Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in July 2011
Legacy Support Leaves Chip-And-PIN Vulnerable, Researcher Says
News  |  7/31/2011  | 
Black Hat talk will show that security and backwards compatibility are at odds in popular authentication technology
Mac OS X Lion Password Vulnerability: Sleep Mode
News  |  7/29/2011  | 
Forensic software can exploit a seven-year-old FireWire design error to snoop system memory for passwords, even for devices that are locked or in sleep mode.
Facebook Dinner Date Turns Supermarket Robbery
News  |  7/29/2011  | 
Robbers in Belgium used a fake Facebook profile to kidnap a supermarket manager, steal his keys, and empty the store's safe.
Putting Data In The Cloud? Retain Control
News  |  7/28/2011  | 
Security researcher warns many companies are trading catastrophic problems for gains in efficiency
RSA SecurID Breach Cost $66 Million
News  |  7/28/2011  | 
EMC details second quarter 2011 cost to replace tokens, monitor customers, and handle fallout from RSA's SecurID breach.
Social Media Vs. Organized Crime
News  |  7/27/2011  | 
White House launches plan to leverage social networks and new intelligence and information sharing technologies to fight crime on a global scale.
Black Hat Pwnies Nominate LulzSec, Anonymous
News  |  7/27/2011  | 
Hacker groups among nominees for "Epic 0wnage" award, while Sony is sole nominee for "Epic Fail" distinction.
Anonymous Boycotts PayPal, Arrest Fallout Continues
News  |  7/27/2011  | 
Alleged hacker arrested in FBI sting on PayPal attacks faces Internet ban, while hacktivist group calls for PayPal boycott.
Metasploit Pro Gets SIEM, Cloud Integration
Quick Hits  |  7/26/2011  | 
Rapid7's new Metasploit Pro release, 4.0, automates more workflow tasks
Apple OS X Targeted By Remote Backdoor Malware
News  |  7/26/2011  | 
Researchers say a remote-controlled Trojan application, known as the Olyx backdoor, is going after OS X devices.
Product Watch: Norman Introduces 'Hybrid Sandboxing' Malware Analysis
News  |  7/26/2011  | 
Malware Analyzer G2 combines emulation, virtualization in one environment
Blended Web Attacks Hitting More Websites
News  |  7/25/2011  | 
Hackers increasingly use four top techniques, such as cross site scripting and SQL injection, in combination, researchers say.
Apple Laptop Batteries Hacked By Researcher
News  |  7/25/2011  | 
Attackers could use a password weakness to render your laptop's battery useless--or overcharge it to start a fire, researcher warns.
Sony Insurer Disputes Breach Insurance Claims
News  |  7/25/2011  | 
A cautionary tale for enterprises that think they have data breach insurance.
Not Your Average Linux Distribution: DOD's Flavor
News  |  7/22/2011  | 
The Department of Defense has released a unique Linux distribution with special security considerations for telecommuters.
How To Respond To A Denial Of Service Attack
News  |  7/22/2011  | 
You can't prevent an overwhelming DDoS attack, but you can minimize its impact. Here's how.
Google Hacking Tools Prepped For Black Hat
News  |  7/21/2011  | 
'Diggity' family of search tools will help security teams and pen testers find searchable flaws before bad guys, Stach & Liu researchers say.
Researchers Prepare Google Hacking Tools For Black Hat -- Hot Diggity!
News  |  7/20/2011  | 
Family of search tools will help security teams and pen testers find searchable flaws before bad guys, Stach & Liu researchers say
Google Tries Flagging Malware For Users
Quick Hits  |  7/20/2011  | 
Search engine will warn users if it detects a specific attack on their machines
Google Warns Searchers Of Windows Malware Infection
News  |  7/20/2011  | 
Google has started alerting users running Windows about a specific form of local malware it can detect through network traffic flows.
More Windows Kernel Vulnerabilities May Emerge
News  |  7/19/2011  | 
After issuing dozens of patches this year, Microsoft may still have more work to do, Black Hat speaker warns.
4 Basic Security Steps For SMBs
News  |  7/18/2011  | 
Time and budget limitations make poor excuses for a lack of security. Here are four key considerations for resource-constrained IT administrators at smaller companies.
Telex Promises Path Around State-Sponsored Net Censorship
News  |  7/18/2011  | 
Tech researchers have developed a way that ISPs can help Internet users avoid censorship roadblocks.
Feds Issue Government Teleworker Security Guidelines
News  |  7/18/2011  | 
OMB rules apply to departments, agencies that must secure access to wireless networks and IT systems when employees work remotely.
U.S. Military Outlines Cyber Security Strategy
News  |  7/14/2011  | 
The strategy focuses on bolstering the military's cyber defenses with new technology, new organizations, and new partnerships with the private sector and foreign allies.
Breaches, Compliance Fuel Database Security Growth
News  |  7/14/2011  | 
Database activity monitoring gains attention, but market consolidation may be afoot.
Report: Sixty Percent Of Users Are Running Unpatched Versions Of Adobe
Quick Hits  |  7/13/2011  | 
Vulnerabilities in software could lead to breaches, Avast Software study warns
Microsoft Patches 'Critical' Bluetooth Vulnerability
News  |  7/13/2011  | 
Fix among 22 issues addressed by Patch Tuesday
P2P Networks Expose Healthcare Data To Identity Theft
News  |  7/13/2011  | 
File-sharing software can open healthcare organization networks to criminal activity.
