Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in June 2011
Page 1 / 2   >   >>
Researchers Report New, 'Indestructible' Botnet
Quick Hits  |  6/30/2011  | 
TDL-4 features new defenses, Kaspersky researchers say; other experts not so sure about the 'indestructible' part
Mass-Meshing A Gumblar Creation
Commentary  |  6/30/2011  | 
Who doesn't love a new buzzword? 'Mass-meshing' is a new term that describes an old problem first presented by the Gumblar attacks in 2009
LulzSec Successors Press On, Hitting Viacom, AZ
News  |  6/30/2011  | 
Hacking groups Anonymous and #AntiSec mount attacks on media companies and a previous LulzSec government target.
LulzSec Members Apparently Outed
News  |  6/28/2011  | 
An anonymous post claims to put names to four of the group's six members, leading security experts to predict imminent arrests.
Passwords: Tips For Better Security
News  |  6/27/2011  | 
You can make your passwords more secure if you follow a few simple rules: Don't reuse passwords, make them long and random, and don't be afraid to write them down, say security experts.
Feds Identify Top 25 Software Vulnerabilities
News  |  6/27/2011  | 
Department of Homeland Security worked with non-profits and the private sector to come up with a list of the most worrisome threats and how organizations can mitigate them.
Health Data Losses: Don't Blame Hackers
News  |  6/27/2011  | 
Physical theft and lost computing devices are responsible for most of the health data that has been compromised, not hacking, according to U.S. Dept. of Health and Human Services.
DARPA Sharpens Focus On Video Analysis Technology
News  |  6/27/2011  | 
The VIRAT and PerSEAS programs aim to create better ways to detect dangerous behavior, such as burying improvised explosive devices, during combat.
Who Bears Online Fraud Burden: Bank Or Business?
News  |  6/24/2011  | 
Two recent court cases with very different outcomes call attention to the uncertain--and potentially expensive--regulatory and legal environment for small businesses and their online banking security.
Are LulzSec, Anonymous The Pissed-Off Canary In The Coal Mine?
Commentary  |  6/24/2011  | 
LulzSec and Anonymous could be doing the world a favor by showcasing weak systems, and their actions suggest these systems and others like them could have been compromised for months by those wanting to do harm
LulzSec Hacks Arizona Police Computers
News  |  6/24/2011  | 
Hacktivist group posts a torrent containing internal files lifted from law-enforcement as part of global cybercrime campaign against governments.
Eavesdropper Steals Quantum Crypto Keys
News  |  6/23/2011  | 
So-called "perfect eavesdropper" steals keys while they're being negotiated, without alerting users.
FBI Breaks Up Two Big Scareware Rings
News  |  6/23/2011  | 
Feds seize equipment and trigger arrests as "Operation Trident Tribunal" targets scareware campaigns that collectively stole $74 million.
Next Virus Victim: Your Doctor's Or Nurse's iPad?
News  |  6/23/2011  | 
Networked devices used by medical personnel carry vulnerability to viruses and security threats, requiring careful teamwork between IT and clinical engineering, experts say.
Spear Phishers Aiming At SMBs
News  |  6/22/2011  | 
Pilfered email addresses and personal information from Epsilon and Sony breaches will make attacks on SMBs even more likely.
WordPress Warns Of Trojanized Plug-Ins, Urges Patching
News  |  6/22/2011  | 
Attackers added a back door to three plug-ins that were available for download from WordPress for more than 24 hours.
LulzSec Takes Hit, Keeps On Hacking
News  |  6/22/2011  | 
British authorities charge teenager with launching DDoS attack, and anti-LulzSec group says it's tracing identities of the hacking group's members.
'John The Ripper' Gets A Face-Lift
News  |  6/22/2011  | 
Popular open-source password-cracking tool now faster, and backed with Rapid7 sponsorship
SMBs Face Social Media Security Challenges
News  |  6/22/2011  | 
Wedge Networks upgrades its deep content inspection network gateway to monitor social media and Web application traffic for security risks.
The End Is Near For Paid Antivirus On PCs
Commentary  |  6/22/2011  | 
The rise of free but "good enough" software spells an end to the days of having to pay for PC antivirus software.
IT Pros Lose Sleep Over Spyware, Not APT
Quick Hits  |  6/21/2011  | 
eEye survey finds most IT admins, managers, and C-level executives consider Stuxnet, Operation Aurora, and other high-profile targeted threats 'minor' concerns
LulzSec, Anonymous: Feds Most Wanted
News  |  6/21/2011  | 
While the hacker groups have drawn attention with public boasts, federal investigators have set up shop in numerous social media sites, going undercover where necessary to root cyber criminals.
Dropbox Files Left Unprotected, Open To All
News  |  6/21/2011  | 
A software bug rendered the account authentication mechanism non-functional for four hours, leaving customers fuming over the latest security lapse at the popular online file storage service.
3 DNS Risk Reduction Strategies
News  |  6/21/2011  | 
Department of Homeland Security cybersecurity guidance identifies the three most common risks associated with the Internet's address infrastructure and provides methods for mitigating them.
Network Solutions Suffers DDoS Attack
News  |  6/21/2011  | 
A distributed denial of service attack took down Network Solutions, severing access to DNS servers, websites, plus hosted servers and email accounts.
