Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in August 2010
Page 1 / 2   >   >>
IBM Corrects Unpatched Vulnerability Numbers After Google Challenge
News  |  8/31/2010  | 
X-Force Team at IBM revises data on vendors with most unpatched bugs in recent IBM X-Force 2010 Mid-Year Trend and Risk Report
Pushdo Botnet Crippled Via Coordinated Takedown
News  |  8/30/2010  | 
Security researchers have pushed large parts of the spam maker offline, but it may not decrease overall crimeware levels.
E-mail Causes Most Enterprise Data Loss
News  |  8/30/2010  | 
Breaches associated with social media, video sharing, blogs are also on the rise, finds Proofpoint study.
Are We Missing the Point?
Commentary  |  8/29/2010  | 
Recently there has been a lot of talk about nuclear weapons, terrorism, and peace treaties. At the end of the day, the question remains: how do we protect a country and its citizens from attack? If that is really the purpose of the summits and the meetings, why isn't cybersecurity part of the discussion -- more importantly, the insider threat?
25% Of Malware Spread Via USB Drives
News  |  8/27/2010  | 
Email and peer-to-peer networks also rank as significant venues for malware attacks, which have increased slightly in the U.S. but declined in Europe, according to Panda Security.
Massive 'Fake AV' Attack Launched
News  |  8/26/2010  | 
Scareware campaign targets consumers' credit card information with bogus offers of free antivirus services, warns Sophos.
IBM Report: Stealthy Attacks, Vulnerability Disclosures Rise
Quick Hits  |  8/25/2010  | 
X-Force report says 35 percent of vulnerabilities affecting virtualization servers also affect the hypervisor
Vulnerability Disclosures Increase By 36% In 2010
News  |  8/25/2010  | 
IBM report finds "escape to hypervisor" attacks a growing virtualization concern.
Microsoft Issues Advisory On New DLL Hijacking Attack
Quick Hits  |  8/24/2010  | 
Third-party, Microsoft apps could harbor flaws that let attacker remotely run code on targeted machines
Microsoft Confirms Windows DLL Hijacking Vulnerabilities
News  |  8/24/2010  | 
Proof-of-concept code for the remote execution attack hits the wild; numerous applications at risk.
Fixed iTunes Flaw Linked To Broad Set Of Vulnerabilities
News  |  8/23/2010  | 
A Windows DLL hijacking vulnerability is believed to affect dozens of applications, including at least four from Microsoft.
Mobile Devices Threaten Enterprises From Within
News  |  8/23/2010  | 
Security researchers are focusing increasingly on mobile devices. The result: your next insider attack could come from a smartphone
United Nations Website Contains SQL Injection Flaws Three Years After Hack, Researcher Says
News  |  8/23/2010  | 
Bug used in infamous 2007 defacement fixed, but additional SQL injection bugs remain
Adobe Patches Zero Day Vulnerabilities
News  |  8/23/2010  | 
Out-of-cycle updates fix bugs in Reader and Acrobat affecting Windows, Mac, and Unix.
Google Adds Developer Fee To Enhance Extension Security
News  |  8/20/2010  | 
It's only $5 but Google hopes the fee will limit abuses by malicious developers.
Cameron Diaz Is The Web's Most Dangerous Celebrity
News  |  8/19/2010  | 
New McAfee report investigates the most trendy noteables for cyber attacks, finds Barack Obama and Sarah Palin are among the safest.
Intel To Purchase McAfee For $7.68 Billion In Cash
News  |  8/19/2010  | 
Security experts skeptical of hardware-based security strategy
Intel To Buy Out McAfee For $7.68 Billion
News  |  8/19/2010  | 
The acquisition would allow Intel to offer a wide range of tightly bundled hardware and software security solutions.
Slideshow: Fashion Statements from DEFCON 2010
Slideshows  |  8/18/2010  | 
Tattoos, mohawks, sheep, and 'pimp' necklaces were just some of the scenes from the hacker conference in Las Vegas earlier this month.
Researcher Cracks ReCAPTCHA
News  |  8/18/2010  | 
Homegrown algorithms for cheating Google's reCAPTCHA released earlier this month
Ferreting Out Rogue Access Points And Wireless Vulnerabilities
News  |  8/18/2010  | 
To comply with regulations, companies increasingly must scan their wireless networks -- a third of which have rogue APs or other insecurities
Scareware Using Bing Results To Expand Attack
News  |  8/18/2010  | 
Mass rogue antivirus campaign tricking search engines to return malicious links using results from Microsoft's search engine.
Facebook Clickjacking Attack Spreading Through Share Button
News  |  8/18/2010  | 
"Funny T-Shirt Fails" scam costs victims a $5 weekly charge on their cell phone bill, finds Sophos.
Firefox Flaw Facilitates Deception
News  |  8/17/2010  | 
Security companies see risk in a browser bug, but Mozilla's director of Firefox says users are safe.
Spyware Hidden In Android Snake Tap Game
News  |  8/17/2010  | 
Free app is paired with GPS Spy, software that monitors a targeted device's location.
Passwords Quickly Hacked With PC Graphics Cards
News  |  8/16/2010  | 
Georgia Tech researchers find that high-end, readily available graphics processing units are powerful enough to easily crack secret codes.
Botnet Operator Comes Clean About Casino Scam
News  |  8/16/2010  | 
Busted GhostMarket.net member posted on an underground forum how he stole nearly $30,000 with credit card fraud.
