Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in June 2009
Zeus Trojan Variant Steals FTP Login Details
News  |  6/30/2009  | 
A new variant of the particularly malicious Zeus family of Trojans has surfaced and is compromising computers at an alarming rate.
China Delays 'Green Dam' Mandate
News  |  6/30/2009  | 
China has pushed back its deadline requiring all PCs sold in the country to include Web filtering software known as Green Dam. No new deadline has been set.
Sony Begins Shipping PCs With Green Dam Filter
News  |  6/29/2009  | 
Company beats Chinese government's July 1 deadline, but Sony disclaims responsibility for any damage caused by the Web filtering software.
Most PC Users Have A Dozen Dangerous Apps
News  |  6/26/2009  | 
The average PC user has a dozen unpatched applications installed.
Booming Underground Economy Makes Spam A Hot Commodity, Expert Says
News  |  6/25/2009  | 
$10 might be enough to reach 1 million users, MessageLabs researcher warns
Defense Secretary Orders Cyberspace Command
News  |  6/23/2009  | 
Initiative aims to unify offense and defense in cyberspace under U.S. military command and enable responses "in Internet time rather than bureaucratic time."
Microsoft Security Essentials Beta Now Available
News  |  6/23/2009  | 
Once known as "Morro," Microsoft Security Essentials is the anti-malware component of Microsoft's subscription security service, Windows Live OneCare.
Maltego: Going On The Offensive *And* Defensive To Defend Against Social Networks
Commentary  |  6/22/2009  | 
You know the military's ol' mantra about "loose lips sink ships"? Well, it's being redefined by sites like Twitter, Flickr, and Facebook, according to a great article from Federal Computer Week that discusses the threats social networks pose to operational security.
Parking Meters: The Next Big Hack?
Quick Hits  |  6/22/2009  | 
Security researcher prepares to outline vulnerabilities at upcoming Black Hat conference
Data Leakage Through Nontraditional Networks
Commentary  |  6/19/2009  | 
Securing our company's data is our job. We build up layers of defense to protect it when it is housed within our corporate network and corporate computer systems. Firewalls, VPNs, encryption, and data leakage prevention all help in some way to protect the data that we don't want anyone else to have. Sometimes, however, we are stuck in the situation where we don't control the network or systems that portions of our data ends up on.
Relaunched Google Search Service Fingers Malware-Spreading Advertisers
News  |  6/19/2009  | 
'Anti-Malvertising' lets Website owners perform background checks on potential online advertisers
Microsoft Security Essentials Beta Coming Tuesday
News  |  6/18/2009  | 
Previously code-named "Morro," the free software will replace Windows Live OneCare, which included both security and utility services for $49.95 per year.
Microsoft To Launch Free Antivirus Product Next Week
News  |  6/18/2009  | 
Public beta of the much-anticipated 'Morro' tool debuts June 23, replacing OneCare Live for consumers
Database Servers: Candy For Hackers
News  |  6/18/2009  | 
Sensitive information and poor security administration make tempting targets.
1 In 5 Companies Cutting IT Security Spending, Our Survey Finds
News  |  6/18/2009  | 
Budget woes, increased regulation, and new challenges for sensitive data are on the menu for risk managers.
The Biggest Threat? It May Be You
News  |  6/18/2009  | 
When it comes to virtual server security, you might just be the weak link. Or, more precisely, your lack of planning, maintenance, and governance of that VM server farm.
China Making Green Dam Internet Filter Optional
News  |  6/16/2009  | 
The government's edict prompted widespread derision from Chinese bloggers, objections from Chinese academics and lawyers, and criticism from security experts.
Former Google Employees Launch Web Malware Startup
News  |  6/15/2009  | 
The company will address changing malware distribution patterns and to provide a way to respond to Web security threats using automated techniques.
Twitter Security Heating Up In July
News  |  6/15/2009  | 
In an effort to raise awareness of browser security flaws, one researcher wants to post a vulnerability every day that shows the soft underside of the Fail Whale.
China's Green Dam Software May Pose Legal Risk To U.S. Computer Makers
News  |  6/15/2009  | 
A research report indicates that the Web-filtering software mandated by the Chinese government contains unauthorized, proprietary code from a Green Dam competitor.
China 'Green Dam' Censorware Called Security Risk
News  |  6/12/2009  | 
Chinese authorities claim the software is necessary to protect people from pornography, but the software has been found to block politically sensitive terms.
Mac Users Warned Of Porn Malware Threat
News  |  6/11/2009  | 
Trojan software presents visitors to certain porn sites with a pop-up message to download a Video ActiveX Object; the download carries Mac malware.
Microsoft To Launch Morro Antivirus 'Soon'
News  |  6/11/2009  | 
The free offering will replace subscription Windows Live OneCare service.
Rollout: How Much Is Bot Detection Worth To You?
News  |  6/11/2009  | 
Damballa's appliance shows promise, but it still has a lot of ground to cover.
Researcher: Popular Internal IP Addressing Scheme Could Leave Enterprises Vulnerable
News  |  6/9/2009  | 
Flaws in RFC 1918 could be exploited to gain access to enterprise networks, says Robert "RSnake" Hansen
Black Hat Founder Tapped To Advise Homeland Security
News  |  6/8/2009  | 
Jeff Moss, founder of the Black Hat and Defcon security conferences, is one of 16 people appointed to the Department of Homeland Security Advisory Council, as the government casts a wide net for perspectives on cybersecurity.
Alleged T-Mobile Data Offered To Highest Bidder
News  |  6/8/2009  | 
A note offering the data for sale says that the company's databases, confidential documents, and financial documents were stolen.
RIM Issues Patch For BlackBerry Vulnerability
News  |  6/4/2009  | 
Enterprise BlackBerry smartphone users could be at risk if they open a maliciously crafted PDF, Research In Motion says.
Wisconsin-Based Healthcare Provider Chooses Symantec Solution For HIPAA Compliance
News  |  6/4/2009  | 
Aspirus implements Symantec backup and recovery, endpoint managemen,t and endpoint security software products
Report: Cybercrime Riches Are Hard To Come By
News  |  6/3/2009  | 
Researchers from Microsoft say stolen goods offered for sale in IRC channels are tough to monetize, and industry estimates of underground profits are "exaggerated"


7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3154
PUBLISHED: 2020-01-27
CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email.
CVE-2019-17190
PUBLISHED: 2020-01-27
A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the...
CVE-2014-8161
PUBLISHED: 2020-01-27
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
CVE-2014-9481
PUBLISHED: 2020-01-27
The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.
CVE-2015-0241
PUBLISHED: 2020-01-27
The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric ...