Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in July 2010
Microsoft To Release Emergency Patch For Windows
News  |  7/30/2010  | 
The "out of band" emergency update addresses a Windows vulnerability that is being exploited by attackers using a "highly virulent strain" of malware.
Most SSL Sites Poorly Configured
News  |  7/30/2010  | 
Half of all SSL servers run older, insecure version of SSL; attacks against HTTPS browser sessions detailed at Black Hat
Adobe Joins Microsoft's Advance-Alert Program For Security Vendors
Quick Hits  |  7/29/2010  | 
Microsoft's MAPP program will now include advance information on Adobe product vulnerabilities
WikiLeaks Tests Feasibility Of Government Data Security
News  |  7/28/2010  | 
Governments will always face the twin challenges of balancing the need for secrecy with the need to collaborate, say experts.
Black Hat: Microsoft Brings Adobe Into Security Program
News  |  7/27/2010  | 
Adobe will soon be distributing security information through MAPP, the Microsoft Active Protections Program.
Sophos Blocks Windows Shell Attacks
News  |  7/27/2010  | 
Malware protection tool doesn't blank out shortcut icons like Microsoft's proposed workaround for the active exploit.
Third-Party Content Could Threaten Websites, Study Says
News  |  7/26/2010  | 
Widgets, ads, and applications from third parties could give hackers an in, Dasient warns
ZTE $1.5 Billion Development Hits Snags
News  |  7/26/2010  | 
The contract manufacturer is addressing concerns about its planned manufacturing, research, and training base in southern China.
Windows Shell Attacks Increase
News  |  7/23/2010  | 
Microsoft and Siemens released tools to combat the zero-day exploits which autorun malicious code from USB drives.
Employees Flout Social Network Security Policies
News  |  7/23/2010  | 
Many people admit changing settings on business devices to access prohibited sites from the workplace, finds Cisco.
Cybercrime Gets Social
News  |  7/22/2010  | 
Bad guys look to exploit social networks, games, and other fun things users do at work, Cisco research says
Microsoft Launches 'Coordinated' Vulnerability Disclosure Program
News  |  7/22/2010  | 
Microsoft abandons controversial 'responsible disclosure' term, supporting public disclosure of unpatched bug details when attacks hit
Dell Shipped Malware Infected Motherboards
News  |  7/22/2010  | 
W32.Spybot worm discovered in flash memory on some replacement PowerEdge server motherboards.
Black Hat: Mobile Flaws Get Attention
News  |  7/21/2010  | 
As security professionals converge in Las Vegas for Black Hat USA 2010, July 24-29, conference founder Jeff Moss says interest in mobile vulnerabilities is growing.
Report: Malware Purveyors Using Social Nets For Command And Control
Quick Hits  |  7/21/2010  | 
Banking Trojan is among the first to be controlled through public social network, RSA says
Cybersecurity Expert Shortage Puts U.S. At Risk
News  |  7/21/2010  | 
Presidential commission proposes overhauling certifications to increase cybersecurity professional quality and quantity.
Consortium Unveils Digital Entertainment Locker
News  |  7/20/2010  | 
Cloud-based UltraViolet platform allows consumers to buy and watch movies and TV shows on a host of Web-connected devices.
Microsoft Acknowledges Windows Shell Vulnerability
News  |  7/19/2010  | 
The zero-day vulnerability appears to be designed for industrial espionage.
Researcher Says Home Routers Are Vulnerable
Quick Hits  |  7/15/2010  | 
Black Hat presentation will demonstrate hacks that could work on many existing routers
Web Services, Cybercrime-Solver
News  |  7/15/2010  | 
NIST researchers propose designing Web services that preserve evidence of attacks and then, using that data, reconstruct series of Web service invocations that took place during the course of the attacks
Microsoft Employee From Russia Linked To Spy Ring
News  |  7/14/2010  | 
The company says the software tester didn't compromise any data or systems.
NIST Proposes Tracking Cyber Attacks Via Web Services
News  |  7/14/2010  | 
Software could track and then reconstruct cyber attacks carried out against web services to help organizations understand their vulnerabilities, according to scientists with the National Institute of Standards and Technology.
Cybercrime Threats Gaining Complexity
News  |  7/14/2010  | 
As current attacks become less effective, there's a corresponding increase in more difficult-to-detect combined attacks, finds M86 study.
US Extends Spam Lead
News  |  7/14/2010  | 
Twice as much spam comes from the United States as any other country in the world, finds Sophos.
Secunia Report Cites Rapid Rise Of PC Vulnerabilities
News  |  7/13/2010  | 
If trend continues, Secunia predicts 760 vulnerabilities by the end of the year
Microsoft Issues Four Security Bulletins
News  |  7/13/2010  | 
July's 'Patch Tuesday' brings a relatively light load of fixes.
Social Networking Weakens Enterprise Security
News  |  7/13/2010  | 
Trend Micro survey finds 24% of employees access social networks from their business computers.
Oracle Patches 59 Vulnerabilities
News  |  7/13/2010  | 
Sun Solaris product suite, Oracle Database Server, Fusion Middleware, and Supply Chain Products Suite vulnerable to remote exploitation, with no authentication required.
Apple Ranks First In Vulnerabilities
News  |  7/12/2010  | 
Secunia's latest security report finds that investments in security by major vendors have not decreased vulnerabilities in their products.
ID Thefts Go Unreported Despite Notification Laws
News  |  7/9/2010  | 
The Identity Theft Resource Center says one-third of breaches appear to be malicious, but a lack of transparency and accountability may be masking true extent of problem.
New AV Product Testing Methods Stir Debate
News  |  7/8/2010  | 
Antivirus vendor-backed group says its proposed lab testing standards will provide a more fair and accurate representation of AV products, but not everyone agrees
Blizzard Employees Face Denial Of Privacy Attack
News  |  7/8/2010  | 
Protesting the end of anonymity in Blizzard's forums, a self-proclaimed 'nerdy white male' aggregates information on Blizzard employees to highlight the privacy risks of real names.
Fallen IBM Exec Merely Sought 'Business Clarity'
News  |  7/7/2010  | 
Bob Moffat says he was motivated by a lust for information, not money or sex, when he struck up affair with alleged co-conspirator.
Internal Sabotage Security Risks Rising
News  |  7/7/2010  | 
Snooping by IT administrators is also increasing, according to a survey from Cyber-Ark Software.
Popular Windows Apps Reject Microsoft Security Features
Quick Hits  |  7/2/2010  | 
Some third-party applications aren't using Microsoft's Windows DEP, ASLR security
Google Dashboard Now Showing Security Warnings
News  |  7/1/2010  | 
Hoping to make its cloud services more secure, Google is extending a Gmail security mechanism to other services.
FEMA Cybersecurity Fix Could Take Years
News  |  7/1/2010  | 
Auditors find dozens of security problems with the Federal Emergency Management Agency's financial systems.


Cloud Security Threats for 2021
Or Azarzar, CTO & Co-Founder of Lightspin,  12/3/2020
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Assessing Cybersecurity Risk in Todays Enterprises
Assessing Cybersecurity Risk in Todays Enterprises
COVID-19 has created a new IT paradigm in the enterprise and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27772
PUBLISHED: 2020-12-04
A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could po...
CVE-2020-27773
PUBLISHED: 2020-12-04
A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to appli...
CVE-2020-28950
PUBLISHED: 2020-12-04
The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4.0 Patch C was vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges during installation process.
CVE-2020-27774
PUBLISHED: 2020-12-04
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application availability, but co...
CVE-2020-27775
PUBLISHED: 2020-12-04
A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but c...