Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in July 2010
Microsoft To Release Emergency Patch For Windows
News  |  7/30/2010  | 
The "out of band" emergency update addresses a Windows vulnerability that is being exploited by attackers using a "highly virulent strain" of malware.
Most SSL Sites Poorly Configured
News  |  7/30/2010  | 
Half of all SSL servers run older, insecure version of SSL; attacks against HTTPS browser sessions detailed at Black Hat
Adobe Joins Microsoft's Advance-Alert Program For Security Vendors
Quick Hits  |  7/29/2010  | 
Microsoft's MAPP program will now include advance information on Adobe product vulnerabilities
WikiLeaks Tests Feasibility Of Government Data Security
News  |  7/28/2010  | 
Governments will always face the twin challenges of balancing the need for secrecy with the need to collaborate, say experts.
Black Hat: Microsoft Brings Adobe Into Security Program
News  |  7/27/2010  | 
Adobe will soon be distributing security information through MAPP, the Microsoft Active Protections Program.
Sophos Blocks Windows Shell Attacks
News  |  7/27/2010  | 
Malware protection tool doesn't blank out shortcut icons like Microsoft's proposed workaround for the active exploit.
Third-Party Content Could Threaten Websites, Study Says
News  |  7/26/2010  | 
Widgets, ads, and applications from third parties could give hackers an in, Dasient warns
ZTE $1.5 Billion Development Hits Snags
News  |  7/26/2010  | 
The contract manufacturer is addressing concerns about its planned manufacturing, research, and training base in southern China.
Windows Shell Attacks Increase
News  |  7/23/2010  | 
Microsoft and Siemens released tools to combat the zero-day exploits which autorun malicious code from USB drives.
Employees Flout Social Network Security Policies
News  |  7/23/2010  | 
Many people admit changing settings on business devices to access prohibited sites from the workplace, finds Cisco.
Cybercrime Gets Social
News  |  7/22/2010  | 
Bad guys look to exploit social networks, games, and other fun things users do at work, Cisco research says
Microsoft Launches 'Coordinated' Vulnerability Disclosure Program
News  |  7/22/2010  | 
Microsoft abandons controversial 'responsible disclosure' term, supporting public disclosure of unpatched bug details when attacks hit
Dell Shipped Malware Infected Motherboards
News  |  7/22/2010  | 
W32.Spybot worm discovered in flash memory on some replacement PowerEdge server motherboards.
Black Hat: Mobile Flaws Get Attention
News  |  7/21/2010  | 
As security professionals converge in Las Vegas for Black Hat USA 2010, July 24-29, conference founder Jeff Moss says interest in mobile vulnerabilities is growing.
Report: Malware Purveyors Using Social Nets For Command And Control
Quick Hits  |  7/21/2010  | 
Banking Trojan is among the first to be controlled through public social network, RSA says
Cybersecurity Expert Shortage Puts U.S. At Risk
News  |  7/21/2010  | 
Presidential commission proposes overhauling certifications to increase cybersecurity professional quality and quantity.
Consortium Unveils Digital Entertainment Locker
News  |  7/20/2010  | 
Cloud-based UltraViolet platform allows consumers to buy and watch movies and TV shows on a host of Web-connected devices.
Microsoft Acknowledges Windows Shell Vulnerability
News  |  7/19/2010  | 
The zero-day vulnerability appears to be designed for industrial espionage.
Researcher Says Home Routers Are Vulnerable
Quick Hits  |  7/15/2010  | 
Black Hat presentation will demonstrate hacks that could work on many existing routers
Web Services, Cybercrime-Solver
News  |  7/15/2010  | 
NIST researchers propose designing Web services that preserve evidence of attacks and then, using that data, reconstruct series of Web service invocations that took place during the course of the attacks
Microsoft Employee From Russia Linked To Spy Ring
News  |  7/14/2010  | 
The company says the software tester didn't compromise any data or systems.
NIST Proposes Tracking Cyber Attacks Via Web Services
News  |  7/14/2010  | 
Software could track and then reconstruct cyber attacks carried out against web services to help organizations understand their vulnerabilities, according to scientists with the National Institute of Standards and Technology.
Cybercrime Threats Gaining Complexity
News  |  7/14/2010  | 
As current attacks become less effective, there's a corresponding increase in more difficult-to-detect combined attacks, finds M86 study.
US Extends Spam Lead
News  |  7/14/2010  | 
Twice as much spam comes from the United States as any other country in the world, finds Sophos.
Secunia Report Cites Rapid Rise Of PC Vulnerabilities
News  |  7/13/2010  | 
If trend continues, Secunia predicts 760 vulnerabilities by the end of the year
Microsoft Issues Four Security Bulletins
News  |  7/13/2010  | 
July's 'Patch Tuesday' brings a relatively light load of fixes.
Social Networking Weakens Enterprise Security
News  |  7/13/2010  | 
Trend Micro survey finds 24% of employees access social networks from their business computers.
Oracle Patches 59 Vulnerabilities
News  |  7/13/2010  | 
Sun Solaris product suite, Oracle Database Server, Fusion Middleware, and Supply Chain Products Suite vulnerable to remote exploitation, with no authentication required.
Apple Ranks First In Vulnerabilities
News  |  7/12/2010  | 
Secunia's latest security report finds that investments in security by major vendors have not decreased vulnerabilities in their products.
ID Thefts Go Unreported Despite Notification Laws
News  |  7/9/2010  | 
The Identity Theft Resource Center says one-third of breaches appear to be malicious, but a lack of transparency and accountability may be masking true extent of problem.
New AV Product Testing Methods Stir Debate
News  |  7/8/2010  | 
Antivirus vendor-backed group says its proposed lab testing standards will provide a more fair and accurate representation of AV products, but not everyone agrees
Blizzard Employees Face Denial Of Privacy Attack
News  |  7/8/2010  | 
Protesting the end of anonymity in Blizzard's forums, a self-proclaimed 'nerdy white male' aggregates information on Blizzard employees to highlight the privacy risks of real names.
Fallen IBM Exec Merely Sought 'Business Clarity'
News  |  7/7/2010  | 
Bob Moffat says he was motivated by a lust for information, not money or sex, when he struck up affair with alleged co-conspirator.
Internal Sabotage Security Risks Rising
News  |  7/7/2010  | 
Snooping by IT administrators is also increasing, according to a survey from Cyber-Ark Software.
Popular Windows Apps Reject Microsoft Security Features
Quick Hits  |  7/2/2010  | 
Some third-party applications aren't using Microsoft's Windows DEP, ASLR security
Google Dashboard Now Showing Security Warnings
News  |  7/1/2010  | 
Hoping to make its cloud services more secure, Google is extending a Gmail security mechanism to other services.
FEMA Cybersecurity Fix Could Take Years
News  |  7/1/2010  | 
Auditors find dozens of security problems with the Federal Emergency Management Agency's financial systems.


Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7227
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.