Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in August 2011
Page 1 / 2   >   >>
14 Enterprise Security Tips From Anonymous Hacker
News  |  8/31/2011  | 
Former Anonymous member "SparkyBlaze" advises companies on how to avoid massive data breaches.
New Windows Worm Wriggling Through Networks
News  |  8/30/2011  | 
'Morto' targets weak passwords, usernames and spreads via the Remote Desktop Protocol.
Gmail Attack Highlights Web Insecurity
News  |  8/29/2011  | 
A man-in-the-middle attack that relied on an unauthorized Google SSL certificate has revived concern over whether any Web communication is really secure.
Insulin Pump Hack Controversy Grows
News  |  8/26/2011  | 
Security researcher--and pump user--who found the flaw takes medical device manufacturer Medtronic to task for its response to the security vulnerability.
Apache Issues Workarounds For 'Killer' Attack
News  |  8/26/2011  | 
Development team spells out mitigation strategies for DDoS threat in advance of patch release.
Google Gives Up $500M In Revenue From Canadian Online Pharmacies
Quick Hits  |  8/24/2011  | 
Search engine giant should not have sold ads to unauthorized pharmacies, Department of Justice says
Chinese Military Documentary Reveals Alleged Attack Software
News  |  8/23/2011  | 
Government-run TV channel program accidentally reveals what appears to be software designed for cyber warfare.
Google Patches Critical Chrome Bug
News  |  8/23/2011  | 
Chrome browser update includes patches for 11 vulnerabilities, including several discovered by Google bug bounty winners.
Hacked Medical Device Sparks Congressional Inquiry
News  |  8/23/2011  | 
Legislators demand answers after a security researcher remotely controlled his own insulin pump using a $20 radio frequency transmitter at Black Hat.
McAfee Blew Shady RAT Analysis, Kaspersky Says
News  |  8/22/2011  | 
Security expert Eugene Kaspersky dismissed the seriousness of the Shady RAT botnet and suggested McAfee was purposefully alarmist in its report.
Facebook Offers Security Guide
News  |  8/19/2011  | 
Faceboook tries to explain the many security issues that have arisen for users of social networking and give tips for keeping accounts secure.
Microsoft Disables Supercookies On MSN
News  |  8/19/2011  | 
The online user tracking technique is drawing fire, and numerous businesses are stepping away from the firms that practice it.
Google Reports How Web Attackers Evade Malware Detection
News  |  8/19/2011  | 
Data gathered from Google's Safe Browsing API service reveals drive-by infections most common, with IP cloaking on the rise.
7 Ways To Stop Insider Hack Attacks
News  |  8/18/2011  | 
A former IT staffer invaded his pharmaceutical employer's network and deleted virtual machines, causing about $800,000 in losses. Here's how to prevent such trouble.
Google Disputes Socially Engineered Malware Study
News  |  8/18/2011  | 
After IE9 beat Chrome on security in a report, Google says social engineering accounts for only 2% of malware found on the Web.
Citigroup Case Spotlights Insider Threat Dangers
News  |  8/18/2011  | 
Case of Citigroup, fined for missing suspicious behavior of employee who bilked customers of $750,000, shows IT must be backed by supervisory control.
3 Security Lessons From BART's Anonymous Breach
Commentary  |  8/18/2011  | 
As BART continues to face attacks from the hacker group Anonymous, its security weak points have become painfully obvious. Here's what your IT staff can learn from BART's mistakes.
DOD Expanding Contractor Cybersecurity Program
News  |  8/17/2011  | 
Pilot program that shares threat information with defense contractors, network providers has stopped hundreds of intrusions, DOD says.
Scotland Yard Read Encrypted BlackBerry Messages During Riots
News  |  8/17/2011  | 
British police officials said they used confiscated BlackBerry smartphones to "break into" encrypted communications.
Botnets And Google Dorks: New Recipe For Hacking
News  |  8/17/2011  | 
Attackers finding new ways to automate the hunt for vulnerabilities, Imperva researchers say.
Botnets And Google Dorks: A New Recipe For Hacking
News  |  8/16/2011  | 
Attackers finding new ways to automate the hunt for vulnerabilities, Imperva researchers say
Internet Explorer 9 Best At Catching Socially Engineered Malware
News  |  8/16/2011  | 
Microsoft's newest browser outperforms Chrome, Firefox, Safari, and Opera in lab test for detecting malware-laden links
Microsoft IE9 Blocks Malware Best
News  |  8/16/2011  | 
Report finds that IE9's ability to block malicious URLs, malware, and phishing attacks far surpasses that of Chrome, Safari, Firefox, or Opera.
SpyEye Trojan Source Code Published
News  |  8/16/2011  | 
Once costly code for data-stealing Trojan is now available to the masses; exploits expected to rise, Damballa reports.
Slide Show: Sights And Sounds Of Black Hat USA 2011
Slideshows  |  8/15/2011  | 
Zombies, robots, 'war-flying' drones, PWN phones -- and scary, real-world SCADA hacks were among the mix of lighthearted and deadly serious demonstrations and presentations at this year's Black Hat USA in Las Vegas
BART Braces For More Attacks From Anonymous
News  |  8/15/2011  | 
The SF Bay area's transit agency expects more website disruptions after an attack over the weekend.
Can Data Breaches Kill?
News  |  8/15/2011  | 
When data is sensitive enough, its exposure has the potential to be fatal.
