federal Computer Week that discusses the threats social networks pose to operational security.
Parking Meters: The Next Big Hack?
Quick Hits  |  6/22/2009  | 
Security researcher prepares to outline vulnerabilities at upcoming Black Hat conference
Data Leakage Through Nontraditional Networks
Commentary  |  6/19/2009  | 
Securing our company's data is our job. We build up layers of defense to protect it when it is housed within our corporate network and corporate computer systems. Firewalls, VPNs, encryption, and data leakage prevention all help in some way to protect the data that we don't want anyone else to have. Sometimes, however, we are stuck in the situation where we don't control the network or systems that portions of our data ends up on.
Relaunched Google Search Service Fingers Malware-Spreading Advertisers
News  |  6/19/2009  | 
'Anti-Malvertising' lets Website owners perform background checks on potential online advertisers
Microsoft Security Essentials Beta Coming Tuesday
News  |  6/18/2009  | 
Previously code-named "Morro," the free software will replace Windows Live OneCare, which included both security and utility services for $49.95 per year.
Microsoft To Launch Free Antivirus Product Next Week
News  |  6/18/2009  | 
Public beta of the much-anticipated 'Morro' tool debuts June 23, replacing OneCare Live for consumers
Database Servers: Candy For Hackers
News  |  6/18/2009  | 
Sensitive information and poor security administration make tempting targets.
1 In 5 Companies Cutting IT Security Spending, Our Survey Finds
News  |  6/18/2009  | 
Budget woes, increased regulation, and new challenges for sensitive data are on the menu for risk managers.
The Biggest Threat? It May Be You
News  |  6/18/2009  | 
When it comes to virtual server security, you might just be the weak link. Or, more precisely, your lack of planning, maintenance, and governance of that VM server farm.
China Making Green Dam Internet Filter Optional
News  |  6/16/2009  | 
The government's edict prompted widespread derision from Chinese bloggers, objections from Chinese academics and lawyers, and criticism from security experts.
Former Google Employees Launch Web Malware Startup
News  |  6/15/2009  | 
The company will address changing malware distribution patterns and to provide a way to respond to Web security threats using automated techniques.
Twitter Security Heating Up In July
News  |  6/15/2009  | 
In an effort to raise awareness of browser security flaws, one researcher wants to post a vulnerability every day that shows the soft underside of the Fail Whale.
China's Green Dam Software May Pose Legal Risk To U.S. Computer Makers
News  |  6/15/2009  | 
A research report indicates that the Web-filtering software mandated by the Chinese government contains unauthorized, proprietary code from a Green Dam competitor.
China 'Green Dam' Censorware Called Security Risk
News  |  6/12/2009  | 
Chinese authorities claim the software is necessary to protect people from pornography, but the software has been found to block politically sensitive terms.
Mac Users Warned Of Porn Malware Threat
News  |  6/11/2009  | 
Trojan software presents visitors to certain porn sites with a pop-up message to download a Video ActiveX Object; the download carries Mac malware.
Microsoft To Launch Morro Antivirus 'Soon'
News  |  6/11/2009  | 
The free offering will replace subscription Windows Live OneCare service.
Rollout: How Much Is Bot Detection Worth To You?
News  |  6/11/2009  | 
Damballa's appliance shows promise, but it still has a lot of ground to cover.
Researcher: Popular Internal IP Addressing Scheme Could Leave Enterprises Vulnerable
News  |  6/9/2009  | 
Flaws in RFC 1918 could be exploited to gain access to enterprise networks, says Robert "RSnake" Hansen
Black Hat Founder Tapped To Advise Homeland Security
News  |  6/8/2009  | 
Jeff Moss, founder of the Black Hat and Defcon security conferences, is one of 16 people appointed to the Department of Homeland Security Advisory Council, as the government casts a wide net for perspectives on cybersecurity.
Alleged T-Mobile Data Offered To Highest Bidder
News  |  6/8/2009  | 
A note offering the data for sale says that the company's databases, confidential documents, and financial documents were stolen.
RIM Issues Patch For BlackBerry Vulnerability
News  |  6/4/2009  | 
Enterprise BlackBerry smartphone users could be at risk if they open a maliciously crafted PDF, Research In Motion says.
Wisconsin-Based Healthcare Provider Chooses Symantec Solution For HIPAA Compliance
News  |  6/4/2009  | 
Aspirus implements Symantec backup and recovery, endpoint managemen,t and endpoint security software products
Report: Cybercrime Riches Are Hard To Come By
News  |  6/3/2009  | 
Researchers from Microsoft say stolen goods offered for sale in IRC channels are tough to monetize, and industry estimates of underground profits are "exaggerated"


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Mobile App Fraud Jumped in Q1 as Attackers Pivot from Browsers
Jai Vijayan, Contributing Writer,  7/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...