Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in August 2010
Page 1 / 2   >   >>
IBM Corrects Unpatched Vulnerability Numbers After Google Challenge
News  |  8/31/2010  | 
X-Force Team at IBM revises data on vendors with most unpatched bugs in recent IBM X-Force 2010 Mid-Year Trend and Risk Report
Pushdo Botnet Crippled Via Coordinated Takedown
News  |  8/30/2010  | 
Security researchers have pushed large parts of the spam maker offline, but it may not decrease overall crimeware levels.
E-mail Causes Most Enterprise Data Loss
News  |  8/30/2010  | 
Breaches associated with social media, video sharing, blogs are also on the rise, finds Proofpoint study.
Are We Missing the Point?
Commentary  |  8/29/2010  | 
Recently there has been a lot of talk about nuclear weapons, terrorism, and peace treaties. At the end of the day, the question remains: how do we protect a country and its citizens from attack? If that is really the purpose of the summits and the meetings, why isn't cybersecurity part of the discussion -- more importantly, the insider threat?
25% Of Malware Spread Via USB Drives
News  |  8/27/2010  | 
Email and peer-to-peer networks also rank as significant venues for malware attacks, which have increased slightly in the U.S. but declined in Europe, according to Panda Security.
Massive 'Fake AV' Attack Launched
News  |  8/26/2010  | 
Scareware campaign targets consumers' credit card information with bogus offers of free antivirus services, warns Sophos.
IBM Report: Stealthy Attacks, Vulnerability Disclosures Rise
Quick Hits  |  8/25/2010  | 
X-Force report says 35 percent of vulnerabilities affecting virtualization servers also affect the hypervisor
Vulnerability Disclosures Increase By 36% In 2010
News  |  8/25/2010  | 
IBM report finds "escape to hypervisor" attacks a growing virtualization concern.
Microsoft Issues Advisory On New DLL Hijacking Attack
Quick Hits  |  8/24/2010  | 
Third-party, Microsoft apps could harbor flaws that let attacker remotely run code on targeted machines
Microsoft Confirms Windows DLL Hijacking Vulnerabilities
News  |  8/24/2010  | 
Proof-of-concept code for the remote execution attack hits the wild; numerous applications at risk.
Fixed iTunes Flaw Linked To Broad Set Of Vulnerabilities
News  |  8/23/2010  | 
A Windows DLL hijacking vulnerability is believed to affect dozens of applications, including at least four from Microsoft.
Mobile Devices Threaten Enterprises From Within
News  |  8/23/2010  | 
Security researchers are focusing increasingly on mobile devices. The result: your next insider attack could come from a smartphone
United Nations Website Contains SQL Injection Flaws Three Years After Hack, Researcher Says
News  |  8/23/2010  | 
Bug used in infamous 2007 defacement fixed, but additional SQL injection bugs remain
Adobe Patches Zero Day Vulnerabilities
News  |  8/23/2010  | 
Out-of-cycle updates fix bugs in Reader and Acrobat affecting Windows, Mac, and Unix.
Google Adds Developer Fee To Enhance Extension Security
News  |  8/20/2010  | 
It's only $5 but Google hopes the fee will limit abuses by malicious developers.
Cameron Diaz Is The Web's Most Dangerous Celebrity
News  |  8/19/2010  | 
New McAfee report investigates the most trendy noteables for cyber attacks, finds Barack Obama and Sarah Palin are among the safest.
Intel To Purchase McAfee For $7.68 Billion In Cash
News  |  8/19/2010  | 
Security experts skeptical of hardware-based security strategy
Intel To Buy Out McAfee For $7.68 Billion
News  |  8/19/2010  | 
The acquisition would allow Intel to offer a wide range of tightly bundled hardware and software security solutions.
Slideshow: Fashion Statements from DEFCON 2010
Slideshows  |  8/18/2010  | 
Tattoos, mohawks, sheep, and 'pimp' necklaces were just some of the scenes from the hacker conference in Las Vegas earlier this month.
Researcher Cracks ReCAPTCHA
News  |  8/18/2010  | 
Homegrown algorithms for cheating Google's reCAPTCHA released earlier this month
Ferreting Out Rogue Access Points And Wireless Vulnerabilities
News  |  8/18/2010  | 
To comply with regulations, companies increasingly must scan their wireless networks -- a third of which have rogue APs or other insecurities
Scareware Using Bing Results To Expand Attack
News  |  8/18/2010  | 
Mass rogue antivirus campaign tricking search engines to return malicious links using results from Microsoft's search engine.
Facebook Clickjacking Attack Spreading Through Share Button
News  |  8/18/2010  | 
"Funny T-Shirt Fails" scam costs victims a $5 weekly charge on their cell phone bill, finds Sophos.
Firefox Flaw Facilitates Deception
News  |  8/17/2010  | 
Security companies see risk in a browser bug, but Mozilla's director of Firefox says users are safe.
Spyware Hidden In Android Snake Tap Game
News  |  8/17/2010  | 
Free app is paired with GPS Spy, software that monitors a targeted device's location.
Passwords Quickly Hacked With PC Graphics Cards
News  |  8/16/2010  | 
Georgia Tech researchers find that high-end, readily available graphics processing units are powerful enough to easily crack secret codes.
Botnet Operator Comes Clean About Casino Scam
News  |  8/16/2010  | 
Busted GhostMarket.net member posted on an underground forum how he stole nearly $30,000 with credit card fraud.
Advanced Persistent Threat: The Insider Threat
Commentary  |  8/16/2010  | 
APT is the buzzword everyone is using. Companies are concerned about it, the government is being compromised by it, and consultants are using it in every presentation they give. But people fail to realize that the vulnerabilities these threats compromises are the insider -- not the malicious insider, but the accidental insider who clicks on the wrong link.
Strategic Security Survey: Global Threat, Local Pain
Slideshows  |  8/13/2010  | 
Highlights of exclusive InformationWeek Analytics research as it appears in "Global Threat, Local Pain," our report assessing whether the high-profile infiltration of corporate networks worldwide (Google China leaps to mind) is forcing execs to reconsider their security strategies and pony up related resources.
A Peek At The Next Version Of PCI
News  |  8/12/2010  | 
Clarifications but no big changes -- and that's what concerns some security experts
Symantec Finds 92% Of All E-Mail Is Spam
News  |  8/12/2010  | 
Report also says phishing is down despite the rise of a new Live-Chat based attack that tries to trick people into giving up personal details.
Hackers Deflate Auto Tire-Pressure Sensors
News  |  8/12/2010  | 
Monitors in fast-moving cars can be damaged using spoofed wireless signals, leading to security, privacy, and safety threats.
Facebook Privacy Flaw Identified
News  |  8/11/2010  | 
Despite its struggle to simplify its privacy controls, Facebook still has some work to do.
New Mobile Security Threat: Fingerprint Oil
News  |  8/11/2010  | 
Oily residue left on touchscreen mobile devices may help an attacker deduce password
Touchscreen Smudges Pose Security Risk
News  |  8/11/2010  | 
Residual fingerprint oils on smartphones, ATMs, and other devices may reveal passwords and other confidential data, find security researchers.
Malware Peaks, McAfee Calls For Security Industry To Go On The Offense
Quick Hits  |  8/10/2010  | 
New report shows 10 million new pieces of malware in the first half of 2010
Microsoft Issues Biggest Security Patch Yet
News  |  8/10/2010  | 
IT administrators have plenty of work to do if they want to close up the holes in their systems.
Microsoft Investigating Color Management Bug In Windows 7
News  |  8/10/2010  | 
Vulnerability could provide an attacker with kernel-level access, but Microsoft's Patch Tuesday won't have a fix.
Microsoft Investigates New Zero Day Reported In Windows Kernel
News  |  8/9/2010  | 
Windows 7 and Vista also contain this new heap-overflow vulnerability, according to security researcher reports
Web Browser Privacy Settings Flawed
News  |  8/9/2010  | 
Private and anonymous settings in Firefox, Internet Explorer, and others can expose more details than users expect, security researchers find.
SonicWall Names Top 2010 Cybercrime Threats
News  |  8/6/2010  | 
Web-based attacks and threats to corporate cloud computing spiked spiked dramatically in the first half of 2010 according to a report from the firewall vendor.
Stuxnet 'Zero Day' Worm Not New
News  |  8/5/2010  | 
Symantec finds earlier variants of the Windows shortcut vulnerability, as well as evidence of significant resources behind its development.
Most IT Pros Circumvent File Transfer Security Policies
News  |  8/5/2010  | 
Survey finds 69% of IT managers regularly send highly sensitive information -- payroll, customer, or financial data -- via unsecured e-mail, finds Ipswitch study.
Slideshow: Barnaby Jack Hits The Jackpot With ATM Hack
Slideshows  |  8/4/2010  | 
Barnaby Jack, director of research at IOActive, last week at Black Hat USA in Las Vegas demonstrated attacks that would allow a criminal to compromise ATMs in order to steal cash, copy customers' ATM card data, or learn master passwords of the machines
Researchers Throw Down Vulnerability-Disclosure Gauntlet
News  |  8/4/2010  | 
TippingPoint's Zero Day Initiative (ZDI) program institutes deadline of six months for vendors to fix bugs -- or else the bugs get published
Cyveillance Finds AV Vendors Detect Less Than 19 Percent Of Malware
News  |  8/4/2010  | 
Further testing reveals that even after 30 days, detection rates averaged only 61.7%
Holy Zeus! Popular Botnet Rules As New Exploits Come Online
News  |  8/4/2010  | 
Trusteer, AVG identify new botnets with different features, both built on Zeus technology
Advocates Propose Child ID Theft Prevention Database
News  |  8/4/2010  | 
Database, to be shared with credit reporting agencies, would verify if a social security number belongs to a minor.
iPhone Jailbreak Worries Security Experts
News  |  8/3/2010  | 
Security firms are expressing concern that the first Web-based "jailbreak" for the iOS devices relies on two security vulnerabilities.
Researcher Reads RFID Tag From Hundreds Of Feet Away
News  |  8/3/2010  | 
Demonstration raises privacy and security concerns with RFID EPC Class 1 Generation 2 used in some passport cards, inventory tags, and driver's licenses
Page 1 / 2   >   >>


AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4147
PUBLISHED: 2019-09-16
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.
CVE-2019-5481
PUBLISHED: 2019-09-16
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
CVE-2019-5482
PUBLISHED: 2019-09-16
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
CVE-2019-15741
PUBLISHED: 2019-09-16
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
CVE-2019-16370
PUBLISHED: 2019-09-16
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.