U.S., Russia Forge Cybersecurity Pact
News  |  7/12/2011  | 
The two countries plan to regularly share information and improve communication on security, as part of Obama administration plan.
Antisec Attacks An Urgent Wake-Up: InformationWeek Now
Commentary  |  7/12/2011  | 
It's difficult to gauge the ethos of these next generation hackers. If I could summarize, it's this: Punish.
Five Steps To Protect Against LulzSec
News  |  7/12/2011  | 
Targeted attacks are a reality today, especially with the likes of hacktivist groups such as Anonymous.
Microsoft Security Center Delivered Adult Content Links
News  |  7/11/2011  | 
Attackers hacked search results generated by Microsoft's own search engine and served up some adult-oriented links.
Homeland Security: Devices, Components Coming In With Malware
News  |  7/11/2011  | 
Some imported components for electronic and computer hardware pose a complicated security risk, says the Department of Homeland Security.
As SQL Injection Attacks Surge, New Report Offers Insight On How To Prevent Them
News  |  7/10/2011  | 
SQL injection has taken its place among the top Web threats and compromised some of the Internet’s best-known companies. Here's a look at how SQL injection attacks happen -- and what you can do about it
New Research Names Top 10 Malware Delivery Networks
Quick Hits  |  7/9/2011  | 
Emerging category of networks is distinct from botnets, Blue Coat study says
Google Implements WebGL Security Fix
News  |  7/8/2011  | 
Web developers wishing to make use of cross-domain media elements with WebGL should look to a new mechanism called CORS.
Reports: DHS, IRS Databases At Risk
News  |  7/8/2011  | 
Protected critical infrastructure information at risk in DHS data stores, IG report says
Florida Election Servers Hacked Again
News  |  7/8/2011  | 
After state officials boasted about security improvements following a breach, a hacker once again breached the same voter record systems.
UCLA Health System Pays $865,000 Over Privacy Charges
News  |  7/8/2011  | 
Employees allegedly looked at personal health records of celebrities such as Tom Cruise and Farrah Fawcett.
Italian Police Arrest Alleged Anonymous Hackers
News  |  7/7/2011  | 
Authorities in Switzerland also crack down on members of the loosely organized hacking collective known as Anonymous.
DARPA's Peiter 'Mudge' Zatko Takes Keynote Stage At Black Hat USA 2011
News  |  7/7/2011  | 
Zatko is the inventor of L0phtCrack, AntiSniff, L0phtWatch/Tempwatch, and SLINT
Researchers Dissect The Underground Economy Of Fake Antivirus Software
News  |  7/6/2011  | 
Scareware pushers see more than 2 percent sales conversion, make millions in profit -- and even offer refunds
HP TouchPad, Smartphone Hacked
News  |  7/6/2011  | 
The WebOS mobile operating system platform is vulnerable to XSS, cross-site request forgery based upon a researcher's published proof-of-concept for an attack.
End-User Security: SMBs Prefer Invisibility
News  |  7/5/2011  | 
Social media and mutating malware have changed the threat landscape, prompting smaller companies to list education and security users don't notice as top needs, Symantec found during the Endpoint Protection 12 public beta.
Researcher Demonstrates HP TouchPad, Smartphone Hack
News  |  7/5/2011  | 
Mobile operating system platform vulnerable to XSS, cross-site request forgery
LulzSec's Top 3 Hacking Tools Deconstructed
News  |  7/5/2011  | 
Analysis suggests LulzSec was most effective using a relatively unknown vulnerability to launch large-scale, botnet-driven attacks against everyone from Sony to the Senate.
Fox News Twitter Account Hacked, Claims Obama Killed
News  |  7/5/2011  | 
Weak or reused passwords likely exploited by group with Anonymous hacking collective sympathies.
Inside Indestructible Botnet, Security Experts See Flaws
News  |  7/1/2011  | 
The huge TDL4 botnet has snared 4.5 million PCs, as the malware creators pay handsomely for results. But experts say it's sneaky, not unstoppable.
4 Tips: Make Your SMB Website More Secure
News  |  7/1/2011  | 
Consider this expert advice on how small and midsize businesses can build websites that are well-protected from attacks--and keep them safe.


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
6 Top Nontechnical Degrees for Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/21/2019
Anatomy of a BEC Scam
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15593
PUBLISHED: 2019-11-22
GitLab 12.2.3 contains a security vulnerability that allows a user to affect the availability of the service through a Denial of Service attack in Issue Comments.
CVE-2019-16285
PUBLISHED: 2019-11-22
If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive.
CVE-2019-16286
PUBLISHED: 2019-11-22
An attacker may be able to bypass the OS application filter meant to restrict applications that can be executed by changing browser preferences to launch a separate process that in turn can execute arbitrary commands.
CVE-2019-16287
PUBLISHED: 2019-11-22
An attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed commands with elevated privileges.
CVE-2019-18909
PUBLISHED: 2019-11-22
The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges.