Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in August 2013
Malicious Chrome Extension Poses As Facebook Video
News  |  8/30/2013  | 
As malware attacks targeting browser extensions become more common, security researchers advise users to be more careful about installing extensions and to regularly review permissions.
Kelihos Botnet Taps Spam Blocklists To Hone Attacks
News  |  8/30/2013  | 
Malware taps legitimate anti-spam services from the likes of SpamHaus and Sophos before turning PC into control proxy or spam relay.
Java Malicious App Alert System Tricked
Quick Hits  |  8/30/2013  | 
Developer hacks Java security warnings to display fake app names; Oracle reportedly prepping a fix
IPv6 To Complicate Threat-Intelligence Landscape
News  |  8/30/2013  | 
Reputation-based blacklists could face exponential growth when the number of possible Internet addresses becomes, for all practical purposes, infinite
Windows 8 Picture Passwords Easily Cracked
News  |  8/29/2013  | 
Microsoft's picture gesture authentication system isn't that secure, security researchers say.
No Proof Of Malware In New York Times DNS Hijacking Attack
News  |  8/29/2013  | 
No evidence thus far to confirm that the Syrian Electronic Army embedded malware on redirected Web pages, but investigation continues
Talking Threats With Senior Management
Commentary  |  8/29/2013  | 
Every so often, you get lucky and a senior executives asks you about security. You have some choices as to how to answer the question. Choose wisely
Secure Data, Not Devices
Commentary  |  8/29/2013  | 
As government goes mobile and makes greater use of cloud services, IT leaders must adopt a more data-centric, not device-centric, security approach.
New Security Trend: Bring Your Own Attorney
Commentary  |  8/28/2013  | 
BYOA is not a security joke anymore. There is clearly a need for a cybersecurity community that is well-versed in legal and ethical principles.
Feds Charge Wall Street Traders With Code Theft
News  |  8/28/2013  | 
Three men accused of stealing Flow Traders' proprietary high-frequency trading information and algorithms.
NY Times Caught In Syrian Hacker Attack
News  |  8/28/2013  | 
Hacks amount to "warning shots," threatening more widespread cyberattacks should the U.S. and allies launch military campaign against Syria, warns security expert.
Department Of Energy Cyberattack: 5 Takeaways
News  |  8/27/2013  | 
Exclusive: Outdated, unpatched system blamed for DOE breach, but agency said to be getting its cybersecurity house in order.
Getting The Most Out Of A Security Red Team
News  |  8/27/2013  | 
Justify security expenses and improve defenses through the use of an internal red team
Hackers Target Java 6 With Security Exploits
News  |  8/26/2013  | 
Security experts spot code that attacks vulnerability in Java 6, urge users to upgrade to Java 7 immediately.
Nearly One-Fifth Of Enterprise Operating Systems Not Fully Patched
Quick Hits  |  8/23/2013  | 
Less than half of organizations run malicious code execution prevention tools, Rapid7 survey finds
Hack My Google Glass: Security's Next Big Worry?
Commentary  |  8/23/2013  | 
Wearable computing devices must strike a difficult balance between security and convenience. A recent episode involving Google Glass and malicious QR codes raises questions.
Russia May Block Tor
News  |  8/22/2013  | 
In effort to combat child porn, Russian security forces consider installing filters preventing access to Tor networks. But experts say blocking the anonymizing service could be difficult.
FBI: Anonymous Not Same Since LulzSec Crackdown
News  |  8/22/2013  | 
Bureau says that after "dismantlement of the largest players" in LulzSec, domestic hacktivism remains a shadow of its former self.
How Hacktivists Have Targeted Major Media Outlets
News  |  8/21/2013  | 
From the Washington Post and CNN to the Twitter feeds of the Associated Press and Reuters, hacktivists have news outlets--and their social-media presence--in their crosshairs
Natural Disasters Cause More Downtime Than Hackers
News  |  8/21/2013  | 
Study of 79 Internet and telephony outages in 18 European countries found that storms -- especially snowstorms -- caused significantly longer outages than cyberattacks.
Hacker Leaks 15,000 Twitter Access Credentials, Promises More
News  |  8/21/2013  | 
Twitter users should revoke and reassign access for all third-party Twitter apps to mitigate vulnerability, security expert urges.
Microsoft Windows Defender Stumbles In Malware Tests
News  |  8/21/2013  | 
Microsoft's free anti-virus software came in last among 23 programs at catching known malware in an AV program shootout, says independent testing firm.
Microsoft Patch Problems Underline Trade-Offs For Securing Systems
News  |  8/21/2013  | 
As the software giant works to fix the shortcomings in its latest set of patches, security experts debate whether 'trust the patch' is still the best course
Facebook Declines Bug Bounty, But Crowdsourced Effort Pays
News  |  8/20/2013  | 
Security researchers, unhappy with Facebook's decision to withhold reward, come up with the cash on their own.
