Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in August 2012
Security Experts: Java Should Be Disabled Unless Necessary
News  |  8/31/2012  | 
Security researchers say Java's popularity as an attack vector means it should be disabled unless it is needed
FinFisher Mobile Spyware Tracking Political Activists
News  |  8/31/2012  | 
Developer of spyware that can take over iPhone and BlackBerry devices draws fire after researchers spot the spyware in use against activists in Bahrain.
Accused LulzSec Hackers Attended College Together
News  |  8/31/2012  | 
The two students accused of Sony Pictures hack participated in Cyber Defense Competition team exercises at the University of Advanced Technology in Arizona.
Laptop Fingerprint Readers Vulnerable To Password Hacks
News  |  8/30/2012  | 
Security software included with UPEK fingerprint scanners stores Windows passwords in plaintext, making them retrievable by an attacker.
Java Zero-Day Malware Attack: 6 Facts
News  |  8/30/2012  | 
New details reveal Oracle knew about the Java exploit in April, but has yet to release a patch. Here's how to protect yourself against active attacks.
Java Zero Day Attack: Second Bug Found
News  |  8/29/2012  | 
Were security researchers irresponsible to detail the zero-day vulnerabilities without first working with Oracle to craft a patch?
Java Zero-Day Attack Could Hit Enterprises Hard
News  |  8/28/2012  | 
In-the-wild exploit targets unpatched Java 7 vulnerability affecting Windows, OS X, and Linux. Security experts advise disabling Java in browsers.
Saudi Aramco Restores Network After Shamoon Malware Attack
News  |  8/27/2012  | 
Hacktivist-launched virus takes out 75% of state-owned oil company's workstations, signals the growing power of attackers with social or political agendas.
Application Detects Social Network Spam, Malware
News  |  8/24/2012  | 
Using the social context of posts, researchers from UC Riverside create prototype Facebook app that detects social malware with 97 percent accuracy
Safer Boots: Feds Urge Malware-Resistant BIOS
News  |  8/24/2012  | 
NIST advises PC and server makers strengthen the security of BIOS ROM chip flashware. Attacks against BIOS can be used to create persistent rootkits that survive reboots.
Create A Mac Zombie Army, Cheap: Hacker Emptor
News  |  8/24/2012  | 
NetWeird malware toolkit promises to convert Macs into zombies ready to do botnet bidding. But some security experts say this is a case of criminals trying to out-scam each other.
The Attacker's Trade-Off: Stealth Versus Resilience
News  |  8/24/2012  | 
Trade-offs are a fact of life for network defenders, but attackers have to abide them as well. Understanding attackers' problems can help companies better use them to their advantage
10 Tips For Protecting Mobile Users
News  |  8/23/2012  | 
Mobile employees, devices, and data need protecting. Here are 10 tips to make it happen.
The Case For A Cyber Arms Treaty
Commentary  |  8/23/2012  | 
In the wake of Stuxnet, could an international 'cyber arms' agreement forestall U.S. cyber warfare with China and other countries?
Crisis Financial Malware Spreads Via Virtual Machines
News  |  8/21/2012  | 
Malicious code, disguised as a VeriSign-approved Adobe Flash installer, affects Macs, Windows PCs, and Windows Mobile devices.
Don't Trust That Text Message: Tool Simplifies iOS SMS-Spoofing
Quick Hits  |  8/20/2012  | 
Known SMS flaw isn't in the phone itself, however
7 Facts About Geolocation Privacy
News  |  8/20/2012  | 
Recent ruling that upheld police remotely activating a phone's GPS tracking feature without a warrant highlights the legal gray area surrounding GPS data privacy.
6 Password Security Essentials For Developers
News  |  8/17/2012  | 
Solving the weak password challenge requires more than having consumers create strong passwords. Many businesses also need to get a clue about what counts as safe, weak, encrypted, or secure.
Don't Trust Cloud Security
News  |  8/16/2012  | 
Companies using cloud services need to verify, not trust, that a provider's controls will actually protect their data.
Reveton Malware Freezes PCs, Demands Payment
News  |  8/15/2012  | 
FBI warns of Reveton 'ransomware' scam that freezes Windows PCs, accuses you of a crime, and requests you pay fines to unlock computer.
Researchers Hunt Sources Of Viruses, Memes
News  |  8/14/2012  | 
Swiss university researchers propose a method for tracking back biological infections using incomplete data that could work for digital viruses and informational memes
5 Ways To Solve The Password Reset Problem
Commentary  |  8/14/2012  | 
Apple, Amazon, and other vendors need to come up with better ways to safeguard accounts against social engineering attacks. But users must help.
Apple, Amazon Security Fails: Time For Change
Commentary  |  8/10/2012  | 
What will it take for cloud service providers to overhaul their customer identification mechanisms and finally get serious about social engineering attack vectors?
Gauss Espionage Malware: 7 Key Facts
News  |  8/10/2012  | 
From targeting Lebanese banking customers to installing a font, security researchers seem to be unearthing as many questions as answers in their teardown of the surveillance malware.
Blizzard Battle.net Security Breached, Passwords Accessed
News  |  8/10/2012  | 
World of Warcraft developer warns that attackers stole usernames and encrypted passwords, urges Battle.net users to reset logins.
Gather Intelligence On Web Bots To Aid Defense
News  |  8/9/2012  | 
BotoPedia, a registry of Web bots, could help companies keep their sites open to good crawlers but closed to attackers and site scrapers
Flame 2.0: Gauss Malware Targets Banking Credentials
News  |  8/9/2012  | 
Stuxnet, Duqu, and Flame cousin has been used in targeted attacks, operating undetected for at least a year, primarily in Middle Eastern countries.
5 Steps To Prevent Twitter Hacks
News  |  8/8/2012  | 
Twitter security is in the spotlight after high-profile account hijacks that hit Reuters and a tech journalist. Here are protective moves for individuals and enterprises.
Microsoft Attack Surface Analyzer Catalogs Threats
News  |  8/7/2012  | 
Free tool helps developers, IT personnel, and security audit teams review threats posed by software installed on a Windows PC.
Antivirus And The Wisdom Of Cabbies
Commentary  |  8/2/2012  | 
Viruses that cabbies -- like the one who drove me to Def Con -- complain about are precisely those that antiviruses can't clean
Feds Lack Privacy Protection Safeguards
News  |  8/1/2012  | 
GAO cites data breaches, improper uses of personal information, paltry citizen notification as ongoing government problems.
Dropbox Admits Hack, Adds More Security Features
News  |  8/1/2012  | 
Flood of email spam blamed on attacker grabbing an internal document containing users' email addresses.
Black Hat: Researcher Demonstrates Hardware Backdoor
News  |  8/1/2012  | 
One security professional shows off techniques for backdooring computer hardware to allow an attack to better hide and be more persistent


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Mobile App Fraud Jumped in Q1 as Attackers Pivot from Browsers
Jai Vijayan, Contributing Writer,  7/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...