Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in August 2010
Page 1 / 2   >   >>
IBM Corrects Unpatched Vulnerability Numbers After Google Challenge
News  |  8/31/2010  | 
X-Force Team at IBM revises data on vendors with most unpatched bugs in recent IBM X-Force 2010 Mid-Year Trend and Risk Report
Pushdo Botnet Crippled Via Coordinated Takedown
News  |  8/30/2010  | 
Security researchers have pushed large parts of the spam maker offline, but it may not decrease overall crimeware levels.
E-mail Causes Most Enterprise Data Loss
News  |  8/30/2010  | 
Breaches associated with social media, video sharing, blogs are also on the rise, finds Proofpoint study.
Are We Missing the Point?
Commentary  |  8/29/2010  | 
Recently there has been a lot of talk about nuclear weapons, terrorism, and peace treaties. At the end of the day, the question remains: how do we protect a country and its citizens from attack? If that is really the purpose of the summits and the meetings, why isn't cybersecurity part of the discussion -- more importantly, the insider threat?
25% Of Malware Spread Via USB Drives
News  |  8/27/2010  | 
Email and peer-to-peer networks also rank as significant venues for malware attacks, which have increased slightly in the U.S. but declined in Europe, according to Panda Security.
Massive 'Fake AV' Attack Launched
News  |  8/26/2010  | 
Scareware campaign targets consumers' credit card information with bogus offers of free antivirus services, warns Sophos.
IBM Report: Stealthy Attacks, Vulnerability Disclosures Rise
Quick Hits  |  8/25/2010  | 
X-Force report says 35 percent of vulnerabilities affecting virtualization servers also affect the hypervisor
Vulnerability Disclosures Increase By 36% In 2010
News  |  8/25/2010  | 
IBM report finds "escape to hypervisor" attacks a growing virtualization concern.
Microsoft Issues Advisory On New DLL Hijacking Attack
Quick Hits  |  8/24/2010  | 
Third-party, Microsoft apps could harbor flaws that let attacker remotely run code on targeted machines
Microsoft Confirms Windows DLL Hijacking Vulnerabilities
News  |  8/24/2010  | 
Proof-of-concept code for the remote execution attack hits the wild; numerous applications at risk.
Fixed iTunes Flaw Linked To Broad Set Of Vulnerabilities
News  |  8/23/2010  | 
A Windows DLL hijacking vulnerability is believed to affect dozens of applications, including at least four from Microsoft.
Mobile Devices Threaten Enterprises From Within
News  |  8/23/2010  | 
Security researchers are focusing increasingly on mobile devices. The result: your next insider attack could come from a smartphone
United Nations Website Contains SQL Injection Flaws Three Years After Hack, Researcher Says
News  |  8/23/2010  | 
Bug used in infamous 2007 defacement fixed, but additional SQL injection bugs remain
Adobe Patches Zero Day Vulnerabilities
News  |  8/23/2010  | 
Out-of-cycle updates fix bugs in Reader and Acrobat affecting Windows, Mac, and Unix.
Google Adds Developer Fee To Enhance Extension Security
News  |  8/20/2010  | 
It's only $5 but Google hopes the fee will limit abuses by malicious developers.
Cameron Diaz Is The Web's Most Dangerous Celebrity
News  |  8/19/2010  | 
New McAfee report investigates the most trendy noteables for cyber attacks, finds Barack Obama and Sarah Palin are among the safest.
Intel To Purchase McAfee For $7.68 Billion In Cash
News  |  8/19/2010  | 
Security experts skeptical of hardware-based security strategy
Intel To Buy Out McAfee For $7.68 Billion
News  |  8/19/2010  | 
The acquisition would allow Intel to offer a wide range of tightly bundled hardware and software security solutions.
Slideshow: Fashion Statements from DEFCON 2010
Slideshows  |  8/18/2010  | 
Tattoos, mohawks, sheep, and 'pimp' necklaces were just some of the scenes from the hacker conference in Las Vegas earlier this month.
Researcher Cracks ReCAPTCHA
News  |  8/18/2010  | 
Homegrown algorithms for cheating Google's reCAPTCHA released earlier this month
Ferreting Out Rogue Access Points And Wireless Vulnerabilities
News  |  8/18/2010  | 
To comply with regulations, companies increasingly must scan their wireless networks -- a third of which have rogue APs or other insecurities
Scareware Using Bing Results To Expand Attack
News  |  8/18/2010  | 
Mass rogue antivirus campaign tricking search engines to return malicious links using results from Microsoft's search engine.
Facebook Clickjacking Attack Spreading Through Share Button
News  |  8/18/2010  | 
"Funny T-Shirt Fails" scam costs victims a $5 weekly charge on their cell phone bill, finds Sophos.
Firefox Flaw Facilitates Deception
News  |  8/17/2010  | 
Security companies see risk in a browser bug, but Mozilla's director of Firefox says users are safe.
Spyware Hidden In Android Snake Tap Game
News  |  8/17/2010  | 
Free app is paired with GPS Spy, software that monitors a targeted device's location.
Passwords Quickly Hacked With PC Graphics Cards
News  |  8/16/2010  | 
Georgia Tech researchers find that high-end, readily available graphics processing units are powerful enough to easily crack secret codes.
Botnet Operator Comes Clean About Casino Scam
News  |  8/16/2010  | 
Busted GhostMarket.net member posted on an underground forum how he stole nearly $30,000 with credit card fraud.
