Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in July 2010
Microsoft To Release Emergency Patch For Windows
News  |  7/30/2010  | 
The "out of band" emergency update addresses a Windows vulnerability that is being exploited by attackers using a "highly virulent strain" of malware.
Most SSL Sites Poorly Configured
News  |  7/30/2010  | 
Half of all SSL servers run older, insecure version of SSL; attacks against HTTPS browser sessions detailed at Black Hat
Adobe Joins Microsoft's Advance-Alert Program For Security Vendors
Quick Hits  |  7/29/2010  | 
Microsoft's MAPP program will now include advance information on Adobe product vulnerabilities
WikiLeaks Tests Feasibility Of Government Data Security
News  |  7/28/2010  | 
Governments will always face the twin challenges of balancing the need for secrecy with the need to collaborate, say experts.
Black Hat: Microsoft Brings Adobe Into Security Program
News  |  7/27/2010  | 
Adobe will soon be distributing security information through MAPP, the Microsoft Active Protections Program.
Sophos Blocks Windows Shell Attacks
News  |  7/27/2010  | 
Malware protection tool doesn't blank out shortcut icons like Microsoft's proposed workaround for the active exploit.
Third-Party Content Could Threaten Websites, Study Says
News  |  7/26/2010  | 
Widgets, ads, and applications from third parties could give hackers an in, Dasient warns
ZTE $1.5 Billion Development Hits Snags
News  |  7/26/2010  | 
The contract manufacturer is addressing concerns about its planned manufacturing, research, and training base in southern China.
Windows Shell Attacks Increase
News  |  7/23/2010  | 
Microsoft and Siemens released tools to combat the zero-day exploits which autorun malicious code from USB drives.
Employees Flout Social Network Security Policies
News  |  7/23/2010  | 
Many people admit changing settings on business devices to access prohibited sites from the workplace, finds Cisco.
Cybercrime Gets Social
News  |  7/22/2010  | 
Bad guys look to exploit social networks, games, and other fun things users do at work, Cisco research says
Microsoft Launches 'Coordinated' Vulnerability Disclosure Program
News  |  7/22/2010  | 
Microsoft abandons controversial 'responsible disclosure' term, supporting public disclosure of unpatched bug details when attacks hit
Dell Shipped Malware Infected Motherboards
News  |  7/22/2010  | 
W32.Spybot worm discovered in flash memory on some replacement PowerEdge server motherboards.
Black Hat: Mobile Flaws Get Attention
News  |  7/21/2010  | 
As security professionals converge in Las Vegas for Black Hat USA 2010, July 24-29, conference founder Jeff Moss says interest in mobile vulnerabilities is growing.
Report: Malware Purveyors Using Social Nets For Command And Control
Quick Hits  |  7/21/2010  | 
Banking Trojan is among the first to be controlled through public social network, RSA says
Cybersecurity Expert Shortage Puts U.S. At Risk
News  |  7/21/2010  | 
Presidential commission proposes overhauling certifications to increase cybersecurity professional quality and quantity.
Consortium Unveils Digital Entertainment Locker
News  |  7/20/2010  | 
Cloud-based UltraViolet platform allows consumers to buy and watch movies and TV shows on a host of Web-connected devices.
Microsoft Acknowledges Windows Shell Vulnerability
News  |  7/19/2010  | 
The zero-day vulnerability appears to be designed for industrial espionage.
Researcher Says Home Routers Are Vulnerable
Quick Hits  |  7/15/2010  | 
Black Hat presentation will demonstrate hacks that could work on many existing routers
Web Services, Cybercrime-Solver
News  |  7/15/2010  | 
NIST researchers propose designing Web services that preserve evidence of attacks and then, using that data, reconstruct series of Web service invocations that took place during the course of the attacks
Microsoft Employee From Russia Linked To Spy Ring
News  |  7/14/2010  | 
The company says the software tester didn't compromise any data or systems.
NIST Proposes Tracking Cyber Attacks Via Web Services
News  |  7/14/2010  | 
Software could track and then reconstruct cyber attacks carried out against web services to help organizations understand their vulnerabilities, according to scientists with the National Institute of Standards and Technology.
Cybercrime Threats Gaining Complexity
News  |  7/14/2010  | 
As current attacks become less effective, there's a corresponding increase in more difficult-to-detect combined attacks, finds M86 study.
US Extends Spam Lead
News  |  7/14/2010  | 
Twice as much spam comes from the United States as any other country in the world, finds Sophos.
Secunia Report Cites Rapid Rise Of PC Vulnerabilities
News  |  7/13/2010  | 
If trend continues, Secunia predicts 760 vulnerabilities by the end of the year
Microsoft Issues Four Security Bulletins
News  |  7/13/2010  | 
July's 'Patch Tuesday' brings a relatively light load of fixes.
Social Networking Weakens Enterprise Security
News  |  7/13/2010  | 
Trend Micro survey finds 24% of employees access social networks from their business computers.
Oracle Patches 59 Vulnerabilities
News  |  7/13/2010  | 
Sun Solaris product suite, Oracle Database Server, Fusion Middleware, and Supply Chain Products Suite vulnerable to remote exploitation, with no authentication required.
Apple Ranks First In Vulnerabilities
News  |  7/12/2010  | 
Secunia's latest security report finds that investments in security by major vendors have not decreased vulnerabilities in their products.
ID Thefts Go Unreported Despite Notification Laws
News  |  7/9/2010  | 
The Identity Theft Resource Center says one-third of breaches appear to be malicious, but a lack of transparency and accountability may be masking true extent of problem.
New AV Product Testing Methods Stir Debate
News  |  7/8/2010  | 
Antivirus vendor-backed group says its proposed lab testing standards will provide a more fair and accurate representation of AV products, but not everyone agrees
Blizzard Employees Face Denial Of Privacy Attack
News  |  7/8/2010  | 
Protesting the end of anonymity in Blizzard's forums, a self-proclaimed 'nerdy white male' aggregates information on Blizzard employees to highlight the privacy risks of real names.
Fallen IBM Exec Merely Sought 'Business Clarity'
News  |  7/7/2010  | 
Bob Moffat says he was motivated by a lust for information, not money or sex, when he struck up affair with alleged co-conspirator.
Internal Sabotage Security Risks Rising
News  |  7/7/2010  | 
Snooping by IT administrators is also increasing, according to a survey from Cyber-Ark Software.
Popular Windows Apps Reject Microsoft Security Features
Quick Hits  |  7/2/2010  | 
Some third-party applications aren't using Microsoft's Windows DEP, ASLR security
Google Dashboard Now Showing Security Warnings
News  |  7/1/2010  | 
Hoping to make its cloud services more secure, Google is extending a Gmail security mechanism to other services.
FEMA Cybersecurity Fix Could Take Years
News  |  7/1/2010  | 
Auditors find dozens of security problems with the Federal Emergency Management Agency's financial systems.


US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He's too shy to invite me out face to face!"
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-9405
PUBLISHED: 2019-09-20
The wp-piwik plugin before 1.0.5 for WordPress has XSS.
CVE-2015-9407
PUBLISHED: 2019-09-20
The xpinner-lite plugin through 2.2 for WordPress has xpinner-lite.php XSS.
CVE-2015-9408
PUBLISHED: 2019-09-20
The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS.
CVE-2019-16533
PUBLISHED: 2019-09-20
On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product.
CVE-2019-16534
PUBLISHED: 2019-09-20
On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. NOTE: this is an end-of-life product.