Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in July 2013
U.K. Online Dating Sites Catch Heat On Privacy
News  |  7/31/2013  | 
Government and BBC investigations raise alarms about the industry's personal data handling practices, social media identity theft.
Intelligence Agencies Banned Lenovo PCs After Chinese Acquisition
Quick Hits  |  7/31/2013  | 
U.S. feared use of PCs built by Lenovo posed security threat long before spying concerns over Huaweii and ZTE surfaced
Microsoft Extends MAPP To Incident Responders And Offers Free Online URL, File Scanner
News  |  7/29/2013  | 
Microsoft Active Protections Program evolving to a protection, detection, and remediation program
Intelligence Agencies Banned Lenovo PCs After Chinese Acquisition
News  |  7/29/2013  | 
U.S. feared use of PCs built by Lenovo posed security threat long before spying concerns over Huaweii and ZTE surfaced.
Cheap Monitoring Highlights Dangers Of Internet Of Things
News  |  7/27/2013  | 
Using a network of cheap sensors, the home-brewed CreepyDOL system can track people by signals sent from their mobile devices
Barnaby Jack And The Hacker Ethos
Commentary  |  7/26/2013  | 
Barnaby Jack's untimely death should give us pause to remember why folks hack things and ultimately why pushing the boundaries of technology benefits us all
In Appreciation: Barnaby Jack
News  |  7/26/2013  | 
Industry mourns passing of intrepid and charismatic security researcher
Better Bug Bounties Mean Safer Software, More Research Demand
News  |  7/26/2013  | 
Companies should expect safer software as more companies adopt bug bounty programs and studies prove their effectiveness
Record-Setting Data Breach Highlights Corporate Security Risks
News  |  7/25/2013  | 
Case of five men indicted Thursday for allegedly stealing more than 160 million credit card numbers, in what Justice Department calls a record size scheme, shows how hard it is for business to deal with SQL injection attacks and similar approaches.
How Attackers Target And Exploit Critical Business Applications
Quick Hits  |  7/25/2013  | 
Applications such as ERP and CRM make businesses go, yet are often left unpatched and vulnerable
Firms Far From Taming The Tower Of APT Babel
News  |  7/25/2013  | 
Threat intelligence firms continue to have individual lexicons for advanced persistent threats, making information sharing more difficult
Campaign Launched To Kill Off The Password
News  |  7/24/2013  | 
The Petition Against Passwords calls for no more password login
Network Solutions Knocked Down Again
News  |  7/24/2013  | 
MySQL problems to blame for customers' website editing and permission change problems, says hosting provider, but users suspect more nefarious cause.
Royal Baby Malware Attacks
News  |  7/24/2013  | 
Hackers capitalize on mania for royal baby and upcoming zombie game; fake versions of real Android apps created via Master Key vulnerability found in China.
Visualization Helps Attackers Spot Flaws In Software's Armor
News  |  7/24/2013  | 
Using data visualization techniques, researchers make memory and randomization flaws easier to recognize, spotting vulnerabilities in anti-exploitation technology such as ASLR and DEP
'Next Big' Banking Trojan Spotted In Cybercrime Underground
Quick Hits  |  7/23/2013  | 
RSA says 'KINS' features a bootkit
Russian Trojan With Twist Targets Financial Details
News  |  7/23/2013  | 
Malware, designed to not infect Russian or Ukrainian PCs, is already for sale on cybercrime underground, says RSA.
SIM Card Hack A Wakeup Call
News  |  7/22/2013  | 
Crack of mobile SIM card crypto and virtual machine features could let an attacker target and clone a phone
APIs Giveth And APIs Taketh Away
Commentary  |  7/19/2013  | 
Despite the incredible power afforded by APIs exposing cloud, mobile and Web services, there is a downside. There always is
Tech Insight: Protecting Against Risks Posed By Anonymization Tools
News  |  7/19/2013  | 
Snowden and NSA concerns are causing more users to seek anonymization and encryption tools that could cause security headaches for enterprises
3 Briefings That Highlight Infosec's High-Stakes Game
News  |  7/19/2013  | 
Spectacular exploits and worrying implications await
Huawei Spies For China, Former NSA Director Says
News  |  7/19/2013  | 
Michael Hayden, a former NSA and CIA chief, accuses Chinese telecom equipment maker Huawei of engaging in espionage on behalf of the Chinese state.
Java Dregs Create Unappetizing Enterprise Security Problem
News  |  7/18/2013  | 
Why is Java still such a security weakspot? Java updates don't nuke all older versions, leaving plenty of well-known vulnerabilities for online attackers to exploit.
'Write Once, Pwn Anywhere': Less Than 1 Percent Of Enterprises Run Newest Version Of Java
Quick Hits  |  7/18/2013  | 
Most businesses have multiple, outdated versions of the app on their endpoints, new report finds
Service, Denied
News  |  7/17/2013  | 
Black Hat USA 2013 has lined up three DDoS-related Briefings, covering the topic from multiple angles
Google Play Has Apps Abusing Master Key Vulnerability
News  |  7/17/2013  | 
Two apps currently available for download in Google Play abuse the critical master key vulnerability that affects almost all Android devices. Is Google reviewing apps for the flaw?
