Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in July 2012
Olympics Tap Big Data To Enhance Security
News  |  7/31/2012  | 
Olympics crime fighters are using big data analysis techniques to identify suspicious activity, imminent threats, and unexpected holes that attackers could exploit.
HTML Access Control Busted By Security Researchers
News  |  7/31/2012  | 
Open source HTExploit tool can bypass a standard directory protection technique used to secure many types of Web pages, security experts demonstrated at Black Hat.
NIST Updates Computer Security Guides
News  |  7/30/2012  | 
Guidelines focus on wireless security and protecting mobile devices from intrusion.
Mac Malware Spies On Email, Survives Reboots
News  |  7/30/2012  | 
Crisis malware lets attackers install without an administrator password and intercept email, IM, and other communications.
Power Plant Hack Talk, Free Tools Pulled From Def Con Lineup
News  |  7/29/2012  | 
Def Con talk on bugs, tools for hacking power plants replaced with another talk on HMI flaws
Web Browser Weaknesses Make Tracking Easy
News  |  7/27/2012  | 
Researcher kicks off effort to catalog all the ways that browsers and popular add-ons can be used to track users
Strike Back At Hackers? Get A Lawyer
News  |  7/27/2012  | 
Don't risk legal troubles. Get advice before taking the offensive against cybercriminals, military security expert says at Black Hat.
Mass Router Infection Possible: Black Hat
News  |  7/27/2012  | 
Black Hat presenters detail how an HTML5-compliant browser could deliver malicious firmware, bring network-connected hardware under attackers' control.
JavaScript Botnet Sheds Light On Criminal Activity
News  |  7/27/2012  | 
A security research group uses cached JavaScript to control computers connecting to a malicious proxy, gaining intelligence on fraudsters and criminals
Apple Makes Black Hat Debut
News  |  7/26/2012  | 
But presentation by Apple security team member doesn't reveal any new security details or plans for iOS
FAA's New Flight Control System Has Security Holes: Researcher
News  |  7/26/2012  | 
At the Black Hat conference, a computer scientist demonstrates how 'fake airplanes' can be inserted into FAA's upcoming air traffic control system.
Mahdi Malware Makers Push Anti-American Update
News  |  7/26/2012  | 
Spy malware, seemingly built by Iranians, gets update that searches for "USA" and "gov" on targeted machines, security researcher says at Black Hat.
Android Takeover With The Swipe Of A Smartphone
News  |  7/25/2012  | 
Security researcher discovers near-field communication (NFC) is a greenfield of security risks
Researchers To Launch New Tools For Search Engine Hacking
Quick Hits  |  7/25/2012  | 
Free 'Diggity' data mining tools can identify and extract sensitive information from many popular cloud-based services
Dark Reading, Black Hat Partner To Produce Daily Conference Newsletter
Quick Hits  |  7/24/2012  | 
Dark Reading newsletter subscribers, conference attendees will receive three days of Black Hat show coverage
Two-Thirds Of IT Pros Don't Know Who Has Local Admin Rights
News  |  7/23/2012  | 
Admin rights can be used by malware to install malicious software on local computers through the administrator account
When Hackers Meet Girlfriends: Readers Judge Our Theory
Commentary  |  7/23/2012  | 
My modest proposal to deter law-breaking hackers by helping them get girlfriends sparked condemnation, support, and even marriage advice.
Black Hat: The Phishing Scare That Wasn't
Quick Hits  |  7/23/2012  | 
Email glitch causes concern among security pros attending major industry event, but ends with humor
Apple Yanks Privacy Watcher From App Store
News  |  7/20/2012  | 
Clueful privacy app reported on free iOS apps' data-gathering practices, found 41% tracking users' location.
Smart Grid Researcher Releases Open Source Meter-Hacking Tool
News  |  7/19/2012  | 
'Termineter' unleashed prior to presentations on smart meter security next week at BSides, Black Hat USA
Attacking SCADA And Relative Cost Of Entry
Commentary  |  7/19/2012  | 
SCADA technologies have been increasingly targeted by shadowy adversaries: Does that mean impending doom?
Firefox 14 Secures Google Search Queries
News  |  7/17/2012  | 
Security, interface, and gaming improvements debut in the latest version of Mozilla's Web browser.
Will Advanced Attackers Laugh At Your WAF?
News  |  7/17/2012  | 
Companies should not trust vendors' claims about Web application firewalls, says security engineer who at Black Hat USA will show 150 different ways attackers can get around Web defenses
'Waldo' Finds Ways To Abuse HTML5 WebSockets
News  |  7/17/2012  | 
Black Hat USA researchers to release free hacking tool and demonstrate how new communication channel could be used for XSS, denial-of-service, and hiding malicious or unauthorized traffic
Symantec Debuts Android Antivirus Software For Enterprises
News  |  7/17/2012  | 
Software interfaces with Symantec service that assesses apps from more than 70 app markets and blacklists malicious or suspicious choices.
AT&T To Sponsor Zero-Day Contest For Kids
News  |  7/16/2012  | 
Second annual DefCon Kids highlights mobile app security, responsible disclosure, social engineering, and other topics aimed at teaching the ways of white-hat hacking
Data Loss Prevention: What's The Use?
Commentary  |  7/13/2012  | 
Why deploy data loss prevention technologies if there are ways to circumvent the system?
Apple In-App Store Hacked
News  |  7/13/2012  | 
Hacker finds way to loot in-app store items and posts a how-to on YouTube.
Yahoo Password Breach: 7 Lessons Learned
News  |  7/13/2012  | 
What should businesses, users, and regulators take away from the Yahoo password breach? Start with encryption for all stored passwords.
More Data Breaches, Fewer Details For Victims
News  |  7/13/2012  | 
The number of hack attacks that result in breaches has increased, but businesses are releasing less information about what was stolen--or who's at fault.
Crimeware Developers Shift To More Obfuscation, Java Exploits
News  |  7/12/2012  | 
After making their code harder to reverse-engineer, exploit kits are now focusing on improving attacks
How To Select A DDoS Mitigation Service
News  |  7/12/2012  | 
Distributed denial-of-service attacks can flare up quickly and do serious damage. Time to call in the experts?
Instagram Closes Security Hole
News  |  7/12/2012  | 
A security researcher says the vulnerability could allow people to access photos taken by others, while Instagram says private photos can not be accessed
Blast Phishing Attack Fooled Many Users
News  |  7/12/2012  | 
Spam disguised as convincing emails from LinkedIn, Facebook, and other trusted entities were one targeted operation aimed at stealing online financial credentials, say Trend Micro researchers.
Free Android Apps Have Privacy Cost
News  |  7/12/2012  | 
More than half of free Android apps use advertising networks and exchanges. Most are legit, but about 5% interface with 'aggressive' networks that could threaten your privacy.
Yahoo Hack Leaks 453,000 Voice Passwords
News  |  7/12/2012  | 
Yahoo passwords were stored unencrypted and stolen via a SQL injection attack, attackers claim. Meanwhile, Formspring resets passwords for 28 million users after a password breach.
Stealing Documents Through Social Media Image-Sharing
News  |  7/11/2012  | 
Innocent-looking vacation pictures on Facebook could conceivably traffic exfiltrated documents, Black Hat researchers warn
Megaupload's Kim Dotcom Offers To Extradite Himself
News  |  7/11/2012  | 
Dotcom says he'll come to U.S. if DOJ will guarantee him a fair trial and unfreeze his assets to cover legal expenses and living costs.
More Android Malware Pulled From Google Play
News  |  7/11/2012  | 
Disguised as Mario Bros. and Grand Theft Auto games, the malware downloaded itself in stages to evade Google's automated security checks.
DarkComet Developer Retires Notorious Remote Access Tool
News  |  7/10/2012  | 
Some call DarkComet a tool; others call it a Trojan. RAT had been used by Syrian police and anti-Tibet organizations to spy on targeted computers.
Anonymous Hands WikiLeaks 2.4 Million Syrian Emails
News  |  7/10/2012  | 
Hacktivist group claims credit for data breach; turned to WikiLeaks to help process the emails.
DNSChanger Still A Threat
News  |  7/10/2012  | 
DNSChanger server shutdown on Monday didn't cause a significant disruption, but the danger is not over yet, security experts say.
'Clonewise' Security Service Helps Identify Vulnerable Code
News  |  7/9/2012  | 
Researcher at Black Hat to demonstrate service that can help find vulnerable libraries built into larger bodies of code
Yahoo Defends Android App, Botnet Questions Remain
News  |  7/9/2012  | 
Security firm traces torrent of spam to Yahoo's failure to activate HTTPS by default in its Android app.
Lessons Learned From Duqu
Quick Hits  |  7/9/2012  | 
The sophisticated Duqu exploit is one of the most complex ever seen. What does it tell you about your enterprise defenses?
Court Slams Bank For Ignoring Zeus Attack
News  |  7/5/2012  | 
Federal appeals court panel reverses previous ruling that construction company could not sue bank to recover $345,000 stolen by malware attackers.
Researchers Use Cloud To Clear Up Malware Evasion
News  |  7/3/2012  | 
An analysis project surveys the techniques used by malware to evade security software and plans to turn the research into a service to analyze malware
Flame Killing: Free Tool Spots Vulnerable Digital Certificates
News  |  7/3/2012  | 
One-quarter of enterprises still use insecure MD5 cryptographic hash function to sign their digital certificates, putting corporate secrets at risk.
Cyberattack Reports On U.S. Critical Infrastructure Jump Dramatically
News  |  7/2/2012  | 
A new report from ICS-CERT shows the number of reported incidents increased from 9 to 198 between 2009 and 2011.
British Police Bust Baltic Financial Malware Trio
News  |  7/2/2012  | 
Men face jail time for using SpyEye malware to steal consumers' online bank account information and launder $157,000. Separately, a TeamPoison hacker awaits sentencing for stealing former U.K. prime minister Tony Blair's online address book.


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
6 Top Nontechnical Degrees for Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/21/2019
Anatomy of a BEC Scam
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15593
PUBLISHED: 2019-11-22
GitLab 12.2.3 contains a security vulnerability that allows a user to affect the availability of the service through a Denial of Service attack in Issue Comments.
CVE-2019-16285
PUBLISHED: 2019-11-22
If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive.
CVE-2019-16286
PUBLISHED: 2019-11-22
An attacker may be able to bypass the OS application filter meant to restrict applications that can be executed by changing browser preferences to launch a separate process that in turn can execute arbitrary commands.
CVE-2019-16287
PUBLISHED: 2019-11-22
An attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed commands with elevated privileges.
CVE-2019-18909
PUBLISHED: 2019-11-22
The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges.