Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in August 2011
Page 1 / 2   >   >>
14 Enterprise Security Tips From Anonymous Hacker
News  |  8/31/2011  | 
Former Anonymous member "SparkyBlaze" advises companies on how to avoid massive data breaches.
New Windows Worm Wriggling Through Networks
News  |  8/30/2011  | 
'Morto' targets weak passwords, usernames and spreads via the Remote Desktop Protocol.
Gmail Attack Highlights Web Insecurity
News  |  8/29/2011  | 
A man-in-the-middle attack that relied on an unauthorized Google SSL certificate has revived concern over whether any Web communication is really secure.
Insulin Pump Hack Controversy Grows
News  |  8/26/2011  | 
Security researcher--and pump user--who found the flaw takes medical device manufacturer Medtronic to task for its response to the security vulnerability.
Apache Issues Workarounds For 'Killer' Attack
News  |  8/26/2011  | 
Development team spells out mitigation strategies for DDoS threat in advance of patch release.
Google Gives Up $500M In Revenue From Canadian Online Pharmacies
Quick Hits  |  8/24/2011  | 
Search engine giant should not have sold ads to unauthorized pharmacies, Department of Justice says
Chinese Military Documentary Reveals Alleged Attack Software
News  |  8/23/2011  | 
Government-run TV channel program accidentally reveals what appears to be software designed for cyber warfare.
Google Patches Critical Chrome Bug
News  |  8/23/2011  | 
Chrome browser update includes patches for 11 vulnerabilities, including several discovered by Google bug bounty winners.
Hacked Medical Device Sparks Congressional Inquiry
News  |  8/23/2011  | 
Legislators demand answers after a security researcher remotely controlled his own insulin pump using a $20 radio frequency transmitter at Black Hat.
McAfee Blew Shady RAT Analysis, Kaspersky Says
News  |  8/22/2011  | 
Security expert Eugene Kaspersky dismissed the seriousness of the Shady RAT botnet and suggested McAfee was purposefully alarmist in its report.
Facebook Offers Security Guide
News  |  8/19/2011  | 
Faceboook tries to explain the many security issues that have arisen for users of social networking and give tips for keeping accounts secure.
Microsoft Disables Supercookies On MSN
News  |  8/19/2011  | 
The online user tracking technique is drawing fire, and numerous businesses are stepping away from the firms that practice it.
Google Reports How Web Attackers Evade Malware Detection
News  |  8/19/2011  | 
Data gathered from Google's Safe Browsing API service reveals drive-by infections most common, with IP cloaking on the rise.
7 Ways To Stop Insider Hack Attacks
News  |  8/18/2011  | 
A former IT staffer invaded his pharmaceutical employer's network and deleted virtual machines, causing about $800,000 in losses. Here's how to prevent such trouble.
Google Disputes Socially Engineered Malware Study
News  |  8/18/2011  | 
After IE9 beat Chrome on security in a report, Google says social engineering accounts for only 2% of malware found on the Web.
Citigroup Case Spotlights Insider Threat Dangers
News  |  8/18/2011  | 
Case of Citigroup, fined for missing suspicious behavior of employee who bilked customers of $750,000, shows IT must be backed by supervisory control.
3 Security Lessons From BART's Anonymous Breach
Commentary  |  8/18/2011  | 
As BART continues to face attacks from the hacker group Anonymous, its security weak points have become painfully obvious. Here's what your IT staff can learn from BART's mistakes.
DOD Expanding Contractor Cybersecurity Program
News  |  8/17/2011  | 
Pilot program that shares threat information with defense contractors, network providers has stopped hundreds of intrusions, DOD says.
Scotland Yard Read Encrypted BlackBerry Messages During Riots
News  |  8/17/2011  | 
British police officials said they used confiscated BlackBerry smartphones to "break into" encrypted communications.
Botnets And Google Dorks: New Recipe For Hacking
News  |  8/17/2011  | 
Attackers finding new ways to automate the hunt for vulnerabilities, Imperva researchers say.
Botnets And Google Dorks: A New Recipe For Hacking
News  |  8/16/2011  | 
Attackers finding new ways to automate the hunt for vulnerabilities, Imperva researchers say
Internet Explorer 9 Best At Catching Socially Engineered Malware
News  |  8/16/2011  | 
Microsoft's newest browser outperforms Chrome, Firefox, Safari, and Opera in lab test for detecting malware-laden links
Microsoft IE9 Blocks Malware Best
News  |  8/16/2011  | 
Report finds that IE9's ability to block malicious URLs, malware, and phishing attacks far surpasses that of Chrome, Safari, Firefox, or Opera.
SpyEye Trojan Source Code Published
News  |  8/16/2011  | 
Once costly code for data-stealing Trojan is now available to the masses; exploits expected to rise, Damballa reports.