Tumblr iPhone Vulnerability: Change Passwords Now
News  |  7/17/2013  | 
Passwords are transmitted in plaintext by Tumblr's iPhone and iPad apps, leaving them vulnerable to being intercepted.
'Tortilla' Spices Up Active Defense Ops
News  |  7/16/2013  | 
New free Tor tool, due out at Black Hat USA, aims to make the Tor anonymizing network easier to use for all types of intel-gathering
Android Users Can Patch Critical Flaw
News  |  7/16/2013  | 
ReKey app can be used to patch vulnerability that affects 99% of all Android smartphones and tablets, but requires rooting devices first.
NSA Surveillance: IT Pro Survey Says What?
Commentary  |  7/15/2013  | 
To understand the relationship between security and privacy, we should pay more attention to IT professionals and spend less time asking loaded questions.
WordPress, Other CMS Platforms Give Attackers Room For Creativity
News  |  7/15/2013  | 
Hackers use vulns in content management systems to accomplish everything from privilege escalation on servers to using connections to run command and control
Chrome Users More Likely To Ignore Security Warnings
News  |  7/15/2013  | 
Security messages affect user behavior -- as long as they're well-designed, according to study of Chrome and Firefox users.
Jay-Z App, Amazon Extension Slammed On Privacy
News  |  7/15/2013  | 
Android app offers free album for users' account, login info; meanwhile, Amazon 1Button extension for Chrome reports user activity to Amazon.
NSA Data Collection Worrisome For Global Firms
News  |  7/13/2013  | 
Microsoft, Google, Facebook, and other tech firms have downplayed their participation in government spying programs, but U.S. and international companies should worry about access to their data in the cloud
How Attackers Thwart Malware Investigation
News  |  7/11/2013  | 
A researcher at Black Hat USA this month will dissect a recent attack, showing off attackers' techniques for making malware analysis harder and intelligence gathering more time consuming
Overcome The Microsoft Mindset: Patch Faster
Commentary  |  7/11/2013  | 
Why can't vendors patch every critical bug like it was the Pwn2Own competition?
Generic TLDs Threaten Name Collisions, Information Leakage
News  |  7/11/2013  | 
Security problems could ensue if common internal TLDs -- such as .corp and .exchange -- are allowed to be registered
Hackers Tap Windows Bug Revealed By Google Researcher
News  |  7/10/2013  | 
Windows bug details disclosed by Google researcher Tavis Ormandy in May were quickly used by online attackers, Microsoft says.
Hack 99% Of Android Devices: Big Vulnerability
News  |  7/10/2013  | 
Critical vulnerability that affects almost all Android devices now in operation could allow attackers to use exploit code to easily infect devices with a Trojanized version of a legitimate app.
Preparing For Possible Future Crypto Attacks
News  |  7/10/2013  | 
Security experts warn that current advances in solving a complex problem could make a broad class of public-key crypto systems less secure
South Korean Bank Hackers Target U.S. Military Secrets
News  |  7/9/2013  | 
Wiper malware APT gang has been traced to four-year military espionage campaign.
12 Trends In Privacy And Security
News  |  7/9/2013  | 
Industry experts forecast top trends in data breach, privacy, and security
'Zombie Apocalypse' Broadcast Hoax Explained
News  |  7/9/2013  | 
Homeland Security details vulnerabilities in emergency alert equipment that have been exploited to create hoax broadcasts.
Microsoft Patch Tuesday Fixes Six Critical Bugs
News  |  7/9/2013  | 
Microsoft issues patches for an unusual number of critical vulnerabilities that encompass the company's entire software ecosystem.
Below The Application: The High Risk Of Low-Level Threats
Quick Hits  |  7/9/2013  | 
In-memory attacks and rootkits may hit your systems below the OS. Here are some tips to help your defense
Controlling The Big 7
Commentary  |  7/7/2013  | 
With limited resources, funding, and expertise, focusing on protecting the Big 7 applications will enable security professionals to reduce a large portion of their attack surface
Fake Twitter Accounts Remain Multimillion-Dollar Business
News  |  7/2/2013  | 
Barracuda Labs digs into the market for buying Twitter followers
Skype Bug Enables Android Lock Screen Bypass
News  |  7/2/2013  | 
Up to half a billion Android devices that have Skype installed are vulnerable to having their lock screen bypassed and being "attack-dialed."


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19033
PUBLISHED: 2019-11-21
Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account, by using any username and the hardcoded dev password.
CVE-2019-19191
PUBLISHED: 2019-11-21
Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user (the shibd account) after installation. This allows the user to escalate to root by pointing symlinks to files such as /etc/shadow.
CVE-2019-15511
PUBLISHED: 2019-11-21
An exploitable local privilege escalation vulnerability exists in the GalaxyClientService installed by GOG Galaxy. Due to Improper Access Control, an attacker can send unauthenticated local TCP packets to the service to gain SYSTEM privileges in Windows system where GOG Galaxy software is installed....
CVE-2019-16405
PUBLISHED: 2019-11-21
Centreon Web 19.04.4 allows Remote Code Execution by an administrator who can modify Macro Expression location settings.
CVE-2019-16406
PUBLISHED: 2019-11-21
Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron.