Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in June 2011
Page 1 / 2   >   >>
Researchers Report New, 'Indestructible' Botnet
Quick Hits  |  6/30/2011  | 
TDL-4 features new defenses, Kaspersky researchers say; other experts not so sure about the 'indestructible' part
Mass-Meshing A Gumblar Creation
Commentary  |  6/30/2011  | 
Who doesn't love a new buzzword? 'Mass-meshing' is a new term that describes an old problem first presented by the Gumblar attacks in 2009
LulzSec Successors Press On, Hitting Viacom, AZ
News  |  6/30/2011  | 
Hacking groups Anonymous and #AntiSec mount attacks on media companies and a previous LulzSec government target.
LulzSec Members Apparently Outed
News  |  6/28/2011  | 
An anonymous post claims to put names to four of the group's six members, leading security experts to predict imminent arrests.
Passwords: Tips For Better Security
News  |  6/27/2011  | 
You can make your passwords more secure if you follow a few simple rules: Don't reuse passwords, make them long and random, and don't be afraid to write them down, say security experts.
Feds Identify Top 25 Software Vulnerabilities
News  |  6/27/2011  | 
Department of Homeland Security worked with non-profits and the private sector to come up with a list of the most worrisome threats and how organizations can mitigate them.
Health Data Losses: Don't Blame Hackers
News  |  6/27/2011  | 
Physical theft and lost computing devices are responsible for most of the health data that has been compromised, not hacking, according to U.S. Dept. of Health and Human Services.
DARPA Sharpens Focus On Video Analysis Technology
News  |  6/27/2011  | 
The VIRAT and PerSEAS programs aim to create better ways to detect dangerous behavior, such as burying improvised explosive devices, during combat.
Who Bears Online Fraud Burden: Bank Or Business?
News  |  6/24/2011  | 
Two recent court cases with very different outcomes call attention to the uncertain--and potentially expensive--regulatory and legal environment for small businesses and their online banking security.
Are LulzSec, Anonymous The Pissed-Off Canary In The Coal Mine?
Commentary  |  6/24/2011  | 
LulzSec and Anonymous could be doing the world a favor by showcasing weak systems, and their actions suggest these systems and others like them could have been compromised for months by those wanting to do harm
LulzSec Hacks Arizona Police Computers
News  |  6/24/2011  | 
Hacktivist group posts a torrent containing internal files lifted from law-enforcement as part of global cybercrime campaign against governments.
Eavesdropper Steals Quantum Crypto Keys
News  |  6/23/2011  | 
So-called "perfect eavesdropper" steals keys while they're being negotiated, without alerting users.
FBI Breaks Up Two Big Scareware Rings
News  |  6/23/2011  | 
Feds seize equipment and trigger arrests as "Operation Trident Tribunal" targets scareware campaigns that collectively stole $74 million.
Next Virus Victim: Your Doctor's Or Nurse's iPad?
News  |  6/23/2011  | 
Networked devices used by medical personnel carry vulnerability to viruses and security threats, requiring careful teamwork between IT and clinical engineering, experts say.
Spear Phishers Aiming At SMBs
News  |  6/22/2011  | 
Pilfered email addresses and personal information from Epsilon and Sony breaches will make attacks on SMBs even more likely.
WordPress Warns Of Trojanized Plug-Ins, Urges Patching
News  |  6/22/2011  | 
Attackers added a back door to three plug-ins that were available for download from WordPress for more than 24 hours.
LulzSec Takes Hit, Keeps On Hacking
News  |  6/22/2011  | 
British authorities charge teenager with launching DDoS attack, and anti-LulzSec group says it's tracing identities of the hacking group's members.
'John The Ripper' Gets A Face-Lift
News  |  6/22/2011  | 
Popular open-source password-cracking tool now faster, and backed with Rapid7 sponsorship
SMBs Face Social Media Security Challenges
News  |  6/22/2011  | 
Wedge Networks upgrades its deep content inspection network gateway to monitor social media and Web application traffic for security risks.
The End Is Near For Paid Antivirus On PCs
Commentary  |  6/22/2011  | 
The rise of free but "good enough" software spells an end to the days of having to pay for PC antivirus software.
IT Pros Lose Sleep Over Spyware, Not APT
Quick Hits  |  6/21/2011  | 
eEye survey finds most IT admins, managers, and C-level executives consider Stuxnet, Operation Aurora, and other high-profile targeted threats 'minor' concerns
LulzSec, Anonymous: Feds Most Wanted
News  |  6/21/2011  | 
While the hacker groups have drawn attention with public boasts, federal investigators have set up shop in numerous social media sites, going undercover where necessary to root cyber criminals.
Dropbox Files Left Unprotected, Open To All
News  |  6/21/2011  | 
A software bug rendered the account authentication mechanism non-functional for four hours, leaving customers fuming over the latest security lapse at the popular online file storage service.
3 DNS Risk Reduction Strategies
News  |  6/21/2011  | 
Department of Homeland Security cybersecurity guidance identifies the three most common risks associated with the Internet's address infrastructure and provides methods for mitigating them.
Network Solutions Suffers DDoS Attack
News  |  6/21/2011  | 
A distributed denial of service attack took down Network Solutions, severing access to DNS servers, websites, plus hosted servers and email accounts.
Scotland Yard Busts Alleged LulzSec Mastermind
News  |  6/21/2011  | 
British police, in a joint investigation with the FBI, arrest a teenager on charges of computer misuse and fraud.
Hack Attack Exposes 1.3 Million Sega Accounts
News  |  6/20/2011  | 
LulzSec says to watch your Facebook, Gmail, and Skype passwords, though no one has claimed responsibility for the Sega breach.
CA Security Spinoff Vows To Surprise The Marketplace
News  |  6/20/2011  | 
Total Defense has a new name and VC funding, but it faces a tough battle against market-dominating antivirus products, most of which are free.
Advanced Exploitation Of Flash Vulnerability In The Wild
Commentary  |  6/19/2011  | 
New Flash exploit is extremely effective against the security technologies that many depend on for shelter -- is this a sign of things to come?
Feds, ISPs Team On Cybersecurity For Defense Contractors
News  |  6/17/2011  | 
The Departments of Defense and Homeland Security are providing cyber threat intelligence to 25 defense contractors and their Internet service providers.
Microsoft Warns Of Huge Phone Scam
News  |  6/17/2011  | 
Forget fake antivirus software; PC users are getting calls from fake security experts.
The Dark Side Of The Cloud
Quick Hits  |  6/17/2011  | 
Wave of high-profile breaches of cloud-based services during the past few months a reality check for entrusting your data with these providers, according to a new Dark Reading Analytics report
How Fast Should Companies Come Clean On Breaches?
Commentary  |  6/17/2011  | 
Disclosing them too quickly can compromise investigations, security experts warn.
Microsoft, Apple Dis WebGL
News  |  6/16/2011  | 
Microsoft says it's insecure; Apple won't be supporting it in iOS 5, except to accelerate its iAds.
SMB Websites Face Mass Meshing Attacks
News  |  6/16/2011  | 
Here's how to protect your SMB website--and what to do if it's been compromised.
Citi: Hackers Got More Records Than We Thought
News  |  6/16/2011  | 
Citigroup on Wednesday said it had underestimated the number of accounts breached in a recent attack by 70%--but such revisions are not unusual, security experts say.
Why Hackers Found Easy Targets At IMF, Citigroup
News  |  6/15/2011  | 
Security experts say simple tactics succeeded in breaching major organizations in recent weeks because companies failed to conduct their own penetration testing.
Latest Android Malware Takes Flight With Angry Birds
News  |  6/14/2011  | 
Malware was embedded in applications that promised to help users cheat their way through Rovio's popular Angry Birds game
LulzSec, Recent Hacks Show Government Agencies Unprepared
News  |  6/14/2011  | 
The U.S. Senate became the latest victim in a string of hacks into government and high-profile groups like the IMF and Lockheed Martin. Here's what security experts say the Feds must do better.
What Do IMF, Citigroup, And Sony Hacks Share?
News  |  6/13/2011  | 
Many organizations have been focusing on complying with regulations, rather than taking a top-down look at what most needs to be secured, security experts say.
Microsoft Patch Tuesday To Address 34 Security Risks
News  |  6/10/2011  | 
The next Patch Tuesday will include a whopping 34 fixes, including critical vulnerabilities in all versions of Microsoft Windows, Internet Explorer, and Excel.
FBI Ramping Up Cyber-Attack Defense
News  |  6/9/2011  | 
FBI Director Robert Mueller told Congress that high-profile hacks into Google and Sony highlight increased threats and make cybersecurity a key priority.
Citigroup Confirms Hackers Stole Customer Data
News  |  6/9/2011  | 
Names, account numbers, email addresses, and contact details for more than 200,000 customers stolen in newest attack.
Russian Masterminds Ran Rustock Botnet, Microsoft Says
News  |  6/9/2011  | 
Forensic analysis of server hard drives points to Russian controllers and turns up email templates mentioning that old favorite, Viagra.
Schwartz On Security: Confused By RSA's Clarification?
Commentary  |  6/8/2011  | 
While RSA has offered to replace some tokens, many customers still don't know how or why their SecurID tokens may pose a security risk.
IPv6 Graduation Day
Commentary  |  6/8/2011  | 
Big Bird, Google, and Facebook participate in first high-profile test flight of new IP protocol amid DDoS threat backdrop
Sony Breach Reveals Users Lax With Password Security
News  |  6/8/2011  | 
Analysis of recent hacks finds that people commonly reuse logins and choose easy-to-crack passwords.
Spear Phishing Attacks On The Rise
News  |  6/8/2011  | 
Symantec warns that spear-phishing attack volume has hit a two-year high as attackers try to install botnet software, keylogging applications, or other malware.
Hacking Group LulzSec Denies Arrest Report
News  |  6/7/2011  | 
Sony and InfraGard were targeted by the group, which refutes online reports that a member was arrested by the FBI.
New Malware Can Launch Multiple Types Of Advertising Fraud
Quick Hits  |  6/6/2011  | 
'Ad hijacking' leads to multiple exploits, Adometry researchers say
Page 1 / 2   >   >>


Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7227
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.