Scotland Yard Busts Alleged LulzSec Mastermind
News  |  6/21/2011  | 
British police, in a joint investigation with the FBI, arrest a teenager on charges of computer misuse and fraud.
Hack Attack Exposes 1.3 Million Sega Accounts
News  |  6/20/2011  | 
LulzSec says to watch your Facebook, Gmail, and Skype passwords, though no one has claimed responsibility for the Sega breach.
CA Security Spinoff Vows To Surprise The Marketplace
News  |  6/20/2011  | 
Total Defense has a new name and VC funding, but it faces a tough battle against market-dominating antivirus products, most of which are free.
Advanced Exploitation Of Flash Vulnerability In The Wild
Commentary  |  6/19/2011  | 
New Flash exploit is extremely effective against the security technologies that many depend on for shelter -- is this a sign of things to come?
Feds, ISPs Team On Cybersecurity For Defense Contractors
News  |  6/17/2011  | 
The Departments of Defense and Homeland Security are providing cyber threat intelligence to 25 defense contractors and their Internet service providers.
Microsoft Warns Of Huge Phone Scam
News  |  6/17/2011  | 
Forget fake antivirus software; PC users are getting calls from fake security experts.
The Dark Side Of The Cloud
Quick Hits  |  6/17/2011  | 
Wave of high-profile breaches of cloud-based services during the past few months a reality check for entrusting your data with these providers, according to a new Dark Reading Analytics report
How Fast Should Companies Come Clean On Breaches?
Commentary  |  6/17/2011  | 
Disclosing them too quickly can compromise investigations, security experts warn.
Microsoft, Apple Dis WebGL
News  |  6/16/2011  | 
Microsoft says it's insecure; Apple won't be supporting it in iOS 5, except to accelerate its iAds.
SMB Websites Face Mass Meshing Attacks
News  |  6/16/2011  | 
Here's how to protect your SMB website--and what to do if it's been compromised.
Citi: Hackers Got More Records Than We Thought
News  |  6/16/2011  | 
Citigroup on Wednesday said it had underestimated the number of accounts breached in a recent attack by 70%--but such revisions are not unusual, security experts say.
Why Hackers Found Easy Targets At IMF, Citigroup
News  |  6/15/2011  | 
Security experts say simple tactics succeeded in breaching major organizations in recent weeks because companies failed to conduct their own penetration testing.
Latest Android Malware Takes Flight With Angry Birds
News  |  6/14/2011  | 
Malware was embedded in applications that promised to help users cheat their way through Rovio's popular Angry Birds game
LulzSec, Recent Hacks Show Government Agencies Unprepared
News  |  6/14/2011  | 
The U.S. Senate became the latest victim in a string of hacks into government and high-profile groups like the IMF and Lockheed Martin. Here's what security experts say the Feds must do better.
What Do IMF, Citigroup, And Sony Hacks Share?
News  |  6/13/2011  | 
Many organizations have been focusing on complying with regulations, rather than taking a top-down look at what most needs to be secured, security experts say.
Microsoft Patch Tuesday To Address 34 Security Risks
News  |  6/10/2011  | 
The next Patch Tuesday will include a whopping 34 fixes, including critical vulnerabilities in all versions of Microsoft Windows, Internet Explorer, and Excel.
FBI Ramping Up Cyber-Attack Defense
News  |  6/9/2011  | 
FBI Director Robert Mueller told Congress that high-profile hacks into Google and Sony highlight increased threats and make cybersecurity a key priority.
Citigroup Confirms Hackers Stole Customer Data
News  |  6/9/2011  | 
Names, account numbers, email addresses, and contact details for more than 200,000 customers stolen in newest attack.
Russian Masterminds Ran Rustock Botnet, Microsoft Says
News  |  6/9/2011  | 
Forensic analysis of server hard drives points to Russian controllers and turns up email templates mentioning that old favorite, Viagra.
Schwartz On Security: Confused By RSA's Clarification?
Commentary  |  6/8/2011  | 
While RSA has offered to replace some tokens, many customers still don't know how or why their SecurID tokens may pose a security risk.
IPv6 Graduation Day
Commentary  |  6/8/2011  | 
Big Bird, Google, and Facebook participate in first high-profile test flight of new IP protocol amid DDoS threat backdrop
Sony Breach Reveals Users Lax With Password Security
News  |  6/8/2011  | 
Analysis of recent hacks finds that people commonly reuse logins and choose easy-to-crack passwords.
Spear Phishing Attacks On The Rise
News  |  6/8/2011  | 
Symantec warns that spear-phishing attack volume has hit a two-year high as attackers try to install botnet software, keylogging applications, or other malware.
Hacking Group LulzSec Denies Arrest Report
News  |  6/7/2011  | 
Sony and InfraGard were targeted by the group, which refutes online reports that a member was arrested by the FBI.
New Malware Can Launch Multiple Types Of Advertising Fraud
Quick Hits  |  6/6/2011  | 
'Ad hijacking' leads to multiple exploits, Adometry researchers say
Page 1 / 2   >   >>


AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4147
PUBLISHED: 2019-09-16
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.
CVE-2019-5481
PUBLISHED: 2019-09-16
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
CVE-2019-5482
PUBLISHED: 2019-09-16
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
CVE-2019-15741
PUBLISHED: 2019-09-16
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
CVE-2019-16370
PUBLISHED: 2019-09-16
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.