Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in June 2011
Page 1 / 2   >   >>
Researchers Report New, 'Indestructible' Botnet
Quick Hits  |  6/30/2011  | 
TDL-4 features new defenses, Kaspersky researchers say; other experts not so sure about the 'indestructible' part
Mass-Meshing A Gumblar Creation
Commentary  |  6/30/2011  | 
Who doesn't love a new buzzword? 'Mass-meshing' is a new term that describes an old problem first presented by the Gumblar attacks in 2009
LulzSec Successors Press On, Hitting Viacom, AZ
News  |  6/30/2011  | 
Hacking groups Anonymous and #AntiSec mount attacks on media companies and a previous LulzSec government target.
LulzSec Members Apparently Outed
News  |  6/28/2011  | 
An anonymous post claims to put names to four of the group's six members, leading security experts to predict imminent arrests.
Passwords: Tips For Better Security
News  |  6/27/2011  | 
You can make your passwords more secure if you follow a few simple rules: Don't reuse passwords, make them long and random, and don't be afraid to write them down, say security experts.
Feds Identify Top 25 Software Vulnerabilities
News  |  6/27/2011  | 
Department of Homeland Security worked with non-profits and the private sector to come up with a list of the most worrisome threats and how organizations can mitigate them.
Health Data Losses: Don't Blame Hackers
News  |  6/27/2011  | 
Physical theft and lost computing devices are responsible for most of the health data that has been compromised, not hacking, according to U.S. Dept. of Health and Human Services.
DARPA Sharpens Focus On Video Analysis Technology
News  |  6/27/2011  | 
The VIRAT and PerSEAS programs aim to create better ways to detect dangerous behavior, such as burying improvised explosive devices, during combat.
Who Bears Online Fraud Burden: Bank Or Business?
News  |  6/24/2011  | 
Two recent court cases with very different outcomes call attention to the uncertain--and potentially expensive--regulatory and legal environment for small businesses and their online banking security.
Are LulzSec, Anonymous The Pissed-Off Canary In The Coal Mine?
Commentary  |  6/24/2011  | 
LulzSec and Anonymous could be doing the world a favor by showcasing weak systems, and their actions suggest these systems and others like them could have been compromised for months by those wanting to do harm
LulzSec Hacks Arizona Police Computers
News  |  6/24/2011  | 
Hacktivist group posts a torrent containing internal files lifted from law-enforcement as part of global cybercrime campaign against governments.
Eavesdropper Steals Quantum Crypto Keys
News  |  6/23/2011  | 
So-called "perfect eavesdropper" steals keys while they're being negotiated, without alerting users.
FBI Breaks Up Two Big Scareware Rings
News  |  6/23/2011  | 
Feds seize equipment and trigger arrests as "Operation Trident Tribunal" targets scareware campaigns that collectively stole $74 million.
Next Virus Victim: Your Doctor's Or Nurse's iPad?
News  |  6/23/2011  | 
Networked devices used by medical personnel carry vulnerability to viruses and security threats, requiring careful teamwork between IT and clinical engineering, experts say.
Spear Phishers Aiming At SMBs
News  |  6/22/2011  | 
Pilfered email addresses and personal information from Epsilon and Sony breaches will make attacks on SMBs even more likely.
WordPress Warns Of Trojanized Plug-Ins, Urges Patching
News  |  6/22/2011  | 
Attackers added a back door to three plug-ins that were available for download from WordPress for more than 24 hours.
LulzSec Takes Hit, Keeps On Hacking
News  |  6/22/2011  | 
British authorities charge teenager with launching DDoS attack, and anti-LulzSec group says it's tracing identities of the hacking group's members.
'John The Ripper' Gets A Face-Lift
News  |  6/22/2011  | 
Popular open-source password-cracking tool now faster, and backed with Rapid7 sponsorship
SMBs Face Social Media Security Challenges
News  |  6/22/2011  | 
Wedge Networks upgrades its deep content inspection network gateway to monitor social media and Web application traffic for security risks.
The End Is Near For Paid Antivirus On PCs
Commentary  |  6/22/2011  | 
The rise of free but "good enough" software spells an end to the days of having to pay for PC antivirus software.
IT Pros Lose Sleep Over Spyware, Not APT
Quick Hits  |  6/21/2011  | 
eEye survey finds most IT admins, managers, and C-level executives consider Stuxnet, Operation Aurora, and other high-profile targeted threats 'minor' concerns
LulzSec, Anonymous: Feds Most Wanted
News  |  6/21/2011  | 
While the hacker groups have drawn attention with public boasts, federal investigators have set up shop in numerous social media sites, going undercover where necessary to root cyber criminals.
Dropbox Files Left Unprotected, Open To All
News  |  6/21/2011  | 
A software bug rendered the account authentication mechanism non-functional for four hours, leaving customers fuming over the latest security lapse at the popular online file storage service.
3 DNS Risk Reduction Strategies
News  |  6/21/2011  | 
Department of Homeland Security cybersecurity guidance identifies the three most common risks associated with the Internet's address infrastructure and provides methods for mitigating them.
Network Solutions Suffers DDoS Attack
News  |  6/21/2011  | 
A distributed denial of service attack took down Network Solutions, severing access to DNS servers, websites, plus hosted servers and email accounts.
Scotland Yard Busts Alleged LulzSec Mastermind
News  |  6/21/2011  | 
British police, in a joint investigation with the FBI, arrest a teenager on charges of computer misuse and fraud.
Hack Attack Exposes 1.3 Million Sega Accounts
News  |  6/20/2011  | 
LulzSec says to watch your Facebook, Gmail, and Skype passwords, though no one has claimed responsibility for the Sega breach.
