Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in July 2011
Legacy Support Leaves Chip-And-PIN Vulnerable, Researcher Says
News  |  7/31/2011  | 
Black Hat talk will show that security and backwards compatibility are at odds in popular authentication technology
Mac OS X Lion Password Vulnerability: Sleep Mode
News  |  7/29/2011  | 
Forensic software can exploit a seven-year-old FireWire design error to snoop system memory for passwords, even for devices that are locked or in sleep mode.
Facebook Dinner Date Turns Supermarket Robbery
News  |  7/29/2011  | 
Robbers in Belgium used a fake Facebook profile to kidnap a supermarket manager, steal his keys, and empty the store's safe.
Putting Data In The Cloud? Retain Control
News  |  7/28/2011  | 
Security researcher warns many companies are trading catastrophic problems for gains in efficiency
RSA SecurID Breach Cost $66 Million
News  |  7/28/2011  | 
EMC details second quarter 2011 cost to replace tokens, monitor customers, and handle fallout from RSA's SecurID breach.
Social Media Vs. Organized Crime
News  |  7/27/2011  | 
White House launches plan to leverage social networks and new intelligence and information sharing technologies to fight crime on a global scale.
Black Hat Pwnies Nominate LulzSec, Anonymous
News  |  7/27/2011  | 
Hacker groups among nominees for "Epic 0wnage" award, while Sony is sole nominee for "Epic Fail" distinction.
Anonymous Boycotts PayPal, Arrest Fallout Continues
News  |  7/27/2011  | 
Alleged hacker arrested in FBI sting on PayPal attacks faces Internet ban, while hacktivist group calls for PayPal boycott.
Metasploit Pro Gets SIEM, Cloud Integration
Quick Hits  |  7/26/2011  | 
Rapid7's new Metasploit Pro release, 4.0, automates more workflow tasks
Apple OS X Targeted By Remote Backdoor Malware
News  |  7/26/2011  | 
Researchers say a remote-controlled Trojan application, known as the Olyx backdoor, is going after OS X devices.
Product Watch: Norman Introduces 'Hybrid Sandboxing' Malware Analysis
News  |  7/26/2011  | 
Malware Analyzer G2 combines emulation, virtualization in one environment
Blended Web Attacks Hitting More Websites
News  |  7/25/2011  | 
Hackers increasingly use four top techniques, such as cross site scripting and SQL injection, in combination, researchers say.
Apple Laptop Batteries Hacked By Researcher
News  |  7/25/2011  | 
Attackers could use a password weakness to render your laptop's battery useless--or overcharge it to start a fire, researcher warns.
Sony Insurer Disputes Breach Insurance Claims
News  |  7/25/2011  | 
A cautionary tale for enterprises that think they have data breach insurance.
Not Your Average Linux Distribution: DOD's Flavor
News  |  7/22/2011  | 
The Department of Defense has released a unique Linux distribution with special security considerations for telecommuters.
How To Respond To A Denial Of Service Attack
News  |  7/22/2011  | 
You can't prevent an overwhelming DDoS attack, but you can minimize its impact. Here's how.
Google Hacking Tools Prepped For Black Hat
News  |  7/21/2011  | 
'Diggity' family of search tools will help security teams and pen testers find searchable flaws before bad guys, Stach & Liu researchers say.
Researchers Prepare Google Hacking Tools For Black Hat -- Hot Diggity!
News  |  7/20/2011  | 
Family of search tools will help security teams and pen testers find searchable flaws before bad guys, Stach & Liu researchers say
Google Tries Flagging Malware For Users
Quick Hits  |  7/20/2011  | 
Search engine will warn users if it detects a specific attack on their machines
Google Warns Searchers Of Windows Malware Infection
News  |  7/20/2011  | 
Google has started alerting users running Windows about a specific form of local malware it can detect through network traffic flows.
More Windows Kernel Vulnerabilities May Emerge
News  |  7/19/2011  | 
After issuing dozens of patches this year, Microsoft may still have more work to do, Black Hat speaker warns.
4 Basic Security Steps For SMBs
News  |  7/18/2011  | 
Time and budget limitations make poor excuses for a lack of security. Here are four key considerations for resource-constrained IT administrators at smaller companies.
Telex Promises Path Around State-Sponsored Net Censorship
News  |  7/18/2011  | 
Tech researchers have developed a way that ISPs can help Internet users avoid censorship roadblocks.
Feds Issue Government Teleworker Security Guidelines
News  |  7/18/2011  | 
OMB rules apply to departments, agencies that must secure access to wireless networks and IT systems when employees work remotely.
U.S. Military Outlines Cyber Security Strategy
News  |  7/14/2011  | 
The strategy focuses on bolstering the military's cyber defenses with new technology, new organizations, and new partnerships with the private sector and foreign allies.
Breaches, Compliance Fuel Database Security Growth
News  |  7/14/2011  | 
Database activity monitoring gains attention, but market consolidation may be afoot.
Report: Sixty Percent Of Users Are Running Unpatched Versions Of Adobe
Quick Hits  |  7/13/2011  | 
Vulnerabilities in software could lead to breaches, Avast Software study warns
Microsoft Patches 'Critical' Bluetooth Vulnerability
News  |  7/13/2011  | 
Fix among 22 issues addressed by Patch Tuesday
P2P Networks Expose Healthcare Data To Identity Theft
News  |  7/13/2011  | 
File-sharing software can open healthcare organization networks to criminal activity.
U.S., Russia Forge Cybersecurity Pact
News  |  7/12/2011  | 
The two countries plan to regularly share information and improve communication on security, as part of Obama administration plan.
Antisec Attacks An Urgent Wake-Up: InformationWeek Now
Commentary  |  7/12/2011  | 
It's difficult to gauge the ethos of these next generation hackers. If I could summarize, it's this: Punish.
Five Steps To Protect Against LulzSec
News  |  7/12/2011  | 
Targeted attacks are a reality today, especially with the likes of hacktivist groups such as Anonymous.
Microsoft Security Center Delivered Adult Content Links
News  |  7/11/2011  | 
Attackers hacked search results generated by Microsoft's own search engine and served up some adult-oriented links.
Homeland Security: Devices, Components Coming In With Malware
News  |  7/11/2011  | 
Some imported components for electronic and computer hardware pose a complicated security risk, says the Department of Homeland Security.
As SQL Injection Attacks Surge, New Report Offers Insight On How To Prevent Them
News  |  7/10/2011  | 
SQL injection has taken its place among the top Web threats and compromised some of the Internet’s best-known companies. Here's a look at how SQL injection attacks happen -- and what you can do about it
New Research Names Top 10 Malware Delivery Networks
Quick Hits  |  7/9/2011  | 
Emerging category of networks is distinct from botnets, Blue Coat study says
Google Implements WebGL Security Fix
News  |  7/8/2011  | 
Web developers wishing to make use of cross-domain media elements with WebGL should look to a new mechanism called CORS.
Reports: DHS, IRS Databases At Risk
News  |  7/8/2011  | 
Protected critical infrastructure information at risk in DHS data stores, IG report says
Florida Election Servers Hacked Again
News  |  7/8/2011  | 
After state officials boasted about security improvements following a breach, a hacker once again breached the same voter record systems.
UCLA Health System Pays $865,000 Over Privacy Charges
News  |  7/8/2011  | 
Employees allegedly looked at personal health records of celebrities such as Tom Cruise and Farrah Fawcett.
Italian Police Arrest Alleged Anonymous Hackers
News  |  7/7/2011  | 
Authorities in Switzerland also crack down on members of the loosely organized hacking collective known as Anonymous.
DARPA's Peiter 'Mudge' Zatko Takes Keynote Stage At Black Hat USA 2011
News  |  7/7/2011  | 
Zatko is the inventor of L0phtCrack, AntiSniff, L0phtWatch/Tempwatch, and SLINT
Researchers Dissect The Underground Economy Of Fake Antivirus Software
News  |  7/6/2011  | 
Scareware pushers see more than 2 percent sales conversion, make millions in profit -- and even offer refunds
HP TouchPad, Smartphone Hacked
News  |  7/6/2011  | 
The WebOS mobile operating system platform is vulnerable to XSS, cross-site request forgery based upon a researcher's published proof-of-concept for an attack.
End-User Security: SMBs Prefer Invisibility
News  |  7/5/2011  | 
Social media and mutating malware have changed the threat landscape, prompting smaller companies to list education and security users don't notice as top needs, Symantec found during the Endpoint Protection 12 public beta.
Researcher Demonstrates HP TouchPad, Smartphone Hack
News  |  7/5/2011  | 
Mobile operating system platform vulnerable to XSS, cross-site request forgery
LulzSec's Top 3 Hacking Tools Deconstructed
News  |  7/5/2011  | 
Analysis suggests LulzSec was most effective using a relatively unknown vulnerability to launch large-scale, botnet-driven attacks against everyone from Sony to the Senate.
Fox News Twitter Account Hacked, Claims Obama Killed
News  |  7/5/2011  | 
Weak or reused passwords likely exploited by group with Anonymous hacking collective sympathies.
Inside Indestructible Botnet, Security Experts See Flaws
News  |  7/1/2011  | 
The huge TDL4 botnet has snared 4.5 million PCs, as the malware creators pay handsomely for results. But experts say it's sneaky, not unstoppable.
4 Tips: Make Your SMB Website More Secure
News  |  7/1/2011  | 
Consider this expert advice on how small and midsize businesses can build websites that are well-protected from attacks--and keep them safe.


Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7227
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.