Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in August 2010
Page 1 / 2   >   >>
IBM Corrects Unpatched Vulnerability Numbers After Google Challenge
News  |  8/31/2010  | 
X-Force Team at IBM revises data on vendors with most unpatched bugs in recent IBM X-Force 2010 Mid-Year Trend and Risk Report
Pushdo Botnet Crippled Via Coordinated Takedown
News  |  8/30/2010  | 
Security researchers have pushed large parts of the spam maker offline, but it may not decrease overall crimeware levels.
E-mail Causes Most Enterprise Data Loss
News  |  8/30/2010  | 
Breaches associated with social media, video sharing, blogs are also on the rise, finds Proofpoint study.
Are We Missing the Point?
Commentary  |  8/29/2010  | 
Recently there has been a lot of talk about nuclear weapons, terrorism, and peace treaties. At the end of the day, the question remains: how do we protect a country and its citizens from attack? If that is really the purpose of the summits and the meetings, why isn't cybersecurity part of the discussion -- more importantly, the insider threat?
25% Of Malware Spread Via USB Drives
News  |  8/27/2010  | 
Email and peer-to-peer networks also rank as significant venues for malware attacks, which have increased slightly in the U.S. but declined in Europe, according to Panda Security.
Massive 'Fake AV' Attack Launched
News  |  8/26/2010  | 
Scareware campaign targets consumers' credit card information with bogus offers of free antivirus services, warns Sophos.
IBM Report: Stealthy Attacks, Vulnerability Disclosures Rise
Quick Hits  |  8/25/2010  | 
X-Force report says 35 percent of vulnerabilities affecting virtualization servers also affect the hypervisor
Vulnerability Disclosures Increase By 36% In 2010
News  |  8/25/2010  | 
IBM report finds "escape to hypervisor" attacks a growing virtualization concern.
Microsoft Issues Advisory On New DLL Hijacking Attack
Quick Hits  |  8/24/2010  | 
Third-party, Microsoft apps could harbor flaws that let attacker remotely run code on targeted machines
Microsoft Confirms Windows DLL Hijacking Vulnerabilities
News  |  8/24/2010  | 
Proof-of-concept code for the remote execution attack hits the wild; numerous applications at risk.
Fixed iTunes Flaw Linked To Broad Set Of Vulnerabilities
News  |  8/23/2010  | 
A Windows DLL hijacking vulnerability is believed to affect dozens of applications, including at least four from Microsoft.
Mobile Devices Threaten Enterprises From Within
News  |  8/23/2010  | 
Security researchers are focusing increasingly on mobile devices. The result: your next insider attack could come from a smartphone
United Nations Website Contains SQL Injection Flaws Three Years After Hack, Researcher Says
News  |  8/23/2010  | 
Bug used in infamous 2007 defacement fixed, but additional SQL injection bugs remain
Adobe Patches Zero Day Vulnerabilities
News  |  8/23/2010  | 
Out-of-cycle updates fix bugs in Reader and Acrobat affecting Windows, Mac, and Unix.
Google Adds Developer Fee To Enhance Extension Security
News  |  8/20/2010  | 
It's only $5 but Google hopes the fee will limit abuses by malicious developers.
Cameron Diaz Is The Web's Most Dangerous Celebrity
News  |  8/19/2010  | 
New McAfee report investigates the most trendy noteables for cyber attacks, finds Barack Obama and Sarah Palin are among the safest.
Intel To Purchase McAfee For $7.68 Billion In Cash
News  |  8/19/2010  | 
Security experts skeptical of hardware-based security strategy
Intel To Buy Out McAfee For $7.68 Billion
News  |  8/19/2010  | 
The acquisition would allow Intel to offer a wide range of tightly bundled hardware and software security solutions.
Slideshow: Fashion Statements from DEFCON 2010
Slideshows  |  8/18/2010  | 
Tattoos, mohawks, sheep, and 'pimp' necklaces were just some of the scenes from the hacker conference in Las Vegas earlier this month.
Researcher Cracks ReCAPTCHA
News  |  8/18/2010  | 
Homegrown algorithms for cheating Google's reCAPTCHA released earlier this month
Ferreting Out Rogue Access Points And Wireless Vulnerabilities
News  |  8/18/2010  | 
To comply with regulations, companies increasingly must scan their wireless networks -- a third of which have rogue APs or other insecurities
Scareware Using Bing Results To Expand Attack
News  |  8/18/2010  | 
Mass rogue antivirus campaign tricking search engines to return malicious links using results from Microsoft's search engine.
Facebook Clickjacking Attack Spreading Through Share Button
News  |  8/18/2010  | 
"Funny T-Shirt Fails" scam costs victims a $5 weekly charge on their cell phone bill, finds Sophos.
Firefox Flaw Facilitates Deception
News  |  8/17/2010  | 
Security companies see risk in a browser bug, but Mozilla's director of Firefox says users are safe.
Spyware Hidden In Android Snake Tap Game
News  |  8/17/2010  | 
Free app is paired with GPS Spy, software that monitors a targeted device's location.
Passwords Quickly Hacked With PC Graphics Cards
News  |  8/16/2010  | 
Georgia Tech researchers find that high-end, readily available graphics processing units are powerful enough to easily crack secret codes.
Botnet Operator Comes Clean About Casino Scam
News  |  8/16/2010  | 
Busted GhostMarket.net member posted on an underground forum how he stole nearly $30,000 with credit card fraud.
Advanced Persistent Threat: The Insider Threat
Commentary  |  8/16/2010  | 
APT is the buzzword everyone is using. Companies are concerned about it, the government is being compromised by it, and consultants are using it in every presentation they give. But people fail to realize that the vulnerabilities these threats compromises are the insider -- not the malicious insider, but the accidental insider who clicks on the wrong link.
Strategic Security Survey: Global Threat, Local Pain
Slideshows  |  8/13/2010  | 
Highlights of exclusive InformationWeek Analytics research as it appears in "Global Threat, Local Pain," our report assessing whether the high-profile infiltration of corporate networks worldwide (Google China leaps to mind) is forcing execs to reconsider their security strategies and pony up related resources.
A Peek At The Next Version Of PCI
News  |  8/12/2010  | 
Clarifications but no big changes -- and that's what concerns some security experts
Symantec Finds 92% Of All E-Mail Is Spam
News  |  8/12/2010  | 
Report also says phishing is down despite the rise of a new Live-Chat based attack that tries to trick people into giving up personal details.
Hackers Deflate Auto Tire-Pressure Sensors
News  |  8/12/2010  | 
Monitors in fast-moving cars can be damaged using spoofed wireless signals, leading to security, privacy, and safety threats.
Facebook Privacy Flaw Identified
News  |  8/11/2010  | 
Despite its struggle to simplify its privacy controls, Facebook still has some work to do.
New Mobile Security Threat: Fingerprint Oil
News  |  8/11/2010  | 
Oily residue left on touchscreen mobile devices may help an attacker deduce password
Touchscreen Smudges Pose Security Risk
News  |  8/11/2010  | 
Residual fingerprint oils on smartphones, ATMs, and other devices may reveal passwords and other confidential data, find security researchers.
Malware Peaks, McAfee Calls For Security Industry To Go On The Offense
Quick Hits  |  8/10/2010  | 
New report shows 10 million new pieces of malware in the first half of 2010
Microsoft Issues Biggest Security Patch Yet
News  |  8/10/2010  | 
IT administrators have plenty of work to do if they want to close up the holes in their systems.
Microsoft Investigating Color Management Bug In Windows 7
News  |  8/10/2010  | 
Vulnerability could provide an attacker with kernel-level access, but Microsoft's Patch Tuesday won't have a fix.
Microsoft Investigates New Zero Day Reported In Windows Kernel
News  |  8/9/2010  | 
Windows 7 and Vista also contain this new heap-overflow vulnerability, according to security researcher reports
Web Browser Privacy Settings Flawed
News  |  8/9/2010  | 
Private and anonymous settings in Firefox, Internet Explorer, and others can expose more details than users expect, security researchers find.
SonicWall Names Top 2010 Cybercrime Threats
News  |  8/6/2010  | 
Web-based attacks and threats to corporate cloud computing spiked spiked dramatically in the first half of 2010 according to a report from the firewall vendor.
Stuxnet 'Zero Day' Worm Not New
News  |  8/5/2010  | 
Symantec finds earlier variants of the Windows shortcut vulnerability, as well as evidence of significant resources behind its development.
Most IT Pros Circumvent File Transfer Security Policies
News  |  8/5/2010  | 
Survey finds 69% of IT managers regularly send highly sensitive information -- payroll, customer, or financial data -- via unsecured e-mail, finds Ipswitch study.
Slideshow: Barnaby Jack Hits The Jackpot With ATM Hack
Slideshows  |  8/4/2010  | 
Barnaby Jack, director of research at IOActive, last week at Black Hat USA in Las Vegas demonstrated attacks that would allow a criminal to compromise ATMs in order to steal cash, copy customers' ATM card data, or learn master passwords of the machines
Researchers Throw Down Vulnerability-Disclosure Gauntlet
News  |  8/4/2010  | 
TippingPoint's Zero Day Initiative (ZDI) program institutes deadline of six months for vendors to fix bugs -- or else the bugs get published
Cyveillance Finds AV Vendors Detect Less Than 19 Percent Of Malware
News  |  8/4/2010  | 
Further testing reveals that even after 30 days, detection rates averaged only 61.7%
Holy Zeus! Popular Botnet Rules As New Exploits Come Online
News  |  8/4/2010  | 
Trusteer, AVG identify new botnets with different features, both built on Zeus technology
Advocates Propose Child ID Theft Prevention Database
News  |  8/4/2010  | 
Database, to be shared with credit reporting agencies, would verify if a social security number belongs to a minor.
iPhone Jailbreak Worries Security Experts
News  |  8/3/2010  | 
Security firms are expressing concern that the first Web-based "jailbreak" for the iOS devices relies on two security vulnerabilities.
Researcher Reads RFID Tag From Hundreds Of Feet Away
News  |  8/3/2010  | 
Demonstration raises privacy and security concerns with RFID EPC Class 1 Generation 2 used in some passport cards, inventory tags, and driver's licenses
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24847
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
CVE-2020-24848
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
CVE-2020-5990
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
CVE-2020-25483
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
CVE-2020-5977
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.