Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in July 2011
Legacy Support Leaves Chip-And-PIN Vulnerable, Researcher Says
News  |  7/31/2011  | 
Black Hat talk will show that security and backwards compatibility are at odds in popular authentication technology
Mac OS X Lion Password Vulnerability: Sleep Mode
News  |  7/29/2011  | 
Forensic software can exploit a seven-year-old FireWire design error to snoop system memory for passwords, even for devices that are locked or in sleep mode.
Facebook Dinner Date Turns Supermarket Robbery
News  |  7/29/2011  | 
Robbers in Belgium used a fake Facebook profile to kidnap a supermarket manager, steal his keys, and empty the store's safe.
Putting Data In The Cloud? Retain Control
News  |  7/28/2011  | 
Security researcher warns many companies are trading catastrophic problems for gains in efficiency
RSA SecurID Breach Cost $66 Million
News  |  7/28/2011  | 
EMC details second quarter 2011 cost to replace tokens, monitor customers, and handle fallout from RSA's SecurID breach.
Social Media Vs. Organized Crime
News  |  7/27/2011  | 
White House launches plan to leverage social networks and new intelligence and information sharing technologies to fight crime on a global scale.
Black Hat Pwnies Nominate LulzSec, Anonymous
News  |  7/27/2011  | 
Hacker groups among nominees for "Epic 0wnage" award, while Sony is sole nominee for "Epic Fail" distinction.
Anonymous Boycotts PayPal, Arrest Fallout Continues
News  |  7/27/2011  | 
Alleged hacker arrested in FBI sting on PayPal attacks faces Internet ban, while hacktivist group calls for PayPal boycott.
Metasploit Pro Gets SIEM, Cloud Integration
Quick Hits  |  7/26/2011  | 
Rapid7's new Metasploit Pro release, 4.0, automates more workflow tasks
Apple OS X Targeted By Remote Backdoor Malware
News  |  7/26/2011  | 
Researchers say a remote-controlled Trojan application, known as the Olyx backdoor, is going after OS X devices.
Product Watch: Norman Introduces 'Hybrid Sandboxing' Malware Analysis
News  |  7/26/2011  | 
Malware Analyzer G2 combines emulation, virtualization in one environment
Blended Web Attacks Hitting More Websites
News  |  7/25/2011  | 
Hackers increasingly use four top techniques, such as cross site scripting and SQL injection, in combination, researchers say.
Apple Laptop Batteries Hacked By Researcher
News  |  7/25/2011  | 
Attackers could use a password weakness to render your laptop's battery useless--or overcharge it to start a fire, researcher warns.
Sony Insurer Disputes Breach Insurance Claims
News  |  7/25/2011  | 
A cautionary tale for enterprises that think they have data breach insurance.
Not Your Average Linux Distribution: DOD's Flavor
News  |  7/22/2011  | 
The Department of Defense has released a unique Linux distribution with special security considerations for telecommuters.
How To Respond To A Denial Of Service Attack
News  |  7/22/2011  | 
You can't prevent an overwhelming DDoS attack, but you can minimize its impact. Here's how.
Google Hacking Tools Prepped For Black Hat
News  |  7/21/2011  | 
'Diggity' family of search tools will help security teams and pen testers find searchable flaws before bad guys, Stach & Liu researchers say.
Researchers Prepare Google Hacking Tools For Black Hat -- Hot Diggity!
News  |  7/20/2011  | 
Family of search tools will help security teams and pen testers find searchable flaws before bad guys, Stach & Liu researchers say
Google Tries Flagging Malware For Users
Quick Hits  |  7/20/2011  | 
Search engine will warn users if it detects a specific attack on their machines
Google Warns Searchers Of Windows Malware Infection
News  |  7/20/2011  | 
Google has started alerting users running Windows about a specific form of local malware it can detect through network traffic flows.
More Windows Kernel Vulnerabilities May Emerge
News  |  7/19/2011  | 
After issuing dozens of patches this year, Microsoft may still have more work to do, Black Hat speaker warns.
4 Basic Security Steps For SMBs
News  |  7/18/2011  | 
Time and budget limitations make poor excuses for a lack of security. Here are four key considerations for resource-constrained IT administrators at smaller companies.
Telex Promises Path Around State-Sponsored Net Censorship
News  |  7/18/2011  | 
Tech researchers have developed a way that ISPs can help Internet users avoid censorship roadblocks.
Feds Issue Government Teleworker Security Guidelines
News  |  7/18/2011  | 
OMB rules apply to departments, agencies that must secure access to wireless networks and IT systems when employees work remotely.
U.S. Military Outlines Cyber Security Strategy
News  |  7/14/2011  | 
The strategy focuses on bolstering the military's cyber defenses with new technology, new organizations, and new partnerships with the private sector and foreign allies.
Breaches, Compliance Fuel Database Security Growth
News  |  7/14/2011  | 
Database activity monitoring gains attention, but market consolidation may be afoot.
Report: Sixty Percent Of Users Are Running Unpatched Versions Of Adobe
Quick Hits  |  7/13/2011  | 
Vulnerabilities in software could lead to breaches, Avast Software study warns
Microsoft Patches 'Critical' Bluetooth Vulnerability
News  |  7/13/2011  | 
Fix among 22 issues addressed by Patch Tuesday
P2P Networks Expose Healthcare Data To Identity Theft
News  |  7/13/2011  | 
File-sharing software can open healthcare organization networks to criminal activity.
U.S., Russia Forge Cybersecurity Pact
News  |  7/12/2011  | 
The two countries plan to regularly share information and improve communication on security, as part of Obama administration plan.
Antisec Attacks An Urgent Wake-Up: InformationWeek Now
Commentary  |  7/12/2011  | 
It's difficult to gauge the ethos of these next generation hackers. If I could summarize, it's this: Punish.
Five Steps To Protect Against LulzSec
News  |  7/12/2011  | 
Targeted attacks are a reality today, especially with the likes of hacktivist groups such as Anonymous.
Microsoft Security Center Delivered Adult Content Links
News  |  7/11/2011  | 
Attackers hacked search results generated by Microsoft's own search engine and served up some adult-oriented links.
Homeland Security: Devices, Components Coming In With Malware
News  |  7/11/2011  | 
Some imported components for electronic and computer hardware pose a complicated security risk, says the Department of Homeland Security.
As SQL Injection Attacks Surge, New Report Offers Insight On How To Prevent Them
News  |  7/10/2011  | 
SQL injection has taken its place among the top Web threats and compromised some of the Internet’s best-known companies. Here's a look at how SQL injection attacks happen -- and what you can do about it
New Research Names Top 10 Malware Delivery Networks
Quick Hits  |  7/9/2011  | 
Emerging category of networks is distinct from botnets, Blue Coat study says
Google Implements WebGL Security Fix
News  |  7/8/2011  | 
Web developers wishing to make use of cross-domain media elements with WebGL should look to a new mechanism called CORS.
Reports: DHS, IRS Databases At Risk
News  |  7/8/2011  | 
Protected critical infrastructure information at risk in DHS data stores, IG report says
Florida Election Servers Hacked Again
News  |  7/8/2011  | 
After state officials boasted about security improvements following a breach, a hacker once again breached the same voter record systems.
UCLA Health System Pays $865,000 Over Privacy Charges
News  |  7/8/2011  | 
Employees allegedly looked at personal health records of celebrities such as Tom Cruise and Farrah Fawcett.
Italian Police Arrest Alleged Anonymous Hackers
News  |  7/7/2011  | 
Authorities in Switzerland also crack down on members of the loosely organized hacking collective known as Anonymous.
DARPA's Peiter 'Mudge' Zatko Takes Keynote Stage At Black Hat USA 2011
News  |  7/7/2011  | 
Zatko is the inventor of L0phtCrack, AntiSniff, L0phtWatch/Tempwatch, and SLINT
Researchers Dissect The Underground Economy Of Fake Antivirus Software
News  |  7/6/2011  | 
Scareware pushers see more than 2 percent sales conversion, make millions in profit -- and even offer refunds
HP TouchPad, Smartphone Hacked
News  |  7/6/2011  | 
The WebOS mobile operating system platform is vulnerable to XSS, cross-site request forgery based upon a researcher's published proof-of-concept for an attack.
End-User Security: SMBs Prefer Invisibility
News  |  7/5/2011  | 
Social media and mutating malware have changed the threat landscape, prompting smaller companies to list education and security users don't notice as top needs, Symantec found during the Endpoint Protection 12 public beta.
Researcher Demonstrates HP TouchPad, Smartphone Hack
News  |  7/5/2011  | 
Mobile operating system platform vulnerable to XSS, cross-site request forgery
LulzSec's Top 3 Hacking Tools Deconstructed
News  |  7/5/2011  | 
Analysis suggests LulzSec was most effective using a relatively unknown vulnerability to launch large-scale, botnet-driven attacks against everyone from Sony to the Senate.
Fox News Twitter Account Hacked, Claims Obama Killed
News  |  7/5/2011  | 
Weak or reused passwords likely exploited by group with Anonymous hacking collective sympathies.
Inside Indestructible Botnet, Security Experts See Flaws
News  |  7/1/2011  | 
The huge TDL4 botnet has snared 4.5 million PCs, as the malware creators pay handsomely for results. But experts say it's sneaky, not unstoppable.
4 Tips: Make Your SMB Website More Secure
News  |  7/1/2011  | 
Consider this expert advice on how small and midsize businesses can build websites that are well-protected from attacks--and keep them safe.


AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4147
PUBLISHED: 2019-09-16
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.
CVE-2019-5481
PUBLISHED: 2019-09-16
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
CVE-2019-5482
PUBLISHED: 2019-09-16
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
CVE-2019-15741
PUBLISHED: 2019-09-16
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
CVE-2019-16370
PUBLISHED: 2019-09-16
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.