Kid Hackers Bag Bug Bounties
News  |  8/19/2013  | 
DEF CON Kid and co-founder of R00tz Asylum also names the mobile apps affected by the 'Time Traveler' class of vulnerabilities she discovered two years ago
Prohibition For 0-Day Exploits
Commentary  |  8/19/2013  | 
The monetization of exploits has been a divisive discussion in the security community for years. Now as governments emerge as the largest market for attack code, will there be a move to regulate the sale of 0-day attacks?
Google's Four Minute Blackout Examined
News  |  8/19/2013  | 
Google hasn't explained Friday's four-minute blackout of all Google services, but experts say a hack attack is not the likely cause.
Tech Insight: DEF CON 21 Highlights Dangers Of Social Engineering
News  |  8/16/2013  | 
Popular contest and presentation show real risks associated with social engineering
Researchers Seek Better Ways To Track Malware's Family Tree
News  |  8/15/2013  | 
Following a program's evolution back to the author may not yet be a reality, but computer scientists are searching for more accurate measures of the relationships between software versions
Don't Underestimate Directory Traversal Attacks
News  |  8/15/2013  | 
Are attackers dot-dot-slashing their way into your data?
Rogue Ad Networks Deliver Malware To Mobile Devices
News  |  8/15/2013  | 
Software developers in search of more income are adopting relatively unknown ad networks, but the frameworks may deliver more than just ads, warn security firms
3 Signs You're Phishing Bait
News  |  8/14/2013  | 
Beware, introverts and overconfident people. Phishers love to fool you, email security researchers say.
Android Malware Being Delivered Via Ad Networks
News  |  8/13/2013  | 
Attackers are using mobile ad network software installed on smartphones to push malicious JavaScript and take control of devices.
Spying Trash Cans Banned
News  |  8/12/2013  | 
Foot-traffic counting scheme spooks London city managers.
Microsoft Plans Critical Patches For Internet Explorer, Exchange
News  |  8/12/2013  | 
Microsoft's security patches Tuesday will fix three critical vulnerabilities, including one that affects all current versions of Internet Explorer.
Attackers' Toolbox Makes Malware Detection More Difficult
News  |  8/12/2013  | 
From virtual-machine detection to taking a 30-minute nap, the array of techniques used by attackers to stymie malware analysis is growing
Report: Google Play Store Infested With Adware
Quick Hits  |  8/12/2013  | 
In study of 8,000 apps on Google Play, nearly 2,000 are flagged as adware, ZScaler says
Black Hat: The Problems Don't Change, But The Solutions Have
Commentary  |  8/9/2013  | 
An increase in attacker capabilities has drawn an innovative response from industry, and emerging research promises more to come
Maltego Gets More 'Teeth'
News  |  8/9/2013  | 
New features in Maltego, an open-source intelligence tool for defenders, allow penetration testers and attackers to gather data on vulnerable systems and manage botnets
Chrome Security Shocker Creates Password Anxiety
News  |  8/8/2013  | 
Google responds to criticism of stored password handling; security experts say Chrome security team is missing the forest for the trees.
30-Second HTTPS Traffic Attack: No Fix
News  |  8/8/2013  | 
Researchers who discovered BREACH vulnerability promise a tool to see if your site is at risk -- but say there's no easy fix.
Timing Attacks On Browsers Leak Sensitive Information
News  |  8/8/2013  | 
Variations in the redraw times of graphical elements could allow an attacker to see sites a user has visited, sensitive information
Medical-Device Flaws Will Take Time To Heal
News  |  8/7/2013  | 
Manufacturers are slow to patch up security issues, despite increasing pressure from patients, researchers and federal agencies
Android Trojan Banking App Targets Master Key Vulnerability
News  |  8/6/2013  | 
Sluggish Android updates put users at risk. Could rising public awareness of the flaw lead carriers and device makers to patch more quickly?
Black Hat: Lessons For SMBs From The Dark Side Of Security
News  |  8/6/2013  | 
Issues affecting large enterprises are the bread and butter of Black Hat, but even smaller firms have something to learn
Android One-Click Google Apps Access Cracked
News  |  8/5/2013  | 
Hackers could intercept Android users' unique authentication token and gain unauthorized access to Google Apps, Gmail, Drive and other services.
Water-Utility Honeynet Illuminates Real-World SCADA Threats
News  |  8/2/2013  | 
After a researcher constructs a fake water-utility network and puts it online, attackers quickly target the systems
iOS Weaknesses Allow Attacks Via Trojan Chargers
News  |  8/1/2013  | 
Using weaknesses in Apple's flagship operating system, a simple computer disguised as a charging station can pair with, and then install malware on, any iPhone or iPad that connects to it
Creating Browser-Based Botnets Through Online Ad Networks
News  |  8/1/2013  | 
Researchers demonstrate how ads invoking JavaScript on viewers' browsers en masse could create untraceable networks to wreak DDoS damage


AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4147
PUBLISHED: 2019-09-16
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.
CVE-2019-5481
PUBLISHED: 2019-09-16
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
CVE-2019-5482
PUBLISHED: 2019-09-16
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
CVE-2019-15741
PUBLISHED: 2019-09-16
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
CVE-2019-16370
PUBLISHED: 2019-09-16
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.