CA Security Spinoff Vows To Surprise The Marketplace
News  |  6/20/2011  | 
Total Defense has a new name and VC funding, but it faces a tough battle against market-dominating antivirus products, most of which are free.
Advanced Exploitation Of Flash Vulnerability In The Wild
Commentary  |  6/19/2011  | 
New Flash exploit is extremely effective against the security technologies that many depend on for shelter -- is this a sign of things to come?
Feds, ISPs Team On Cybersecurity For Defense Contractors
News  |  6/17/2011  | 
The Departments of Defense and Homeland Security are providing cyber threat intelligence to 25 defense contractors and their Internet service providers.
Microsoft Warns Of Huge Phone Scam
News  |  6/17/2011  | 
Forget fake antivirus software; PC users are getting calls from fake security experts.
The Dark Side Of The Cloud
Quick Hits  |  6/17/2011  | 
Wave of high-profile breaches of cloud-based services during the past few months a reality check for entrusting your data with these providers, according to a new Dark Reading Analytics report
How Fast Should Companies Come Clean On Breaches?
Commentary  |  6/17/2011  | 
Disclosing them too quickly can compromise investigations, security experts warn.
Microsoft, Apple Dis WebGL
News  |  6/16/2011  | 
Microsoft says it's insecure; Apple won't be supporting it in iOS 5, except to accelerate its iAds.
SMB Websites Face Mass Meshing Attacks
News  |  6/16/2011  | 
Here's how to protect your SMB website--and what to do if it's been compromised.
Citi: Hackers Got More Records Than We Thought
News  |  6/16/2011  | 
Citigroup on Wednesday said it had underestimated the number of accounts breached in a recent attack by 70%--but such revisions are not unusual, security experts say.
Why Hackers Found Easy Targets At IMF, Citigroup
News  |  6/15/2011  | 
Security experts say simple tactics succeeded in breaching major organizations in recent weeks because companies failed to conduct their own penetration testing.
Latest Android Malware Takes Flight With Angry Birds
News  |  6/14/2011  | 
Malware was embedded in applications that promised to help users cheat their way through Rovio's popular Angry Birds game
LulzSec, Recent Hacks Show Government Agencies Unprepared
News  |  6/14/2011  | 
The U.S. Senate became the latest victim in a string of hacks into government and high-profile groups like the IMF and Lockheed Martin. Here's what security experts say the Feds must do better.
What Do IMF, Citigroup, And Sony Hacks Share?
News  |  6/13/2011  | 
Many organizations have been focusing on complying with regulations, rather than taking a top-down look at what most needs to be secured, security experts say.
Microsoft Patch Tuesday To Address 34 Security Risks
News  |  6/10/2011  | 
The next Patch Tuesday will include a whopping 34 fixes, including critical vulnerabilities in all versions of Microsoft Windows, Internet Explorer, and Excel.
FBI Ramping Up Cyber-Attack Defense
News  |  6/9/2011  | 
FBI Director Robert Mueller told Congress that high-profile hacks into Google and Sony highlight increased threats and make cybersecurity a key priority.
Citigroup Confirms Hackers Stole Customer Data
News  |  6/9/2011  | 
Names, account numbers, email addresses, and contact details for more than 200,000 customers stolen in newest attack.
Russian Masterminds Ran Rustock Botnet, Microsoft Says
News  |  6/9/2011  | 
Forensic analysis of server hard drives points to Russian controllers and turns up email templates mentioning that old favorite, Viagra.
Schwartz On Security: Confused By RSA's Clarification?
Commentary  |  6/8/2011  | 
While RSA has offered to replace some tokens, many customers still don't know how or why their SecurID tokens may pose a security risk.
IPv6 Graduation Day
Commentary  |  6/8/2011  | 
Big Bird, Google, and Facebook participate in first high-profile test flight of new IP protocol amid DDoS threat backdrop
Sony Breach Reveals Users Lax With Password Security
News  |  6/8/2011  | 
Analysis of recent hacks finds that people commonly reuse logins and choose easy-to-crack passwords.
Spear Phishing Attacks On The Rise
News  |  6/8/2011  | 
Symantec warns that spear-phishing attack volume has hit a two-year high as attackers try to install botnet software, keylogging applications, or other malware.
Hacking Group LulzSec Denies Arrest Report
News  |  6/7/2011  | 
Sony and InfraGard were targeted by the group, which refutes online reports that a member was arrested by the FBI.
New Malware Can Launch Multiple Types Of Advertising Fraud
Quick Hits  |  6/6/2011  | 
'Ad hijacking' leads to multiple exploits, Adometry researchers say
Page 1 / 2   >   >>


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
6 Top Nontechnical Degrees for Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/21/2019
Anatomy of a BEC Scam
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3654
PUBLISHED: 2019-11-22
Authentication Bypass vulnerability in the Microsoft Windows client in McAfee Client Proxy (MCP) prior to 3.0.0 allows local user to bypass scanning of web traffic and gain access to blocked sites for a short period of time via generating an authorization key on the client which should only be gener...
CVE-2014-2214
PUBLISHED: 2019-11-22
Multiple cross-site scripting (XSS) vulnerabilities in POSH (aka Posh portal or Portaneo) 3.0 through 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) error parameter to /includes/plugins/mobile/scripts/login.php or (2) id parameter to portal/openrssarticle.php
CVE-2014-6310
PUBLISHED: 2019-11-22
Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function.
CVE-2014-6311
PUBLISHED: 2019-11-22
generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges.
CVE-2019-16763
PUBLISHED: 2019-11-22
In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized for data URIs (or vbscript:), allowing for potential XSS attacks. Such an attack would require a user to click on a hot spot to execute and would require an attacker-provided configuration. The most plausible potential attack would be if ...