Researchers Claim Flaws In Facebook; Facebook Calls Them 'Best Practices'
Quick Hits  |  8/12/2011  | 
Short passwords, non-SSL-encrypted forms are criticized by Cenzic
AntiSec Data Dump IDs Thousands Of Cops, Informants
News  |  8/12/2011  | 
Hacker group's release includes social security numbers, credit card data, and passwords for thousands of officers and informants.
Visa Pushes PIN Requirement With Credit Card Purchases
News  |  8/11/2011  | 
European consumers are used to this drill, but now Visa is putting its muscle behind increased security measures in the United States.
Shady RAT No China Smoking Gun
Commentary  |  8/11/2011  | 
Kudos to McAfee for discovering attacks that go undiscovered too often, but questions about attack severity, sophistication, or nation-state backing remain.
Encrypt Early, Encrypt Often
News  |  8/11/2011  | 
You can't rely on cloud providers for data security.
Anonymous Threats To Kill Facebook: Another Hoax?
News  |  8/10/2011  | 
Security experts question whether the plot against Facebook is real, noting odd Twitter accounts used to launch the campaign.
Tween Hacker's Time-Travel Trick
Commentary  |  8/10/2011  | 
DefCon Kid discovers new class of vulns
RIM's London Riot Fallout Increases: BlackBerry Blog Hacked
News  |  8/10/2011  | 
Hackers take issue with RIM's cooperation with London Police. Multiple people arrested on charges of inciting others to violence via Facebook.
Google Researcher Dissects Sophos Antivirus Software
News  |  8/10/2011  | 
AV product vendors don't provide sufficient technical details on how their products work, researcher says at Black Hat USA.
70 Percent Of Infected Consumer Machines Hit With Multiple Malware Types
Quick Hits  |  8/9/2011  | 
New Sourcefire Immunet and ClamAV data provides snapshot of consumer malware threats
Don't Blame RIM, Twitter For London Riots
Commentary  |  8/9/2011  | 
You may dislike social networking or smartphones all you want--but remember they're just tools used by people.
U.K. Police Seek BlackBerry Messages Following Riots
News  |  8/9/2011  | 
BlackBerry maker Research In Motion has offered to help the police with their investigation, but has not specified what data will be shared.
State Department, Auditors Clash On IT Security Monitoring
News  |  8/9/2011  | 
GAO says the department's iPost risk-scoring program doesn't handle non-Windows systems or sufficiently detail vulnerabilities, and fails to reflect the impact and likelihood of threats.
Google Researcher Dissects Sophos Antivirus Software
News  |  8/9/2011  | 
AV product vendors don't provide sufficient technical details on how their products work, researcher says at Black Hat USA
SSL Certificates May Offer False Sense Of Trust
News  |  8/9/2011  | 
Researcher points to fundamental problems in SSL and DNSSEC, and says it's time for users to take control of trust.
How USB Sticks Cause Data Breach, Malware Woes
News  |  8/8/2011  | 
Half of businesses have lost sensitive or confidential information due to USB memory sticks, with many incidents involving those infected with malware.
Anonymous Cracks Cops Data Again
News  |  8/8/2011  | 
The "hacktivist" Anonymous operation known as AntiSec released a 7.4 GB file with emails and personal information from 56 different law enforcement agencies.
Siemens Joins SCADA Hack Demo At Black Hat
News  |  8/8/2011  | 
NSS Labs researcher Dillon Beresford shows holes in Siemens programmable logic controllers that could lead to attacks.
Siemens Shows Up For Black Hat Demo Of SCADA Hack
News  |  8/5/2011  | 
NSS Labs researcher Dillon Beresford shows holes in Siemens programmable logic controllers (PLCs) that could lead to attacks
Getting Root On The Human Body
News  |  8/5/2011  | 
Black Hat researcher shows it is possible to remotely control a diabetic's insulin pump without person's knowledge
Wardriving Evolves Into Warflying
News  |  8/5/2011  | 
Researchers release specs for a DIY radio-controlled plane that hacks systems by air.
iPad Credit Card Reader Hacked As Skimmer
News  |  8/5/2011  | 
The Square reader for iPhone and iPad converts credit card numbers into plain audio, enabling criminals to convert stolen cards into cash.
The Week In Security: 4 Big Stories
Commentary  |  8/5/2011  | 
Cyber threats as part of future wars, Android malware, and Shady Rats made news. Don't miss the week's key security stories.
Page 1 / 2   >   >>


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
6 Top Nontechnical Degrees for Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/21/2019
Anatomy of a BEC Scam
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3654
PUBLISHED: 2019-11-22
Authentication Bypass vulnerability in the Microsoft Windows client in McAfee Client Proxy (MCP) prior to 3.0.0 allows local user to bypass scanning of web traffic and gain access to blocked sites for a short period of time via generating an authorization key on the client which should only be gener...
CVE-2014-2214
PUBLISHED: 2019-11-22
Multiple cross-site scripting (XSS) vulnerabilities in POSH (aka Posh portal or Portaneo) 3.0 through 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) error parameter to /includes/plugins/mobile/scripts/login.php or (2) id parameter to portal/openrssarticle.php
CVE-2014-6310
PUBLISHED: 2019-11-22
Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function.
CVE-2014-6311
PUBLISHED: 2019-11-22
generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges.
CVE-2019-16763
PUBLISHED: 2019-11-22
In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized for data URIs (or vbscript:), allowing for potential XSS attacks. Such an attack would require a user to click on a hot spot to execute and would require an attacker-provided configuration. The most plausible potential attack would be if ...