Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in August 2012
Security Experts: Java Should Be Disabled Unless Necessary
News  |  8/31/2012  | 
Security researchers say Java's popularity as an attack vector means it should be disabled unless it is needed
FinFisher Mobile Spyware Tracking Political Activists
News  |  8/31/2012  | 
Developer of spyware that can take over iPhone and BlackBerry devices draws fire after researchers spot the spyware in use against activists in Bahrain.
Accused LulzSec Hackers Attended College Together
News  |  8/31/2012  | 
The two students accused of Sony Pictures hack participated in Cyber Defense Competition team exercises at the University of Advanced Technology in Arizona.
Laptop Fingerprint Readers Vulnerable To Password Hacks
News  |  8/30/2012  | 
Security software included with UPEK fingerprint scanners stores Windows passwords in plaintext, making them retrievable by an attacker.
Java Zero-Day Malware Attack: 6 Facts
News  |  8/30/2012  | 
New details reveal Oracle knew about the Java exploit in April, but has yet to release a patch. Here's how to protect yourself against active attacks.
Java Zero Day Attack: Second Bug Found
News  |  8/29/2012  | 
Were security researchers irresponsible to detail the zero-day vulnerabilities without first working with Oracle to craft a patch?
Java Zero-Day Attack Could Hit Enterprises Hard
News  |  8/28/2012  | 
In-the-wild exploit targets unpatched Java 7 vulnerability affecting Windows, OS X, and Linux. Security experts advise disabling Java in browsers.
Saudi Aramco Restores Network After Shamoon Malware Attack
News  |  8/27/2012  | 
Hacktivist-launched virus takes out 75% of state-owned oil company's workstations, signals the growing power of attackers with social or political agendas.
Application Detects Social Network Spam, Malware
News  |  8/24/2012  | 
Using the social context of posts, researchers from UC Riverside create prototype Facebook app that detects social malware with 97 percent accuracy
Safer Boots: Feds Urge Malware-Resistant BIOS
News  |  8/24/2012  | 
NIST advises PC and server makers strengthen the security of BIOS ROM chip flashware. Attacks against BIOS can be used to create persistent rootkits that survive reboots.
Create A Mac Zombie Army, Cheap: Hacker Emptor
News  |  8/24/2012  | 
NetWeird malware toolkit promises to convert Macs into zombies ready to do botnet bidding. But some security experts say this is a case of criminals trying to out-scam each other.
The Attacker's Trade-Off: Stealth Versus Resilience
News  |  8/24/2012  | 
Trade-offs are a fact of life for network defenders, but attackers have to abide them as well. Understanding attackers' problems can help companies better use them to their advantage
10 Tips For Protecting Mobile Users
News  |  8/23/2012  | 
Mobile employees, devices, and data need protecting. Here are 10 tips to make it happen.
The Case For A Cyber Arms Treaty
Commentary  |  8/23/2012  | 
In the wake of Stuxnet, could an international 'cyber arms' agreement forestall U.S. cyber warfare with China and other countries?
Crisis Financial Malware Spreads Via Virtual Machines
News  |  8/21/2012  | 
Malicious code, disguised as a VeriSign-approved Adobe Flash installer, affects Macs, Windows PCs, and Windows Mobile devices.
Don't Trust That Text Message: Tool Simplifies iOS SMS-Spoofing
Quick Hits  |  8/20/2012  | 
Known SMS flaw isn't in the phone itself, however
7 Facts About Geolocation Privacy
News  |  8/20/2012  | 
Recent ruling that upheld police remotely activating a phone's GPS tracking feature without a warrant highlights the legal gray area surrounding GPS data privacy.
6 Password Security Essentials For Developers
News  |  8/17/2012  | 
Solving the weak password challenge requires more than having consumers create strong passwords. Many businesses also need to get a clue about what counts as safe, weak, encrypted, or secure.
Don't Trust Cloud Security
News  |  8/16/2012  | 
Companies using cloud services need to verify, not trust, that a provider's controls will actually protect their data.
Reveton Malware Freezes PCs, Demands Payment
News  |  8/15/2012  | 
FBI warns of Reveton 'ransomware' scam that freezes Windows PCs, accuses you of a crime, and requests you pay fines to unlock computer.
Researchers Hunt Sources Of Viruses, Memes
News  |  8/14/2012  | 
Swiss university researchers propose a method for tracking back biological infections using incomplete data that could work for digital viruses and informational memes
5 Ways To Solve The Password Reset Problem
Commentary  |  8/14/2012  | 
Apple, Amazon, and other vendors need to come up with better ways to safeguard accounts against social engineering attacks. But users must help.
Apple, Amazon Security Fails: Time For Change
Commentary  |  8/10/2012  | 
What will it take for cloud service providers to overhaul their customer identification mechanisms and finally get serious about social engineering attack vectors?
Gauss Espionage Malware: 7 Key Facts
News  |  8/10/2012  | 
From targeting Lebanese banking customers to installing a font, security researchers seem to be unearthing as many questions as answers in their teardown of the surveillance malware.
Blizzard Battle.net Security Breached, Passwords Accessed
News  |  8/10/2012  | 
World of Warcraft developer warns that attackers stole usernames and encrypted passwords, urges Battle.net users to reset logins.
Gather Intelligence On Web Bots To Aid Defense
News  |  8/9/2012  | 
BotoPedia, a registry of Web bots, could help companies keep their sites open to good crawlers but closed to attackers and site scrapers
Flame 2.0: Gauss Malware Targets Banking Credentials
News  |  8/9/2012  | 
Stuxnet, Duqu, and Flame cousin has been used in targeted attacks, operating undetected for at least a year, primarily in Middle Eastern countries.
5 Steps To Prevent Twitter Hacks
News  |  8/8/2012  | 
Twitter security is in the spotlight after high-profile account hijacks that hit Reuters and a tech journalist. Here are protective moves for individuals and enterprises.
Microsoft Attack Surface Analyzer Catalogs Threats
News  |  8/7/2012  | 
Free tool helps developers, IT personnel, and security audit teams review threats posed by software installed on a Windows PC.
Antivirus And The Wisdom Of Cabbies
Commentary  |  8/2/2012  | 
Viruses that cabbies -- like the one who drove me to Def Con -- complain about are precisely those that antiviruses can't clean
Feds Lack Privacy Protection Safeguards
News  |  8/1/2012  | 
GAO cites data breaches, improper uses of personal information, paltry citizen notification as ongoing government problems.
Dropbox Admits Hack, Adds More Security Features
News  |  8/1/2012  | 
Flood of email spam blamed on attacker grabbing an internal document containing users' email addresses.
Black Hat: Researcher Demonstrates Hardware Backdoor
News  |  8/1/2012  | 
One security professional shows off techniques for backdooring computer hardware to allow an attack to better hide and be more persistent


HackerOne Drops Mobile Voting App Vendor Voatz
Dark Reading Staff 3/30/2020
Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
Curtis Franklin Jr., Senior Editor at Dark Reading,  3/31/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11547
PUBLISHED: 2020-04-05
PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server itself (CPU usage, memory, Windows version, and internal statistics) via an HTTP request, as demonstrated by type=probes to login.htm or index.htm.
CVE-2020-11548
PUBLISHED: 2020-04-05
The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. The attacker could achieve remote code execution via CSV injection if a wp-admin/index.php?page=search-meter Export is performed.
CVE-2020-11542
PUBLISHED: 2020-04-04
3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authentication Bypass via CMD.HTM?CMD= because authentication depends on the client side's interpretation of the <KEY>MYKEY</KEY> substring.
CVE-2020-11533
PUBLISHED: 2020-04-04
Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to obtain sensitive information (keying material).
CVE-2020-11529
PUBLISHED: 2020-04-04
Common/Grav.php in Grav before 1.6.23 has an Open Redirect.