Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in July 2010
Microsoft To Release Emergency Patch For Windows
News  |  7/30/2010  | 
The "out of band" emergency update addresses a Windows vulnerability that is being exploited by attackers using a "highly virulent strain" of malware.
Most SSL Sites Poorly Configured
News  |  7/30/2010  | 
Half of all SSL servers run older, insecure version of SSL; attacks against HTTPS browser sessions detailed at Black Hat
Adobe Joins Microsoft's Advance-Alert Program For Security Vendors
Quick Hits  |  7/29/2010  | 
Microsoft's MAPP program will now include advance information on Adobe product vulnerabilities
WikiLeaks Tests Feasibility Of Government Data Security
News  |  7/28/2010  | 
Governments will always face the twin challenges of balancing the need for secrecy with the need to collaborate, say experts.
Black Hat: Microsoft Brings Adobe Into Security Program
News  |  7/27/2010  | 
Adobe will soon be distributing security information through MAPP, the Microsoft Active Protections Program.
Sophos Blocks Windows Shell Attacks
News  |  7/27/2010  | 
Malware protection tool doesn't blank out shortcut icons like Microsoft's proposed workaround for the active exploit.
Third-Party Content Could Threaten Websites, Study Says
News  |  7/26/2010  | 
Widgets, ads, and applications from third parties could give hackers an in, Dasient warns
ZTE $1.5 Billion Development Hits Snags
News  |  7/26/2010  | 
The contract manufacturer is addressing concerns about its planned manufacturing, research, and training base in southern China.
Windows Shell Attacks Increase
News  |  7/23/2010  | 
Microsoft and Siemens released tools to combat the zero-day exploits which autorun malicious code from USB drives.
Employees Flout Social Network Security Policies
News  |  7/23/2010  | 
Many people admit changing settings on business devices to access prohibited sites from the workplace, finds Cisco.
Cybercrime Gets Social
News  |  7/22/2010  | 
Bad guys look to exploit social networks, games, and other fun things users do at work, Cisco research says
Microsoft Launches 'Coordinated' Vulnerability Disclosure Program
News  |  7/22/2010  | 
Microsoft abandons controversial 'responsible disclosure' term, supporting public disclosure of unpatched bug details when attacks hit
Dell Shipped Malware Infected Motherboards
News  |  7/22/2010  | 
W32.Spybot worm discovered in flash memory on some replacement PowerEdge server motherboards.
Black Hat: Mobile Flaws Get Attention
News  |  7/21/2010  | 
As security professionals converge in Las Vegas for Black Hat USA 2010, July 24-29, conference founder Jeff Moss says interest in mobile vulnerabilities is growing.
Report: Malware Purveyors Using Social Nets For Command And Control
Quick Hits  |  7/21/2010  | 
Banking Trojan is among the first to be controlled through public social network, RSA says
Cybersecurity Expert Shortage Puts U.S. At Risk
News  |  7/21/2010  | 
Presidential commission proposes overhauling certifications to increase cybersecurity professional quality and quantity.
Consortium Unveils Digital Entertainment Locker
News  |  7/20/2010  | 
Cloud-based UltraViolet platform allows consumers to buy and watch movies and TV shows on a host of Web-connected devices.
Microsoft Acknowledges Windows Shell Vulnerability
News  |  7/19/2010  | 
The zero-day vulnerability appears to be designed for industrial espionage.
Researcher Says Home Routers Are Vulnerable
Quick Hits  |  7/15/2010  | 
Black Hat presentation will demonstrate hacks that could work on many existing routers
Web Services, Cybercrime-Solver
News  |  7/15/2010  | 
NIST researchers propose designing Web services that preserve evidence of attacks and then, using that data, reconstruct series of Web service invocations that took place during the course of the attacks
Microsoft Employee From Russia Linked To Spy Ring
News  |  7/14/2010  | 
The company says the software tester didn't compromise any data or systems.
NIST Proposes Tracking Cyber Attacks Via Web Services
News  |  7/14/2010  | 
Software could track and then reconstruct cyber attacks carried out against web services to help organizations understand their vulnerabilities, according to scientists with the National Institute of Standards and Technology.
Cybercrime Threats Gaining Complexity
News  |  7/14/2010  | 
As current attacks become less effective, there's a corresponding increase in more difficult-to-detect combined attacks, finds M86 study.
US Extends Spam Lead
News  |  7/14/2010  | 
Twice as much spam comes from the United States as any other country in the world, finds Sophos.
Secunia Report Cites Rapid Rise Of PC Vulnerabilities
News  |  7/13/2010  | 
If trend continues, Secunia predicts 760 vulnerabilities by the end of the year
Microsoft Issues Four Security Bulletins
News  |  7/13/2010  | 
July's 'Patch Tuesday' brings a relatively light load of fixes.
Social Networking Weakens Enterprise Security
News  |  7/13/2010  | 
Trend Micro survey finds 24% of employees access social networks from their business computers.
Oracle Patches 59 Vulnerabilities
News  |  7/13/2010  | 
Sun Solaris product suite, Oracle Database Server, Fusion Middleware, and Supply Chain Products Suite vulnerable to remote exploitation, with no authentication required.
Apple Ranks First In Vulnerabilities
News  |  7/12/2010  | 
Secunia's latest security report finds that investments in security by major vendors have not decreased vulnerabilities in their products.
ID Thefts Go Unreported Despite Notification Laws
News  |  7/9/2010  | 
The Identity Theft Resource Center says one-third of breaches appear to be malicious, but a lack of transparency and accountability may be masking true extent of problem.
New AV Product Testing Methods Stir Debate
News  |  7/8/2010  | 
Antivirus vendor-backed group says its proposed lab testing standards will provide a more fair and accurate representation of AV products, but not everyone agrees
Blizzard Employees Face Denial Of Privacy Attack
News  |  7/8/2010  | 
Protesting the end of anonymity in Blizzard's forums, a self-proclaimed 'nerdy white male' aggregates information on Blizzard employees to highlight the privacy risks of real names.
Fallen IBM Exec Merely Sought 'Business Clarity'
News  |  7/7/2010  | 
Bob Moffat says he was motivated by a lust for information, not money or sex, when he struck up affair with alleged co-conspirator.
Internal Sabotage Security Risks Rising
News  |  7/7/2010  | 
Snooping by IT administrators is also increasing, according to a survey from Cyber-Ark Software.
Popular Windows Apps Reject Microsoft Security Features
Quick Hits  |  7/2/2010  | 
Some third-party applications aren't using Microsoft's Windows DEP, ASLR security
Google Dashboard Now Showing Security Warnings
News  |  7/1/2010  | 
Hoping to make its cloud services more secure, Google is extending a Gmail security mechanism to other services.
FEMA Cybersecurity Fix Could Take Years
News  |  7/1/2010  | 
Auditors find dozens of security problems with the Federal Emergency Management Agency's financial systems.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32686
PUBLISHED: 2021-07-23
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and ...
CVE-2021-32783
PUBLISHED: 2021-07-23
Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy rem...
CVE-2021-3169
PUBLISHED: 2021-07-23
An issue in Jumpserver 2.6.2 and below allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.
CVE-2020-20741
PUBLISHED: 2021-07-23
Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6 allows remote attackers to bypass authentication via the "CE Remote Display Tool" as it does not close the incoming connection on the Windows CE side if t...
CVE-2021-25808
PUBLISHED: 2021-07-23
A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file.