Slide Show: Sights And Sounds Of Black Hat USA 2011
Slideshows  |  8/15/2011  | 
Zombies, robots, 'war-flying' drones, PWN phones -- and scary, real-world SCADA hacks were among the mix of lighthearted and deadly serious demonstrations and presentations at this year's Black Hat USA in Las Vegas
BART Braces For More Attacks From Anonymous
News  |  8/15/2011  | 
The SF Bay area's transit agency expects more website disruptions after an attack over the weekend.
Can Data Breaches Kill?
News  |  8/15/2011  | 
When data is sensitive enough, its exposure has the potential to be fatal.
Researchers Claim Flaws In Facebook; Facebook Calls Them 'Best Practices'
Quick Hits  |  8/12/2011  | 
Short passwords, non-SSL-encrypted forms are criticized by Cenzic
AntiSec Data Dump IDs Thousands Of Cops, Informants
News  |  8/12/2011  | 
Hacker group's release includes social security numbers, credit card data, and passwords for thousands of officers and informants.
Visa Pushes PIN Requirement With Credit Card Purchases
News  |  8/11/2011  | 
European consumers are used to this drill, but now Visa is putting its muscle behind increased security measures in the United States.
Shady RAT No China Smoking Gun
Commentary  |  8/11/2011  | 
Kudos to McAfee for discovering attacks that go undiscovered too often, but questions about attack severity, sophistication, or nation-state backing remain.
Encrypt Early, Encrypt Often
News  |  8/11/2011  | 
You can't rely on cloud providers for data security.
Anonymous Threats To Kill Facebook: Another Hoax?
News  |  8/10/2011  | 
Security experts question whether the plot against Facebook is real, noting odd Twitter accounts used to launch the campaign.
Tween Hacker's Time-Travel Trick
Commentary  |  8/10/2011  | 
DefCon Kid discovers new class of vulns
RIM's London Riot Fallout Increases: BlackBerry Blog Hacked
News  |  8/10/2011  | 
Hackers take issue with RIM's cooperation with London Police. Multiple people arrested on charges of inciting others to violence via Facebook.
Google Researcher Dissects Sophos Antivirus Software
News  |  8/10/2011  | 
AV product vendors don't provide sufficient technical details on how their products work, researcher says at Black Hat USA.
70 Percent Of Infected Consumer Machines Hit With Multiple Malware Types
Quick Hits  |  8/9/2011  | 
New Sourcefire Immunet and ClamAV data provides snapshot of consumer malware threats
Don't Blame RIM, Twitter For London Riots
Commentary  |  8/9/2011  | 
You may dislike social networking or smartphones all you want--but remember they're just tools used by people.
U.K. Police Seek BlackBerry Messages Following Riots
News  |  8/9/2011  | 
BlackBerry maker Research In Motion has offered to help the police with their investigation, but has not specified what data will be shared.
State Department, Auditors Clash On IT Security Monitoring
News  |  8/9/2011  | 
GAO says the department's iPost risk-scoring program doesn't handle non-Windows systems or sufficiently detail vulnerabilities, and fails to reflect the impact and likelihood of threats.
Google Researcher Dissects Sophos Antivirus Software
News  |  8/9/2011  | 
AV product vendors don't provide sufficient technical details on how their products work, researcher says at Black Hat USA
SSL Certificates May Offer False Sense Of Trust
News  |  8/9/2011  | 
Researcher points to fundamental problems in SSL and DNSSEC, and says it's time for users to take control of trust.
How USB Sticks Cause Data Breach, Malware Woes
News  |  8/8/2011  | 
Half of businesses have lost sensitive or confidential information due to USB memory sticks, with many incidents involving those infected with malware.
Anonymous Cracks Cops Data Again
News  |  8/8/2011  | 
The "hacktivist" Anonymous operation known as AntiSec released a 7.4 GB file with emails and personal information from 56 different law enforcement agencies.
Siemens Joins SCADA Hack Demo At Black Hat
News  |  8/8/2011  | 
NSS Labs researcher Dillon Beresford shows holes in Siemens programmable logic controllers that could lead to attacks.
Siemens Shows Up For Black Hat Demo Of SCADA Hack
News  |  8/5/2011  | 
NSS Labs researcher Dillon Beresford shows holes in Siemens programmable logic controllers (PLCs) that could lead to attacks
Getting Root On The Human Body
News  |  8/5/2011  | 
Black Hat researcher shows it is possible to remotely control a diabetic's insulin pump without person's knowledge
Wardriving Evolves Into Warflying
News  |  8/5/2011  | 
Researchers release specs for a DIY radio-controlled plane that hacks systems by air.
iPad Credit Card Reader Hacked As Skimmer
News  |  8/5/2011  | 
The Square reader for iPhone and iPad converts credit card numbers into plain audio, enabling criminals to convert stolen cards into cash.
The Week In Security: 4 Big Stories
Commentary  |  8/5/2011  | 
Cyber threats as part of future wars, Android malware, and Shady Rats made news. Don't miss the week's key security stories.
Page 1 / 2   >   >>


Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7227
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.