Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in July 2012
Olympics Tap Big Data To Enhance Security
News  |  7/31/2012  | 
Olympics crime fighters are using big data analysis techniques to identify suspicious activity, imminent threats, and unexpected holes that attackers could exploit.
HTML Access Control Busted By Security Researchers
News  |  7/31/2012  | 
Open source HTExploit tool can bypass a standard directory protection technique used to secure many types of Web pages, security experts demonstrated at Black Hat.
NIST Updates Computer Security Guides
News  |  7/30/2012  | 
Guidelines focus on wireless security and protecting mobile devices from intrusion.
Mac Malware Spies On Email, Survives Reboots
News  |  7/30/2012  | 
Crisis malware lets attackers install without an administrator password and intercept email, IM, and other communications.
Power Plant Hack Talk, Free Tools Pulled From Def Con Lineup
News  |  7/29/2012  | 
Def Con talk on bugs, tools for hacking power plants replaced with another talk on HMI flaws
Web Browser Weaknesses Make Tracking Easy
News  |  7/27/2012  | 
Researcher kicks off effort to catalog all the ways that browsers and popular add-ons can be used to track users
Strike Back At Hackers? Get A Lawyer
News  |  7/27/2012  | 
Don't risk legal troubles. Get advice before taking the offensive against cybercriminals, military security expert says at Black Hat.
Mass Router Infection Possible: Black Hat
News  |  7/27/2012  | 
Black Hat presenters detail how an HTML5-compliant browser could deliver malicious firmware, bring network-connected hardware under attackers' control.
JavaScript Botnet Sheds Light On Criminal Activity
News  |  7/27/2012  | 
A security research group uses cached JavaScript to control computers connecting to a malicious proxy, gaining intelligence on fraudsters and criminals
Apple Makes Black Hat Debut
News  |  7/26/2012  | 
But presentation by Apple security team member doesn't reveal any new security details or plans for iOS
FAA's New Flight Control System Has Security Holes: Researcher
News  |  7/26/2012  | 
At the Black Hat conference, a computer scientist demonstrates how 'fake airplanes' can be inserted into FAA's upcoming air traffic control system.
Mahdi Malware Makers Push Anti-American Update
News  |  7/26/2012  | 
Spy malware, seemingly built by Iranians, gets update that searches for "USA" and "gov" on targeted machines, security researcher says at Black Hat.
Android Takeover With The Swipe Of A Smartphone
News  |  7/25/2012  | 
Security researcher discovers near-field communication (NFC) is a greenfield of security risks
Researchers To Launch New Tools For Search Engine Hacking
Quick Hits  |  7/25/2012  | 
Free 'Diggity' data mining tools can identify and extract sensitive information from many popular cloud-based services
Dark Reading, Black Hat Partner To Produce Daily Conference Newsletter
Quick Hits  |  7/24/2012  | 
Dark Reading newsletter subscribers, conference attendees will receive three days of Black Hat show coverage
Two-Thirds Of IT Pros Don't Know Who Has Local Admin Rights
News  |  7/23/2012  | 
Admin rights can be used by malware to install malicious software on local computers through the administrator account
When Hackers Meet Girlfriends: Readers Judge Our Theory
Commentary  |  7/23/2012  | 
My modest proposal to deter law-breaking hackers by helping them get girlfriends sparked condemnation, support, and even marriage advice.
Black Hat: The Phishing Scare That Wasn't
Quick Hits  |  7/23/2012  | 
Email glitch causes concern among security pros attending major industry event, but ends with humor
Apple Yanks Privacy Watcher From App Store
News  |  7/20/2012  | 
Clueful privacy app reported on free iOS apps' data-gathering practices, found 41% tracking users' location.
Smart Grid Researcher Releases Open Source Meter-Hacking Tool
News  |  7/19/2012  | 
'Termineter' unleashed prior to presentations on smart meter security next week at BSides, Black Hat USA
Attacking SCADA And Relative Cost Of Entry
Commentary  |  7/19/2012  | 
SCADA technologies have been increasingly targeted by shadowy adversaries: Does that mean impending doom?
Firefox 14 Secures Google Search Queries
News  |  7/17/2012  | 
Security, interface, and gaming improvements debut in the latest version of Mozilla's Web browser.
Will Advanced Attackers Laugh At Your WAF?
News  |  7/17/2012  | 
Companies should not trust vendors' claims about Web application firewalls, says security engineer who at Black Hat USA will show 150 different ways attackers can get around Web defenses
'Waldo' Finds Ways To Abuse HTML5 WebSockets
News  |  7/17/2012  | 
Black Hat USA researchers to release free hacking tool and demonstrate how new communication channel could be used for XSS, denial-of-service, and hiding malicious or unauthorized traffic
Symantec Debuts Android Antivirus Software For Enterprises
News  |  7/17/2012  | 
Software interfaces with Symantec service that assesses apps from more than 70 app markets and blacklists malicious or suspicious choices.
AT&T To Sponsor Zero-Day Contest For Kids
News  |  7/16/2012  | 
Second annual DefCon Kids highlights mobile app security, responsible disclosure, social engineering, and other topics aimed at teaching the ways of white-hat hacking
Data Loss Prevention: What's The Use?