Advanced Persistent Threat: The Insider Threat
Commentary  |  8/16/2010  | 
APT is the buzzword everyone is using. Companies are concerned about it, the government is being compromised by it, and consultants are using it in every presentation they give. But people fail to realize that the vulnerabilities these threats compromises are the insider -- not the malicious insider, but the accidental insider who clicks on the wrong link.
Strategic Security Survey: Global Threat, Local Pain
Slideshows  |  8/13/2010  | 
Highlights of exclusive InformationWeek Analytics research as it appears in "Global Threat, Local Pain," our report assessing whether the high-profile infiltration of corporate networks worldwide (Google China leaps to mind) is forcing execs to reconsider their security strategies and pony up related resources.
A Peek At The Next Version Of PCI
News  |  8/12/2010  | 
Clarifications but no big changes -- and that's what concerns some security experts
Symantec Finds 92% Of All E-Mail Is Spam
News  |  8/12/2010  | 
Report also says phishing is down despite the rise of a new Live-Chat based attack that tries to trick people into giving up personal details.
Hackers Deflate Auto Tire-Pressure Sensors
News  |  8/12/2010  | 
Monitors in fast-moving cars can be damaged using spoofed wireless signals, leading to security, privacy, and safety threats.
Facebook Privacy Flaw Identified
News  |  8/11/2010  | 
Despite its struggle to simplify its privacy controls, Facebook still has some work to do.
New Mobile Security Threat: Fingerprint Oil
News  |  8/11/2010  | 
Oily residue left on touchscreen mobile devices may help an attacker deduce password
Touchscreen Smudges Pose Security Risk
News  |  8/11/2010  | 
Residual fingerprint oils on smartphones, ATMs, and other devices may reveal passwords and other confidential data, find security researchers.
Malware Peaks, McAfee Calls For Security Industry To Go On The Offense
Quick Hits  |  8/10/2010  | 
New report shows 10 million new pieces of malware in the first half of 2010
Microsoft Issues Biggest Security Patch Yet
News  |  8/10/2010  | 
IT administrators have plenty of work to do if they want to close up the holes in their systems.
Microsoft Investigating Color Management Bug In Windows 7
News  |  8/10/2010  | 
Vulnerability could provide an attacker with kernel-level access, but Microsoft's Patch Tuesday won't have a fix.
Microsoft Investigates New Zero Day Reported In Windows Kernel
News  |  8/9/2010  | 
Windows 7 and Vista also contain this new heap-overflow vulnerability, according to security researcher reports
Web Browser Privacy Settings Flawed
News  |  8/9/2010  | 
Private and anonymous settings in Firefox, Internet Explorer, and others can expose more details than users expect, security researchers find.
SonicWall Names Top 2010 Cybercrime Threats
News  |  8/6/2010  | 
Web-based attacks and threats to corporate cloud computing spiked spiked dramatically in the first half of 2010 according to a report from the firewall vendor.
Stuxnet 'Zero Day' Worm Not New
News  |  8/5/2010  | 
Symantec finds earlier variants of the Windows shortcut vulnerability, as well as evidence of significant resources behind its development.
Most IT Pros Circumvent File Transfer Security Policies
News  |  8/5/2010  | 
Survey finds 69% of IT managers regularly send highly sensitive information -- payroll, customer, or financial data -- via unsecured e-mail, finds Ipswitch study.
Slideshow: Barnaby Jack Hits The Jackpot With ATM Hack
Slideshows  |  8/4/2010  | 
Barnaby Jack, director of research at IOActive, last week at Black Hat USA in Las Vegas demonstrated attacks that would allow a criminal to compromise ATMs in order to steal cash, copy customers' ATM card data, or learn master passwords of the machines
Researchers Throw Down Vulnerability-Disclosure Gauntlet
News  |  8/4/2010  | 
TippingPoint's Zero Day Initiative (ZDI) program institutes deadline of six months for vendors to fix bugs -- or else the bugs get published
Cyveillance Finds AV Vendors Detect Less Than 19 Percent Of Malware
News  |  8/4/2010  | 
Further testing reveals that even after 30 days, detection rates averaged only 61.7%
Holy Zeus! Popular Botnet Rules As New Exploits Come Online
News  |  8/4/2010  | 
Trusteer, AVG identify new botnets with different features, both built on Zeus technology
Advocates Propose Child ID Theft Prevention Database
News  |  8/4/2010  | 
Database, to be shared with credit reporting agencies, would verify if a social security number belongs to a minor.
iPhone Jailbreak Worries Security Experts
News  |  8/3/2010  | 
Security firms are expressing concern that the first Web-based "jailbreak" for the iOS devices relies on two security vulnerabilities.
Researcher Reads RFID Tag From Hundreds Of Feet Away
News  |  8/3/2010  | 
Demonstration raises privacy and security concerns with RFID EPC Class 1 Generation 2 used in some passport cards, inventory tags, and driver's licenses
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17475
PUBLISHED: 2020-08-14
Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000.
CVE-2020-0255
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10751. Reason: This candidate is a duplicate of CVE-2020-10751. Notes: All CVE users should reference CVE-2020-10751 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-14353
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-18270. Reason: This candidate is a duplicate of CVE-2017-18270. Notes: All CVE users should reference CVE-2017-18270 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-17464
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2020-17473
PUBLISHED: 2020-08-14
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.