Advanced Persistent Threat: The Insider Threat
Commentary  |  8/16/2010  | 
APT is the buzzword everyone is using. Companies are concerned about it, the government is being compromised by it, and consultants are using it in every presentation they give. But people fail to realize that the vulnerabilities these threats compromises are the insider -- not the malicious insider, but the accidental insider who clicks on the wrong link.
Strategic Security Survey: Global Threat, Local Pain
Slideshows  |  8/13/2010  | 
Highlights of exclusive InformationWeek Analytics research as it appears in "Global Threat, Local Pain," our report assessing whether the high-profile infiltration of corporate networks worldwide (Google China leaps to mind) is forcing execs to reconsider their security strategies and pony up related resources.
A Peek At The Next Version Of PCI
News  |  8/12/2010  | 
Clarifications but no big changes -- and that's what concerns some security experts
Symantec Finds 92% Of All E-Mail Is Spam
News  |  8/12/2010  | 
Report also says phishing is down despite the rise of a new Live-Chat based attack that tries to trick people into giving up personal details.
Hackers Deflate Auto Tire-Pressure Sensors
News  |  8/12/2010  | 
Monitors in fast-moving cars can be damaged using spoofed wireless signals, leading to security, privacy, and safety threats.
Facebook Privacy Flaw Identified
News  |  8/11/2010  | 
Despite its struggle to simplify its privacy controls, Facebook still has some work to do.
New Mobile Security Threat: Fingerprint Oil
News  |  8/11/2010  | 
Oily residue left on touchscreen mobile devices may help an attacker deduce password
Touchscreen Smudges Pose Security Risk
News  |  8/11/2010  | 
Residual fingerprint oils on smartphones, ATMs, and other devices may reveal passwords and other confidential data, find security researchers.
Malware Peaks, McAfee Calls For Security Industry To Go On The Offense
Quick Hits  |  8/10/2010  | 
New report shows 10 million new pieces of malware in the first half of 2010
Microsoft Issues Biggest Security Patch Yet
News  |  8/10/2010  | 
IT administrators have plenty of work to do if they want to close up the holes in their systems.
Microsoft Investigating Color Management Bug In Windows 7
News  |  8/10/2010  | 
Vulnerability could provide an attacker with kernel-level access, but Microsoft's Patch Tuesday won't have a fix.
Microsoft Investigates New Zero Day Reported In Windows Kernel
News  |  8/9/2010  | 
Windows 7 and Vista also contain this new heap-overflow vulnerability, according to security researcher reports
Web Browser Privacy Settings Flawed
News  |  8/9/2010  | 
Private and anonymous settings in Firefox, Internet Explorer, and others can expose more details than users expect, security researchers find.
SonicWall Names Top 2010 Cybercrime Threats
News  |  8/6/2010  | 
Web-based attacks and threats to corporate cloud computing spiked spiked dramatically in the first half of 2010 according to a report from the firewall vendor.
Stuxnet 'Zero Day' Worm Not New
News  |  8/5/2010  | 
Symantec finds earlier variants of the Windows shortcut vulnerability, as well as evidence of significant resources behind its development.
Most IT Pros Circumvent File Transfer Security Policies
News  |  8/5/2010  | 
Survey finds 69% of IT managers regularly send highly sensitive information -- payroll, customer, or financial data -- via unsecured e-mail, finds Ipswitch study.
Slideshow: Barnaby Jack Hits The Jackpot With ATM Hack
Slideshows  |  8/4/2010  | 
Barnaby Jack, director of research at IOActive, last week at Black Hat USA in Las Vegas demonstrated attacks that would allow a criminal to compromise ATMs in order to steal cash, copy customers' ATM card data, or learn master passwords of the machines
Researchers Throw Down Vulnerability-Disclosure Gauntlet
News  |  8/4/2010  | 
TippingPoint's Zero Day Initiative (ZDI) program institutes deadline of six months for vendors to fix bugs -- or else the bugs get published
Cyveillance Finds AV Vendors Detect Less Than 19 Percent Of Malware
News  |  8/4/2010  | 
Further testing reveals that even after 30 days, detection rates averaged only 61.7%
Holy Zeus! Popular Botnet Rules As New Exploits Come Online
News  |  8/4/2010  | 
Trusteer, AVG identify new botnets with different features, both built on Zeus technology
Advocates Propose Child ID Theft Prevention Database
News  |  8/4/2010  | 
Database, to be shared with credit reporting agencies, would verify if a social security number belongs to a minor.
iPhone Jailbreak Worries Security Experts
News  |  8/3/2010  | 
Security firms are expressing concern that the first Web-based "jailbreak" for the iOS devices relies on two security vulnerabilities.
Researcher Reads RFID Tag From Hundreds Of Feet Away
News  |  8/3/2010  | 
Demonstration raises privacy and security concerns with RFID EPC Class 1 Generation 2 used in some passport cards, inventory tags, and driver's licenses
Page 1 / 2   >   >>


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
6 Top Nontechnical Degrees for Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/21/2019
Anatomy of a BEC Scam
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15593
PUBLISHED: 2019-11-22
GitLab 12.2.3 contains a security vulnerability that allows a user to affect the availability of the service through a Denial of Service attack in Issue Comments.
CVE-2019-16285
PUBLISHED: 2019-11-22
If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive.
CVE-2019-16286
PUBLISHED: 2019-11-22
An attacker may be able to bypass the OS application filter meant to restrict applications that can be executed by changing browser preferences to launch a separate process that in turn can execute arbitrary commands.
CVE-2019-16287
PUBLISHED: 2019-11-22
An attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed commands with elevated privileges.
CVE-2019-18909
PUBLISHED: 2019-11-22
The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges.