Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management

News & Commentary

Content tagged with Vulnerabilities / Threats posted in July 2013
U.K. Online Dating Sites Catch Heat On Privacy
News  |  7/31/2013  | 
Government and BBC investigations raise alarms about the industry's personal data handling practices, social media identity theft.
Intelligence Agencies Banned Lenovo PCs After Chinese Acquisition
Quick Hits  |  7/31/2013  | 
U.S. feared use of PCs built by Lenovo posed security threat long before spying concerns over Huaweii and ZTE surfaced
Microsoft Extends MAPP To Incident Responders And Offers Free Online URL, File Scanner
News  |  7/29/2013  | 
Microsoft Active Protections Program evolving to a protection, detection, and remediation program
Intelligence Agencies Banned Lenovo PCs After Chinese Acquisition
News  |  7/29/2013  | 
U.S. feared use of PCs built by Lenovo posed security threat long before spying concerns over Huaweii and ZTE surfaced.
Cheap Monitoring Highlights Dangers Of Internet Of Things
News  |  7/27/2013  | 
Using a network of cheap sensors, the home-brewed CreepyDOL system can track people by signals sent from their mobile devices
Barnaby Jack And The Hacker Ethos
Commentary  |  7/26/2013  | 
Barnaby Jack's untimely death should give us pause to remember why folks hack things and ultimately why pushing the boundaries of technology benefits us all
In Appreciation: Barnaby Jack
News  |  7/26/2013  | 
Industry mourns passing of intrepid and charismatic security researcher
Better Bug Bounties Mean Safer Software, More Research Demand
News  |  7/26/2013  | 
Companies should expect safer software as more companies adopt bug bounty programs and studies prove their effectiveness
Record-Setting Data Breach Highlights Corporate Security Risks
News  |  7/25/2013  | 
Case of five men indicted Thursday for allegedly stealing more than 160 million credit card numbers, in what Justice Department calls a record size scheme, shows how hard it is for business to deal with SQL injection attacks and similar approaches.
How Attackers Target And Exploit Critical Business Applications
Quick Hits  |  7/25/2013  | 
Applications such as ERP and CRM make businesses go, yet are often left unpatched and vulnerable
Firms Far From Taming The Tower Of APT Babel
News  |  7/25/2013  | 
Threat intelligence firms continue to have individual lexicons for advanced persistent threats, making information sharing more difficult
Campaign Launched To Kill Off The Password
News  |  7/24/2013  | 
The Petition Against Passwords calls for no more password login
Network Solutions Knocked Down Again
News  |  7/24/2013  | 
MySQL problems to blame for customers' website editing and permission change problems, says hosting provider, but users suspect more nefarious cause.
Royal Baby Malware Attacks
News  |  7/24/2013  | 
Hackers capitalize on mania for royal baby and upcoming zombie game; fake versions of real Android apps created via Master Key vulnerability found in China.
Visualization Helps Attackers Spot Flaws In Software's Armor
News  |  7/24/2013  | 
Using data visualization techniques, researchers make memory and randomization flaws easier to recognize, spotting vulnerabilities in anti-exploitation technology such as ASLR and DEP
'Next Big' Banking Trojan Spotted In Cybercrime Underground
Quick Hits  |  7/23/2013  | 
RSA says 'KINS' features a bootkit
Russian Trojan With Twist Targets Financial Details
News  |  7/23/2013  | 
Malware, designed to not infect Russian or Ukrainian PCs, is already for sale on cybercrime underground, says RSA.
SIM Card Hack A Wakeup Call
News  |  7/22/2013  | 
Crack of mobile SIM card crypto and virtual machine features could let an attacker target and clone a phone
APIs Giveth And APIs Taketh Away
Commentary  |  7/19/2013  | 
Despite the incredible power afforded by APIs exposing cloud, mobile and Web services, there is a downside. There always is
Tech Insight: Protecting Against Risks Posed By Anonymization Tools
News  |  7/19/2013  | 
Snowden and NSA concerns are causing more users to seek anonymization and encryption tools that could cause security headaches for enterprises
3 Briefings That Highlight Infosec's High-Stakes Game
News  |  7/19/2013  | 
Spectacular exploits and worrying implications await
Huawei Spies For China, Former NSA Director Says
News  |  7/19/2013  | 
Michael Hayden, a former NSA and CIA chief, accuses Chinese telecom equipment maker Huawei of engaging in espionage on behalf of the Chinese state.
Java Dregs Create Unappetizing Enterprise Security Problem
News  |  7/18/2013  | 
Why is Java still such a security weakspot? Java updates don't nuke all older versions, leaving plenty of well-known vulnerabilities for online attackers to exploit.
'Write Once, Pwn Anywhere': Less Than 1 Percent Of Enterprises Run Newest Version Of Java
Quick Hits  |  7/18/2013  | 
Most businesses have multiple, outdated versions of the app on their endpoints, new report finds
Service, Denied
News  |  7/17/2013  | 
Black Hat USA 2013 has lined up three DDoS-related Briefings, covering the topic from multiple angles
Google Play Has Apps Abusing Master Key Vulnerability
News  |  7/17/2013  | 
Two apps currently available for download in Google Play abuse the critical master key vulnerability that affects almost all Android devices. Is Google reviewing apps for the flaw?
Tumblr iPhone Vulnerability: Change Passwords Now
News  |  7/17/2013  | 
Passwords are transmitted in plaintext by Tumblr's iPhone and iPad apps, leaving them vulnerable to being intercepted.
'Tortilla' Spices Up Active Defense Ops
News  |  7/16/2013  | 
New free Tor tool, due out at Black Hat USA, aims to make the Tor anonymizing network easier to use for all types of intel-gathering
Android Users Can Patch Critical Flaw
News  |  7/16/2013  | 
ReKey app can be used to patch vulnerability that affects 99% of all Android smartphones and tablets, but requires rooting devices first.
NSA Surveillance: IT Pro Survey Says What?
Commentary  |  7/15/2013  | 
To understand the relationship between security and privacy, we should pay more attention to IT professionals and spend less time asking loaded questions.
WordPress, Other CMS Platforms Give Attackers Room For Creativity
News  |  7/15/2013  | 
Hackers use vulns in content management systems to accomplish everything from privilege escalation on servers to using connections to run command and control
Chrome Users More Likely To Ignore Security Warnings
News  |  7/15/2013  | 
Security messages affect user behavior -- as long as they're well-designed, according to study of Chrome and Firefox users.
Jay-Z App, Amazon Extension Slammed On Privacy
News  |  7/15/2013  | 
Android app offers free album for users' account, login info; meanwhile, Amazon 1Button extension for Chrome reports user activity to Amazon.
NSA Data Collection Worrisome For Global Firms
News  |  7/13/2013  | 
Microsoft, Google, Facebook, and other tech firms have downplayed their participation in government spying programs, but U.S. and international companies should worry about access to their data in the cloud
How Attackers Thwart Malware Investigation
News  |  7/11/2013  | 
A researcher at Black Hat USA this month will dissect a recent attack, showing off attackers' techniques for making malware analysis harder and intelligence gathering more time consuming
Overcome The Microsoft Mindset: Patch Faster
Commentary  |  7/11/2013  | 
Why can't vendors patch every critical bug like it was the Pwn2Own competition?
Generic TLDs Threaten Name Collisions, Information Leakage
News  |  7/11/2013  | 
Security problems could ensue if common internal TLDs -- such as .corp and .exchange -- are allowed to be registered
Hackers Tap Windows Bug Revealed By Google Researcher
News  |  7/10/2013  | 
Windows bug details disclosed by Google researcher Tavis Ormandy in May were quickly used by online attackers, Microsoft says.
Hack 99% Of Android Devices: Big Vulnerability
News  |  7/10/2013  | 
Critical vulnerability that affects almost all Android devices now in operation could allow attackers to use exploit code to easily infect devices with a Trojanized version of a legitimate app.
Preparing For Possible Future Crypto Attacks
News  |  7/10/2013  | 
Security experts warn that current advances in solving a complex problem could make a broad class of public-key crypto systems less secure
South Korean Bank Hackers Target U.S. Military Secrets
News  |  7/9/2013  | 
Wiper malware APT gang has been traced to four-year military espionage campaign.
12 Trends In Privacy And Security
News  |  7/9/2013  | 
Industry experts forecast top trends in data breach, privacy, and security
'Zombie Apocalypse' Broadcast Hoax Explained
News  |  7/9/2013  | 
Homeland Security details vulnerabilities in emergency alert equipment that have been exploited to create hoax broadcasts.
Microsoft Patch Tuesday Fixes Six Critical Bugs
News  |  7/9/2013  | 
Microsoft issues patches for an unusual number of critical vulnerabilities that encompass the company's entire software ecosystem.
Below The Application: The High Risk Of Low-Level Threats
Quick Hits  |  7/9/2013  | 
In-memory attacks and rootkits may hit your systems below the OS. Here are some tips to help your defense
Controlling The Big 7
Commentary  |  7/7/2013  | 
With limited resources, funding, and expertise, focusing on protecting the Big 7 applications will enable security professionals to reduce a large portion of their attack surface
Fake Twitter Accounts Remain Multimillion-Dollar Business
News  |  7/2/2013  | 
Barracuda Labs digs into the market for buying Twitter followers
Skype Bug Enables Android Lock Screen Bypass
News  |  7/2/2013  | 
Up to half a billion Android devices that have Skype installed are vulnerable to having their lock screen bypassed and being "attack-dialed."


AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: We've got a new caption contest! Enter and win a $$25 Amazon gift card.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Here’s some insight on what's working – and what isn't – in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-14540
PUBLISHED: 2019-09-15
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
CVE-2019-16332
PUBLISHED: 2019-09-15
In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.
CVE-2019-16333
PUBLISHED: 2019-09-15
GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php.
CVE-2019-16334
PUBLISHED: 2019-09-15
In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636.
CVE-2019-16335
PUBLISHED: 2019-09-15
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.