Commentary  |  7/13/2012  | 
Why deploy data loss prevention technologies if there are ways to circumvent the system?
Apple In-App Store Hacked
News  |  7/13/2012  | 
Hacker finds way to loot in-app store items and posts a how-to on YouTube.
Yahoo Password Breach: 7 Lessons Learned
News  |  7/13/2012  | 
What should businesses, users, and regulators take away from the Yahoo password breach? Start with encryption for all stored passwords.
More Data Breaches, Fewer Details For Victims
News  |  7/13/2012  | 
The number of hack attacks that result in breaches has increased, but businesses are releasing less information about what was stolen--or who's at fault.
Crimeware Developers Shift To More Obfuscation, Java Exploits
News  |  7/12/2012  | 
After making their code harder to reverse-engineer, exploit kits are now focusing on improving attacks
How To Select A DDoS Mitigation Service
News  |  7/12/2012  | 
Distributed denial-of-service attacks can flare up quickly and do serious damage. Time to call in the experts?
Instagram Closes Security Hole
News  |  7/12/2012  | 
A security researcher says the vulnerability could allow people to access photos taken by others, while Instagram says private photos can not be accessed
Blast Phishing Attack Fooled Many Users
News  |  7/12/2012  | 
Spam disguised as convincing emails from LinkedIn, Facebook, and other trusted entities were one targeted operation aimed at stealing online financial credentials, say Trend Micro researchers.
Free Android Apps Have Privacy Cost
News  |  7/12/2012  | 
More than half of free Android apps use advertising networks and exchanges. Most are legit, but about 5% interface with 'aggressive' networks that could threaten your privacy.
Yahoo Hack Leaks 453,000 Voice Passwords
News  |  7/12/2012  | 
Yahoo passwords were stored unencrypted and stolen via a SQL injection attack, attackers claim. Meanwhile, Formspring resets passwords for 28 million users after a password breach.
Stealing Documents Through Social Media Image-Sharing
News  |  7/11/2012  | 
Innocent-looking vacation pictures on Facebook could conceivably traffic exfiltrated documents, Black Hat researchers warn
Megaupload's Kim Dotcom Offers To Extradite Himself
News  |  7/11/2012  | 
Dotcom says he'll come to U.S. if DOJ will guarantee him a fair trial and unfreeze his assets to cover legal expenses and living costs.
More Android Malware Pulled From Google Play
News  |  7/11/2012  | 
Disguised as Mario Bros. and Grand Theft Auto games, the malware downloaded itself in stages to evade Google's automated security checks.
DarkComet Developer Retires Notorious Remote Access Tool
News  |  7/10/2012  | 
Some call DarkComet a tool; others call it a Trojan. RAT had been used by Syrian police and anti-Tibet organizations to spy on targeted computers.
Anonymous Hands WikiLeaks 2.4 Million Syrian Emails
News  |  7/10/2012  | 
Hacktivist group claims credit for data breach; turned to WikiLeaks to help process the emails.
DNSChanger Still A Threat
News  |  7/10/2012  | 
DNSChanger server shutdown on Monday didn't cause a significant disruption, but the danger is not over yet, security experts say.
'Clonewise' Security Service Helps Identify Vulnerable Code
News  |  7/9/2012  | 
Researcher at Black Hat to demonstrate service that can help find vulnerable libraries built into larger bodies of code
Yahoo Defends Android App, Botnet Questions Remain
News  |  7/9/2012  | 
Security firm traces torrent of spam to Yahoo's failure to activate HTTPS by default in its Android app.
Lessons Learned From Duqu
Quick Hits  |  7/9/2012  | 
The sophisticated Duqu exploit is one of the most complex ever seen. What does it tell you about your enterprise defenses?
Court Slams Bank For Ignoring Zeus Attack
News  |  7/5/2012  | 
Federal appeals court panel reverses previous ruling that construction company could not sue bank to recover $345,000 stolen by malware attackers.
Researchers Use Cloud To Clear Up Malware Evasion
News  |  7/3/2012  | 
An analysis project surveys the techniques used by malware to evade security software and plans to turn the research into a service to analyze malware
Flame Killing: Free Tool Spots Vulnerable Digital Certificates
News  |  7/3/2012  | 
One-quarter of enterprises still use insecure MD5 cryptographic hash function to sign their digital certificates, putting corporate secrets at risk.
Cyberattack Reports On U.S. Critical Infrastructure Jump Dramatically
News  |  7/2/2012  | 
A new report from ICS-CERT shows the number of reported incidents increased from 9 to 198 between 2009 and 2011.
British Police Bust Baltic Financial Malware Trio
News  |  7/2/2012  | 
Men face jail time for using SpyEye malware to steal consumers' online bank account information and launder $157,000. Separately, a TeamPoison hacker awaits sentencing for stealing former U.K. prime minister Tony Blair's online address book.


AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4147
PUBLISHED: 2019-09-16
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.
CVE-2019-5481
PUBLISHED: 2019-09-16
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
CVE-2019-5482
PUBLISHED: 2019-09-16
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
CVE-2019-15741
PUBLISHED: 2019-09-16
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
CVE-2019-16370
PUBLISHED: 2019-09-16
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.