Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in August 2012
Security Experts: Java Should Be Disabled Unless Necessary
News  |  8/31/2012  | 
Security researchers say Java's popularity as an attack vector means it should be disabled unless it is needed
FinFisher Mobile Spyware Tracking Political Activists
News  |  8/31/2012  | 
Developer of spyware that can take over iPhone and BlackBerry devices draws fire after researchers spot the spyware in use against activists in Bahrain.
Accused LulzSec Hackers Attended College Together
News  |  8/31/2012  | 
The two students accused of Sony Pictures hack participated in Cyber Defense Competition team exercises at the University of Advanced Technology in Arizona.
Laptop Fingerprint Readers Vulnerable To Password Hacks
News  |  8/30/2012  | 
Security software included with UPEK fingerprint scanners stores Windows passwords in plaintext, making them retrievable by an attacker.
Java Zero-Day Malware Attack: 6 Facts
News  |  8/30/2012  | 
New details reveal Oracle knew about the Java exploit in April, but has yet to release a patch. Here's how to protect yourself against active attacks.
Java Zero Day Attack: Second Bug Found
News  |  8/29/2012  | 
Were security researchers irresponsible to detail the zero-day vulnerabilities without first working with Oracle to craft a patch?
Java Zero-Day Attack Could Hit Enterprises Hard
News  |  8/28/2012  | 
In-the-wild exploit targets unpatched Java 7 vulnerability affecting Windows, OS X, and Linux. Security experts advise disabling Java in browsers.
Saudi Aramco Restores Network After Shamoon Malware Attack
News  |  8/27/2012  | 
Hacktivist-launched virus takes out 75% of state-owned oil company's workstations, signals the growing power of attackers with social or political agendas.
Application Detects Social Network Spam, Malware
News  |  8/24/2012  | 
Using the social context of posts, researchers from UC Riverside create prototype Facebook app that detects social malware with 97 percent accuracy
Safer Boots: Feds Urge Malware-Resistant BIOS
News  |  8/24/2012  | 
NIST advises PC and server makers strengthen the security of BIOS ROM chip flashware. Attacks against BIOS can be used to create persistent rootkits that survive reboots.
Create A Mac Zombie Army, Cheap: Hacker Emptor
News  |  8/24/2012  | 
NetWeird malware toolkit promises to convert Macs into zombies ready to do botnet bidding. But some security experts say this is a case of criminals trying to out-scam each other.
The Attacker's Trade-Off: Stealth Versus Resilience
News  |  8/24/2012  | 
Trade-offs are a fact of life for network defenders, but attackers have to abide them as well. Understanding attackers' problems can help companies better use them to their advantage
10 Tips For Protecting Mobile Users
News  |  8/23/2012  | 
Mobile employees, devices, and data need protecting. Here are 10 tips to make it happen.
The Case For A Cyber Arms Treaty
Commentary  |  8/23/2012  | 
In the wake of Stuxnet, could an international 'cyber arms' agreement forestall U.S. cyber warfare with China and other countries?
Crisis Financial Malware Spreads Via Virtual Machines
News  |  8/21/2012  | 
Malicious code, disguised as a VeriSign-approved Adobe Flash installer, affects Macs, Windows PCs, and Windows Mobile devices.
Don't Trust That Text Message: Tool Simplifies iOS SMS-Spoofing
Quick Hits  |  8/20/2012  | 
Known SMS flaw isn't in the phone itself, however
7 Facts About Geolocation Privacy
News  |  8/20/2012  | 
Recent ruling that upheld police remotely activating a phone's GPS tracking feature without a warrant highlights the legal gray area surrounding GPS data privacy.
6 Password Security Essentials For Developers
News  |  8/17/2012  | 
Solving the weak password challenge requires more than having consumers create strong passwords. Many businesses also need to get a clue about what counts as safe, weak, encrypted, or secure.
Don't Trust Cloud Security
News  |  8/16/2012  | 
Companies using cloud services need to verify, not trust, that a provider's controls will actually protect their data.
Reveton Malware Freezes PCs, Demands Payment
News  |  8/15/2012  | 
FBI warns of Reveton 'ransomware' scam that freezes Windows PCs, accuses you of a crime, and requests you pay fines to unlock computer.
Researchers Hunt Sources Of Viruses, Memes
News  |  8/14/2012  | 
Swiss university researchers propose a method for tracking back biological infections using incomplete data that could work for digital viruses and informational memes
5 Ways To Solve The Password Reset Problem
Commentary  |  8/14/2012  | 
Apple, Amazon, and other vendors need to come up with better ways to safeguard accounts against social engineering attacks. But users must help.
Apple, Amazon Security Fails: Time For Change
Commentary  |  8/10/2012  | 
What will it take for cloud service providers to overhaul their customer identification mechanisms and finally get serious about social engineering attack vectors?
Gauss Espionage Malware: 7 Key Facts
News  |  8/10/2012  | 
From targeting Lebanese banking customers to installing a font, security researchers seem to be unearthing as many questions as answers in their teardown of the surveillance malware.
Blizzard Battle.net Security Breached, Passwords Accessed
News  |  8/10/2012  | 
World of Warcraft developer warns that attackers stole usernames and encrypted passwords, urges Battle.net users to reset logins.
Gather Intelligence On Web Bots To Aid Defense
News  |  8/9/2012  | 
BotoPedia, a registry of Web bots, could help companies keep their sites open to good crawlers but closed to attackers and site scrapers
Flame 2.0: Gauss Malware Targets Banking Credentials
News  |  8/9/2012  | 
Stuxnet, Duqu, and Flame cousin has been used in targeted attacks, operating undetected for at least a year, primarily in Middle Eastern countries.
5 Steps To Prevent Twitter Hacks
News  |  8/8/2012  | 
Twitter security is in the spotlight after high-profile account hijacks that hit Reuters and a tech journalist. Here are protective moves for individuals and enterprises.
Microsoft Attack Surface Analyzer Catalogs Threats
News  |  8/7/2012  | 
Free tool helps developers, IT personnel, and security audit teams review threats posed by software installed on a Windows PC.
Antivirus And The Wisdom Of Cabbies
Commentary  |  8/2/2012  | 
Viruses that cabbies -- like the one who drove me to Def Con -- complain about are precisely those that antiviruses can't clean
Feds Lack Privacy Protection Safeguards
News  |  8/1/2012  | 
GAO cites data breaches, improper uses of personal information, paltry citizen notification as ongoing government problems.
Dropbox Admits Hack, Adds More Security Features
News  |  8/1/2012  | 
Flood of email spam blamed on attacker grabbing an internal document containing users' email addresses.
Black Hat: Researcher Demonstrates Hardware Backdoor
News  |  8/1/2012  | 
One security professional shows off techniques for backdooring computer hardware to allow an attack to better hide and be more persistent


COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Malware Attacks Declined But Became More Evasive in Q2
Jai Vijayan, Contributing Writer,  9/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15216
PUBLISHED: 2020-09-29
In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revisio...
CVE-2020-4607
PUBLISHED: 2020-09-29
IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.
CVE-2020-24565
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25770
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25771
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...